Bugzilla – Attachment 3333 Details for
Bug 2468
Option to include external files to sshd_config
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
sample sshd_config update command to implement behaviour on GNU Linux with systemd
sshd_config_update (text/plain), 4.16 KB, created by
Ricardo
on 2019-10-02 00:44:38 AEST
(
hide
)
Description:
sample sshd_config update command to implement behaviour on GNU Linux with systemd
Filename:
MIME Type:
Creator:
Ricardo
Created:
2019-10-02 00:44:38 AEST
Size:
4.16 KB
patch
obsolete
>#!/bin/bash >######################################### ># ># Author: Ricardo Bartels ># License: MIT ># Version: 0.0.1 ># Date: 2019-08-22 ># ># Changelog: ># 0.0.1 - 2019-08-22 ># * initial version ># >######################################### > ># DO NOT CHANGE THESE VARS > >SSHD_CONFIG_FILE="/etc/ssh/sshd_config" >SSHD_CONFIG_D_PATH="${SSHD_CONFIG_FILE}.d" >SSHD_CONFIG_FILE_TEST_FILE="${SSHD_CONFIG_FILE}.test" > >OWNER_USER="root" >OWNER_GROUP="root" >NEEDED_FILE_PERM="0600" >NEEDED_DIR_PERM="0700" > >_error_exit() { > rm -f "$SSHD_CONFIG_FILE_TEST_FILE" >/dev/null 2>&1 > echo "ERROR: config update failed. Using current working config!" > exit 1 >} > ># print a small help text >if [[ $# -ne 0 ]]; then > > echo > echo "This script is used to update the ${SSHD_CONFIG_FILE} config file" > echo "from files within ${SSHD_CONFIG_D_PATH}" > echo "It needs to invoked without any parameters." > echo > echo "if you got an error then make sure following conditions are met:" > echo " * this script $0" > echo " * owner must be '$OWNER_USER' and group must be '$OWNER_GROUP'" > echo " * group and others don't have any permissions only the user" > echo " * the config directory $SSHD_CONFIG_D_PATH" > echo " * owner must be '$OWNER_USER' and group must be '$OWNER_GROUP'" > echo " * the only allowed dir permission is: $NEEDED_DIR_PERM" > echo " * files within the config directory ${SSHD_CONFIG_D_PATH}/*" > echo " * owner must be '$OWNER_USER' and group must be '$OWNER_GROUP'" > echo " * the only allowed file permission is: $NEEDED_FILE_PERM" > echo > > exit 0 >fi > >if [[ ! -d "${SSHD_CONFIG_D_PATH}" ]]; then > echo "ERROR: sshd_config dir '${SSHD_CONFIG_D_PATH}' not found!" > _error_exit >fi > ># stop if this script has the wrong permissions >if [[ ! -z "$(find "$0" -not \( \( -perm 0500 -o -perm 0700 \) -a -user $OWNER_USER -a -group $OWNER_GROUP \) -type f)" ]]; then > echo "ERROR: This Script is set up with wrong permissions." > _error_exit >fi > ># check directory permissions >FILES_WITH_WRONG_PERMISSIONS=$(find "$SSHD_CONFIG_D_PATH" -not \( -perm $NEEDED_FILE_PERM -a -user $OWNER_USER -a -group $OWNER_GROUP \) -type f) >DIRS_WITH_WRONG_PERMISSIONS=$(find "$SSHD_CONFIG_D_PATH" -not \( -perm $NEEDED_DIR_PERM -a -user $OWNER_USER -a -group $OWNER_GROUP \) -type d) > ># bail out if we found files or directories with wrong permissions > >if [[ ! -z "${FILES_WITH_WRONG_PERMISSIONS}" ]]; then > echo "ERROR: found files with wrong permissions in sshd config dir: "${FILES_WITH_WRONG_PERMISSIONS[@]} > _error_exit >fi > >if [[ ! -z "${DIRS_WITH_WRONG_PERMISSIONS}" ]]; then > echo "ERROR: found directories with wrong permissions in sshd config dir: "${DIRS_WITH_WRONG_PERMISSIONS[@]} > _error_exit >fi > ># compile ssh config file >cat <<EOF > "${SSHD_CONFIG_FILE_TEST_FILE}" >################################################################## ># ># DISCLAIMER: This file was created automatically with ># command "$0". ># Do not change anything here. ># ># change config in $SSHD_CONFIG_D_PATH files ># and just restart the sshd as usual! ># ># INSTALL DATE: $(date +"%F %T %:z") ># >################################################################## > >EOF > ># change file permissions of test file >chmod ${NEEDED_FILE_PERM} "${SSHD_CONFIG_FILE_TEST_FILE}" >chown ${OWNER_USER}.${OWNER_GROUP} "${SSHD_CONFIG_FILE_TEST_FILE}" > ># restore SELinux context off all files >which restorecon >/dev/null 2>&1 && restorecon -rf "$(dirname "$SSHD_CONFIG_FILE")" > ># add all files in config dir in alphanumeric order to the test file >cat ${SSHD_CONFIG_D_PATH}/* >> "${SSHD_CONFIG_FILE_TEST_FILE}" >if [[ $? -ne 0 ]]; then > _error_exit >fi > ># test config file >sshd -t -f "${SSHD_CONFIG_FILE_TEST_FILE}" >&2 >if [[ $? -ne 0 ]]; then > _error_exit >fi > ># test was successful, now try updating the main sshd_config file >cat "${SSHD_CONFIG_FILE_TEST_FILE}" > "${SSHD_CONFIG_FILE}" >if [[ $? -eq 0 ]]; then > echo "Successfully updated $SSHD_CONFIG_FILE" > rm -f "$SSHD_CONFIG_FILE_TEST_FILE" >/dev/null 2>&1 > exit 0 >fi > ># the last operation failed >_error_exit > ># EOF
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=3333">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 2468
:
2706
|
2869
|
3223
|
3250
| 3333 |
3350
|
3351