WebSVN – ALCASAR – Diff – /scripts/alcasar-ssh.sh


 
#!/bin/bash
 
# alcasar-ssh.sh
# by Alexandre Vezin
 
# enable/disable SSH on external card
# activation/désactivation de SSH sur la carte réseau externe
 
SED="/bin/sed -i"
CAT="/bin/cat"
GREP="/bin/grep"
SYSTEMCTL="/bin/systemctl"
ALCASAR_CONF="/usr/local/etc/alcasar.conf"
SSH_CONF="/etc/ssh/sshd_config"
 
usage="Usage: alcasar-ssh.sh {--off | -off} | {--on | -on} [-p port] [-i allowed ip] {-l lan} | {-w wan}" # | {--all | -all} à add pour off all?
 
nb_args=$#
args=$1
if [ $nb_args -eq 0 ]
then
	echo "$usage"
	exit 1
fi
 
while getopts ":p:i:wl" portarg; do
    case "${portarg}" in
        p)
            SSH_PORT=${OPTARG}
			NUM_REGEX='^[0-9]+$'
			if ! [[ $SSH_PORT =~ $NUM_REGEX ]];
			then
				echo "The port $SSH_PORT is invalid"
				exit 1
			fi
			if [ $SSH_PORT -lt 0 ] || [ $SSH_PORT -gt 65535 ]
			then
				echo "The port $SSH_PORT is invalid"
				exit 1
			fi
            ;;
		i)
			IP_FROM=${OPTARG}
			ipcalc -c $IP_FROM
			if [ $? -ne 0 ]
			then
				exit 1;
			fi
			;;
		w)
			NETWORK="wan"
			;;
		l)
			NETWORK="lan"
			;;
    esac
done
 
