Subversion Repositories ALCASAR

Rev

Rev 3041 | Go to most recent revision | Show entire file | Ignore whitespace | Details | Blame | Last modification | View Log

Rev 3041 Rev 3042
Line -... Line 1...
- 
 
 1 
 
1 
#!/bin/bash
 2 
#!/bin/bash
2 
 
 3 
 
3 
# alcasar-ssh.sh
 4 
# alcasar-ssh.sh
4 
# by Alexandre Vezin
 5 
# by Alexandre Vezin
5 
 
 6 
 
Line 28... Line 29...
28 
        p)
 29 
        p)
29 
            SSH_PORT=${OPTARG}
 30 
            SSH_PORT=${OPTARG}
30 
			NUM_REGEX='^[0-9]+$'
 31 
			NUM_REGEX='^[0-9]+$'
31 
			if ! [[ $SSH_PORT =~ $NUM_REGEX ]];
 32 
			if ! [[ $SSH_PORT =~ $NUM_REGEX ]];
32 
			then
 33 
			then
33 
				echo "The port+$SSH_PORT+is invalid"
 34 
				echo "The port $SSH_PORT is invalid"
34 
				exit 1
 35 
				exit 1
35 
			fi
 36 
			fi
36 
			if [ $SSH_PORT -lt 0 ] || [ $SSH_PORT -gt 65535 ]
 37 
			if [ $SSH_PORT -lt 0 ] || [ $SSH_PORT -gt 65535 ]
37 
			then
 38 
			then
38 
				echo "The port+$SSH_PORT+is invalid"
 39 
				echo "The port $SSH_PORT is invalid"
39 
				exit 1
 40 
				exit 1
40 
			fi
 41 
			fi
41 
            ;;
 42 
            ;;
42 
		i)
 43 
		i)
43 
			IP_FROM=${OPTARG}
 44 
			IP_FROM=${OPTARG}
Line 60... Line 61...
60 
	-\? | -h* | --h*)
 61 
	-\? | -h* | --h*)
61 
		echo "$usage"
 62 
		echo "$usage"
62 
		exit 0
 63 
		exit 0
63 
		;;
 64 
		;;
64 
	--off | -off)
 65 
	--off | -off)
65 
		$NETWORK={NETWORK:="none"}
 66 
		NETWORK=${NETWORK:="none"}
66 
		if [ $NETWORK == "wan" ]
 67 
		if [ $NETWORK == "wan" ]
67 
		then
 68 
		then
68 
			# Editing Alcasar configuration - Deleting the port
 69 
			# Editing Alcasar configuration - Deleting the port
69 
        	$SED "s/^SSH_WAN=.*/SSH_WAN=/g" $ALCASAR_CONF
 70 
        	$SED "s/^SSH_WAN=.*/SSH_WAN=0/g" $ALCASAR_CONF
70 
			# Editing SSH configuration - Deleting any port other than 22
 71 
			# Editing SSH configuration - Deleting any port other than 22
71 
			$SED "/^.*Port\s[0-9]*/{/\s22$/!d}" $SSH_CONF
 72 
			$SED "/^.*Port\s[0-9]*/{/\s22$/!d}" $SSH_CONF
72 
			# Applying iptables
 73 
			# Applying iptables
73 
			/usr/local/bin/alcasar-iptables.sh
 74 
			/usr/local/bin/alcasar-iptables.sh
74 
		elif [ $NETWORK == "lan" ]
75 
		elif [ $NETWORK == "lan" ]
75 
		then
 76 
		then
76 
			# Editing Alcasar configuration
 77 
			# Editing Alcasar configuration
77 
			$SED "s/^SSH_LAN=.*/SSH_LAN=off/g" $ALCASAR_CONF
 78 
			$SED "s/^SSH_LAN=.*/SSH_LAN=0/g" $ALCASAR_CONF
78 
			# Applying iptables
 79 
			# Applying iptables
79 
			/usr/local/bin/alcasar-iptables.sh
 80 
			/usr/local/bin/alcasar-iptables.sh
80 
		else
 81 
		else
81 
			echo "$usage"
 82 
			echo "$usage"
82 
			exit 0
 83 
			exit 0
83 
		fi
 84 
		fi
84 
		# Check if LAN and WAN is off
 - 
 
