install/openvpn
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: install:f3a4dea46b11712db56990c8cf2568592f6b892c
Branches Tags
install:master
..
compare: install:565af91d8c2b1f12d87ea60e9734192fe1ca5354
Branches Tags
install:master

No commits in common. "f3a4dea46b11712db56990c8cf2568592f6b892c" and "565af91d8c2b1f12d87ea60e9734192fe1ca5354" have entirely different histories.
f3a4dea46b ... 565af91d8c

2 changed files with 116 additions and 660 deletions
Show Stats Expand all files Collapse all files

429
revoke_key.sh
View File

@ -1,93 +1,22 @@
#!/usr/bin/env bash
script_name="$(basename $(realpath $0))"
working_dir="$(dirname $(realpath $0))"
script_dir="$(dirname $(realpath $0))"
log_file="$(mktemp)"
_date="$(date +%Y-%m-%d-%H%M)"
key_names_reserverd="ta ca server"
#if [[ $# -eq 0 ]] ; then
# BATCH_MODE=false
#elif [[ -z "${BATCH_MODE}" ]] ; then
# BATCH_MODE=false
#fi
# - For checking if revokation was successfull
# -
_CHECK_DIR="$(mktemp -d)"
_RT_CERT="${_CHECK_DIR}/revoke-test.pem"
# ----------
# Base Function(s)
# ----------
usage() {
[[ -n "$1" ]] && error "$1"
[[ $terminal ]] && echo -e "
\033[1mUsage:\033[m
$(basename $0) [OPTION [OPTION ..
\033[1mDescription\033[m
Revoke a given key from a alos given (local) OpenVPN Service
\033[1mOptions\033[m
-b
No interaction possible - run this script in batch mode
-C <name-of the OpenVPN service instance>
The nae of the instance of the OpenVPN servive from which a key is requested
to remove.
Example:
-C \033[1mopp-home\033[m - Revoke a key from OpenVPN service, which is startet with
configuration \033[1m/etc/openvpn/opp-home\033[m
-h
Prints this help.
-N <key-name>
the name of the key, which is requested ti revoke from OpenVPN Service
-S
Don't restart Service after (successfully) revoking the given key
\033[1mFiles\033[m
No script configuration file is used.
Configuration files for the OpenVPN service must be exists, i.e. for service \033[1mopp-home\033[m
${working_dir}/conf/server-opp-home.conf
\033[1mExample:\033[m
interactive run - all needed parameters will be requested:
$(basename $0)
running in batch mode - revoke key 'gudrun' from local OpenVPN service 'opp-home'.
Dont restart service if finished.
$(basename $0) -b -S -C opp-home -N gudrun
"
clean_up 1
}
#---------------------------------------
#-----------------------------
# Some functions
#-----------------------------
#---------------------------------------
clean_up() {
@ -99,7 +28,7 @@ clean_up() {
}
blank_line() {
if $terminal && ! ${BATCH_MODE}; then
if $terminal ; then
echo ""
fi
}
@ -119,124 +48,69 @@ is_int() {
}
echononl(){
if $terminal && ! ${BATCH_MODE} ; then
echo X\\c > /tmp/shprompt$$
if [ `wc -c /tmp/shprompt$$ | awk '{print $1}'` -eq 1 ]; then
echo -e -n "$*\\c" 1>&2
else
echo -e -n "$*" 1>&2
fi
rm /tmp/shprompt$$
echo X\\c > /tmp/shprompt$$
if [ `wc -c /tmp/shprompt$$ | awk '{print $1}'` -eq 1 ]; then
echo -e -n "$*\\c" 1>&2
else
echo -e -n "$*" 1>&2
fi
rm /tmp/shprompt$$
}
error(){
echo ""
echo -e "\t[ \033[31m\033[1mError\033[m ]: $*"
echo ""
}
fatal(){
echo ""
if $terminal ; then
echo -e " [ \033[31m\033[1mFatal\033[m ]: $*"
echo ""
echo -e " \033[31m\033[1mScript was interupted\033[m!"
else
echo " [ Fatal ]: $*"
echo ""
echo " Script was terminated...."
