4 203
modifications
Ligne 528 : | Ligne 528 : | ||
# | # | ||
# | # | ||
installDebianPackage ${prefix} locales #already installed in debian-squeeze domU | |||
installDebianPackage ${prefix} ntp | installDebianPackage ${prefix} ntp | ||
installDebianPackage ${prefix} console-data | installDebianPackage ${prefix} console-data | ||
installDebianPackage ${prefix} console-common | installDebianPackage ${prefix} console-common | ||
installDebianPackage ${prefix} dnsutils | installDebianPackage ${prefix} dnsutils | ||
installDebianPackage ${prefix} sshguard | |||
installDebianPackage ${prefix} psmisc | |||
# | # | ||
Ligne 572 : | Ligne 574 : | ||
trusted=`echo $dom0 | sed 's/^,*//;s/,*$//'` | trusted=`echo $dom0 | sed 's/^,*//;s/,*$//'` | ||
if [ -f /etc/xen-tools/ssh-keys/domU-backup-rsa.pub ]; then | if [ -f /etc/xen-tools/ssh-keys/domU-backup-rsa.pub ]; then | ||
echo from=\"$trusted\" `cat /etc/xen-tools/ssh-keys/domU-backup-rsa.pub` >> ${prefix}/root/.ssh/authorized_keys | echo from=\"$trusted\" `cat /etc/xen-tools/ssh-keys/domU-backup-rsa.pub` >> ${prefix}/root/.ssh/authorized_keys | ||
Ligne 592 : | Ligne 593 : | ||
# | # | ||
gw=`cat /etc/xen-tools/xen-tools.conf | grep gateway | cut -f 2 -d "="` | gw=`cat /etc/xen-tools/xen-tools.conf | grep gateway` | ||
echo up route add -host $ | if [ ! ${gw:0:1} = "#" ]; then | ||
echo up route add default gw $ | gateway=`echo $gw | cut -f 2 -d "="` | ||
echo up route add -host $gateway dev eth0 >> ${prefix}/etc/network/interfaces | |||
echo up route add default gw $gateway >> ${prefix}/etc/network/interfaces | |||
fi | |||
# | |||
# sshguard | |||
# | |||
LogMessage Script $0 Configuring sshguard | |||
# | |||
# | |||
echo ' | |||
#! /bin/sh | |||
### BEGIN INIT INFO | |||
# Provides: sshguard | |||
# Required-Start: $remote_fs $syslog | |||
# Required-Stop: $remote_fs $syslog | |||
# Default-Start: 2 3 4 5 | |||
# Default-Stop: | |||
# Short-Description: sshguard | |||
### END INIT INFO | |||
case "$1" in | |||
start) | |||
iptables -N sshguard | |||
ip6tables -N sshguard | |||
iptables -A INPUT -m multiport -p tcp --destination-ports 21,22,110,143,80,443 -j sshguard | |||
ip6tables -A INPUT -m multiport -p tcp --destination-ports 21,22,110,143,80,443 -j sshguard | |||
tail -n0 -F /var/log/auth.log | /usr/sbin/sshguard -a 2 -p 1800 -w /etc/sshguard_whitelist & | |||
;; | |||
stop) | |||
killall /usr/sbin/sshguard | |||
iptables -D INPUT -m multiport -p tcp --destination-ports 21,22,110,143,80,443 -j sshguard | |||
ip6tables -D INPUT -m multiport -p tcp --destination-ports 21,22,110,143,80,443 -j sshguard | |||
iptables -X sshguard | |||
ip6tables -X sshguard | |||
;; | |||
*) | |||
echo "Usage: $0 {start|stop}" | |||
exit 1 | |||
;; | |||
esac' > ${prefix}/etc/init.d/sshguard | |||
chmod +x ${prefix}/etc/init.d/sshguard | |||
for ip in `ifconfig | grep "inet addr" | cut -d ":" -f 2 | cut -d " " -f 1`; do | |||
if [ ! $ip = "127.0.0.1" ]; then | |||
echo $ip >> ${prefix}/etc/sshguard_whitelist | |||
fi | |||
done | |||
for ip in `ifconfig | grep -E "inet6 addr.*Global" | sed 's/^[ \t]*//;s/[ \t]*$//' | cut -d " " -f 3 | cut -d "/" -f 1`; do | |||
echo $ip >> ${prefix}/etc/sshguard_whitelist | |||
done | |||
chroot ${prefix} /sbin/insserv | |||
# | # | ||
# Log our finish | # Log our finish |