free
/
freedombone
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Tidying gnusocial utils

This commit is contained in:
Bob Mottram 2018-02-25 22:15:36 +00:00
parent 05f39281f2
commit 8b4ddff6eb
6 changed files with 710 additions and 722 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
src/freedombone-utils-dns
View File

@ -131,7 +131,7 @@ function create_freedns_updater {
}
function add_ddns_domain {
if [ ! $1 ]; then
if [ ! "$1" ]; then
echo $'ddns domain not specified'
exit 5638
fi
@ -147,10 +147,10 @@ function add_ddns_domain {
exit 5745
fi
if ! grep -q "$DDNS_PROVIDER" /etc/inadyn.conf; then
echo '' >> /etc/inadyn.conf
echo "system $DDNS_PROVIDER" >> /etc/inadyn.conf
echo ' ssl' >> /etc/inadyn.conf
echo " checkip-url $GET_IP_ADDRESS_URL /" >> /etc/inadyn.conf
{ echo '';
echo "system $DDNS_PROVIDER";
echo ' ssl';
echo " checkip-url $GET_IP_ADDRESS_URL /"; } >> /etc/inadyn.conf
if [ $DDNS_USERNAME ]; then
echo " username $DDNS_USERNAME" >> /etc/inadyn.conf
fi
@ -168,7 +168,7 @@ function add_ddns_domain {
}
function remove_ddns_domain {
if [ ! $1 ]; then
if [ ! "$1" ]; then
echo $'ddns domain not specified'
exit 5638
fi
@ -203,14 +203,14 @@ function configure_dns {
# allow changes to resolv.conf
chattr -i $resolvconf
echo 'domain localdomain' > $resolvconf
echo 'search localdomain' >> $resolvconf
echo "nameserver $NAMESERVER1" >> $resolvconf
echo "nameserver $NAMESERVER2" >> $resolvconf
echo "nameserver $NAMESERVER3" >> $resolvconf
echo "nameserver $NAMESERVER4" >> $resolvconf
echo "nameserver $NAMESERVER5" >> $resolvconf
echo "nameserver $NAMESERVER6" >> $resolvconf
{ echo 'domain localdomain';
echo 'search localdomain';
echo "nameserver $NAMESERVER1";
echo "nameserver $NAMESERVER2";
echo "nameserver $NAMESERVER3";
echo "nameserver $NAMESERVER4";
echo "nameserver $NAMESERVER5";
echo "nameserver $NAMESERVER6"; } > $resolvconf
# prevent resolv.conf from changing
resolvconf -u
@ -222,7 +222,7 @@ function set_hostname {
DEFAULT_DOMAIN_NAME="$1"
echo "$DEFAULT_DOMAIN_NAME" > /etc/hostname
hostname $DEFAULT_DOMAIN_NAME
hostname "$DEFAULT_DOMAIN_NAME"
echo "$DEFAULT_DOMAIN_NAME" > /etc/mailname
if grep -q "127.0.1.1" /etc/hosts; then
@ -238,7 +238,7 @@ function set_your_domain_name {
fi
function_check set_hostname
set_hostname $DEFAULT_DOMAIN_NAME
set_hostname "$DEFAULT_DOMAIN_NAME"
mark_completed "${FUNCNAME[0]}"
}

43
src/freedombone-utils-filesystem
View File

@ -32,44 +32,45 @@ TOMB_REPO="https://github.com/dyne/Tomb"
TOMB_COMMIT='c80ebd6d6ed77980eb5b559757e03ea13a29bdd1'
function mesh_install_tomb {
chroot ${rootdir} apt-get -yq install cryptsetup zsh pinentry-curses
# shellcheck disable=SC2154
chroot "${rootdir}" apt-get -yq install cryptsetup zsh pinentry-curses
if [ ! -d ${rootdir}/$INSTALL_DIR ]; then
mkdir -p ${rootdir}/$INSTALL_DIR
if [ ! -d "${rootdir}/$INSTALL_DIR" ]; then
mkdir -p "${rootdir}/$INSTALL_DIR"
fi
if [ -d /repos/tomb ]; then
mkdir ${rootdir}/$INSTALL_DIR/tomb
cp -r -p /repos/tomb/. ${rootdir}/$INSTALL_DIR/tomb
cd ${rootdir}/$INSTALL_DIR/tomb
