Index of Topics

do-openssh.sh

Script per facilitare e automatizzare la compilazione della suite di openssh sia per una nuova installazione che per upgrade.
I parametri sono ompletamente customizzabili.


#===== SSH COMPILATOR BY NEO  ===== Ver 1.1 GPL LICENSE =====#

#!/bin/sh

### Setting up Variables ###

#-------------------
# Configure Options

OPT_CONFIGURE="--prefix=/usr --sysconfdir=/etc/ssh --with-openssl --with-pam --with-md5-passwords --with-tcp-wrappers"

#--------------------
# Backup options

EXTRA_VERSION=backup
SSH_CONFDIR=/etc/ssh

#-----------------------------
# TCPwrapper options

ALLOW_IP="10.0.0.0/255.255.255.0"

#-------------------------------
# Options Separation Privileges

SSHD_USER="sshd"
SSHD_GROUP="sshd"
SSHD_HOME="/var/empty"
SSHD_SHELL="/etc/nologin"
SSHD_COMMENT="SSHD USER"

clear

## Functions List

########################
function COMPILE ()
{
echo "BACKUP OLD CONFIGURATION"
cp -Rf /etc/ssh /etc/ssh.$EXTRA_VERSION
echo " Clean Directory..."
make clean
echo " START COMPILATION..."
./configure $OPT_CONFIGURE
make
make install
}
#########################
function COPY ()
{
echo "COPY INIT SCRIPT..."
cp contrib/redhat/sshd.init /etc/rc.d/init.d/sshd
echo "COPY PAM FILE..."
cp contrib/redhat/sshd.pam  /etc/pam.d/sshd
}
#########################
function IP ()
{
echo "OPEN PORT TO $ALLOW_IP"
echo "sshd: $ALLOW_IP" >> /etc/hosts.allow
echo  CLOSE PORT 22 AT UNKNOW HOST
echo  "sshd: ALL" >> /etc/hosts.deny
}

#########################
function PREVSEP ()
{
echo "CHECK FOR EXIST $SSHD_USER"
grep $SSHD_USER /etc/passwd

case "$?" in

        1)
                echo ""
                echo "USER NOT EXIST. NOW CREATE IT..."
                echo "ENVIROMET:"
                echo ""
                grep $SSHD_GROUP /etc/group
                if [ "$?" = "0" ];then
                echo "GROUP EXIST ---> SSHD_GROUP=$SSHD_GROUP"
                else
                echo "CREATING ---> SSHD_GROUP=$SSHD_GROUP"
                groupadd $SSHD_GROUP
                fi
                if [ -d $SSHD_HOME ]; then
                echo "DIR EXIST ---> SSHD_HOME=$SSHD_HOME"
                else
                echo "CREATING ---> SSHD_HOME=$SSHD_HOME"
                mkdir $SSHD_HOME
                fi
                echo "SSHD_SHELL=$SSHD_SHELL"
                echo "SSHD_COMMENT=$SSHD_COMMENT"
                echo "CREATING ---> SSHD_USER=$SSHD_USER"
                useradd -g $SSHD_GROUP -c '$SSHD_COMMENT' -d $SSHD_HOME -s $SSHD_SHELL $SSHD_USER
                echo "SET PERMISSION..."
                chown root:sys $SSHD_HOME
                chmod 755 $SSHD_HOME
        ;;

0)

        echo ""
        echo "USER EXIST... OK! I PROCEDE WITH COMPILATION..."
        ;;
2)

        echo ""
        echo "!!! WARNING !!! ERROR IN SCRIPT !!!"
        exit 0
        ;;
*)    

        echo ""
        echo "!!! WARNING !!! ERROR IN SCRIPT !!!"
esac

}
#########################
function BACKUP ()
{
echo ""
echo "BACKUP IN $SSH_CONFDIR"
cp -Rf $SSH_CONFDIR $SSH_CONFDIR.$EXTRA_VERSION
}
#########################
function BANNER ()
{
echo "--------------------------------------------------------------------"
echo " Remember from 3.4p1 version, Openssh required Privilege separation "
echo " Read more in README.privsep"
echo "--------------------------------------------------------------------"
}
#########################
echo "--------------------------------------------------"
echo " !!! WARNING !!!  RUN THIS SCRIPT IN SRC DIR "
echo "--------------------------------------------------"
echo ""
echo " DO YOU WANT RUN SSHD BY...?"
echo ""
echo " -  INITD ----->  INETD "
echo " -  X    ----->  XINETD "
echo " -  DAEMON --->  ...AS DAEMON  "
echo " -  UP ------->  UPDATE OPENSSH "
echo ""
BANNER
echo -n " ->"
read a

case "$a" in

   initd | INITD )
                BACKUP
                PREVSEP
                COMPILE
                cp -f /etc/inetd.conf /etc/inetd.conf.orig
                echo "ADD SERVICE TO INETD..."
                echo " ssh     stream  tcp     nowait  root    /usr/sbin/tcpd /usr/sbin/sshd -i" >> /etc/inetd.conf
                IP
                COPY ;;

   x | X )
         BACKUP
         PREVSEP
         COMPILE
         touch /etc/xinetd.d/ssh
         echo " # describe : OPENSSH DAEMON" >>/etc/xinetd.d/ssh
         echo "service ssh" >>/etc/xinetd.d/ssh
         echo " "
         echo " {" >>/etc/xinetd.d/ssh
         echo " socket_type  = stream" >>/etc/xinetd.d/ssh
         echo " protocol  = tcp" >>/etc/xinetd.d/ssh
         echo " instances  = 10" >>/etc/xinetd.d/ssh
         echo " nice  = 10" >>/etc/xinetd.d/ssh
         echo " wait  = no" >>/etc/xinetd.d/ssh
         echo " user  = root" >>/etc/xinetd.d/ssh
         echo " server  = /usr/sbin/sshd" >>/etc/xinetd.d/ssh
         echo " server_args  = -i" >>/etc/xinetd.d/ssh
         echo " "
         echo " }" >>/etc/xinetd.d/ssh
         IP
         COPY ;;

   daemon | DAEMON )
                   BACKUP
                   PREVSEP
                   COMPILE
                   COPY ;;
   up | UP )
        BACKUP
        PREVSEP
        COMPILE ;;


        *)
                echo "TYPE: initd or x or daemon or Up"
                exit 0
esac
echo " ------------------------------------------------------------------------------------------------------- "
echo " REMEMBER TO MODIFY CONFIG FILES AND OPEN ALTERNATIVE WAY TO LOGIN ON LINUX BOX BEFORE RESTART SERVICE   "
echo " ------------------------------------------------------------------------------------------------------- "


Authoring

neo - Site: http://www.openskills.info
Tipo Infobox: SCRIPTS
Skill Level: 3- INTERMEDIATE
Ultimo Aggiornamento: 2002-09-07 10:31:16
Data di creazione: 2002-09-07 10:31:16
Lingua:

More info:

SSH

Il protocollo, i server, i client. OpenSSH

Linking

Discuting