fi
echo -e "\t[ \033[31m\033[1mFatal\033[m ]: $*"
echo ""
echo -e "\t\033[37m\033[1mscript will be interrupted\033[m\033[m"
echo ""
clean_up 1
}
error (){
echo ""
if $terminal && ! ${BATCH_MODE} ; then
echo -e " [ \033[31m\033[1mError\033[m ]: $*"
else
echo "[ Error ]: $*"
fi
echo ""
}
warn (){
echo ""
if $terminal && ! ${BATCH_MODE} ; then
echo -e " [ \033[33m\033[1mWarning\033[m ]: $*"
else
echo "[ Warning ]: $*"
fi
echo -e "\t[ \033[33m\033[1mWarning\033[m ]: $*"
echo ""
}
warn_only_terminal () {
if $terminal && ! ${BATCH_MODE} ; then
echo ""
echo -e "\t[ \033[33m\033[1mWarning\033[m ]: $*"
echo ""
fi
}
info (){
if $terminal && ! ${BATCH_MODE} ; then
echo ""
echo -e " [ \033[32m\033[1mInfo\033[m ] $*"
echo ""
fi
echo ""
echo -e "\t[ \033[32m\033[1mInfo\033[m ]: $*"
echo ""
}
ok (){
if $terminal && ! ${BATCH_MODE} ; then
echo ""
echo -e " [ \033[32m\033[1mOk\033[m ] $*"
echo ""
fi
}
print_command () {
echo ""
echo -e "\t\033[33m\033[1mCommand was\033[m: $*"
echo ""
}
echo_done() {
if $terminal && ! ${BATCH_MODE} ; then
echo -e "\033[75G[ \033[32mdone\033[m ]"
fi
echo -e "\033[80G[ \033[32mdone\033[m ]"
}
echo_ok() {
if $terminal && ! ${BATCH_MODE} ; then
echo -e "\033[75G[ \033[32mok\033[m ]"
fi
echo -e "\033[80G[ \033[32mok\033[m ]"
}
echo_warn() {
if $terminal && ! ${BATCH_MODE} ; then
echo -e "\033[75G[ \033[33mwarn\033[m ]"
fi
echo_warning() {
echo -e "\033[80G[ \033[33m\033[1mwarn\033[m ]"
}
echo_failed(){
if $terminal && ! ${BATCH_MODE} ; then
echo -e "\033[75G[ \033[1;31mfailed\033[m ]"
fi
echo -e "\033[80G[ \033[1;31mfailed\033[m ]"
}
echo_skipped() {
if $terminal && ! ${BATCH_MODE} ; then
echo -e "\033[75G[ \033[90m\033[1mskipped\033[m ]"
fi
}
echo_wait(){
if $terminal && ! ${BATCH_MODE} ; then
echo -en "\033[75G[ \033[5m\033[1m...\033[m ]"
fi
echo -e "\033[80G[ \033[37mskipped\033[m ]"
}
trap clean_up SIGHUP SIGINT SIGTERM
# ----------
# - Some checks ..
# ----------
# - Running in a terminal?
# -
if [[ -t 1 ]] ; then
terminal=true
else
terminal=false
fi
# -------------
# --- Check some prerequisites
# -------------
# -Is systemd supported on this system?
# -
@ -249,123 +123,69 @@ if [[ -n "$systemd" ]] && [[ -n "$systemctl" ]] ; then
fi
# ----------
# - Read commandline parameter
# ----------
BATCH_MODE=false
OPENVPN_SERVER_CONFIG=
KEY_NAME_TO_REVOKE=
RESTART_OPENVPN_SERVICE=true
while getopts bC:hN:S opt ; do
case $opt in
b) BATCH_MODE=true
;;
C) OPENVPN_SERVER_CONFIG="${OPTARG}"
;;
h) usage
;;
N) KEY_NAME_TO_REVOKE="${OPTARG}"
;;
S) RESTART_OPENVPN_SERVICE=false
;;
esac
done
if ${BATCH_MODE} ; then
if [[ -z "${OPENVPN_SERVER_CONFIG}" ]] && [[ -z "${KEY_NAME_TO_REVOKE}" ]]; then
fatal "In batch mode both a server configuration (-C) and the key name (-N) musit be specified!"
elif [[ -z "${OPENVPN_SERVER_CONFIG}" ]] ; then
fatal "In batch mode also a server configuration (-C) must be specified!"
elif [[ -z "${KEY_NAME_TO_REVOKE}" ]]; then
fatal "In batch mode also the key name (-N) must be specified!"
