WebSVN – ALCASAR – Blame – /scripts/alcasar-ssh.sh

Rev	Author	Line No.	Line
3042	rexy	1
3040	rexy	2	`#!/bin/bash`
		3
		4	`# alcasar-ssh.sh`
		5	`# by Alexandre Vezin`
		6
3041	rexy	7	`# enable/disable SSH on external card`
		8	`# activation/désactivation de SSH sur la carte réseau externe`
3040	rexy	9
		10	`SED="/bin/sed -i"`
		11	`CAT="/bin/cat"`
		12	`GREP="/bin/grep"`
3041	rexy	13	`SYSTEMCTL="/bin/systemctl"`
3040	rexy	14	`ALCASAR_CONF="/usr/local/etc/alcasar.conf"`
		15	`SSH_CONF="/etc/ssh/sshd_config"`
		16
3041	rexy	17	`usage="Usage: alcasar-ssh.sh {--off \| -off} \| {--on \| -on} [-p port] [-i allowed ip] {-l lan} \| {-w wan}" # \| {--all \| -all} à add pour off all?`
3040	rexy	18
		19	`nb_args=$#`
		20	`args=$1`
		21	`if [ $nb_args -eq 0 ]`
		22	`then`
		23	`echo "$usage"`
		24	`exit 1`
		25	`fi`
		26
3041	rexy	27	`while getopts ":p:i:wl" portarg; do`
3040	rexy	28	`case "${portarg}" in`
		29	`p)`
		30	`SSH_PORT=${OPTARG}`
3041	rexy	31	`NUM_REGEX='^[0-9]+$'`
		32	`if ! [[ $SSH_PORT =~ $NUM_REGEX ]];`
		33	`then`
3042	rexy	34	`echo "The port $SSH_PORT is invalid"`
3041	rexy	35	`exit 1`
		36	`fi`
3040	rexy	37	`if [ $SSH_PORT -lt 0 ] \|\| [ $SSH_PORT -gt 65535 ]`
3041	rexy	38	`then`
3042	rexy	39	`echo "The port $SSH_PORT is invalid"`
3040	rexy	40	`exit 1`
		41	`fi`
		42	`;;`
3041	rexy	43	`i)`
		44	`IP_FROM=${OPTARG}`
		45	`ipcalc -c $IP_FROM`
		46	`if [ $? -ne 0 ]`
		47	`then`
		48	`exit 1;`
		49	`fi`
		50	`;;`
		51	`w)`
		52	`NETWORK="wan"`
		53	`;;`
		54	`l)`
		55	`NETWORK="lan"`
		56	`;;`
3040	rexy	57	`esac`
		58	`done`
		59
		60	`case $args in`
		61	`-\? \| -h* \| --h*)`
		62	`echo "$usage"`
		63	`exit 0`
		64	`;;`
		65	`--off \| -off)`
3042	rexy	66	`NETWORK=${NETWORK:="none"}`
3041	rexy	67	`if [ $NETWORK == "wan" ]`
		68	`then`
		69	`# Editing Alcasar configuration - Deleting the port`
3042	rexy	70	`$SED "s/^SSH_WAN=.*/SSH_WAN=0/g" $ALCASAR_CONF`
3041	rexy	71	`# Editing SSH configuration - Deleting any port other than 22`
		72	`$SED "/^.Port\s[0-9]/{/\s22$/!d}" $SSH_CONF`
		73	`# Applying iptables`
		74	`/usr/local/bin/alcasar-iptables.sh`
		75	`elif [ $NETWORK == "lan" ]`
		76	`then`
		77	`# Editing Alcasar configuration`
3042	rexy	78	`$SED "s/^SSH_LAN=.*/SSH_LAN=0/g" $ALCASAR_CONF`
3041	rexy	79	`# Applying iptables`
		80	`/usr/local/bin/alcasar-iptables.sh`
		81	`else`
		82	`echo "$usage"`
		83	`exit 0`
		84	`fi`
3042	rexy	85	`$SYSTEMCTL restart sshd`
3040	rexy	86	`exit 0`
		87	`;;`
		88	`--on \| -on)`
3041	rexy	89	`NETWORK=${NETWORK:="none"}`
		90	`if [ $NETWORK == "wan" ]`
		91	`then`
3042	rexy	92	`# Getting LAN IP`
		93	LAN_IP=`$GREP "^SSH_ADMIN_FROM=" $ALCASAR_CONF \|cut -d"=" -f2\|cut -d"/" -f1`
3041	rexy	94	`# Setting accepted IP in Alcasar configuration`
3042	rexy	95	`IP_FROM=${IP_FROM:="0.0.0.0"}`
		96	`$SED "s ^SSH_ADMIN_FROM=.* SSH_ADMIN_FROM=$LAN_IP/$IP_FROM g" $ALCASAR_CONF`
3041	rexy	97	`# Setting SSH port in Alcasar configuration`
		98	`SSH_PORT=${SSH_PORT:=22}`
