3,40 → 3,56 |
# alcasar-ssh.sh |
# by Alexandre Vezin |
|
# enable/disable SSH on external NIC (EXTIF). Set the listen port on EXTIF |
# activation/désactivation de SSH sur la carte réseau externe (EXTIF). Définit le port d'écoute sur EXTIF |
# enable/disable SSH on external card |
# activation/désactivation de SSH sur la carte réseau externe |
|
SED="/bin/sed -i" |
CAT="/bin/cat" |
GREP="/bin/grep" |
SYSTEMCTL="/bin/systemctl" |
ALCASAR_CONF="/usr/local/etc/alcasar.conf" |
SSH_CONF="/etc/ssh/sshd_config" |
|
usage="Usage: alcasar-ssh.sh {--off | -off} | {--on | -on} [-p port]" |
usage="Usage: alcasar-ssh.sh {--off | -off} | {--on | -on} [-p port] [-i allowed ip] {-l lan} | {-w wan}" # | {--all | -all} à add pour off all? |
|
nb_args=$# |
args=$1 |
echo "Checking args" >> '/tmp/alcasar_sms_tmp.log' |
if [ $nb_args -eq 0 ] |
then |
echo "No args" >> '/tmp/alcasar_sms_tmp.log' |
echo "$usage" |
exit 1 |
fi |
|
while getopts ":p:" portarg; do |
while getopts ":p:i:wl" portarg; do |
case "${portarg}" in |
p) |
echo "Port check" >> '/tmp/alcasar_sms_tmp.log' |
SSH_PORT=${OPTARG} |
echo "Port : $SSH_PORT" >> /tmp/alcasar_sms_tmp.log |
NUM_REGEX='^[0-9]+$' |
if ! [[ $SSH_PORT =~ $NUM_REGEX ]]; |
then |
echo "The port+$SSH_PORT+is invalid" |
exit 1 |
fi |
if [ $SSH_PORT -lt 0 ] || [ $SSH_PORT -gt 65535 ] |
then |
echo "Invalid port" >> /tmp/alcasar_sms_tmp.log |
echo "The port $SSH_PORT is invalid" |
echo "The port+$SSH_PORT+is invalid" |
exit 1 |
fi |
;; |
i) |
IP_FROM=${OPTARG} |
ipcalc -c $IP_FROM |
if [ $? -ne 0 ] |
then |
exit 1; |
fi |
;; |
w) |
NETWORK="wan" |
;; |
l) |
NETWORK="lan" |
;; |
esac |
done |
|
46,7 → 62,9 |
exit 0 |
;; |
--off | -off) |
echo "off" >> '/tmp/alcasar_sms_tmp.log' |
$NETWORK={NETWORK:="none"} |
if [ $NETWORK == "wan" ] |
then |
# Editing Alcasar configuration - Deleting the port |
$SED "s/^SSH_WAN=.*/SSH_WAN=/g" $ALCASAR_CONF |
# Editing SSH configuration - Deleting any port other than 22 |
53,15 → 71,41 |
$SED "/^.*Port\s[0-9]*/{/\s22$/!d}" $SSH_CONF |
# Applying iptables |
/usr/local/bin/alcasar-iptables.sh |
# Restarting SSH |
/usr/bin/systemctl restart sshd |
elif [ $NETWORK == "lan" ] |
then |
# Editing Alcasar configuration |
$SED "s/^SSH_LAN=.*/SSH_LAN=off/g" $ALCASAR_CONF |
# Applying iptables |
/usr/local/bin/alcasar-iptables.sh |
else |
echo "$usage" |
exit 0 |
fi |
# Check if LAN and WAN is off |
LAN_STATUS = `grep ^SSH_LAN= $CONF_FILE|cut -d"=" -f2` |
LAN_STATUS=${LAN_STATUS:=off} |
WAN_STATUS = `grep ^SSH_WAN= $CONF_FILE|cut -d"=" -f2` |
WAN_STATUS=${WAN_STATUS:=off} |
if [ $LAN_STATUS == off ] && [ $WAN_STATUS == off ] |
then |
$SYSTEMCTL stop sshd |
$SYSTEMCTL disable sshd |
else |
$SYSTEMCTL restart sshd |
fi |
exit 0 |
;; |
--on | -on) |
NETWORK=${NETWORK:="none"} |
if [ $NETWORK == "wan" ] |
then |
# Setting accepted IP in Alcasar configuration |
IP_FROM=${IP_FROM:="0.0.0.0\/0"} |
$SED "s ^SSH_ADMIN_FROM=.* SSH_ADMIN_FROM=$IP_FROM g" $ALCASAR_CONF |
# Setting SSH port in Alcasar configuration |
SSH_PORT=${SSH_PORT:=22} |
echo "on" >> '/tmp/alcasar_sms_tmp.log' |
$SED "s/^SSH_WAN=.*/SSH_WAN=$SSH_PORT/g" $ALCASAR_CONF |
# Checking if there is already a port other than set |
# Checking if there is already a port other than 22 set |
if [ `grep -E "^.*Port\s[0-9]*" /etc/ssh/sshd_config| grep -vEc "\s22$"` -gt 0 ] |
then |
if [ $SSH_PORT -ne 22 ] |
81,9 → 125,27 |
fi |
# Applying iptables |
/usr/local/bin/alcasar-iptables.sh |
# Restarting SSH |
/usr/bin/systemctl restart sshd |
elif [ $NETWORK == "lan" ] |
then |
# Editing Alcasar configuration |
$SED "s/^SSH_LAN=.*/SSH_LAN=on/g" $ALCASAR_CONF |
# Applying iptables |
/usr/local/bin/alcasar-iptables.sh |
else |
echo "$usage" |
exit 0 |
fi |
# Check if sshd is enabled |
SSHD_STATUS=`systemctl is-enabled sshd` |
SSHD_STATUS=${SSHD_STATUS:=disabled} |
if [ $SSHD_STATUS == "enabled" ] |
then |
$SYSTEMCTL restart sshd |
else |
$SYSTEMCTL enable sshd |
$SYSTEMCTL restart sshd |
fi |
exit 0 |
;; |
*) |
echo "Argument inconnu : $1" |