mkdir "${rootdir}/$INSTALL_DIR/tomb"
cp -r -p /repos/tomb/. "${rootdir}/$INSTALL_DIR/tomb"
cd "${rootdir}/$INSTALL_DIR/tomb" || exit 3648368
git pull
else
git_clone $TOMB_REPO ${rootdir}/$INSTALL_DIR/tomb
git_clone "$TOMB_REPO" "${rootdir}/$INSTALL_DIR/tomb"
fi
cd ${rootdir}/$INSTALL_DIR/tomb
cd "${rootdir}/$INSTALL_DIR/tomb" || exit 7346384
git checkout $TOMB_COMMIT -b $TOMB_COMMIT
chroot ${rootdir} /bin/bash -x <<EOF
chroot "${rootdir}" /bin/bash -x <<EOF
cd $INSTALL_DIR/tomb
make install
EOF
if [ ! -f ${rootdir}/usr/local/bin/tomb ]; then
if [ ! -f "${rootdir}/usr/local/bin/tomb" ]; then
exit 93462
fi
}
function install_tomb {
if [ $INSTALLING_MESH ]; then
if [ "$INSTALLING_MESH" ]; then
mesh_install_tomb
return
fi
function_check set_repo_commit
set_repo_commit $INSTALL_DIR/tomb "tomb commit" "$TOMB_COMMIT" $TOMB_REPO
set_repo_commit "$INSTALL_DIR/tomb" "tomb commit" "$TOMB_COMMIT" "$TOMB_REPO"
if [ -f $COMPLETION_FILE ]; then
if [ -f "$COMPLETION_FILE" ]; then
if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
return
fi
@ -77,22 +78,22 @@ function install_tomb {
apt-get -yq install cryptsetup zsh pinentry-curses
if [ ! -d $INSTALL_DIR ]; then
mkdir -p $INSTALL_DIR
if [ ! -d "$INSTALL_DIR" ]; then
mkdir -p "$INSTALL_DIR"
fi
if [ -d /repos/tomb ]; then
mkdir $INSTALL_DIR/tomb
cp -r -p /repos/tomb/. $INSTALL_DIR/tomb
cd $INSTALL_DIR/tomb
mkdir "$INSTALL_DIR/tomb"
cp -r -p /repos/tomb/. "$INSTALL_DIR/tomb"
cd "$INSTALL_DIR/tomb" || exit 7684638
git pull
else
git_clone $TOMB_REPO $INSTALL_DIR/tomb
git_clone "$TOMB_REPO" "$INSTALL_DIR/tomb"
fi
cd $INSTALL_DIR/tomb
cd "$INSTALL_DIR/tomb" || exit 364863463
git checkout $TOMB_COMMIT -b $TOMB_COMMIT
git checkout "$TOMB_COMMIT" -b "$TOMB_COMMIT"
set_completion_param "tomb commit" "$TOMB_COMMIT"
make install

68
src/freedombone-utils-final
View File

@ -33,9 +33,9 @@ function install_final {
return
fi
# unmount any attached usb drive
if [ -d $USB_MOUNT ]; then
umount $USB_MOUNT
rm -rf $USB_MOUNT
if [ -d "$USB_MOUNT" ]; then
umount "$USB_MOUNT"
rm -rf "$USB_MOUNT"
fi
function_check split_gpg_key_into_fragments
split_gpg_key_into_fragments
@ -63,32 +63,32 @@ $(get_ssh_server_key)
echo ''
# add user menu on ssh login
if ! grep -q 'controluser' /home/$MY_USERNAME/.bashrc; then
echo 'controluser' >> /home/$MY_USERNAME/.bashrc
if ! grep -q 'controluser' "/home/$MY_USERNAME/.bashrc"; then
echo 'controluser' >> "/home/$MY_USERNAME/.bashrc"
fi
if [ ! -f $IMAGE_PASSWORD_FILE ]; then
if [ -f /root/${PROJECT_NAME}-wifi.cfg ]; then
if [ ! -f "$IMAGE_PASSWORD_FILE" ]; then
if [ -f "/root/${PROJECT_NAME}-wifi.cfg" ]; then
create_wifi_startup_script
echo ''
echo $'Shutting down the system. Detatch the ethernet cable, attach wifi dongle, then power on again.'
echo ''
${PROJECT_NAME}-logging off --restart
"${PROJECT_NAME}-logging" off --restart
systemctl poweroff
return
fi
echo $'Turning off logging'
${PROJECT_NAME}-logging off --restart
"${PROJECT_NAME}-logging" off --restart
echo $'Rebooting the system'
systemctl reboot -i
fi
echo $'Turning off logging'