		99	`$SED "s/^SSH_WAN=.*/SSH_WAN=$SSH_PORT/g" $ALCASAR_CONF`
3134	rexy	100	LAN_PORT=`$GREP "^SSH_LAN=" $ALCASAR_CONF \| cut -d"=" -f2`
3042	rexy	101	`LAN_PORT=${LAN_PORT:=0}`
		102	`# Checking if there is already a port other than the LAN port set`
		103	if [ `grep -E "^.Port\s[0-9]" /etc/ssh/sshd_config\| grep -vEc "\s$LAN_PORT$"` -gt 0 ]
3040	rexy	104	`then`
3042	rexy	105	`if [ $SSH_PORT -ne $LAN_PORT ]`
3041	rexy	106	`then`
3042	rexy	107	`# Editing SSH configuration - Changing any port other than the LAN port`
		108	`$SED "/\s$LAN_PORT$/! s/^.Port\s[0-9]/Port $SSH_PORT/" $SSH_CONF`
3041	rexy	109	`else`
3042	rexy	110	`# Editing SSH configuration - Deleting any port other than the LAN port`
		111	`$SED "/^.Port\s[0-9]/{/\s$LAN_PORT$/!d}" $SSH_CONF`
3040	rexy	112	`fi`
		113	`else`
3042	rexy	114	`if [ $SSH_PORT -ne $LAN_PORT ]`
3041	rexy	115	`then`
3040	rexy	116	`# Adding the new SSH port in the config`
		117	`echo "Port $SSH_PORT" >> $SSH_CONF`
		118	`fi`
		119	`fi`
3042	rexy	120	`# Applying iptables`
		121	`/usr/local/bin/alcasar-iptables.sh`
3041	rexy	122	`elif [ $NETWORK == "lan" ]`
		123	`then`
3042	rexy	124	`# Getting WAN IP`
		125	WAN_IP=`$GREP "^SSH_ADMIN_FROM=" $ALCASAR_CONF \|cut -d"=" -f2\|cut -d"/" -f2`
		126	`# Setting accepted IP in Alcasar configuration`
		127	`IP_FROM=${IP_FROM:="0.0.0.0"}`
		128	`$SED "s ^SSH_ADMIN_FROM=.* SSH_ADMIN_FROM=$IP_FROM/$WAN_IP g" $ALCASAR_CONF`
3041	rexy	129	`# Editing Alcasar configuration`
3042	rexy	130	`$SED "s/^SSH_LAN=.*/SSH_LAN=$SSH_PORT/g" $ALCASAR_CONF`
		131	`# Setting SSH port in Alcasar configuration`
		132	`SSH_PORT=${SSH_PORT:=22}`
		133	`$SED "s/^SSH_LAN=.*/SSH_LAN=$SSH_PORT/g" $ALCASAR_CONF`
3134	rexy	134	WAN_PORT=`$GREP "^SSH_WAN=" $ALCASAR_CONF \| cut -d"=" -f2`
3042	rexy	135	`WAN_PORT=${WAN_PORT:=0}`
		136	`# Checking if there is already a port other than the WAN port set`
		137	if [ `grep -E "^.Port\s[0-9]" /etc/ssh/sshd_config\| grep -vEc "\s$WAN_PORT$"` -gt 0 ]
		138	`then`
		139	`if [ $SSH_PORT -ne $WAN_PORT ]`
		140	`then`
		141	`# Editing SSH configuration - Changing any port other than the WAN port`
		142	`$SED "/\s$WAN_PORT$/! s/^.Port\s[0-9]/Port $SSH_PORT/" $SSH_CONF`
		143	`else`
		144	`# Editing SSH configuration - Deleting any port other than the WAN port`
		145	`$SED "/^.Port\s[0-9]/{/\s$WAN_PORT$/!d}" $SSH_CONF`
		146	`fi`
		147	`else`
		148	`if [ $SSH_PORT -ne $WAN_PORT ]`
		149	`then`
		150	`# Adding the new SSH port in the config`
		151	`echo "Port $SSH_PORT" >> $SSH_CONF`
		152	`fi`
		153	`fi`
3041	rexy	154	`# Applying iptables`
		155	`/usr/local/bin/alcasar-iptables.sh`
		156	`else`
		157	`echo "$usage"`
		158	`exit 0`
3042	rexy	159	`fi`
		160	`$SYSTEMCTL restart sshd`
3040	rexy	161	`exit 0`
		162	`;;`
		163	`*)`
		164	`echo "Argument inconnu : $1"`
		165	`echo "$usage"`
		166	`exit 1`
		167	`;;`
		168	`esac`

Subversion Repositories ALCASAR

(root)/scripts/alcasar-ssh.sh @ 3041 – Rev 3134