85 
		LAN_STATUS = `grep ^SSH_LAN= $CONF_FILE|cut -d"=" -f2`
 - 
 
86 
		LAN_STATUS=${LAN_STATUS:=off}
 - 
 
87 
		WAN_STATUS = `grep ^SSH_WAN= $CONF_FILE|cut -d"=" -f2`
 - 
 
88 
		WAN_STATUS=${WAN_STATUS:=off}
 - 
 
89 
		if [ $LAN_STATUS == off ] && [ $WAN_STATUS == off ]
 - 
 
90 
		then
 - 
 
91 
			$SYSTEMCTL stop sshd
 - 
 
92 
			$SYSTEMCTL disable sshd
 - 
 
93 
		else
 - 
 
94 
			$SYSTEMCTL restart sshd
 85 
		$SYSTEMCTL restart sshd
95 
		fi
 - 
 
96 
		exit 0
 86 
		exit 0
97 
		;;
 87 
		;;
98 
	--on | -on)
 88 
	--on | -on)
99 
		NETWORK=${NETWORK:="none"}
 89 
		NETWORK=${NETWORK:="none"}
100 
		if [ $NETWORK == "wan" ]
 90 
		if [ $NETWORK == "wan" ]
101 
		then
 91 
		then
- 
 
 92 
			# Getting LAN IP
- 
 
 93 
			LAN_IP=`$GREP "^SSH_ADMIN_FROM=" $ALCASAR_CONF |cut -d"=" -f2|cut -d"/" -f1`
102 
			# Setting accepted IP in Alcasar configuration
 94 
			# Setting accepted IP in Alcasar configuration
103 
			IP_FROM=${IP_FROM:="0.0.0.0\/0"}
 95 
			IP_FROM=${IP_FROM:="0.0.0.0"}
104 
			$SED "s ^SSH_ADMIN_FROM=.* SSH_ADMIN_FROM=$IP_FROM g" $ALCASAR_CONF
 96 
			$SED "s ^SSH_ADMIN_FROM=.* SSH_ADMIN_FROM=$LAN_IP/$IP_FROM g" $ALCASAR_CONF
105 
			# Setting SSH port in Alcasar configuration
 97 
			# Setting SSH port in Alcasar configuration
106 
    		SSH_PORT=${SSH_PORT:=22}
 98 
    		SSH_PORT=${SSH_PORT:=22}
107 
			$SED "s/^SSH_WAN=.*/SSH_WAN=$SSH_PORT/g" $ALCASAR_CONF
 99 
			$SED "s/^SSH_WAN=.*/SSH_WAN=$SSH_PORT/g" $ALCASAR_CONF
- 
 
 100 
			LAN_PORT =`$GREP "^SSH_LAN=" $ALCASAR_CONF | cut -d"=" -f2`
- 
 
 101 
			LAN_PORT=${LAN_PORT:=0}
108 
			# Checking if there is already a port other than 22 set
 102 
			# Checking if there is already a port other than the LAN port set
109 
			if [ `grep -E "^.*Port\s[0-9]*" /etc/ssh/sshd_config| grep -vEc "\s22$"` -gt 0 ]
 103 
			if [ `grep -E "^.*Port\s[0-9]*" /etc/ssh/sshd_config| grep -vEc "\s$LAN_PORT$"` -gt 0 ]
110 
			then
 104 
			then
111 
				if [ $SSH_PORT -ne 22 ]
 105 
				if [ $SSH_PORT -ne $LAN_PORT ]
112 
				then
 106 
				then
113 
					# Editing SSH configuration - Changing any port other than 22
 107 
					# Editing SSH configuration - Changing any port other than the LAN port
114 
					$SED "/\s22$/! s/^.*Port\s[0-9]*/Port $SSH_PORT/" $SSH_CONF
 108 
					$SED "/\s$LAN_PORT$/! s/^.*Port\s[0-9]*/Port $SSH_PORT/" $SSH_CONF
115 
				else
 109 
				else
116 
					# Editing SSH configuration - Deleting any port other than 22 (as 22 port is used)
 110 
					# Editing SSH configuration - Deleting any port other than the LAN port
117 
					$SED "/^.*Port\s[0-9]*/{/\s22$/!d}" $SSH_CONF
 111 
					$SED "/^.*Port\s[0-9]*/{/\s$LAN_PORT$/!d}" $SSH_CONF
118 
				fi
 112 
				fi
119 
			else
 113 
			else
120 
				if [ $SSH_PORT -ne 22 ]
 114 
				if [ $SSH_PORT -ne $LAN_PORT ]
121 
				then
 115 
				then
122 
					# Adding the new SSH port in the config
 116 
					# Adding the new SSH port in the config
123 
					echo "Port $SSH_PORT" >> $SSH_CONF
 117 
					echo "Port $SSH_PORT" >> $SSH_CONF
124 
				fi
 118 
				fi
125 
			fi
 119 
			fi
126 
		# Applying iptables
 120 
			# Applying iptables
127 
		/usr/local/bin/alcasar-iptables.sh
 121 
			/usr/local/bin/alcasar-iptables.sh
128 
		elif [ $NETWORK == "lan" ]
 122 
		elif [ $NETWORK == "lan" ]
129 
		then
 123 
		then
- 
 