case $args in
	-\? | -h* | --h*)
		echo "$usage"
		exit 0
		;;
	--off | -off)
		NETWORK=${NETWORK:="none"}
		if [ $NETWORK == "wan" ]
		then
			# Editing Alcasar configuration - Deleting the port
        	$SED "s/^SSH_WAN=.*/SSH_WAN=0/g" $ALCASAR_CONF
			# Editing SSH configuration - Deleting any port other than 22
			$SED "/^.*Port\s[0-9]*/{/\s22$/!d}" $SSH_CONF
			# Applying iptables
			/usr/local/bin/alcasar-iptables.sh
		elif [ $NETWORK == "lan" ] 
		then
			# Editing Alcasar configuration
			$SED "s/^SSH_LAN=.*/SSH_LAN=0/g" $ALCASAR_CONF
			# Applying iptables
			/usr/local/bin/alcasar-iptables.sh
		else
			echo "$usage"
			exit 0
		fi
		$SYSTEMCTL restart sshd
		exit 0
		;;
	--on | -on)
		NETWORK=${NETWORK:="none"}
		if [ $NETWORK == "wan" ]
		then
			# Getting LAN IP
			LAN_IP=`$GREP "^SSH_ADMIN_FROM=" $ALCASAR_CONF |cut -d"=" -f2|cut -d"/" -f1`
			# Setting accepted IP in Alcasar configuration
			IP_FROM=${IP_FROM:="0.0.0.0"}
			$SED "s ^SSH_ADMIN_FROM=.* SSH_ADMIN_FROM=$LAN_IP/$IP_FROM g" $ALCASAR_CONF
			# Setting SSH port in Alcasar configuration
    		SSH_PORT=${SSH_PORT:=22}
			$SED "s/^SSH_WAN=.*/SSH_WAN=$SSH_PORT/g" $ALCASAR_CONF
			LAN_PORT=`$GREP "^SSH_LAN=" $ALCASAR_CONF | cut -d"=" -f2`
			LAN_PORT=${LAN_PORT:=0}
			# Checking if there is already a port other than the LAN port set
			if [ `grep -E "^.*Port\s[0-9]*" /etc/ssh/sshd_config| grep -vEc "\s$LAN_PORT$"` -gt 0 ]
			then
				if [ $SSH_PORT -ne $LAN_PORT ]
				then
					# Editing SSH configuration - Changing any port other than the LAN port
					$SED "/\s$LAN_PORT$/! s/^.*Port\s[0-9]*/Port $SSH_PORT/" $SSH_CONF
				else
					# Editing SSH configuration - Deleting any port other than the LAN port
					$SED "/^.*Port\s[0-9]*/{/\s$LAN_PORT$/!d}" $SSH_CONF
				fi
			else
				if [ $SSH_PORT -ne $LAN_PORT ]
				then
					# Adding the new SSH port in the config
					echo "Port $SSH_PORT" >> $SSH_CONF
				fi
			fi
			# Applying iptables
			/usr/local/bin/alcasar-iptables.sh
		elif [ $NETWORK == "lan" ]
		then
			# Getting WAN IP
			WAN_IP=`$GREP "^SSH_ADMIN_FROM=" $ALCASAR_CONF |cut -d"=" -f2|cut -d"/" -f2`
			# Setting accepted IP in Alcasar configuration
			IP_FROM=${IP_FROM:="0.0.0.0"}
			$SED "s ^SSH_ADMIN_FROM=.* SSH_ADMIN_FROM=$IP_FROM/$WAN_IP g" $ALCASAR_CONF
			# Editing Alcasar configuration
			$SED "s/^SSH_LAN=.*/SSH_LAN=$SSH_PORT/g" $ALCASAR_CONF
			# Setting SSH port in Alcasar configuration
    		SSH_PORT=${SSH_PORT:=22}
			$SED "s/^SSH_LAN=.*/SSH_LAN=$SSH_PORT/g" $ALCASAR_CONF
			WAN_PORT=`$GREP "^SSH_WAN=" $ALCASAR_CONF | cut -d"=" -f2`
			WAN_PORT=${WAN_PORT:=0}
			# Checking if there is already a port other than the WAN port set
			if [ `grep -E "^.*Port\s[0-9]*" /etc/ssh/sshd_config| grep -vEc "\s$WAN_PORT$"` -gt 0 ]
			then
				if [ $SSH_PORT -ne $WAN_PORT ]
				then
					# Editing SSH configuration - Changing any port other than the WAN port
					$SED "/\s$WAN_PORT$/! s/^.*Port\s[0-9]*/Port $SSH_PORT/" $SSH_CONF
				else
					# Editing SSH configuration - Deleting any port other than the WAN port
					$SED "/^.*Port\s[0-9]*/{/\s$WAN_PORT$/!d}" $SSH_CONF
				fi
			else
				if [ $SSH_PORT -ne $WAN_PORT ]
				then
					# Adding the new SSH port in the config
					echo "Port $SSH_PORT" >> $SSH_CONF
				fi
			fi
			# Applying iptables
			/usr/local/bin/alcasar-iptables.sh
		else
			echo "$usage"
			exit 0
		fi		
		$SYSTEMCTL restart sshd
        exit 0
        ;;
	*)
		echo "Argument inconnu : $1"
		echo "$usage"
		exit 1
		;;
esac
 