${PROJECT_NAME}-logging off --restart
"${PROJECT_NAME}-logging" off --restart
}
function update_installed_apps_list {
# Why does this secondary file exist, apart from COMPLETION_FILE ?
# It's so that it is visible to unprivileged users from the user control panel
cat $COMPLETION_FILE | grep "install_" > /usr/share/${PROJECT_NAME}/installed.txt
grep "install_" "$COMPLETION_FILE" > "/usr/share/${PROJECT_NAME}/installed.txt"
}
function create_default_user_removal_daemon {
@ -96,31 +96,31 @@ function create_default_user_removal_daemon {
first_start_daemon_filename=/etc/systemd/system/firststart.service
first_start_script=/usr/local/bin/firststart
echo '#!/bin/bash' > $first_start_script
echo 'if [ -d /home/fbone]; then' >> $first_start_script
echo ' userdel -r fbone' >> $first_start_script
echo ' if [ -d /home/fbone]; then' >> $first_start_script
echo ' rm -rf /home/fbone' >> $first_start_script
echo ' fi' >> $first_start_script
echo 'fi' >> $first_start_script
echo 'systemctl disable firststart' >> $first_start_script
echo "rm $first_start_daemon_filename" >> $first_start_script
{ echo '#!/bin/bash';
echo 'if [ -d /home/fbone]; then';
echo ' userdel -r fbone';
echo ' if [ -d /home/fbone]; then';
echo ' rm -rf /home/fbone';
echo ' fi';
echo 'fi';
echo 'systemctl disable firststart';
echo "rm $first_start_daemon_filename"; } > $first_start_script
chmod +x $first_start_script
echo '[Unit]' > $first_start_daemon_filename
echo 'Description=Daemon run on first boot' >> $first_start_daemon_filename
echo 'After=syslog.target' >> $first_start_daemon_filename
echo 'After=network.target' >> $first_start_daemon_filename
echo '' >> $first_start_daemon_filename
echo '[Service]' >> $first_start_daemon_filename
echo 'User=root' >> $first_start_daemon_filename
echo 'Group=root' >> $first_start_daemon_filename
echo "ExecStart=$first_start_script" >> $first_start_daemon_filename
echo 'StandardOutput=syslog' >> $first_start_daemon_filename
echo 'StandardError=syslog' >> $first_start_daemon_filename
echo '' >> $first_start_daemon_filename
echo '[Install]' >> $first_start_daemon_filename
echo 'WantedBy=multi-user.target' >> $first_start_daemon_filename
{ echo '[Unit]';
echo 'Description=Daemon run on first boot';
echo 'After=syslog.target';
echo 'After=network.target';
echo '';
echo '[Service]';
echo 'User=root';
echo 'Group=root';
echo "ExecStart=$first_start_script";
echo 'StandardOutput=syslog';
echo 'StandardError=syslog';
echo '';
echo '[Install]';
echo 'WantedBy=multi-user.target'; } > $first_start_daemon_filename
systemctl enable firststart
}

261
src/freedombone-utils-firewall
View File

@ -47,7 +47,7 @@ function save_firewall_settings {
}
function firewall_block_bad_ip_ranges {
if [ $INSTALLING_MESH ]; then
if [ "$INSTALLING_MESH" ]; then
return
fi
if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
@ -135,13 +135,13 @@ function firewall_enable_vpn {
}
function configure_firewall {
if [ $INSTALLING_MESH ]; then
if [ "$INSTALLING_MESH" ]; then
mesh_firewall
return
fi
if grep -q "RELATED" /etc/firewall.conf; then
# recreate the firewall to remove RELATED
sed -i "/firewall/d" $COMPLETION_FILE
sed -i "/firewall/d" "$COMPLETION_FILE"
fi
if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
return
@ -276,10 +276,10 @@ function configure_internet_protocol {
echo 'net.ipv4.tcp_syn_retries = 1' >> /etc/sysctl.conf
fi
if ! grep -q "keepalive" /etc/sysctl.conf; then
echo '# keepalive' >> /etc/sysctl.conf
echo 'net.ipv4.tcp_keepalive_probes = 9' >> /etc/sysctl.conf
echo 'net.ipv4.tcp_keepalive_intvl = 75' >> /etc/sysctl.conf
echo 'net.ipv4.tcp_keepalive_time = 7200' >> /etc/sysctl.conf
{ echo '# keepalive';
echo 'net.ipv4.tcp_keepalive_probes = 9';
echo 'net.ipv4.tcp_keepalive_intvl = 75';
echo 'net.ipv4.tcp_keepalive_time = 7200'; } >> /etc/sysctl.conf
