Subversion Repositories ALCASAR

Rev

Rev 3040 | Rev 3042 | Go to most recent revision | Show entire file | Ignore whitespace | Details | Blame | Last modification | View Log

Rev 3040 Rev 3041
Line 1... Line 1...
1
#!/bin/bash
1
#!/bin/bash
2
 
2
 
3
# alcasar-ssh.sh
3
# alcasar-ssh.sh
4
# by Alexandre Vezin
4
# by Alexandre Vezin
5
 
5
 
6
# enable/disable SSH on external NIC (EXTIF). Set the listen port on EXTIF
6
# enable/disable SSH on external card
7
# activation/désactivation de SSH sur la carte réseau externe (EXTIF). Définit le port d'écoute sur EXTIF
7
# activation/désactivation de SSH sur la carte réseau externe
8
 
8
 
9
SED="/bin/sed -i"
9
SED="/bin/sed -i"
10
CAT="/bin/cat"
10
CAT="/bin/cat"
11
GREP="/bin/grep"
11
GREP="/bin/grep"
-
 
12
SYSTEMCTL="/bin/systemctl"
12
ALCASAR_CONF="/usr/local/etc/alcasar.conf"
13
ALCASAR_CONF="/usr/local/etc/alcasar.conf"
13
SSH_CONF="/etc/ssh/sshd_config"
14
SSH_CONF="/etc/ssh/sshd_config"
14
 
15
 
15
usage="Usage: alcasar-ssh.sh {--off | -off} | {--on | -on} [-p port]"
16
usage="Usage: alcasar-ssh.sh {--off | -off} | {--on | -on} [-p port] [-i allowed ip] {-l lan} | {-w wan}" # | {--all | -all} à add pour off all?
16
 
17
 
17
nb_args=$#
18
nb_args=$#
18
args=$1
19
args=$1
19
echo "Checking args" >> '/tmp/alcasar_sms_tmp.log'
-
 
20
if [ $nb_args -eq 0 ]
20
if [ $nb_args -eq 0 ]
21
then
21
then
22
	echo "No args" >> '/tmp/alcasar_sms_tmp.log'
-
 
23
	echo "$usage"
22
	echo "$usage"
24
	exit 1
23
	exit 1
25
fi
24
fi
26
 
25
 
27
while getopts ":p:" portarg; do
26
while getopts ":p:i:wl" portarg; do
28
    case "${portarg}" in
27
    case "${portarg}" in
29
        p)
28
        p)
30
			echo "Port check" >> '/tmp/alcasar_sms_tmp.log'
-
 
31
            SSH_PORT=${OPTARG}
29
            SSH_PORT=${OPTARG}
-
 
30
			NUM_REGEX='^[0-9]+$'
-
 
31
			if ! [[ $SSH_PORT =~ $NUM_REGEX ]];
-
 
32
			then
32
			echo "Port : $SSH_PORT" >> /tmp/alcasar_sms_tmp.log
33
				echo "The port+$SSH_PORT+is invalid"
-
 
34
				exit 1
-
 
35
			fi
33
			if [ $SSH_PORT -lt 0 ] || [ $SSH_PORT -gt 65535 ]
36
			if [ $SSH_PORT -lt 0 ] || [ $SSH_PORT -gt 65535 ]
34
				then
37
			then
35
				echo "Invalid port" >> /tmp/alcasar_sms_tmp.log
-
 
36
				echo "The port $SSH_PORT is invalid"
38
				echo "The port+$SSH_PORT+is invalid"
37
				exit 1
39
				exit 1
38
			fi
40
			fi
39
            ;;
41
            ;;
-
 
42
		i)
-
 
43
			IP_FROM=${OPTARG}
-
 
44
			ipcalc -c $IP_FROM
-
 
45
			if [ $? -ne 0 ]
-
 
46
			then
-
 
47
				exit 1;
-
 
48
			fi
-
 
49
			;;
-
 
50
		w)
-
 
51
			NETWORK="wan"
-
 
52
			;;
-
 
53
		l)
-
 
54
			NETWORK="lan"
-
 
55
			;;
40
    esac
56
    esac
41
done
57
done
42
 
58
 
43
case $args in
59
case $args in
44
	-\? | -h* | --h*)
60
	-\? | -h* | --h*)
45
		echo "$usage"
61
		echo "$usage"
46
		exit 0
62
		exit 0
47
		;;
63
		;;
48
	--off | -off)
64
	--off | -off)
-
 
65
		$NETWORK={NETWORK:="none"}
49
		echo "off" >> '/tmp/alcasar_sms_tmp.log'
66
		if [ $NETWORK == "wan" ]
-
 
67
		then
50
		# Editing Alcasar configuration - Deleting the port
68
			# Editing Alcasar configuration - Deleting the port
51
        $SED "s/^SSH_WAN=.*/SSH_WAN=/g" $ALCASAR_CONF
69
        	$SED "s/^SSH_WAN=.*/SSH_WAN=/g" $ALCASAR_CONF
52
		# Editing SSH configuration - Deleting any port other than 22
70
			# Editing SSH configuration - Deleting any port other than 22
53
		$SED "/^.*Port\s[0-9]*/{/\s22$/!d}" $SSH_CONF
71
			$SED "/^.*Port\s[0-9]*/{/\s22$/!d}" $SSH_CONF
54
		# Applying iptables
72
			# Applying iptables
55
		/usr/local/bin/alcasar-iptables.sh
73
			/usr/local/bin/alcasar-iptables.sh
-
 