Rev 3042	Rev 3134
1		1
2	`#!/bin/bash`	2	`#!/bin/bash`
3		3
4	`# alcasar-ssh.sh`	4	`# alcasar-ssh.sh`
5	`# by Alexandre Vezin`	5	`# by Alexandre Vezin`
6		6
7	`# enable/disable SSH on external card`	7	`# enable/disable SSH on external card`
8	`# activation/désactivation de SSH sur la carte réseau externe`	8	`# activation/désactivation de SSH sur la carte réseau externe`
9		9
10	`SED="/bin/sed -i"`	10	`SED="/bin/sed -i"`
11	`CAT="/bin/cat"`	11	`CAT="/bin/cat"`
12	`GREP="/bin/grep"`	12	`GREP="/bin/grep"`
13	`SYSTEMCTL="/bin/systemctl"`	13	`SYSTEMCTL="/bin/systemctl"`
14	`ALCASAR_CONF="/usr/local/etc/alcasar.conf"`	14	`ALCASAR_CONF="/usr/local/etc/alcasar.conf"`
15	`SSH_CONF="/etc/ssh/sshd_config"`	15	`SSH_CONF="/etc/ssh/sshd_config"`
16		16
17	`usage="Usage: alcasar-ssh.sh {--off \| -off} \| {--on \| -on} [-p port] [-i allowed ip] {-l lan} \| {-w wan}" # \| {--all \| -all} à add pour off all?`	17	`usage="Usage: alcasar-ssh.sh {--off \| -off} \| {--on \| -on} [-p port] [-i allowed ip] {-l lan} \| {-w wan}" # \| {--all \| -all} à add pour off all?`
18		18
19	`nb_args=$#`	19	`nb_args=$#`
20	`args=$1`	20	`args=$1`
21	`if [ $nb_args -eq 0 ]`	21	`if [ $nb_args -eq 0 ]`
22	`then`	22	`then`
23	`echo "$usage"`	23	`echo "$usage"`
24	`exit 1`	24	`exit 1`
25	`fi`	25	`fi`
26		26
27	`while getopts ":p:i:wl" portarg; do`	27	`while getopts ":p:i:wl" portarg; do`
28	`case "${portarg}" in`	28	`case "${portarg}" in`
29	`p)`	29	`p)`
30	`SSH_PORT=${OPTARG}`	30	`SSH_PORT=${OPTARG}`
31	`NUM_REGEX='^[0-9]+$'`	31	`NUM_REGEX='^[0-9]+$'`
32	`if ! [[ $SSH_PORT =~ $NUM_REGEX ]];`	32	`if ! [[ $SSH_PORT =~ $NUM_REGEX ]];`
33	`then`	33	`then`
34	`echo "The port $SSH_PORT is invalid"`	34	`echo "The port $SSH_PORT is invalid"`
35	`exit 1`	35	`exit 1`
36	`fi`	36	`fi`
37	`if [ $SSH_PORT -lt 0 ] \|\| [ $SSH_PORT -gt 65535 ]`	37	`if [ $SSH_PORT -lt 0 ] \|\| [ $SSH_PORT -gt 65535 ]`
38	`then`	38	`then`
39	`echo "The port $SSH_PORT is invalid"`	39	`echo "The port $SSH_PORT is invalid"`
40	`exit 1`	40	`exit 1`
41	`fi`	41	`fi`
42	`;;`	42	`;;`
43	`i)`	43	`i)`
44	`IP_FROM=${OPTARG}`	44	`IP_FROM=${OPTARG}`
45	`ipcalc -c $IP_FROM`	45	`ipcalc -c $IP_FROM`
46	`if [ $? -ne 0 ]`	46	`if [ $? -ne 0 ]`
47	`then`	47	`then`
48	`exit 1;`	48	`exit 1;`
49	`fi`	49	`fi`
50	`;;`	50	`;;`
51	`w)`	51	`w)`
52	`NETWORK="wan"`	52	`NETWORK="wan"`
53	`;;`	53	`;;`
54	`l)`	54	`l)`
55	`NETWORK="lan"`	55	`NETWORK="lan"`
56	`;;`	56	`;;`
57	`esac`	57	`esac`
58	`done`	58	`done`
59		59
60	`case $args in`	60	`case $args in`
