From 496fad1b1059118900d8450ce400330c65116497 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Karel=20Ko=C4=8D=C3=AD?= Date: Sat, 30 Sep 2017 13:49:11 +0200 Subject: Implement firewall script and more --- firewall/multiconfig.sh | 25 +++++++++++++++ multiconfig.sh | 81 ++++++++++++++++++++++++++----------------------- openvpn/multiconfig.sh | 0 3 files changed, 68 insertions(+), 38 deletions(-) create mode 100755 firewall/multiconfig.sh create mode 100644 openvpn/multiconfig.sh diff --git a/firewall/multiconfig.sh b/firewall/multiconfig.sh new file mode 100755 index 0000000..1c9b6ff --- /dev/null +++ b/firewall/multiconfig.sh @@ -0,0 +1,25 @@ +#!/bin/sh +set -e + +mkdir /etc/iptables + +configure() { + if ! grep -q "$3_SAVE=\"/etc/iptables/$1\""; then + echo "Reconfiguring $2 service configuration" + sed -i "s#^$3_SAVE=.*\$#$3_SAVE=\"/etc/iptables/$1\"#" "/etc/conf.d/$2" + fi +} +configure ipv4 iptables IPTABLES +configure ipv6 ip6tables IP6TABLES + +H="$(hostname)" + +if inst "firewall/$H.ipv4" /etc/iptables/ipv4; then + echo "Reloading IPv4 firewall" + service iptables reload +fi + +if inst "firewall/$H.ipv6" /etc/iptables/ipv6; then + echo "Reloading IPv6 firewall" + service ip6tables reload +fi diff --git a/multiconfig.sh b/multiconfig.sh index 1519e48..e85f0c0 100755 --- a/multiconfig.sh +++ b/multiconfig.sh @@ -1,39 +1,27 @@ #!/bin/sh set -e -ARGS="" +MODS="" LOCAL=false -SYSLOG=false # TODO email notifications +# TODO version verification while [ $# -gt 0 ]; do case "$1" in -h|--help) - echo "Multiconfig system call script" - echo "Usage: multiconfig.sh [OPTION]..." + echo "Multiconfig system script" + echo "Usage: multiconfig.sh [OPTION]... [MODULE]..." echo echo "Options:" - echo "--local - Use current working directory as multiconfig source." - echo "--syslog - pipe output to syslog" - echo "Passed options:" - echo "--verbose - Make output more verbose" - echo "--quiet - Make output more quiet" - echo "--operation OPT - run only given operation" + echo "--local - use current working directory as source for files" exit 0 ;; - --verbose|-v|--quiet|-q) - ARGS="$ARGS $1" - ;; - --operation|-o) - ARGS="$ARGS $1 $2" - shift - ;; --local) LOCAL=true ;; - --syslog) - SYSLOG=true + *) + MODS="$MODS $1" ;; esac shift @@ -44,30 +32,47 @@ done exit 1 } -PREFIX="/root/.multiconfig" - -# Check if we have key -if [ ! -f "$PREFIX/key" ]; then - echo "Key is not in expected path. Please setup this host for multiconfig." - exit 1 -fi - -# TODO check key access rights - if ! $LOCAL; then - if [ -d "$PREFIX/repo" ]; then - true - # TODO git clone + if [ ! -d "/root/.multiconfig" ]; then + echo "No files directory. Please setup it first." + exit 1 fi - cd "$PREFIX/repo" - # Pull git repository + cd "/root/.multiconfig" + # Update git repository git fetch git reset --hard origin/master git clean -xdf + # Verify trunk + # TODO gpg home? + #git verify-commit HEAD fi -# TODO check repository signature +MODDIR="/usr/lib/multiconfig" +# No modules given means to process all modules +if [ -z "$MODS" ]; then + for M in $(find "$MODDIR" -executable); do + MODS="$MODS $M" + done +else + # Go trough all given modules and check if we have such module + NMODS="" + for M in $MODS; do + if [ ! -x "$M" ]; then # Is not path directly to script + if [ ! -x "$MODDIR/$M" ]; then + echo "No such mode: $M" + exit 1 + else + NMODS="$NMODS $MODDIR/$M" + fi + else + NMODS="$NMODS $M" + fi + done + MODS="$NMODS" +fi -CMD="./run.sh --key $PREFIX/key $ARGS" -# Run command -$CMD +mkdir -p /var/log/multiconfig +for M in $MODS; do + LOG="/var/log/multiconfig/$(basename "$M")" + "$M" | logger -s -t "multiconfig-$M" | tee "$LOG" || echo "TODO send email!" +done diff --git a/openvpn/multiconfig.sh b/openvpn/multiconfig.sh new file mode 100644 index 0000000..e69de29 -- cgit v1.2.3