fatalerrors/init.sh
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

hardening code and moved stage file removal later

Browse Source
This commit is contained in:
fatalerrors
2023-09-08 20:16:35 +02:00
parent 264537e9ea
commit 0eba77e3d5
2 changed files with 103 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

73
conf/balut.conf.sh Normal file
View File

@@ -0,0 +1,73 @@
# Fichier de configuration principal
# ------------------------------------------------------------------------------
# -------------------- Importation de paramêtres globaux -----------------------
# ------------------------------------------------------------------------------
# Importe les paramètres geoffray-levasseur.org
. $MYPATH/conf/includes/gl.conf.sh
# Importe la sélection de paquets par défaut
. $MYPATH/conf/includes/pkgsel.base.conf.sh
# Les paramètres précédemment importés sont surchargeable après cette ligne
# ------------------------------------------------------------------------------
# ------------------------------ General Section -------------------------------
# ------------------------------------------------------------------------------
# User of the machine (must exists)
MAINUSER=root
# Pilotes X11 non libre à installer ?
#X11_DRV="virtualbox-guest-dkms virtualbox-guest-utils virtualbox-guest-x11"
# Authentication: use LDAP+Kerberos ?
WITH_LDAP_KERB=no
# Users to create, add or remove
REMOVE_USERS=fatal
# Network
IPV4_IFACES="eth0 eth1 eth2"
NET4_MODE_eth0="static"
NET4_IP_eth0="192.168.1.221/24"
NET4_GW_eth0="192.168.1.231"
NET4_NS_eth0="192.168.1.206 192.168.1.205"
NET4_NS_SEARCH_eth0=$REALM
NET4_MODE_eth1="static"
NET4_IP_eth1="192.168.74.221/24"
NET4_MODE_eth2="static"
NET4_IP_eth2="10.0.254.221/16"
IPV6_IFACES="eth0 eth1"
NET6_MODE_eth0="static"
NET6_IP_eth0="2a03:7220:8081:b301::dd/64"
NET6_GW_eth0="2a03:7220:8081:b301::e7"
NET6_NS_eth0="2a03:7220:8081:b301::ce 2a03:7220:8081:b301::cd"
NET6_NS_SEARCH_eth0=$REALM
NET6_MODE_eth1="static"
NET6_IP_eth1="2a03:7220:8081:b34a::dd/64"
# Mode d'installation :
# * dev : installe les paquets un par un avec apt (lent)
# * full : envoie d'un seul coup la liste de tous les paquets à apt (rapide)
INTALL_MODE=full
# Paquets additionnels
PKGSEL="$PKGSEL iptables fail2ban curl"
# ------------------------------------------------------------------------------
# -------------------------- Section modules d'init ----------------------------
# ------------------------------------------------------------------------------
# Liste des modules à executer (surchargeable en ligne de commande)
MODULE_LIST="conf_ntp upgrade_dist conf_ceph authnz conf_locale conf_ssh \
conf_mail install_pkg install_profile patch_snmp install_mkagent \
conf_syslog conf_network"