61	`-\? \| -h* \| --h*)`	61	`-\? \| -h* \| --h*)`
62	`echo "$usage"`	62	`echo "$usage"`
63	`exit 0`	63	`exit 0`
64	`;;`	64	`;;`
65	`--off \| -off)`	65	`--off \| -off)`
66	`NETWORK=${NETWORK:="none"}`	66	`NETWORK=${NETWORK:="none"}`
67	`if [ $NETWORK == "wan" ]`	67	`if [ $NETWORK == "wan" ]`
68	`then`	68	`then`
69	`# Editing Alcasar configuration - Deleting the port`	69	`# Editing Alcasar configuration - Deleting the port`
70	`$SED "s/^SSH_WAN=.*/SSH_WAN=0/g" $ALCASAR_CONF`	70	`$SED "s/^SSH_WAN=.*/SSH_WAN=0/g" $ALCASAR_CONF`
71	`# Editing SSH configuration - Deleting any port other than 22`	71	`# Editing SSH configuration - Deleting any port other than 22`
72	`$SED "/^.Port\s[0-9]/{/\s22$/!d}" $SSH_CONF`	72	`$SED "/^.Port\s[0-9]/{/\s22$/!d}" $SSH_CONF`
73	`# Applying iptables`	73	`# Applying iptables`
74	`/usr/local/bin/alcasar-iptables.sh`	74	`/usr/local/bin/alcasar-iptables.sh`
75	`elif [ $NETWORK == "lan" ]`	75	`elif [ $NETWORK == "lan" ]`
76	`then`	76	`then`
77	`# Editing Alcasar configuration`	77	`# Editing Alcasar configuration`
78	`$SED "s/^SSH_LAN=.*/SSH_LAN=0/g" $ALCASAR_CONF`	78	`$SED "s/^SSH_LAN=.*/SSH_LAN=0/g" $ALCASAR_CONF`
79	`# Applying iptables`	79	`# Applying iptables`
80	`/usr/local/bin/alcasar-iptables.sh`	80	`/usr/local/bin/alcasar-iptables.sh`
81	`else`	81	`else`
82	`echo "$usage"`	82	`echo "$usage"`
83	`exit 0`	83	`exit 0`
84	`fi`	84	`fi`
85	`$SYSTEMCTL restart sshd`	85	`$SYSTEMCTL restart sshd`
86	`exit 0`	86	`exit 0`
87	`;;`	87	`;;`
88	`--on \| -on)`	88	`--on \| -on)`
89	`NETWORK=${NETWORK:="none"}`	89	`NETWORK=${NETWORK:="none"}`
90	`if [ $NETWORK == "wan" ]`	90	`if [ $NETWORK == "wan" ]`
91	`then`	91	`then`
92	`# Getting LAN IP`	92	`# Getting LAN IP`
93	LAN_IP=`$GREP "^SSH_ADMIN_FROM=" $ALCASAR_CONF \|cut -d"=" -f2\|cut -d"/" -f1`	93	LAN_IP=`$GREP "^SSH_ADMIN_FROM=" $ALCASAR_CONF \|cut -d"=" -f2\|cut -d"/" -f1`
94	`# Setting accepted IP in Alcasar configuration`	94	`# Setting accepted IP in Alcasar configuration`
95	`IP_FROM=${IP_FROM:="0.0.0.0"}`	95	`IP_FROM=${IP_FROM:="0.0.0.0"}`
96	`$SED "s ^SSH_ADMIN_FROM=.* SSH_ADMIN_FROM=$LAN_IP/$IP_FROM g" $ALCASAR_CONF`	96	`$SED "s ^SSH_ADMIN_FROM=.* SSH_ADMIN_FROM=$LAN_IP/$IP_FROM g" $ALCASAR_CONF`
97	`# Setting SSH port in Alcasar configuration`	97	`# Setting SSH port in Alcasar configuration`
98	`SSH_PORT=${SSH_PORT:=22}`	98	`SSH_PORT=${SSH_PORT:=22}`
99	`$SED "s/^SSH_WAN=.*/SSH_WAN=$SSH_PORT/g" $ALCASAR_CONF`	99	`$SED "s/^SSH_WAN=.*/SSH_WAN=$SSH_PORT/g" $ALCASAR_CONF`