 124 
			# Getting WAN IP
- 
 
 125 
			WAN_IP=`$GREP "^SSH_ADMIN_FROM=" $ALCASAR_CONF |cut -d"=" -f2|cut -d"/" -f2`
- 
 
 126 
			# Setting accepted IP in Alcasar configuration
- 
 
 127 
			IP_FROM=${IP_FROM:="0.0.0.0"}
- 
 
 128 
			$SED "s ^SSH_ADMIN_FROM=.* SSH_ADMIN_FROM=$IP_FROM/$WAN_IP g" $ALCASAR_CONF
130 
			# Editing Alcasar configuration
 129 
			# Editing Alcasar configuration
131 
			$SED "s/^SSH_LAN=.*/SSH_LAN=on/g" $ALCASAR_CONF
 130 
			$SED "s/^SSH_LAN=.*/SSH_LAN=$SSH_PORT/g" $ALCASAR_CONF
- 
 
 131 
			# Setting SSH port in Alcasar configuration
- 
 
 132 
    		SSH_PORT=${SSH_PORT:=22}
- 
 
 133 
			$SED "s/^SSH_LAN=.*/SSH_LAN=$SSH_PORT/g" $ALCASAR_CONF
- 
 
 134 
			WAN_PORT =`$GREP "^SSH_WAN=" $ALCASAR_CONF | cut -d"=" -f2`
- 
 
 135 
			WAN_PORT=${WAN_PORT:=0}
- 
 
 136 
			# Checking if there is already a port other than the WAN port set
- 
 
 137 
			if [ `grep -E "^.*Port\s[0-9]*" /etc/ssh/sshd_config| grep -vEc "\s$WAN_PORT$"` -gt 0 ]
- 
 
 138 
			then
- 
 
 139 
				if [ $SSH_PORT -ne $WAN_PORT ]
- 
 
 140 
				then
- 
 
 141 
					# Editing SSH configuration - Changing any port other than the WAN port
- 
 
 142 
					$SED "/\s$WAN_PORT$/! s/^.*Port\s[0-9]*/Port $SSH_PORT/" $SSH_CONF
- 
 
 143 
				else
- 
 
 144 
					# Editing SSH configuration - Deleting any port other than the WAN port
- 
 
 145 
					$SED "/^.*Port\s[0-9]*/{/\s$WAN_PORT$/!d}" $SSH_CONF
- 
 
 146 
				fi
- 
 
 147 
			else
- 
 
 148 
				if [ $SSH_PORT -ne $WAN_PORT ]
- 
 
 149 
				then
- 
 
 150 
					# Adding the new SSH port in the config
- 
 
 151 
					echo "Port $SSH_PORT" >> $SSH_CONF
- 
 
 152 
				fi
- 
 
 153 
			fi
132 
			# Applying iptables
 154 
			# Applying iptables
133 
			/usr/local/bin/alcasar-iptables.sh
 155 
			/usr/local/bin/alcasar-iptables.sh
134 
		else
 156 
		else
135 
			echo "$usage"
 157 
			echo "$usage"
136 
			exit 0
 158 
			exit 0
137 
		fi
 159 
		fi
138 
		# Check if sshd is enabled
 - 
 
139 
		SSHD_STATUS=`systemctl is-enabled sshd`
 - 
 
140 
		SSHD_STATUS=${SSHD_STATUS:=disabled}
 - 
 
141 
		if [ $SSHD_STATUS == "enabled" ]
 - 
 
142 
		then
 - 
 
143 
			$SYSTEMCTL restart sshd
 - 
 
144 
		else
 - 
 
145 
			$SYSTEMCTL enable sshd
 - 
 
146 
			$SYSTEMCTL restart sshd
 160 
		$SYSTEMCTL restart sshd
147 
		fi
 - 
 
148 
        exit 0
 161 
        exit 0
149 
        ;;
 162 
        ;;
150 
	*)
 163 
	*)
151 
		echo "Argument inconnu : $1"
 164 
		echo "Argument inconnu : $1"
152 
		echo "$usage"
 165 
		echo "$usage"