fi
fi
#clear
if $terminal && ! ${BATCH_MODE} ; then
echo ""
echo -e "\033[21G\033[32mRevoke OpenVPN key.. \033[m"
echo ""
echo ""
fi
clear
echo ""
echo -e "\033[21G\033[32mRevoke OpenVPN key.. \033[m"
echo ""
echo ""
declare -a conf_file_arr=()
declare -a conf_name_arr=()
for _conf_file in `ls ${working_dir}/conf/server-*.conf 2>/dev/null` ; do
for _conf_file in `ls ${script_dir}/conf/server-*.conf 2>/dev/null` ; do
conf_file_arr+=("${_conf_file}")
_basename=$(basename $_conf_file)
_tmp_name=${_basename%%.*}
_tmp_name=${_tmp_name#*-}
if ${BATCH_MODE} ; then
if [[ "${_tmp_name}" = "${OPENVPN_SERVER_CONFIG}" ]]; then
conf_file="${_conf_file}"
break
fi
else
conf_name_arr+=("$_tmp_name")
conf_file_arr+=("${_conf_file}")
fi
conf_name_arr+=("$_tmp_name")
done
if [[ ${#conf_file_arr[@]} -lt 1 ]] && [[ -z "${conf_file}" ]]; then
if [[ ${#conf_file_arr[@]} -lt 1 ]] ; then
fatal "NO Configuration found!"
fi
blank_line
echo ""
declare -i i=0
if ! ${BATCH_MODE} ; then
if [[ ${#conf_file_arr[@]} -gt 1 ]] ; then
if $terminal ; then
echo ""
echo "Which Configuration should be loaded?"
if [[ ${#conf_file_arr[@]} -gt 1 ]] ; then
echo ""
echo "Which Configuration should be loaded?"
echo ""
for _conf_file in ${conf_file_arr[@]} ; do
echo " [${i}] ${conf_name_arr[${i}]}"
(( i++ ))
done
_OK=false
echo
echononl "Eingabe: "
while ! $_OK ; do
read _IN
if is_number "$_IN" && [[ -n ${conf_file_arr[$_IN]} ]]; then
conf_file=${conf_file_arr[$_IN]}
_OK=true
else
echo ""
echo -e "\tFalsche Eingabe !"
echo ""
echononl "Eingabe: "
fi
for _conf_file in ${conf_file_arr[@]} ; do
if $terminal ; then
echo " [${i}] ${conf_name_arr[${i}]}"
fi
(( i++ ))
done
_OK=false
blank_line
echononl "Eingabe: "
while ! $_OK ; do
read _IN
if is_number "$_IN" && [[ -n ${conf_file_arr[$_IN]} ]]; then
conf_file=${conf_file_arr[$_IN]}
_OK=true
else
if is_number "$_IN" && [[ -n ${conf_file_arr[$_IN]} ]]; then
if $terminal ; then
echo ""
echo -e "\tFalsche Eingabe !"
echo ""
fi
echononl "Eingabe: "
fi
fi
done
done
else
conf_file=${conf_file_arr[0]}
fi
else
conf_file=${conf_file_arr[0]}
fi
if $terminal && ! ${BATCH_MODE} ; then
echo ""
echo -e "\033[32m--\033[m"
echo ""
fi
echo ""
echo -e "\033[32m--\033[m"
echo ""
# ----------
# - Read Configurations from $conf_file
# ----------
#---------------------------------------
#-----------------------------
# Read Configurations from $conf_file
#-----------------------------
#---------------------------------------
echononl " Load Configuration File $(basename ${conf_file}).."
if [[ ! -f "$conf_file" ]]; then
@ -399,24 +219,18 @@ fi
if $terminal && ! ${BATCH_MODE} ; then
echo ""
echo -e "\033[32m--\033[m"
echo ""
fi
#KEY_NAME_TO_REVOKE=""
echo ""
echo -e "\033[32m--\033[m"
echo ""
KEY_NAME_TO_REVOKE=""
if [ -z "$KEY_NAME_TO_REVOKE" ]; then
if $terminal && ! ${BATCH_MODE} ; then
echo "Insert key name you wish to revoke."
echo ""
echo ""
fi
echo "Insert key name you wish to revoke."
echo ""
echo ""
echononl "key name to revoke: "
read KEY_NAME_TO_REVOKE
while [ "X$KEY_NAME_TO_REVOKE" = "X" ] ; do
if $terminal && ! ${BATCH_MODE} ; then
echo -e "\n\t\033[33m\033[1mKey name is required!\033[m\n"
fi
echo -e "\n\t\033[33m\033[1mKey name is required!\033[m\n"
echononl "key name: "
read KEY_NAME_TO_REVOKE
done
@ -446,36 +260,29 @@ if [[ ! -f "${_CLIENT_CERT}" ]]; then
fatal "Key '$KEY_NAME_TO_REVOKE' not found!"
fi
if $terminal && ! ${BATCH_MODE} ; then
echo ""
echo -e "\033[32m--\033[m"
echo ""
echo ""
echo -e "\033[32m--\033[m"
echo ""
echo "Key to revoke...........: $(basename "$_CLIENT_KEY")"
echo "Server Configuration....: ${OPENVPN_SERVER_CONFIG}"
echo "Key to revoke...........: $(basename "$_CLIENT_KEY")"
info "Going to revoke key \033[37m\033[1m$(basename "$_CLIENT_KEY")\033[m.."