100	LAN_PORT =`$GREP "^SSH_LAN=" $ALCASAR_CONF \| cut -d"=" -f2`	100	LAN_PORT=`$GREP "^SSH_LAN=" $ALCASAR_CONF \| cut -d"=" -f2`
101	`LAN_PORT=${LAN_PORT:=0}`	101	`LAN_PORT=${LAN_PORT:=0}`
102	`# Checking if there is already a port other than the LAN port set`	102	`# Checking if there is already a port other than the LAN port set`
103	if [ `grep -E "^.Port\s[0-9]" /etc/ssh/sshd_config\| grep -vEc "\s$LAN_PORT$"` -gt 0 ]	103	if [ `grep -E "^.Port\s[0-9]" /etc/ssh/sshd_config\| grep -vEc "\s$LAN_PORT$"` -gt 0 ]
104	`then`	104	`then`
105	`if [ $SSH_PORT -ne $LAN_PORT ]`	105	`if [ $SSH_PORT -ne $LAN_PORT ]`
106	`then`	106	`then`
107	`# Editing SSH configuration - Changing any port other than the LAN port`	107	`# Editing SSH configuration - Changing any port other than the LAN port`
108	`$SED "/\s$LAN_PORT$/! s/^.Port\s[0-9]/Port $SSH_PORT/" $SSH_CONF`	108	`$SED "/\s$LAN_PORT$/! s/^.Port\s[0-9]/Port $SSH_PORT/" $SSH_CONF`
109	`else`	109	`else`
110	`# Editing SSH configuration - Deleting any port other than the LAN port`	110	`# Editing SSH configuration - Deleting any port other than the LAN port`
111	`$SED "/^.Port\s[0-9]/{/\s$LAN_PORT$/!d}" $SSH_CONF`	111	`$SED "/^.Port\s[0-9]/{/\s$LAN_PORT$/!d}" $SSH_CONF`
112	`fi`	112	`fi`
113	`else`	113	`else`
114	`if [ $SSH_PORT -ne $LAN_PORT ]`	114	`if [ $SSH_PORT -ne $LAN_PORT ]`
115	`then`	115	`then`
116	`# Adding the new SSH port in the config`	116	`# Adding the new SSH port in the config`
117	`echo "Port $SSH_PORT" >> $SSH_CONF`	117	`echo "Port $SSH_PORT" >> $SSH_CONF`
118	`fi`	118	`fi`
119	`fi`	119	`fi`
120	`# Applying iptables`	120	`# Applying iptables`
121	`/usr/local/bin/alcasar-iptables.sh`	121	`/usr/local/bin/alcasar-iptables.sh`
122	`elif [ $NETWORK == "lan" ]`	122	`elif [ $NETWORK == "lan" ]`
123	`then`	123	`then`
124	`# Getting WAN IP`	124	`# Getting WAN IP`
125	WAN_IP=`$GREP "^SSH_ADMIN_FROM=" $ALCASAR_CONF \|cut -d"=" -f2\|cut -d"/" -f2`	125	WAN_IP=`$GREP "^SSH_ADMIN_FROM=" $ALCASAR_CONF \|cut -d"=" -f2\|cut -d"/" -f2`
126	`# Setting accepted IP in Alcasar configuration`	126	`# Setting accepted IP in Alcasar configuration`
127	`IP_FROM=${IP_FROM:="0.0.0.0"}`	127	`IP_FROM=${IP_FROM:="0.0.0.0"}`
128	`$SED "s ^SSH_ADMIN_FROM=.* SSH_ADMIN_FROM=$IP_FROM/$WAN_IP g" $ALCASAR_CONF`	128	`$SED "s ^SSH_ADMIN_FROM=.* SSH_ADMIN_FROM=$IP_FROM/$WAN_IP g" $ALCASAR_CONF`
129	`# Editing Alcasar configuration`	129	`# Editing Alcasar configuration`
130	`$SED "s/^SSH_LAN=.*/SSH_LAN=$SSH_PORT/g" $ALCASAR_CONF`	130	`$SED "s/^SSH_LAN=.*/SSH_LAN=$SSH_PORT/g" $ALCASAR_CONF`
