antoine.perederii
/
IUT
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'e2bb871125'
${ noResults }
IUT/vdn/networks.bak/demo-buster/scripts/repairAll-1A

667 lines
14 KiB
Raw Blame History

#!/usr/bin/env bash
DESC="TP de 1A."
SYSTEMS="bigboss tiny societe lambda web"
baseConfigBigboss() {
set -e
echo "[baseConfigBigboss]"
echo
name="bigboss"
#startAndWaitSsh $name
setIpv6WorkAround $name
setHostname $name
cat << EOF | setHosts $name
127.0.0.1 localhost
$($VDN_PATH/bin/vdn-infos lambda PUBLIC_IP) lambda
$($VDN_PATH/bin/vdn-infos nomade PUBLIC_IP) nomade
192.168.30.1 societe
192.168.30.2 bigboss
192.168.30.16 tiny
192.168.1.2 web
EOF
cat << EOF | setInterfaces $name
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address 192.168.30.2
netmask 255.255.255.0
gateway 192.168.30.1
EOF
vdn-ssh root@$name "
echo \"<html><body><h1>Bienvenue sur le serveur Web de $name !</h1></body></html>\" > /var/www/html/index.html
systemctl restart networking
"
echoDoneWithTestErrors
}
baseConfigTiny() {
set -e
echo "[baseConfigTiny]"
echo
name="tiny"
setIpv6WorkAround $name
setHostname $name
cat << EOF | setHosts $name
127.0.0.1 localhost
$($VDN_PATH/bin/vdn-infos lambda PUBLIC_IP) lambda
$($VDN_PATH/bin/vdn-infos nomade PUBLIC_IP) nomade
192.168.30.1 societe
192.168.30.2 bigboss
192.168.30.16 tiny
192.168.1.2 web
EOF
vdn-ssh root@$name "ip addr flush eth1"
cat << EOF | setInterfaces $name
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
auto eth1
iface eth1 inet static
address 192.168.30.16
netmask 255.255.255.0
gateway 192.168.30.1
EOF
echoDoneWithTestErrors
}
baseConfigSociete() {
set -e
echo [baseConfigSociete]
echo
name="societe"
setIpv6WorkAround $name
setHostname $name
cat << EOF | setHosts $name
127.0.0.1 localhost
$($VDN_PATH/bin/vdn-infos lambda PUBLIC_IP) lambda
$($VDN_PATH/bin/vdn-infos nomade PUBLIC_IP) nomade
$($VDN_PATH/bin/vdn-infos societe PUBLIC_IP) societe
192.168.30.2 bigboss
192.168.30.16 tiny
192.168.1.2 web
EOF
# Fixe la route par défaut
cat << EOF | setFile $name /etc/network/if-up.d/default-interface
#!/bin/sh
[ "\$IFACE" = "eth0" ] && {
. /etc/vdn/config
/sbin/ifconfig eth0 \$PUBLIC_IP
/sbin/route add default dev eth0
} || :
EOF
vdn-ssh root@$name chmod 755 /etc/network/if-up.d/default-interface
cat << EOF | setInterfaces $name
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address $($VDN_PATH/bin/vdn-infos $name PUBLIC_IP)
netmask 255.0.0.0
auto eth1
iface eth1 inet static
address 192.168.1.1
netmask 255.255.255.0
auto eth2
iface eth2 inet static
address 192.168.30.1
netmask 255.255.255.0
EOF
vdn-ssh root@$name "systemctl restart networking"
echoDoneWithTestErrors
}
baseConfigWeb() {
set -e
echo [baseConfigWeb]
echo
name="web"
setIpv6WorkAround $name
setHostname $name
cat << EOF | setHosts $name
127.0.0.1 localhost
$($VDN_PATH/bin/vdn-infos lambda PUBLIC_IP) lambda
$($VDN_PATH/bin/vdn-infos nomade PUBLIC_IP) nomade
192.168.1.1 societe
192.168.30.2 bigboss
192.168.30.16 tiny
192.168.1.2 web
EOF
cat << EOF | setInterfaces $name
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address 192.168.1.2
netmask 255.255.255.0
gateway 192.168.1.1
EOF
vdn-ssh root@$name "
echo \"<html><body><h1>Bienvenue sur le serveur Web de $name !</h1></body></html>\" > /var/www/html/index.html
systemctl restart networking
systemctl enable apache2
