#!/usr/bin/env bash DESC="TP de 1A." SYSTEMS="bigboss tiny societe lambda web" baseConfigBigboss() { set -e echo "[baseConfigBigboss]" echo name="bigboss" #startAndWaitSsh $name setIpv6WorkAround $name setHostname $name cat << EOF | setHosts $name 127.0.0.1 localhost $($VDN_PATH/bin/vdn-infos lambda PUBLIC_IP) lambda $($VDN_PATH/bin/vdn-infos nomade PUBLIC_IP) nomade 192.168.30.1 societe 192.168.30.2 bigboss 192.168.30.16 tiny 192.168.1.2 web EOF cat << EOF | setInterfaces $name # This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). # The loopback network interface auto lo iface lo inet loopback auto eth0 iface eth0 inet static address 192.168.30.2 netmask 255.255.255.0 gateway 192.168.30.1 EOF vdn-ssh root@$name " echo \"

Bienvenue sur le serveur Web de $name !

\" > /var/www/html/index.html systemctl restart networking " echoDoneWithTestErrors } baseConfigTiny() { set -e echo "[baseConfigTiny]" echo name="tiny" setIpv6WorkAround $name setHostname $name cat << EOF | setHosts $name 127.0.0.1 localhost $($VDN_PATH/bin/vdn-infos lambda PUBLIC_IP) lambda $($VDN_PATH/bin/vdn-infos nomade PUBLIC_IP) nomade 192.168.30.1 societe 192.168.30.2 bigboss 192.168.30.16 tiny 192.168.1.2 web EOF vdn-ssh root@$name "ip addr flush eth1" cat << EOF | setInterfaces $name # This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). # The loopback network interface auto lo iface lo inet loopback auto eth1 iface eth1 inet static address 192.168.30.16 netmask 255.255.255.0 gateway 192.168.30.1 EOF echoDoneWithTestErrors } baseConfigSociete() { set -e echo [baseConfigSociete] echo name="societe" setIpv6WorkAround $name setHostname $name cat << EOF | setHosts $name 127.0.0.1 localhost $($VDN_PATH/bin/vdn-infos lambda PUBLIC_IP) lambda $($VDN_PATH/bin/vdn-infos nomade PUBLIC_IP) nomade $($VDN_PATH/bin/vdn-infos societe PUBLIC_IP) societe 192.168.30.2 bigboss 192.168.30.16 tiny 192.168.1.2 web EOF # Fixe la route par défaut cat << EOF | setFile $name /etc/network/if-up.d/default-interface #!/bin/sh [ "\$IFACE" = "eth0" ] && { . /etc/vdn/config /sbin/ifconfig eth0 \$PUBLIC_IP /sbin/route add default dev eth0 } || : EOF vdn-ssh root@$name chmod 755 /etc/network/if-up.d/default-interface cat << EOF | setInterfaces $name # This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). # The loopback network interface auto lo iface lo inet loopback auto eth0 iface eth0 inet static address $($VDN_PATH/bin/vdn-infos $name PUBLIC_IP) netmask 255.0.0.0 auto eth1 iface eth1 inet static address 192.168.1.1 netmask 255.255.255.0 auto eth2 iface eth2 inet static address 192.168.30.1 netmask 255.255.255.0 EOF vdn-ssh root@$name "systemctl restart networking" echoDoneWithTestErrors } baseConfigWeb() { set -e echo [baseConfigWeb] echo name="web" setIpv6WorkAround $name setHostname $name cat << EOF | setHosts $name 127.0.0.1 localhost $($VDN_PATH/bin/vdn-infos lambda PUBLIC_IP) lambda $($VDN_PATH/bin/vdn-infos nomade PUBLIC_IP) nomade 192.168.1.1 societe 192.168.30.2 bigboss 192.168.30.16 tiny 192.168.1.2 web EOF cat << EOF | setInterfaces $name # This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). # The loopback network interface auto lo iface lo inet loopback auto eth0 iface eth0 inet static address 192.168.1.2 netmask 255.255.255.0 gateway 192.168.1.1 EOF vdn-ssh root@$name " echo \"

Bienvenue sur le serveur Web de $name !