131	`# Setting SSH port in Alcasar configuration`	131	`# Setting SSH port in Alcasar configuration`
132	`SSH_PORT=${SSH_PORT:=22}`	132	`SSH_PORT=${SSH_PORT:=22}`
133	`$SED "s/^SSH_LAN=.*/SSH_LAN=$SSH_PORT/g" $ALCASAR_CONF`	133	`$SED "s/^SSH_LAN=.*/SSH_LAN=$SSH_PORT/g" $ALCASAR_CONF`
134	WAN_PORT =`$GREP "^SSH_WAN=" $ALCASAR_CONF \| cut -d"=" -f2`	134	WAN_PORT=`$GREP "^SSH_WAN=" $ALCASAR_CONF \| cut -d"=" -f2`
135	`WAN_PORT=${WAN_PORT:=0}`	135	`WAN_PORT=${WAN_PORT:=0}`
136	`# Checking if there is already a port other than the WAN port set`	136	`# Checking if there is already a port other than the WAN port set`
137	if [ `grep -E "^.Port\s[0-9]" /etc/ssh/sshd_config\| grep -vEc "\s$WAN_PORT$"` -gt 0 ]	137	if [ `grep -E "^.Port\s[0-9]" /etc/ssh/sshd_config\| grep -vEc "\s$WAN_PORT$"` -gt 0 ]
138	`then`	138	`then`
139	`if [ $SSH_PORT -ne $WAN_PORT ]`	139	`if [ $SSH_PORT -ne $WAN_PORT ]`
140	`then`	140	`then`
141	`# Editing SSH configuration - Changing any port other than the WAN port`	141	`# Editing SSH configuration - Changing any port other than the WAN port`
142	`$SED "/\s$WAN_PORT$/! s/^.Port\s[0-9]/Port $SSH_PORT/" $SSH_CONF`	142	`$SED "/\s$WAN_PORT$/! s/^.Port\s[0-9]/Port $SSH_PORT/" $SSH_CONF`
143	`else`	143	`else`
144	`# Editing SSH configuration - Deleting any port other than the WAN port`	144	`# Editing SSH configuration - Deleting any port other than the WAN port`
145	`$SED "/^.Port\s[0-9]/{/\s$WAN_PORT$/!d}" $SSH_CONF`	145	`$SED "/^.Port\s[0-9]/{/\s$WAN_PORT$/!d}" $SSH_CONF`
146	`fi`	146	`fi`
147	`else`	147	`else`
148	`if [ $SSH_PORT -ne $WAN_PORT ]`	148	`if [ $SSH_PORT -ne $WAN_PORT ]`
149	`then`	149	`then`
150	`# Adding the new SSH port in the config`	150	`# Adding the new SSH port in the config`
151	`echo "Port $SSH_PORT" >> $SSH_CONF`	151	`echo "Port $SSH_PORT" >> $SSH_CONF`
152	`fi`	152	`fi`
153	`fi`	153	`fi`
154	`# Applying iptables`	154	`# Applying iptables`
155	`/usr/local/bin/alcasar-iptables.sh`	155	`/usr/local/bin/alcasar-iptables.sh`
156	`else`	156	`else`
157	`echo "$usage"`	157	`echo "$usage"`
158	`exit 0`	158	`exit 0`
159	`fi`	159	`fi`
160	`$SYSTEMCTL restart sshd`	160	`$SYSTEMCTL restart sshd`
161	`exit 0`	161	`exit 0`
162	`;;`	162	`;;`
163	`*)`	163	`*)`
164	`echo "Argument inconnu : $1"`	164	`echo "Argument inconnu : $1"`
165	`echo "$usage"`	165	`echo "$usage"`
166	`exit 1`	166	`exit 1`
167	`;;`	167	`;;`
168	`esac`	168	`esac`
169		169

Subversion Repositories ALCASAR

(root)/scripts/alcasar-ssh.sh @ 3041 – Rev 3042 → 3134