systemctl stop apache2
systemctl start apache2
"
echoDoneWithTestErrors
}
baseConfigLambda() {
set -e
echo [baseConfigLambda]
echo
name="lambda"
setIpv6WorkAround $name
setHostname $name
cat << EOF | setHosts $name
127.0.0.1 localhost
$($VDN_PATH/bin/vdn-infos lambda PUBLIC_IP) lambda
$($VDN_PATH/bin/vdn-infos nomade PUBLIC_IP) nomade
$($VDN_PATH/bin/vdn-infos societe PUBLIC_IP) societe
EOF
# Fixe la route par défaut
cat << EOF | setFile $name /etc/network/if-up.d/default-interface
#!/bin/sh
[ "\$IFACE" = "eth0" ] && {
. /etc/vdn/config
/sbin/ifconfig eth0 \$PUBLIC_IP
/sbin/route add default dev eth0
} || :
EOF
vdn-ssh root@$name chmod 755 /etc/network/if-up.d/default-interface
cat << EOF | setInterfaces $name
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address $($VDN_PATH/bin/vdn-infos $name PUBLIC_IP)
netmask 255.0.0.0
EOF
# Page d'accueil du serveur web
vdn-ssh root@$name "
echo \"<html><body><h1>Bienvenue sur le serveur Web de $name !</h1></body></html>\" > /var/www/html/index.html
systemctl restart networking
systemctl enable apache2
systemctl stop apache2
systemctl start apache2
"
echoDoneWithTestErrors
}
baseConfigNomade() {
set -e
echo [baseConfigNomade]
echo
echoDoneWithTestErrors
}
getRandomPasswd() {
local k
while :; do
k=$(tr -dc _A-Z-a-z-0-9 < /dev/urandom 2> /dev/null | head -c${1:-32} )
if [ $(echo -n $k | wc -c) = 32 ]; then
break
fi
echo "Wait for entropy avail : $(cat /proc/sys/kernel/random/entropy_avail)" >&2
sleep 1
done
echo -n $k
}
repairUser() {
k=$(getRandomPasswd)
vdn-ssh root@$1 "
id $2 &> /dev/null && exit 0
adduser --disabled-password --gecos \"\" --home /home/$2 --shell /bin/bash $2
echo $2:$k| chpasswd
"
}
repairUsersTotoTiti() {
set -e
echo "[repairUsersTotoTiti]"
echo
repairUser bigboss toto
repairUser tiny titi
echoDoneWithTestErrors
}
repairNfs() {
set -e
echo "[repairNfs]"
echo
vdn-ssh root@bigboss "
set -e
[ ! -d /overlays/rw/partage-test ] && mkdir /overlays/rw/partage-test || :
echo test > /overlays/rw/partage-test/vdn-test
cat <<-EOF > /etc/exports
/overlays/ro/usr/share/doc tiny(ro,sync,subtree_check,no_root_squash,fsid=1)
#/overlays/rw/partage-test tiny(rw,sync,subtree_check,no_root_squash,fsid=2)
EOF
systemctl enable nfs-kernel-server
sleep 1
systemctl stop nfs-kernel-server
systemctl start nfs-kernel-server
"
echoDoneWithTestErrors
}
repairDhcp() {
set -e
echo
echo "[repairDhcp]"
tinyMAC=$(vdn-ssh root@tiny ifconfig eth1 | grep ether)
tinyMAC=$(echo "$tinyMAC" | \
sed -re 's/^.*ether ([[:xdigit:]:]*).*$/\1/')
vdn-ssh root@bigboss "
set -e
f=/etc/dhcp3/dhcpd.conf
[ -e /etc/init.d/isc-dhcp-server ] && f=/etc/dhcp/dhcpd.conf
cat <<-EOF > \$f
subnet 192.168.30.0 netmask 255.255.255.0 {
}
host tiny {
hardware ethernet ${tinyMAC};
option host-name tiny;
fixed-address tiny;
}
EOF
f=/etc/default/isc-dhcp-server
cat <<-EOF > \$f
INTERFACESv4=\"eth0\"
INTERFACESv6=\"\"
EOF
sleep 3
systemctl enable isc-dhcp-server
systemctl stop isc-dhcp-server
systemctl start isc-dhcp-server
#if [ -e /etc/init.d/dhcp3-server ]; then
# /etc/init.d/dhcp3-server stop &> /dev/null
# /etc/init.d/dhcp3-server start
#elif [ -e /etc/init.d/isc-dhcp-server ]; then
# /etc/init.d/isc-dhcp-server stop &> /dev/null
# /etc/init.d/isc-dhcp-server start
#fi
"
echoDoneWithTestErrors
}
repairProftpd() {
set -e
echo
echo "[repairProftpd]"
vdn-ssh root@bigboss "
