| 3040 |
rexy |
1 |
#!/bin/bash
|
|
|
2 |
|
|
|
3 |
# alcasar-ssh.sh
|
|
|
4 |
# by Alexandre Vezin
|
|
|
5 |
|
|
|
6 |
# enable/disable SSH on external NIC (EXTIF). Set the listen port on EXTIF
|
|
|
7 |
# activation/désactivation de SSH sur la carte réseau externe (EXTIF). Définit le port d'écoute sur EXTIF
|
|
|
8 |
|
|
|
9 |
SED="/bin/sed -i"
|
|
|
10 |
CAT="/bin/cat"
|
|
|
11 |
GREP="/bin/grep"
|
|
|
12 |
ALCASAR_CONF="/usr/local/etc/alcasar.conf"
|
|
|
13 |
SSH_CONF="/etc/ssh/sshd_config"
|
|
|
14 |
|
|
|
15 |
usage="Usage: alcasar-ssh.sh {--off | -off} | {--on | -on} [-p port]"
|
|
|
16 |
|
|
|
17 |
nb_args=$#
|
|
|
18 |
args=$1
|
|
|
19 |
echo "Checking args" >> '/tmp/alcasar_sms_tmp.log'
|
|
|
20 |
if [ $nb_args -eq 0 ]
|
|
|
21 |
then
|
|
|
22 |
echo "No args" >> '/tmp/alcasar_sms_tmp.log'
|
|
|
23 |
echo "$usage"
|
|
|
24 |
exit 1
|
|
|
25 |
fi
|
|
|
26 |
|
|
|
27 |
while getopts ":p:" portarg; do
|
|
|
28 |
case "${portarg}" in
|
|
|
29 |
p)
|
|
|
30 |
echo "Port check" >> '/tmp/alcasar_sms_tmp.log'
|
|
|
31 |
SSH_PORT=${OPTARG}
|
|
|
32 |
echo "Port : $SSH_PORT" >> /tmp/alcasar_sms_tmp.log
|
|
|
33 |
if [ $SSH_PORT -lt 0 ] || [ $SSH_PORT -gt 65535 ]
|
|
|
34 |
then
|
|
|
35 |
echo "Invalid port" >> /tmp/alcasar_sms_tmp.log
|
|
|
36 |
echo "The port $SSH_PORT is invalid"
|
|
|
37 |
exit 1
|
|
|
38 |
fi
|
|
|
39 |
;;
|
|
|
40 |
esac
|
|
|
41 |
done
|
|
|
42 |
|
|
|
43 |
case $args in
|
|
|
44 |
-\? | -h* | --h*)
|
|
|
45 |
echo "$usage"
|
|
|
46 |
exit 0
|
|
|
47 |
;;
|
|
|
48 |
--off | -off)
|
|
|
49 |
echo "off" >> '/tmp/alcasar_sms_tmp.log'
|
|
|
50 |
# Editing Alcasar configuration - Deleting the port
|
|
|
51 |
$SED "s/^SSH_WAN=.*/SSH_WAN=/g" $ALCASAR_CONF
|
|
|
52 |
# Editing SSH configuration - Deleting any port other than 22
|
|
|
53 |
$SED "/^.*Port\s[0-9]*/{/\s22$/!d}" $SSH_CONF
|
|
|
54 |
# Applying iptables
|
|
|
55 |
/usr/local/bin/alcasar-iptables.sh
|
|
|
56 |
# Restarting SSH
|
|
|
57 |
/usr/bin/systemctl restart sshd
|
|
|
58 |
exit 0
|
|
|
59 |
;;
|
|
|
60 |
--on | -on)
|
|
|
61 |
SSH_PORT=${SSH_PORT:=22}
|
|
|
62 |
echo "on" >> '/tmp/alcasar_sms_tmp.log'
|
|
|
63 |
$SED "s/^SSH_WAN=.*/SSH_WAN=$SSH_PORT/g" $ALCASAR_CONF
|
|
|
64 |
# Checking if there is already a port other than set
|
|
|
65 |
if [ `grep -E "^.*Port\s[0-9]*" /etc/ssh/sshd_config| grep -vEc "\s22$"` -gt 0 ]
|
|
|
66 |
then
|
|
|
67 |
if [ $SSH_PORT -ne 22 ]
|
|
|
68 |
then
|
|
|
69 |
# Editing SSH configuration - Changing any port other than 22
|
|
|
70 |
$SED "/\s22$/! s/^.*Port\s[0-9]*/Port $SSH_PORT/" $SSH_CONF
|
|
|
71 |
else
|
|
|
72 |
# Editing SSH configuration - Deleting any port other than 22 (as 22 port is used)
|
|
|
73 |
$SED "/^.*Port\s[0-9]*/{/\s22$/!d}" $SSH_CONF
|
|
|
74 |
fi
|
|
|
75 |
else
|
|
|
76 |
if [ $SSH_PORT -ne 22 ]
|
|
|
77 |
then
|
|
|
78 |
# Adding the new SSH port in the config
|
|
|
79 |
echo "Port $SSH_PORT" >> $SSH_CONF
|
|
|
80 |
fi
|
|
|
81 |
fi
|
|
|
82 |
# Applying iptables
|
|
|
83 |
/usr/local/bin/alcasar-iptables.sh
|
|
|
84 |
# Restarting SSH
|
|
|
85 |
/usr/bin/systemctl restart sshd
|
|
|
86 |
exit 0
|
|
|
87 |
;;
|
|
|
88 |
*)
|
|
|
89 |
echo "Argument inconnu : $1"
|
|
|
90 |
echo "$usage"
|
|
|
91 |
exit 1
|
|
|
92 |
;;
|
|
|
93 |
esac
|