fi
if ! grep -q "net.ipv4.conf.default.send_redirects" /etc/sysctl.conf; then
echo "net.ipv4.conf.default.send_redirects = 0" >> /etc/sysctl.conf
@ -335,103 +335,100 @@ function configure_internet_protocol {
}
function mesh_firewall {
FIREWALL_FILENAME=${rootdir}/etc/systemd/system/meshfirewall.service
# shellcheck disable=SC2154
FIREWALL_FILENAME="${rootdir}/etc/systemd/system/meshfirewall.service"
MESH_FIREWALL_SCRIPT=${rootdir}/usr/bin/mesh-firewall
echo '#!/bin/bash' > $MESH_FIREWALL_SCRIPT
echo 'iptables -P INPUT ACCEPT' >> $MESH_FIREWALL_SCRIPT
echo 'ip6tables -P INPUT ACCEPT' >> $MESH_FIREWALL_SCRIPT
echo 'iptables -F' >> $MESH_FIREWALL_SCRIPT
echo 'ip6tables -F' >> $MESH_FIREWALL_SCRIPT
echo 'iptables -t nat -F' >> $MESH_FIREWALL_SCRIPT
echo 'ip6tables -t nat -F' >> $MESH_FIREWALL_SCRIPT
echo 'iptables -X' >> $MESH_FIREWALL_SCRIPT
echo 'ip6tables -X' >> $MESH_FIREWALL_SCRIPT
echo 'iptables -P INPUT DROP' >> $MESH_FIREWALL_SCRIPT
echo 'ip6tables -P INPUT DROP' >> $MESH_FIREWALL_SCRIPT
echo 'iptables -A INPUT -i lo -j ACCEPT' >> $MESH_FIREWALL_SCRIPT
echo 'ip6tables -A INPUT -i lo -j ACCEPT' >> $MESH_FIREWALL_SCRIPT
echo 'iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT' >> $MESH_FIREWALL_SCRIPT
echo 'ip6tables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT' >> $MESH_FIREWALL_SCRIPT
echo '' >> $MESH_FIREWALL_SCRIPT
echo '# Make sure incoming tcp connections are SYN packets' >> $MESH_FIREWALL_SCRIPT
echo 'iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP' >> $MESH_FIREWALL_SCRIPT
echo 'ip6tables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP' >> $MESH_FIREWALL_SCRIPT
echo '' >> $MESH_FIREWALL_SCRIPT
echo '# Drop packets with incoming fragments' >> $MESH_FIREWALL_SCRIPT
echo 'iptables -A INPUT -f -j DROP' >> $MESH_FIREWALL_SCRIPT
echo 'ip6tables -A INPUT -f -j DROP' >> $MESH_FIREWALL_SCRIPT
echo '' >> $MESH_FIREWALL_SCRIPT
echo '# Drop bogons' >> $MESH_FIREWALL_SCRIPT
echo 'iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP' >> $MESH_FIREWALL_SCRIPT
echo 'ip6tables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP' >> $MESH_FIREWALL_SCRIPT
echo 'iptables -A INPUT -p tcp --tcp-flags ALL FIN,PSH,URG -j DROP' >> $MESH_FIREWALL_SCRIPT
echo 'ip6tables -A INPUT -p tcp --tcp-flags ALL FIN,PSH,URG -j DROP' >> $MESH_FIREWALL_SCRIPT
echo 'iptables -A INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP' >> $MESH_FIREWALL_SCRIPT
echo 'ip6tables -A INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP' >> $MESH_FIREWALL_SCRIPT
echo '' >> $MESH_FIREWALL_SCRIPT
echo '# Incoming malformed NULL packets:' >> $MESH_FIREWALL_SCRIPT
echo 'iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP' >> $MESH_FIREWALL_SCRIPT
echo 'ip6tables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP' >> $MESH_FIREWALL_SCRIPT
echo '' >> $MESH_FIREWALL_SCRIPT
echo "iptables -A INPUT -p tcp --dport $TOX_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
echo "ip6tables -A INPUT -p tcp --dport $TOX_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
echo "iptables -A INPUT -p udp --dport $ZERONET_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
echo "ip6tables -A INPUT -p udp --dport $ZERONET_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
echo "iptables -A INPUT -p tcp --dport $ZERONET_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
echo "ip6tables -A INPUT -p tcp --dport $ZERONET_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
echo "iptables -A INPUT -p udp --dport $TRACKER_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
echo "ip6tables -A INPUT -p udp --dport $TRACKER_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
echo "iptables -A INPUT -p tcp --dport $TRACKER_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