\" > /var/www/html/index.html systemctl restart networking systemctl enable apache2 systemctl stop apache2 systemctl start apache2 " echoDoneWithTestErrors } baseConfigLambda() { set -e echo [baseConfigLambda] echo name="lambda" setIpv6WorkAround $name setHostname $name cat << EOF | setHosts $name 127.0.0.1 localhost $($VDN_PATH/bin/vdn-infos lambda PUBLIC_IP) lambda $($VDN_PATH/bin/vdn-infos nomade PUBLIC_IP) nomade $($VDN_PATH/bin/vdn-infos societe PUBLIC_IP) societe EOF # Fixe la route par défaut cat << EOF | setFile $name /etc/network/if-up.d/default-interface #!/bin/sh [ "\$IFACE" = "eth0" ] && { . /etc/vdn/config /sbin/ifconfig eth0 \$PUBLIC_IP /sbin/route add default dev eth0 } || : EOF vdn-ssh root@$name chmod 755 /etc/network/if-up.d/default-interface cat << EOF | setInterfaces $name # This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). # The loopback network interface auto lo iface lo inet loopback auto eth0 iface eth0 inet static address $($VDN_PATH/bin/vdn-infos $name PUBLIC_IP) netmask 255.0.0.0 EOF # Page d'accueil du serveur web vdn-ssh root@$name " echo \"

Bienvenue sur le serveur Web de $name !

