Victor LABORIE
842e57ba53
* Jails are created on start and run in tmpfs * All config files are on /etc/bkctld * Cleaning of sshd_config and /etc/group
36 lines
1 KiB
Bash
Executable file
36 lines
1 KiB
Bash
Executable file
#!/bin/sh
|
|
#
|
|
# Set or get allowed(s) ip(s) of <jailname>
|
|
# Usage: ip <jailname> [<ip>|all]
|
|
#
|
|
|
|
LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
|
|
|
|
jail="${1:-}"
|
|
ip="${2:-}"
|
|
if [ ! -n "${jail}" ]; then
|
|
"${LIBDIR}/bkctld-help" && exit 1
|
|
fi
|
|
[ -d "${CONFDIR}/${jail}" ] || error "${jail} : inexistant jail'"
|
|
|
|
if [ -z "${ip}" ]; then
|
|
grep -E "^AllowUsers" "${CONFDIR}/$jail/ssh/sshd_config"|grep -Eo "root@[^ ]+"| while read allow; do
|
|
echo "${allow}"|cut -d'@' -f2
|
|
done
|
|
else
|
|
if [ "${ip}" = "all" ] || [ "${ip}" = "0.0.0.0/0" ]; then
|
|
ips="0.0.0.0/0"
|
|
else
|
|
ips=$("${LIBDIR}/bkctld-ip" "${jail}")
|
|
ips=$(echo "${ips}" "${ip}"|xargs -n1|grep -v "0.0.0.0/0"|sort|uniq)
|
|
fi
|
|
allow="AllowUsers"
|
|
for ip in $ips; do
|
|
allow="${allow} root@${ip}"
|
|
done
|
|
sed -i "s~^AllowUsers .*~${allow}~" "${CONFDIR}/$jail/ssh/sshd_config"
|
|
notice "${jail} : update ip => ${ip}"
|
|
"${LIBDIR}/bkctld-is-on" "${jail}" && "${LIBDIR}/bkctld-reload" "${jail}"
|
|
"${LIBDIR}/bkctld-firewall" "${jail}"
|
|
fi
|