echo -n "To continue type uppercase 'YES': "
read OK
echo ""
if [[ "$OK" != "YES" ]] ; then
fatal "Abort by user request - Answer as not 'YES'"
fi
fi
# ----------
# - Main part of script
# ----------
if $terminal && ! ${BATCH_MODE} ; then
echo ""
echo ""
echo -e " \033[1mMain part of script - Goimg to revoke key of requested user $(basename "$_CLIENT_KEY")..\033[m"
echo ""
info "Going to revoke key \033[37m\033[1m$(basename "$_CLIENT_KEY")\033[m.."
echo -n "To continue type uppercase 'YES': "
read OK
echo ""
if [[ "$OK" != "YES" ]] ; then
fatal "Abort by user request - Answer as not 'YES'"
fi
blank_line
#---------------------------------------
#-----------------------------
# Revoke Key
#-----------------------------
#---------------------------------------
echo ""
# ---
# - Backup existing OpenVPN directory
@ -666,25 +473,21 @@ else
fi
# ---
# - Restart OpenVPN service
# - Start apache webservice
# ---
echo ""
echononl "\tRestart OpenVPN Service.."
if ${RESTART_OPENVPN_SERVICE} ; then
if $systemd_supported ; then
systemctl restart openvpn > $log_file 2>&1
else
/etc/init.d/openvpn restart > $log_file 2>&1
fi
if [ "$?" = "0" ]; then
echo_ok
else
echo_failed
error "$(cat $log_file)"
warn "Restarting OpenVPN Service failed!."
fi
if $systemd_supported ; then
systemctl restart openvpn > $log_file 2>&1
else
echo_skipped
/etc/init.d/openvpn restart > $log_file 2>&1
fi
if [ "$?" = "0" ]; then
echo_ok
else
echo_failed
error "$(cat $log_file)"
warn "Restarting OpenVPN Service failed!."
fi

347
revoke_multiple_keys.sh
View File

@ -1,347 +0,0 @@
#!/usr/bin/env bash
script_name="$(basename $(realpath $0))"
working_dir="$(dirname $(realpath $0))"
conf_file="${working_dir}/conf/${script_name%%.*}.conf"
LOCK_DIR="/tmp/${script_name%%.*}.LOCK"
log_file="${LOCK_DIR}/${script_name%%.*}.log"
clean_up() {
# Perform program exit housekeeping
rm -rf "$LOCK_DIR"
blank_line
exit $1
}
echononl(){
if $terminal ; then
echo X\\c > /tmp/shprompt$$
if [ `wc -c /tmp/shprompt$$ | awk '{print $1}'` -eq 1 ]; then
echo -e -n " $*\\c" 1>&2
else
echo -e -n " $*" 1>&2
fi
rm /tmp/shprompt$$
fi
}
fatal(){
echo ""
if $terminal ; then
echo -e " [ \033[31m\033[1mFatal\033[m ]: $*"
echo ""
echo -e " \033[31m\033[1mScript was interupted\033[m!"
else
echo " [ Fatal ]: $*"
echo ""
echo " Script was terminated...."
fi
echo ""
clean_up 1
}
error (){
echo ""
if $terminal ; then
echo -e " [ \033[31m\033[1mError\033[m ]: $*"
else
echo "[ Error ]: $*"
fi
echo ""
}
warn (){
echo ""
if $terminal ; then
echo -e " [ \033[33m\033[1mWarning\033[m ]: $*"
else
echo "[ Warning ]: $*"
fi
echo ""
}
warn_only_terminal () {
if $terminal ; then
echo ""
echo -e "\t[ \033[33m\033[1mWarning\033[m ]: $*"
echo ""
fi
}
info (){
if $terminal ; then
echo ""
echo -e " [ \033[32m\033[1mInfo\033[m ] $*"
echo ""
fi
}
ok (){
if $terminal ; then
echo ""
echo -e " [ \033[32m\033[1mOk\033[m ] $*"
echo ""
fi
}
echo_done() {
if $terminal ; then
echo -e "\033[75G[ \033[32mdone\033[m ]"
fi
}
echo_ok() {
if $terminal ; then
echo -e "\033[75G[ \033[32mok\033[m ]"
fi
}
echo_warn() {
if $terminal ; then
echo -e "\033[75G[ \033[33mwarn\033[m ]"
fi
}
echo_failed(){
if $terminal ; then
echo -e "\033[75G[ \033[1;31mfailed\033[m ]"
fi
}
echo_skipped() {
if $terminal ; then
echo -e "\033[75G[ \033[90m\033[1mskipped\033[m ]"
fi
}
echo_wait(){
if $terminal ; then
echo -en "\033[75G[ \033[5m\033[1m...\033[m ]"
fi
}
# - Check if a given array (parameter 2) contains a given string (parameter 1)
# -
containsElement () {
local e
for e in "${@:2}"; do [[ "$e" == "$1" ]] && return 0; done
return 1
}
trim() {
local var="$*"
var="${var#"${var%%[![:space:]]*}"}" # remove leading whitespace characters
var="${var%"${var##*[![:space:]]}"}" # remove trailing whitespace characters
echo -n "$var"
}
is_number() {
return $(test ! -z "${1##*[!0-9]*}" > /dev/null 2>&1);
# - also possible
# -
#[[ ! -z "${1##*[!0-9]*}" ]] && return 0 || return 1
#return $([[ ! -z "${1##*[!0-9]*}" ]])
}
is_int() {
return $(test "$@" -eq "$@" > /dev/null 2>&1);
}
blank_line() {
if $terminal ; then
echo ""