[ ! -e /etc/proftpd/proftpd.conf.vdn ] && \
cp /etc/proftpd/proftpd.conf /etc/proftpd/proftpd.conf.vnd
grep -q '^<Anonymous' /etc/proftpd/proftpd.conf && exit 0
cat << EOF >> /etc/proftpd/proftpd.conf
# A basic anonymous configuration, no upload directories.
<Anonymous ~ftp>
User ftp
Group nogroup
# We want clients to be able to login with \"anonymous\" as well as \"ftp\"
UserAlias anonymous ftp
# Cosmetic changes, all files belongs to ftp user
DirFakeUser on ftp
DirFakeGroup on ftp
RequireValidShell off
# Limit the maximum number of anonymous logins
MaxClients 10
# We want 'welcome.msg' displayed at login, and '.message' displayed
# in each newly chdired directory.
DisplayLogin welcome.msg
DisplayChdir .message
# Limit WRITE everywhere in the anonymous chroot
<Directory *>
<Limit WRITE>
DenyAll
</Limit>
</Directory>
</Anonymous>
EOF
systemctl enable proftpd
sleep 2
systemctl restart proftpd
"
echoDoneWithTestErrors
}
repairApache2Base() {
echo "Apache2 : Lancement du serveur"
vdn-ssh root@bigboss "
echo 'ServerName bigboss' >> /etc/apache2/apache2.conf
systemctl enable apache2
systemctl stop apache2
systemctl start apache2
sleep 1
"
}
repairApache2Home() {
echo
echo "Apache2 : Page Web personnelle (userdir)"
vdn-ssh root@bigboss "
[ ! -d /home ] && { echo 'Need toto user !' >&2; exit 1; }
[ ! -d /home/toto/public_html ] && mkdir /home/toto/public_html
cat <<-EOF > /home/toto/public_html/index.html
<html><body>Page perso.</body></html>
EOF
chown -R toto: /home/toto/public_html
a2enmod userdir
systemctl restart apache2
sleep 1
"
}
repairApache2HtaccessToto() {
echo
echo "Protection de toto@bigboss:~toto/secret"
vdn-ssh root@bigboss "
[ ! -d /home/toto/public_html/secret ] && {
mkdir -p /home/toto/public_html/secret
chown -R toto: /home/toto/public_html
chmod 700 /home/toto/public_html/secret
}
cat <<-EOF > /home/toto/public_html/secret/.htaccess
AuthType Basic
AuthUserFile /home/toto/public_html/secret/users
#AuthGroupFile /dev/null
AuthName \"Accès privé\"
<limit GET>
require user titi
</limit>
EOF
echo \"<html><body>Prive</body></html>\" > \
/home/toto/public_html/secret/index.html
(
cd /home/toto/public_html/secret/
htpasswd -b -c users titi iut
)
chown -R toto: /home/toto/public_html
"
}
repairApache2() {
set -e
echo "[repairApache2]"
echo
repairApache2Base
repairApache2Home
repairApache2HtaccessToto
echoDoneWithTestErrors
}
repairClientServer() {
set -e
echo "[repairClientServer]"
echo
vdn-ssh root@bigboss "
cat << EOF > /usr/local/bin/server.rb
#!/usr/bin/env ruby
require 'socket'
server = TCPServer.new ARGV[0] # socket d'écoute attaché au port passé en argument
loop do # boucle infinie
client = server.accept # attente d'une connexion
while request=client.gets.chomp do # pour toutes les lignes reçues
case request
when \"time\" then client.puts \"#{Time.now}\" # émission de la réponse
when \"exit\" then break
else client.puts \"error\"
end
end
client.close # fermeture de la connexion
end
EOF
"
vdn-ssh root@tiny "
cat << EOF > /usr/local/bin/client.rb
#!/usr/bin/env ruby
require \"socket\"
s = TCPSocket.open(ARGV[0], ARGV[1].to_i) # Création de la socket et connexion
while line = STDIN.gets do # pour toutes les lignes de l'entrée standard
s.puts line # émission de la ligne vers le serveur
break if line.chomp == \"exit\" # chomp retire l'\\n' final
puts s.gets # Affiche la ligne en provenance du serveur
end
s.close # fermeture de la socket
EOF
"
echoDoneWithTestErrors
}
repairRouting() {
set -e
echo "[repairRouting]"
echo
baseConfigSociete
baseConfigWeb
baseConfigLambda
vdn-ssh root@societe '
sed -i -re "s/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/" /etc/sysctl.conf
sysctl -p
set -e
cat << EOF > /etc/firewall.sh
#!/bin/bash
iptables -t nat -F
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
EOF
chmod 755 /etc/firewall.sh
# MARCHE PAS
! grep -q /etc/firewall.sh /etc/vdn/vdn.rc && {
echo "Add /etc/firewall in /etc/vdn/vdn.rc"
echo /etc/firewall.sh >> /etc/vdn/vdn.rc
chmod 755 /etc/vdn/vdn.rc
} || :
/etc/firewall.sh
'
repairClientServer
echoDoneWithTestErrors
}
repairSshKeys() {
set -e
echo "[repairSshKeys]"
echo
vdn-ssh root@bigboss "
set -e
[ ! -e .ssh/id_rsa ] && ssh-keygen -q -N '' -f ~/.ssh/id_rsa -t rsa || :
"
sleep 2 # laisser le temps à la création de titi sur tiny
vdn-ssh root@tiny "
su -c '
[ ! -d ~/.ssh ] && { mkdir ~/.ssh; chmod 700 .ssh; }
' - titi
"
local tmp=$(mktemp)
vdn-ssh root@bigboss "cat ~/.ssh/id_rsa.pub" > $tmp
cat $tmp | vdn-ssh root@tiny "
su -c '
cat > ~/.ssh/authorized_keys
' - titi
"
rm $tmp
echoDoneWithTestErrors
}
run() {
requireSshGuests $SYSTEMS
vdnExec baseConfigBigboss baseConfigTiny repairUsersTotoTiti \
repairNfs repairDhcp repairProftpd \
repairApache2 \
repairRouting repairSshKeys
}
Reference in new issue View Git Blame Copy Permalink