echo "ip6tables -A INPUT -p tcp --dport $TRACKER_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
echo "iptables -A INPUT -p udp --dport 1900 -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
echo "ip6tables -A INPUT -p udp --dport 1900 -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
chmod +x $MESH_FIREWALL_SCRIPT
{ echo '#!/bin/bash';
echo 'iptables -P INPUT ACCEPT';
echo 'ip6tables -P INPUT ACCEPT';
echo 'iptables -F';
echo 'ip6tables -F';
echo 'iptables -t nat -F';
echo 'ip6tables -t nat -F';
echo 'iptables -X';
echo 'ip6tables -X';
echo 'iptables -P INPUT DROP';
echo 'ip6tables -P INPUT DROP';
echo 'iptables -A INPUT -i lo -j ACCEPT';
echo 'ip6tables -A INPUT -i lo -j ACCEPT';
echo 'iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT';
echo 'ip6tables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT';
echo '';
echo '# Make sure incoming tcp connections are SYN packets';
echo 'iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP';
echo 'ip6tables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP';
echo '';
echo '# Drop packets with incoming fragments';
echo 'iptables -A INPUT -f -j DROP';
echo 'ip6tables -A INPUT -f -j DROP';
echo '';
echo '# Drop bogons';
echo 'iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP';
echo 'ip6tables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP';
echo 'iptables -A INPUT -p tcp --tcp-flags ALL FIN,PSH,URG -j DROP';
echo 'ip6tables -A INPUT -p tcp --tcp-flags ALL FIN,PSH,URG -j DROP';
echo 'iptables -A INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP';
echo 'ip6tables -A INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP';
echo '';
echo '# Incoming malformed NULL packets:';
echo 'iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP';
echo 'ip6tables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP';
echo '';
echo "iptables -A INPUT -p tcp --dport $TOX_PORT -j ACCEPT";
echo "ip6tables -A INPUT -p tcp --dport $TOX_PORT -j ACCEPT";
echo "iptables -A INPUT -p udp --dport $ZERONET_PORT -j ACCEPT";
echo "ip6tables -A INPUT -p udp --dport $ZERONET_PORT -j ACCEPT";
echo "iptables -A INPUT -p tcp --dport $ZERONET_PORT -j ACCEPT";
echo "ip6tables -A INPUT -p tcp --dport $ZERONET_PORT -j ACCEPT";
echo "iptables -A INPUT -p udp --dport $TRACKER_PORT -j ACCEPT";
echo "ip6tables -A INPUT -p udp --dport $TRACKER_PORT -j ACCEPT";
echo "iptables -A INPUT -p tcp --dport $TRACKER_PORT -j ACCEPT";
echo "ip6tables -A INPUT -p tcp --dport $TRACKER_PORT -j ACCEPT";
echo "iptables -A INPUT -p udp --dport 1900 -j ACCEPT";
echo "ip6tables -A INPUT -p udp --dport 1900 -j ACCEPT"; } > "$MESH_FIREWALL_SCRIPT"
chmod +x "$MESH_FIREWALL_SCRIPT"
echo '[Unit]' > $FIREWALL_FILENAME
echo 'Description=Mesh Firewall' >> $FIREWALL_FILENAME
echo '' >> $FIREWALL_FILENAME
echo '[Service]' >> $FIREWALL_FILENAME
echo 'Type=oneshot' >> $FIREWALL_FILENAME
echo 'ExecStart=/usr/bin/mesh-firewall' >> $FIREWALL_FILENAME
echo 'RemainAfterExit=no' >> $FIREWALL_FILENAME
echo '' >> $FIREWALL_FILENAME
echo 'TimeoutSec=30' >> $FIREWALL_FILENAME
echo '' >> $FIREWALL_FILENAME
echo '[Install]' >> $FIREWALL_FILENAME
echo 'WantedBy=multi-user.target' >> $FIREWALL_FILENAME
chmod +x $FIREWALL_FILENAME
{ echo '[Unit]';
echo 'Description=Mesh Firewall';
echo '';
echo '[Service]';
echo 'Type=oneshot';
echo 'ExecStart=/usr/bin/mesh-firewall';
echo 'RemainAfterExit=no';
echo '';
echo 'TimeoutSec=30';
echo '';
echo '[Install]';
echo 'WantedBy=multi-user.target'; } > "$FIREWALL_FILENAME"
chmod +x "$FIREWALL_FILENAME"
chroot "$rootdir" systemctl enable meshfirewall
}
function firewall_add {
firewall_name=$(echo "$1" | sed "s| |-|g")
firewall_name=$(string="$1" ; echo "${string// /-}")
firewall_port=$2
firewall_protocol="$3"
if ! grep -q "${firewall_name}=${firewall_port}" $FIREWALL_CONFIG; then