60
init.sh
View File

@@ -36,17 +36,17 @@ export LC_ALL=C
export LANG=C
# Version of init
export VERSION="0.99.18"
export VERSION="0.99.20"
# Store script's path (realpath -s resolve symlinks if init.sh is a symlink)
export MYPATH=$(dirname $(realpath -s $0))
export MYPATH=$(dirname "$(realpath -s "$0")")
# Get hostname
export HOSTNAME=$(hostname)
# Load libraries
for lib in $MYPATH/lib/*.sh; do
. $lib
. "$lib"
done
unset lib
@@ -65,7 +65,7 @@ function_exists prnt || (
# ==== Main Program ====
# ======================
# Set system dependent vars (OS, distro and version)
# Set system dependent vars (arch, OS, distro and version)
set_sys_vars $(uname -m) $(get_os_version)
# Initializing global variables
@@ -84,22 +84,22 @@ check_root
# ------------------------------------------------------------------------------
# Logfile variable treatment -- cannot be a function
if [[ -n $NEW_LOGFILE ]]; then
export LOGFILE=$NEW_LOGFILE
if [[ -n "$NEW_LOGFILE" ]]; then
export LOGFILE="$NEW_LOGFILE"
else
export LOGFILE=${LOGFILE:-"$MYPATH/log/init-$(uname -n)-$(stdtime).log"}
fi
prnt I "Creating log files welcoming directory..."
if [[ ! -d $(dirname $LOGFILE) ]]; then
mkdir -pv $(dirname $LOGFILE)
if [[ ! -d $(dirname "$LOGFILE") ]]; then
mkdir -pv $(dirname "$LOGFILE")
fi
# Log all outputs to the logfile
exec 3>&1 4>&2
trap 'exec 2>&4 1>&3' 0 1 2 3
exec > >(tee -a $LOGFILE)
exec 2> >(tee -a $LOGFILE >&2)
exec > >(tee -a "$LOGFILE")
exec 2> >(tee -a "$LOGFILE" >&2)
prnt I "Starting init.sh version $VERSION."
prnt I "The log file is $LOGFILE."
if [[ -n $SYS_CODE ]]; then
@@ -113,7 +113,7 @@ fi
separator
if [[ -n $CHROOT_PATH && -z $CHROOT_DONE ]]; then
if [[ -n "$CHROOT_PATH" && -z $CHROOT_DONE ]]; then
chroot_bootstrap $@
prnt I "Normal end of chrooted execution!"
exit 0
@@ -129,11 +129,6 @@ process_commandline_and_vars
set_system_proxy
# Reinit stage file if no resuming
if [[ $RESUME != true ]] && [[ -f $STAGE_FILE ]]; then
rm -f $STAGE_FILE
fi
# Loading activated modules
for mod in $MODULE_LIST; do
. modules/$mod.sh
@@ -144,7 +139,7 @@ separator
if [[ $RUN_SHELL == true ]]; then
prnt I "Launching an interactive shell..."
bash --rcfile $MYPATH/bash.rc -i
bash --rcfile "$MYPATH/bash.rc" -i
prnt I "Script execution terminated after interactive shell execution."
exit 0
fi
@@ -170,8 +165,8 @@ if ! command -v wget &> /dev/null; then
fi
# Run prechecks
if [[ JUMP != true ]]; then
tmpfile=$(mktemp /tmp/init-XXXXXX)
if [[ $JUMP != true ]]; then
tmpfile="$(mktemp /tmp/init-XXXXXX)"
if [[ -n $MANUAL_MODULE_LIST ]]; then
prnt W "Dependency checks are deactivated with a manual module list."
fi
@@ -179,11 +174,11 @@ if [[ JUMP != true ]]; then
prnt W "Dependency checks have been deactivated manually."
fi
if [[ $RESUME == true ]]; then
cat $STAGE_FILE >> $tmpfile
cat "$STAGE_FILE" >> $tmpfile
fi
for mod in $MODULE_LIST; do
version=VER_$mod
if [[ $RESUME == true ]] && [[ $(grep $mod $STAGE_FILE) ]]; then
if [[ $RESUME == true ]] && [[ $(grep $mod "$STAGE_FILE") ]]; then
prnt I "Checks previously executed for $mod version ${!version}."
continue
fi
@@ -191,7 +186,7 @@ if [[ JUMP != true ]]; then
if [[ -z $MANUAL_MODULE_LIST && $NO_DEPS != true ]]; then
deps=DEP_$mod
for dep in ${!deps}; do
if [[ ! $(grep $dep $tmpfile) ]]; then
if [[ ! $(grep $dep "$tmpfile") ]]; then
prnt E "Module $mod have unsatisfied dependencies or is executed too early."
prnt E " * $dep must be executed before $mod, please check your module list."
die 9
@@ -203,9 +198,9 @@ if [[ JUMP != true ]]; then
(
precheck_$mod
)
echo $mod >> $tmpfile
echo $mod >> "$tmpfile"
done
rm -f $tmpfile
rm -f "$tmpfile"
unset mod
fi
@@ -237,9 +232,14 @@ read -n 1 -rsp $"Press <C> key to continue or an other one to stop now..." key &
echo && separator && echo
if [[ $key == "C" || $key == 'c' ]]; then
# Reinit stage file if no resuming
if [[ $RESUME != true ]] && [[ -f $STAGE_FILE ]]; then
rm -f "$STAGE_FILE"
fi
# We launch modules one after one
for mod in $MODULE_LIST; do
if [[ $RESUME == true ]] && [[ $(grep $mod $STAGE_FILE) ]]; then
if [[ $RESUME == true ]] && [[ $(grep $mod "$STAGE_FILE") ]]; then
continue
fi
# We need this only if JUMP is set but doesn't matter if it's done again
@@ -250,9 +250,9 @@ if [[ $key == "C" || $key == 'c' ]]; then
export REBOOT_NEEDED=false
$mod
if [[ $REBOOT_NEEDED == true ]]; then
echo "$mod reboot" >> $STAGE_FILE # Mark as done for resuming
echo "$mod reboot" >> "$STAGE_FILE" # Mark as done for resuming
else
echo $mod >> $STAGE_FILE # Mark as done for resuming function
echo "$mod" >> "$STAGE_FILE" # Mark as done for resuming function
fi
)
separator
@@ -265,15 +265,15 @@ fi
prnt I "That's all folks !"
echo
if [[ -s $STAGE_FILE && $(grep " reboot" $STAGE_FILE) ]]; then
if [[ -s "$STAGE_FILE" && $(grep " reboot" "$STAGE_FILE") ]]; then
prnt W "A reboot is required to apply some changes by the following packages:"
prnt m " * $(grep ' reboot' $STAGE_FILE | \
prnt m " * $(grep ' reboot' "$STAGE_FILE" | \
sed 's/ reboot//' | \
sed ':a' -e 'N' -e '$!ba' -e 's/\n/ /g')"
prnt I "Please reboot now or as soon as possible!"
echo
fi
rm -f $STAGEFILE
rm -f "$STAGE_FILE"
exit 0
# EOF