Subversion Repositories ALCASAR

Rev

Rev 3040 | Go to most recent revision | Details | Compare with Previous | Last modification | View Log

Rev Author Line No. Line
3040 rexy 1
#!/bin/bash
2
 
3
# alcasar-ssh.sh
4
# by Alexandre Vezin
5
 
3041 rexy 6
# enable/disable SSH on external card
7
# activation/désactivation de SSH sur la carte réseau externe
3040 rexy 8
 
9
SED="/bin/sed -i"
10
CAT="/bin/cat"
11
GREP="/bin/grep"
3041 rexy 12
SYSTEMCTL="/bin/systemctl"
3040 rexy 13
ALCASAR_CONF="/usr/local/etc/alcasar.conf"
14
SSH_CONF="/etc/ssh/sshd_config"
15
 
3041 rexy 16
usage="Usage: alcasar-ssh.sh {--off | -off} | {--on | -on} [-p port] [-i allowed ip] {-l lan} | {-w wan}" # | {--all | -all} à add pour off all?
3040 rexy 17
 
18
nb_args=$#
19
args=$1
20
if [ $nb_args -eq 0 ]
21
then
22
	echo "$usage"
23
	exit 1
24
fi
25
 
3041 rexy 26
while getopts ":p:i:wl" portarg; do
3040 rexy 27
    case "${portarg}" in
28
        p)
29
            SSH_PORT=${OPTARG}
3041 rexy 30
			NUM_REGEX='^[0-9]+$'
31
			if ! [[ $SSH_PORT =~ $NUM_REGEX ]];
32
			then
33
				echo "The port+$SSH_PORT+is invalid"
34
				exit 1
35
			fi
3040 rexy 36
			if [ $SSH_PORT -lt 0 ] || [ $SSH_PORT -gt 65535 ]
3041 rexy 37
			then
38
				echo "The port+$SSH_PORT+is invalid"
3040 rexy 39
				exit 1
40
			fi
41
            ;;
3041 rexy 42
		i)
43
			IP_FROM=${OPTARG}
44
			ipcalc -c $IP_FROM
45
			if [ $? -ne 0 ]
46
			then
47
				exit 1;
48
			fi
49
			;;
50
		w)
51
			NETWORK="wan"
52
			;;
53
		l)
54
			NETWORK="lan"
55
			;;
3040 rexy 56
    esac
57
done
58
 
59
case $args in
60
	-\? | -h* | --h*)
61
		echo "$usage"
62
		exit 0
63
		;;
64
	--off | -off)
3041 rexy 65
		$NETWORK={NETWORK:="none"}
66
		if [ $NETWORK == "wan" ]
67
		then
68
			# Editing Alcasar configuration - Deleting the port
69
        	$SED "s/^SSH_WAN=.*/SSH_WAN=/g" $ALCASAR_CONF
70
			# Editing SSH configuration - Deleting any port other than 22
71
			$SED "/^.*Port\s[0-9]*/{/\s22$/!d}" $SSH_CONF
72
			# Applying iptables
73
			/usr/local/bin/alcasar-iptables.sh
74
		elif [ $NETWORK == "lan" ] 
75
		then
76
			# Editing Alcasar configuration
77
			$SED "s/^SSH_LAN=.*/SSH_LAN=off/g" $ALCASAR_CONF
78
			# Applying iptables
79
			/usr/local/bin/alcasar-iptables.sh
80
		else
81
			echo "$usage"
82
			exit 0
83
		fi
84
		# Check if LAN and WAN is off
85
		LAN_STATUS = `grep ^SSH_LAN= $CONF_FILE|cut -d"=" -f2`
86
		LAN_STATUS=${LAN_STATUS:=off}
87
		WAN_STATUS = `grep ^SSH_WAN= $CONF_FILE|cut -d"=" -f2`
88
		WAN_STATUS=${WAN_STATUS:=off}
89
		if [ $LAN_STATUS == off ] && [ $WAN_STATUS == off ]
90
		then
91
			$SYSTEMCTL stop sshd
92
			$SYSTEMCTL disable sshd
93
		else
94
			$SYSTEMCTL restart sshd
95
		fi
3040 rexy 96
		exit 0
97
		;;
98
	--on | -on)
3041 rexy 99
		NETWORK=${NETWORK:="none"}
100
		if [ $NETWORK == "wan" ]
101
		then
102
			# Setting accepted IP in Alcasar configuration
103
			IP_FROM=${IP_FROM:="0.0.0.0\/0"}
104
			$SED "s ^SSH_ADMIN_FROM=.* SSH_ADMIN_FROM=$IP_FROM g" $ALCASAR_CONF
105
			# Setting SSH port in Alcasar configuration
106
    		SSH_PORT=${SSH_PORT:=22}
107
			$SED "s/^SSH_WAN=.*/SSH_WAN=$SSH_PORT/g" $ALCASAR_CONF
108
			# Checking if there is already a port other than 22 set
109
			if [ `grep -E "^.*Port\s[0-9]*" /etc/ssh/sshd_config| grep -vEc "\s22$"` -gt 0 ]
3040 rexy 110
			then
111
				if [ $SSH_PORT -ne 22 ]
3041 rexy 112
				then
3040 rexy 113
					# Editing SSH configuration - Changing any port other than 22
114
					$SED "/\s22$/! s/^.*Port\s[0-9]*/Port $SSH_PORT/" $SSH_CONF
3041 rexy 115
				else
3040 rexy 116
					# Editing SSH configuration - Deleting any port other than 22 (as 22 port is used)
117
					$SED "/^.*Port\s[0-9]*/{/\s22$/!d}" $SSH_CONF
118
				fi
119
			else
120
				if [ $SSH_PORT -ne 22 ]
3041 rexy 121
				then
3040 rexy 122
					# Adding the new SSH port in the config
123
					echo "Port $SSH_PORT" >> $SSH_CONF
124
				fi
125
			fi
126
		# Applying iptables
127
		/usr/local/bin/alcasar-iptables.sh
3041 rexy 128
		elif [ $NETWORK == "lan" ]
129
		then
130
			# Editing Alcasar configuration
131
			$SED "s/^SSH_LAN=.*/SSH_LAN=on/g" $ALCASAR_CONF
132
			# Applying iptables
133
			/usr/local/bin/alcasar-iptables.sh
134
		else
135
			echo "$usage"
136
			exit 0
137
		fi
138
		# Check if sshd is enabled
139
		SSHD_STATUS=`systemctl is-enabled sshd`
140
		SSHD_STATUS=${SSHD_STATUS:=disabled}
141
		if [ $SSHD_STATUS == "enabled" ]
142
		then
143
			$SYSTEMCTL restart sshd
144
		else
145
			$SYSTEMCTL enable sshd
146
			$SYSTEMCTL restart sshd
147
		fi
3040 rexy 148
        exit 0
149
        ;;
150
	*)
151
		echo "Argument inconnu : $1"
152
		echo "$usage"
153
		exit 1
154
		;;
155
esac