echo "${firewall_name}=${firewall_port}" >> $FIREWALL_CONFIG
if [ ! ${firewall_protocol} ]; then
iptables -C INPUT -p udp --dport ${firewall_port} -j ACCEPT
if [ ! "$?" = "0" ]; then
iptables -A INPUT -p udp --dport ${firewall_port} -j ACCEPT
if ! grep -q "${firewall_name}=${firewall_port}" "$FIREWALL_CONFIG"; then
echo "${firewall_name}=${firewall_port}" >> "$FIREWALL_CONFIG"
if [ ! "${firewall_protocol}" ]; then
if ! iptables -C INPUT -p udp --dport "${firewall_port}" -j ACCEPT; then
iptables -A INPUT -p udp --dport "${firewall_port}" -j ACCEPT
fi
iptables -C INPUT -p tcp --dport ${firewall_port} -j ACCEPT
if [ ! "$?" = "0" ]; then
iptables -A INPUT -p tcp --dport ${firewall_port} -j ACCEPT
if ! iptables -C INPUT -p tcp --dport "${firewall_port}" -j ACCEPT; then
iptables -A INPUT -p tcp --dport "${firewall_port}" -j ACCEPT
fi
else
if [[ "${firewall_protocol}" == *"udp"* ]]; then
iptables -C INPUT -p udp --dport ${firewall_port} -j ACCEPT
if [ ! "$?" = "0" ]; then
iptables -A INPUT -p udp --dport ${firewall_port} -j ACCEPT
if ! iptables -C INPUT -p udp --dport "${firewall_port}" -j ACCEPT; then
iptables -A INPUT -p udp --dport "${firewall_port}" -j ACCEPT
fi
fi
if [[ "${firewall_protocol}" == *"tcp"* ]]; then
iptables -C INPUT -p tcp --dport ${firewall_port} -j ACCEPT
if [ ! "$?" = "0" ]; then
iptables -A INPUT -p tcp --dport ${firewall_port} -j ACCEPT
if ! iptables -C INPUT -p tcp --dport "${firewall_port}" -j ACCEPT; then
iptables -A INPUT -p tcp --dport "${firewall_port}" -j ACCEPT
fi
fi
fi
@ -440,33 +437,29 @@ function firewall_add {
}
function firewall_add_range {
firewall_name=$(echo "$1" | sed "s| |-|g")
firewall_name=$(string="$1" ; echo "${string// /-}")
firewall_port_start=$2
firewall_port_end=$3
firewall_protocol="$4"
if ! grep -q "${firewall_name}=${firewall_port_start}:${firewall_port_end}" $FIREWALL_CONFIG; then
echo "${firewall_name}=${firewall_port_start}:${firewall_port_end}" >> $FIREWALL_CONFIG
if [ ! ${firewall_protocol} ]; then
iptables -C INPUT -p udp --dport ${firewall_port_start}:${firewall_port_end} -j ACCEPT
if [ ! "$?" = "0" ]; then
iptables -A INPUT -p udp --dport ${firewall_port_start}:${firewall_port_end} -j ACCEPT
if ! grep -q "${firewall_name}=${firewall_port_start}:${firewall_port_end}" "$FIREWALL_CONFIG"; then
echo "${firewall_name}=${firewall_port_start}:${firewall_port_end}" >> "$FIREWALL_CONFIG"
if [ ! "${firewall_protocol}" ]; then
if ! iptables -C INPUT -p udp --dport "${firewall_port_start}":"${firewall_port_end}" -j ACCEPT; then
iptables -A INPUT -p udp --dport "${firewall_port_start}":"${firewall_port_end}" -j ACCEPT
fi
iptables -C INPUT -p tcp --dport ${firewall_port_start}:${firewall_port_end} -j ACCEPT
if [ ! "$?" = "0" ]; then
iptables -A INPUT -p tcp --dport ${firewall_port_start}:${firewall_port_end} -j ACCEPT
if ! iptables -C INPUT -p tcp --dport "${firewall_port_start}":"${firewall_port_end}" -j ACCEPT; then
iptables -A INPUT -p tcp --dport "${firewall_port_start}":"${firewall_port_end}" -j ACCEPT
fi
else
if [[ "${firewall_protocol}" == *"udp"* ]]; then
iptables -C INPUT -p udp --dport ${firewall_port_start}:${firewall_port_end} -j ACCEPT
if [ ! "$?" = "0" ]; then
iptables -A INPUT -p udp --dport ${firewall_port_start}:${firewall_port_end} -j ACCEPT
if ! iptables -C INPUT -p udp --dport "${firewall_port_start}":"${firewall_port_end}" -j ACCEPT; then
iptables -A INPUT -p udp --dport "${firewall_port_start}":"${firewall_port_end}" -j ACCEPT
fi
fi
if [[ "${firewall_protocol}" == *"tcp"* ]]; then
iptables -C INPUT -p tcp --dport ${firewall_port_start}:${firewall_port_end} -j ACCEPT
if [ ! "$?" = "0" ]; then
iptables -A INPUT -p tcp --dport ${firewall_port_start}:${firewall_port_end} -j ACCEPT
if ! iptables -C INPUT -p tcp --dport "${firewall_port_start}":"${firewall_port_end}" -j ACCEPT; then