\" > /var/www/html/index.html systemctl restart networking systemctl enable apache2 systemctl stop apache2 systemctl start apache2 " echoDoneWithTestErrors } baseConfigNomade() { set -e echo [baseConfigNomade] echo echoDoneWithTestErrors } getRandomPasswd() { local k while :; do k=$(tr -dc _A-Z-a-z-0-9 < /dev/urandom 2> /dev/null | head -c${1:-32} ) if [ $(echo -n $k | wc -c) = 32 ]; then break fi echo "Wait for entropy avail : $(cat /proc/sys/kernel/random/entropy_avail)" >&2 sleep 1 done echo -n $k } repairUser() { k=$(getRandomPasswd) vdn-ssh root@$1 " id $2 &> /dev/null && exit 0 adduser --disabled-password --gecos \"\" --home /home/$2 --shell /bin/bash $2 echo $2:$k| chpasswd " } repairUsersTotoTiti() { set -e echo "[repairUsersTotoTiti]" echo repairUser bigboss toto repairUser tiny titi echoDoneWithTestErrors } repairNfs() { set -e echo "[repairNfs]" echo vdn-ssh root@bigboss " set -e [ ! -d /overlays/rw/partage-test ] && mkdir /overlays/rw/partage-test || : echo test > /overlays/rw/partage-test/vdn-test cat <<-EOF > /etc/exports /overlays/ro/usr/share/doc tiny(ro,sync,subtree_check,no_root_squash,fsid=1) #/overlays/rw/partage-test tiny(rw,sync,subtree_check,no_root_squash,fsid=2) EOF systemctl enable nfs-kernel-server sleep 1 systemctl stop nfs-kernel-server systemctl start nfs-kernel-server " echoDoneWithTestErrors } repairDhcp() { set -e echo echo "[repairDhcp]" tinyMAC=$(vdn-ssh root@tiny ifconfig eth1 | grep ether) tinyMAC=$(echo "$tinyMAC" | \ sed -re 's/^.*ether ([[:xdigit:]:]*).*$/\1/') vdn-ssh root@bigboss " set -e f=/etc/dhcp3/dhcpd.conf [ -e /etc/init.d/isc-dhcp-server ] && f=/etc/dhcp/dhcpd.conf cat <<-EOF > \$f subnet 192.168.30.0 netmask 255.255.255.0 { } host tiny { hardware ethernet ${tinyMAC}; option host-name tiny; fixed-address tiny; } EOF f=/etc/default/isc-dhcp-server cat <<-EOF > \$f INTERFACESv4=\"eth0\" INTERFACESv6=\"\" EOF sleep 3 systemctl enable isc-dhcp-server systemctl stop isc-dhcp-server systemctl start isc-dhcp-server #if [ -e /etc/init.d/dhcp3-server ]; then # /etc/init.d/dhcp3-server stop &> /dev/null # /etc/init.d/dhcp3-server start #elif [ -e /etc/init.d/isc-dhcp-server ]; then # /etc/init.d/isc-dhcp-server stop &> /dev/null # /etc/init.d/isc-dhcp-server start #fi " echoDoneWithTestErrors } repairProftpd() { set -e echo echo "[repairProftpd]" vdn-ssh root@bigboss " [ ! -e /etc/proftpd/proftpd.conf.vdn ] && \ cp /etc/proftpd/proftpd.conf /etc/proftpd/proftpd.conf.vnd grep -q '^> /etc/proftpd/proftpd.conf # A basic anonymous configuration, no upload directories. User ftp Group nogroup # We want clients to be able to login with \"anonymous\" as well as \"ftp\" UserAlias anonymous ftp # Cosmetic changes, all files belongs to ftp user DirFakeUser on ftp DirFakeGroup on ftp RequireValidShell off # Limit the maximum number of anonymous logins MaxClients 10 # We want 'welcome.msg' displayed at login, and '.message' displayed # in each newly chdired directory. DisplayLogin welcome.msg DisplayChdir .message # Limit WRITE everywhere in the anonymous chroot DenyAll EOF systemctl enable proftpd sleep 2 systemctl restart proftpd " echoDoneWithTestErrors } repairApache2Base() { echo "Apache2 : Lancement du serveur" vdn-ssh root@bigboss " echo 'ServerName bigboss' >> /etc/apache2/apache2.conf systemctl enable apache2 systemctl stop apache2 systemctl start apache2 sleep 1 " } repairApache2Home() { echo echo "Apache2 : Page Web personnelle (userdir)" vdn-ssh root@bigboss " [ ! -d /home ] && { echo 'Need toto user !' >&2; exit 1; } [ ! -d /home/toto/public_html ] && mkdir /home/toto/public_html cat <<-EOF > /home/toto/public_html/index.html Page perso. EOF chown -R toto: /home/toto/public_html a2enmod userdir systemctl restart apache2 sleep 1 " } repairApache2HtaccessToto() { echo echo "Protection de toto@bigboss:~toto/secret" vdn-ssh root@bigboss " [ ! -d /home/toto/public_html/secret ] && { mkdir -p /home/toto/public_html/secret chown -R toto: /home/toto/public_html chmod 700 /home/toto/public_html/secret } cat <<-EOF > /home/toto/public_html/secret/.htaccess AuthType Basic AuthUserFile /home/toto/public_html/secret/users #AuthGroupFile /dev/null AuthName \"Accès privé\" require user titi EOF echo \"Prive\" > \ /home/toto/public_html/secret/index.html ( cd /home/toto/public_html/secret/ htpasswd -b -c users titi iut ) chown -R toto: /home/toto/public_html " } repairApache2() { set -e echo "[repairApache2]" echo repairApache2Base repairApache2Home repairApache2HtaccessToto echoDoneWithTestErrors } repairClientServer() { set -e echo "[repairClientServer]" echo vdn-ssh root@bigboss " cat << EOF > /usr/local/bin/server.rb #!/usr/bin/env ruby require 'socket' server = TCPServer.new ARGV[0] # socket d'écoute attaché au port passé en argument loop do # boucle infinie client = server.accept # attente d'une connexion while request=client.gets.chomp do # pour toutes les lignes reçues case request when \"time\" then client.puts \"#{Time.now}\" # émission de la réponse when \"exit\" then break else client.puts \"error\" end end client.close # fermeture de la connexion end EOF " vdn-ssh root@tiny " cat << EOF > /usr/local/bin/client.rb #!/usr/bin/env ruby require \"socket\" s = TCPSocket.open(ARGV[0], ARGV[1].to_i) # Création de la socket et connexion while line = STDIN.gets do # pour toutes les lignes de l'entrée standard s.puts line # émission de la ligne vers le serveur break if line.chomp == \"exit\" # chomp retire l'\\n' final puts s.gets # Affiche la ligne en provenance du serveur end s.close # fermeture de la socket EOF " echoDoneWithTestErrors } repairRouting() { set -e echo "[repairRouting]" echo baseConfigSociete baseConfigWeb baseConfigLambda vdn-ssh root@societe ' sed -i -re "s/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/" /etc/sysctl.conf sysctl -p set -e cat << EOF > /etc/firewall.sh #!/bin/bash iptables -t nat -F iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE EOF chmod 755 /etc/firewall.sh # MARCHE PAS ! grep -q /etc/firewall.sh /etc/vdn/vdn.rc && { echo "Add /etc/firewall in /etc/vdn/vdn.rc" echo /etc/firewall.sh >> /etc/vdn/vdn.rc chmod 755 /etc/vdn/vdn.rc } || : /etc/firewall.sh ' repairClientServer echoDoneWithTestErrors } repairSshKeys() { set -e echo "[repairSshKeys]" echo vdn-ssh root@bigboss " set -e [ ! -e .ssh/id_rsa ] && ssh-keygen -q -N '' -f ~/.ssh/id_rsa -t rsa || : " sleep 2 # laisser le temps à la création de titi sur tiny vdn-ssh root@tiny " su -c ' [ ! -d ~/.ssh ] && { mkdir ~/.ssh; chmod 700 .ssh; } ' - titi " local tmp=$(mktemp) vdn-ssh root@bigboss "cat ~/.ssh/id_rsa.pub" > $tmp cat $tmp | vdn-ssh root@tiny " su -c ' cat > ~/.ssh/authorized_keys ' - titi " rm $tmp echoDoneWithTestErrors } run() { requireSshGuests $SYSTEMS vdnExec baseConfigBigboss baseConfigTiny repairUsersTotoTiti \ repairNfs repairDhcp repairProftpd \ repairApache2 \ repairRouting repairSshKeys }