74
		elif [ $NETWORK == "lan" ] 
-
 
75
		then
-
 
76
			# Editing Alcasar configuration
-
 
77
			$SED "s/^SSH_LAN=.*/SSH_LAN=off/g" $ALCASAR_CONF
56
		# Restarting SSH
78
			# Applying iptables
-
 
79
			/usr/local/bin/alcasar-iptables.sh
-
 
80
		else
-
 
81
			echo "$usage"
-
 
82
			exit 0
-
 
83
		fi
-
 
84
		# Check if LAN and WAN is off
-
 
85
		LAN_STATUS = `grep ^SSH_LAN= $CONF_FILE|cut -d"=" -f2`
-
 
86
		LAN_STATUS=${LAN_STATUS:=off}
-
 
87
		WAN_STATUS = `grep ^SSH_WAN= $CONF_FILE|cut -d"=" -f2`
-
 
88
		WAN_STATUS=${WAN_STATUS:=off}
-
 
89
		if [ $LAN_STATUS == off ] && [ $WAN_STATUS == off ]
-
 
90
		then
-
 
91
			$SYSTEMCTL stop sshd
-
 
92
			$SYSTEMCTL disable sshd
-
 
93
		else
57
		/usr/bin/systemctl restart sshd
94
			$SYSTEMCTL restart sshd
-
 
95
		fi
58
		exit 0
96
		exit 0
59
		;;
97
		;;
60
	--on | -on)
98
	--on | -on)
61
        SSH_PORT=${SSH_PORT:=22}
99
		NETWORK=${NETWORK:="none"}
-
 
100
		if [ $NETWORK == "wan" ]
-
 
101
		then
-
 
102
			# Setting accepted IP in Alcasar configuration
-
 
103
			IP_FROM=${IP_FROM:="0.0.0.0\/0"}
-
 
104
			$SED "s ^SSH_ADMIN_FROM=.* SSH_ADMIN_FROM=$IP_FROM g" $ALCASAR_CONF
62
		echo "on" >> '/tmp/alcasar_sms_tmp.log'
105
			# Setting SSH port in Alcasar configuration
-
 
106
    		SSH_PORT=${SSH_PORT:=22}
63
		$SED "s/^SSH_WAN=.*/SSH_WAN=$SSH_PORT/g" $ALCASAR_CONF
107
			$SED "s/^SSH_WAN=.*/SSH_WAN=$SSH_PORT/g" $ALCASAR_CONF
64
		# Checking if there is already a port other than set
108
			# Checking if there is already a port other than 22 set
65
		if [ `grep -E "^.*Port\s[0-9]*" /etc/ssh/sshd_config| grep -vEc "\s22$"` -gt 0 ]
109
			if [ `grep -E "^.*Port\s[0-9]*" /etc/ssh/sshd_config| grep -vEc "\s22$"` -gt 0 ]
66
			then
110
			then
67
				if [ $SSH_PORT -ne 22 ]
111
				if [ $SSH_PORT -ne 22 ]
68
					then
112
				then
69
					# Editing SSH configuration - Changing any port other than 22
113
					# Editing SSH configuration - Changing any port other than 22
70
					$SED "/\s22$/! s/^.*Port\s[0-9]*/Port $SSH_PORT/" $SSH_CONF
114
					$SED "/\s22$/! s/^.*Port\s[0-9]*/Port $SSH_PORT/" $SSH_CONF
71
					else
115
				else
72
					# Editing SSH configuration - Deleting any port other than 22 (as 22 port is used)
116
					# Editing SSH configuration - Deleting any port other than 22 (as 22 port is used)
73
					$SED "/^.*Port\s[0-9]*/{/\s22$/!d}" $SSH_CONF
117
					$SED "/^.*Port\s[0-9]*/{/\s22$/!d}" $SSH_CONF
74
				fi
118
				fi
75
			else
119
			else
76
				if [ $SSH_PORT -ne 22 ]
120
				if [ $SSH_PORT -ne 22 ]
77
					then
121
				then
78
					# Adding the new SSH port in the config
122
					# Adding the new SSH port in the config
79
					echo "Port $SSH_PORT" >> $SSH_CONF
123
					echo "Port $SSH_PORT" >> $SSH_CONF
80
				fi
124
				fi
81
			fi
125
			fi
82
		# Applying iptables
126
		# Applying iptables
83
		/usr/local/bin/alcasar-iptables.sh
127
		/usr/local/bin/alcasar-iptables.sh
-
 
128
		elif [ $NETWORK == "lan" ]
-
 
129
		then
-
 
130
			# Editing Alcasar configuration
-
 
131
			$SED "s/^SSH_LAN=.*/SSH_LAN=on/g" $ALCASAR_CONF
84
		# Restarting SSH
132
			# Applying iptables
-
 
133
			/usr/local/bin/alcasar-iptables.sh
-
 
134
		else
-
 
135
			echo "$usage"
-
 
136
			exit 0
-
 
137
		fi
-
 
138
		# Check if sshd is enabled
-
 
139
		SSHD_STATUS=`systemctl is-enabled sshd`
-
 
140
		SSHD_STATUS=${SSHD_STATUS:=disabled}
-
 
141
		if [ $SSHD_STATUS == "enabled" ]
-
 
142
		then
-
 
143
			$SYSTEMCTL restart sshd
-
 
144
		else
-
 
145
			$SYSTEMCTL enable sshd
85
		/usr/bin/systemctl restart sshd
146
			$SYSTEMCTL restart sshd
-
 
147
		fi
86
        exit 0
148
        exit 0
87
        ;;
149
        ;;
88
	*)
150
	*)
89
		echo "Argument inconnu : $1"
151
		echo "Argument inconnu : $1"
90
		echo "$usage"
152
		echo "$usage"