iptables -A INPUT -p tcp --dport "${firewall_port_start}":"${firewall_port_end}" -j ACCEPT
fi
fi
fi
@ -479,23 +472,23 @@ function firewall_remove {
firewall_port=$1
firewall_protocol="$2"
if [ ! -f $FIREWALL_CONFIG ]; then
if [ ! -f "$FIREWALL_CONFIG" ]; then
return
fi
if grep -q "=${firewall_port}" $FIREWALL_CONFIG; then
if [ ! ${firewall_protocol} ]; then
iptables -D INPUT -p udp --dport ${firewall_port} -j ACCEPT
iptables -D INPUT -p tcp --dport ${firewall_port} -j ACCEPT
if grep -q "=${firewall_port}" "$FIREWALL_CONFIG"; then
if [ ! "${firewall_protocol}" ]; then
iptables -D INPUT -p udp --dport "${firewall_port}" -j ACCEPT
iptables -D INPUT -p tcp --dport "${firewall_port}" -j ACCEPT
else
if [[ "${firewall_protocol}" == *"udp"* ]]; then
iptables -D INPUT -p udp --dport ${firewall_port} -j ACCEPT
iptables -D INPUT -p udp --dport "${firewall_port}" -j ACCEPT
fi
if [[ "${firewall_protocol}" == *"tcp"* ]]; then
iptables -D INPUT -p tcp --dport ${firewall_port} -j ACCEPT
iptables -D INPUT -p tcp --dport "${firewall_port}" -j ACCEPT
fi
fi
sed -i "/=${firewall_port}/d" $FIREWALL_CONFIG
sed -i "/=${firewall_port}/d" "$FIREWALL_CONFIG"
save_firewall_settings
fi
}
@ -509,7 +502,7 @@ function domain_to_hex_string {
characters=$(echo -n "$segment" | wc -c)
hexnum=$(echo "obase=16; $characters" | bc)
echo -n "|"
if [ $(echo -n "$hexnum" | wc -c) -lt 2 ]; then
if [ "$(echo -n "$hexnum" | wc -c)" -lt 2 ]; then
echo -n "0"
fi
echo -n "$hexnum|$segment"
@ -523,20 +516,19 @@ function firewall_block_domain {
blocked_domain="$1"
if [[ "$blocked_domain" == *'@'* ]]; then
# Don't try to block email/microblog addresses
echo "${blocked_domain}" >> $FIREWALL_DOMAINS
echo "${blocked_domain}" >> "$FIREWALL_DOMAINS"
return
fi
if ! grep -q "$blocked_domain" $FIREWALL_DOMAINS; then
hexstr=$(domain_to_hex_string $blocked_domain)
iptables -C INPUT -p udp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP
if [ ! "$?" = "0" ]; then
if ! grep -q "$blocked_domain" "$FIREWALL_DOMAINS"; then
hexstr=$(domain_to_hex_string "$blocked_domain")
if ! iptables -C INPUT -p udp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP; then
iptables -A INPUT -p udp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP
iptables -A INPUT -p tcp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP
iptables -A OUTPUT -p udp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP
iptables -A OUTPUT -p tcp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP
iptables -I FORWARD -p udp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP
iptables -I FORWARD -p tcp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP
echo "${blocked_domain}" >> $FIREWALL_DOMAINS
echo "${blocked_domain}" >> "$FIREWALL_DOMAINS"
save_firewall_settings
fi
@ -559,13 +551,12 @@ function firewall_block_ip {
# Don't try to block email/microblog addresses
return
fi
if ! grep -q "$blocked_ip" $FIREWALL_DOMAINS; then
iptables -C INPUT -s $blocked_ip -j DROP
if [ ! "$?" = "0" ]; then
iptables -A INPUT -s $blocked_ip -j DROP
iptables -A OUTPUT -s $blocked_ip -j DROP
if ! grep -q "$blocked_ip" "$FIREWALL_DOMAINS"; then
if ! iptables -C INPUT -s "$blocked_ip" -j DROP; then
iptables -A INPUT -s "$blocked_ip" -j DROP
iptables -A OUTPUT -s "$blocked_ip" -j DROP
echo "${blocked_ip}" >> $FIREWALL_DOMAINS
echo "${blocked_ip}" >> "$FIREWALL_DOMAINS"
save_firewall_settings
fi
fi
@ -577,31 +568,31 @@ function firewall_unblock_ip {
# Don't try to block email/microblog addresses
return
fi
if grep -q "$blocked_ip" $FIREWALL_DOMAINS; then
iptables -D INPUT -s $blocked_ip -j DROP
iptables -D OUTPUT -s $blocked_ip -j DROP
if grep -q "$blocked_ip" "$FIREWALL_DOMAINS"; then
iptables -D INPUT -s "$blocked_ip" -j DROP
iptables -D OUTPUT -s "$blocked_ip" -j DROP
sed -i '/$blocked_ip/d' $FIREWALL_DOMAINS
echo "${blocked_ip}" >> $FIREWALL_DOMAINS
sed -i "/$blocked_ip/d" "$FIREWALL_DOMAINS"
echo "${blocked_ip}" >> "$FIREWALL_DOMAINS"
save_firewall_settings
fi
}
function firewall_refresh_blocklist {
if [ ! -f /root/${PROJECT_NAME}-firewall-domains.cfg ]; then
if [ ! -f "/root/${PROJECT_NAME}-firewall-domains.cfg" ]; then
return
fi
while read blocked_domain; do
firewall_block_domain $blocked_domain
done </root/${PROJECT_NAME}-firewall-domains.cfg
while read -r blocked_domain; do
firewall_block_domain "$blocked_domain"
done <"/root/${PROJECT_NAME}-firewall-domains.cfg"
}
function firewall_unblock_domain {
unblocked_domain="$1"
if grep -q "${unblocked_domain}" $FIREWALL_DOMAINS; then
if grep -q "${unblocked_domain}" "$FIREWALL_DOMAINS"; then
if [[ "${unblocked_domain}" != *'@'* ]]; then
hexstr=$(domain_to_hex_string $unblocked_domain)
hexstr=$(domain_to_hex_string "$unblocked_domain")
iptables -D INPUT -p udp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP
iptables -D INPUT -p tcp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP
iptables -D OUTPUT -p udp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP
@ -610,7 +601,7 @@ function firewall_unblock_domain {
iptables -D FORWARD -p tcp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP
save_firewall_settings
fi
sed -i "/${unblocked_domain}/d" $FIREWALL_DOMAINS
sed -i "/${unblocked_domain}/d" "$FIREWALL_DOMAINS"
fi
}

29
src/freedombone-utils-git
View File

@ -37,22 +37,21 @@ function git_clone {
}
function git_pull {
if [ ! $1 ]; then
if [ ! "$1" ]; then
echo $'git_pull no repo specified'
fi
git merge --abort
git stash
git remote set-url origin $1
git remote set-url origin "$1"
git checkout master
git pull
if [ $2 ]; then
if [ "$2" ]; then
# delete any existing branch
git branch -D $2
git branch -D "$2"
# check out the new branch
git checkout $2 -b $2
if [ ! "$?" = "0" ]; then
if ! git checkout "$2" -b "$2"; then
echo $"Unable to checkout $1 $2"
exit 72357
fi
@ -63,8 +62,8 @@ function commit_has_changed {
repo_dir=$1
repo_commit_name=$2
repo_commit=$3
if [ -d $repo_dir ]; then
if grep -q "$repo_commit_name" $COMPLETION_FILE; then
if [ -d "$repo_dir" ]; then
if grep -q "$repo_commit_name" "$COMPLETION_FILE"; then
CURRENT_REPO_COMMIT=$(get_completion_param "$repo_commit_name")
if [[ "$CURRENT_REPO_COMMIT" != "$repo_commit" ]]; then
echo "1"
@ -86,13 +85,13 @@ function set_repo_commit {
repo_commit=$3
repo_url=$4
if [[ $(commit_has_changed $repo_dir $repo_commit_name $repo_commit) == "1" ]]; then
cd $repo_dir
git_pull $repo_url $repo_commit
if [[ $(commit_has_changed "$repo_dir" "$repo_commit_name" "$repo_commit") == "1" ]]; then
cd "$repo_dir" || exit 3856835
git_pull "$repo_url" "$repo_commit"
# application specific stuff after updating the repo
if [[ $repo_dir == *"www"* ]]; then
chown -R www-data:www-data $repo_dir
chown -R www-data:www-data "$repo_dir"
fi
if [[ $repo_dir == *"gpgit" ]]; then
if [ ! -f /usr/bin/gpgit.pl ]; then
@ -107,12 +106,12 @@ function set_repo_commit {
fi
if [[ $repo_dir == *"cleanup-maildir" ]]; then
if [ ! -f /usr/bin/cleanup-maildir ]; then
cp $INSTALL_DIR/cleanup-maildir/cleanup-maildir /usr/bin
cp "$INSTALL_DIR/cleanup-maildir/cleanup-maildir" /usr/bin
else
HASH1=$(sha256sum $INSTALL_DIR/cleanup-maildir/cleanup-maildir | awk -F ' ' '{print $1}')
HASH1=$(sha256sum "$INSTALL_DIR/cleanup-maildir/cleanup-maildir" | awk -F ' ' '{print $1}')
HASH2=$(sha256sum /usr/bin/cleanup-maildir | awk -F ' ' '{print $1}')
if [[ "$HASH1" != "$HASH2" ]]; then
cp $INSTALL_DIR/cleanup-maildir/cleanup-maildir /usr/bin
cp "$INSTALL_DIR/cleanup-maildir/cleanup-maildir" /usr/bin
fi
fi
fi

999
src/freedombone-utils-gnusocialtools
View File

File diff suppressed because it is too large Load Diff