fi
}
# ----------
# - Some checks ..
# ----------
# - Running in a terminal?
# -
if [[ -t 1 ]] ; then
terminal=true
else
terminal=false
fi
# -------------
# - Job is already running?
# -------------
# - If job already runs, stop execution..
# -
if mkdir "$LOCK_DIR" 2> /dev/null ; then
## - Remove lockdir when the script finishes, or when it receives a signal
trap "clean_up 1" SIGHUP SIGINT SIGTERM
else
datum="$(date +"%d.%m.%Y %H:%M")"
msg="[ Error ]: A previos instance of \"`basename $0`\" seems already be running.\n\n Exiting now.."
echo ""
echo "[ Error ]: A previos instance of that script \"`basename $0`\" seems already be running."
echo ""
echo -e " Exiting now.."
echo ""
for _email in ${alert_email_arr[@]} ; do
echo -e "To:${_email}\n${content_type}\nSubject:Error cronjob `basename $0` -- $datum\n${msg}\n" \
| sendmail -F "Error `hostname -f`" -f $sender_address $_email
done
exit 1
fi
# ==========
# - Begin Main Script
# ==========
# ----------
# - Headline
# ----------
if $terminal ; then
echo ""
echo -e "\033[1m----------\033[m"
echo -e "\033[32m\033[1mRunning script \033[m\033[1m$script_name\033[32m .. \033[m"
echo -e "\033[1m----------\033[m"
fi
declare -a conf_file_arr=()
declare -a conf_name_arr=()
for _conf_file in `ls ${working_dir}/conf/server-*.conf 2>/dev/null` ; do
_basename=$(basename $_conf_file)
_tmp_name=${_basename%%.*}
_tmp_name=${_tmp_name#*-}
conf_name_arr+=("$_tmp_name")
conf_file_arr+=("${_conf_file}")
done
if [[ ${#conf_file_arr[@]} -lt 1 ]] && [[ -z "${conf_file}" ]]; then
fatal "NO Configuration found!"
fi
blank_line
declare -i i=0
OPENVPN_INSTANCE=
if [[ ${#conf_file_arr[@]} -gt 1 ]] ; then
if $terminal ; then
echo ""
echo "Which Configuration should be loaded?"
echo ""
fi
for _conf_file in ${conf_file_arr[@]} ; do
if $terminal ; then
echo " [${i}] ${conf_name_arr[${i}]}"
fi
(( i++ ))
done
_OK=false
blank_line
echononl "Eingabe: "
while ! $_OK ; do
read _IN
if is_number "$_IN" && [[ -n ${conf_file_arr[$_IN]} ]]; then
OPENVPN_INSTANCE="${conf_name_arr[$_IN]}"
_OK=true
else
if is_number "$_IN" && [[ -n ${conf_file_arr[$_IN]} ]]; then
if $terminal ; then
echo ""
echo -e "\tFalsche Eingabe !"
echo ""
fi
echononl "Eingabe: "
fi
fi
done
else
OPENVPN_INSTANCE="${conf_name_arr[0]}"
fi
echo ""
echo -e "\033[32m--\033[m"
echo ""
echo "Insert users(s), you wish to revoke from local OpenVPN system.."
echo ""
echo " Multiple users are supported - give a blank separated list"
echo ""
echo ""
users=
if [ -z "$_users" ]; then
echononl "Users: "
read users
while [ "X$users" = "X" ] ; do
echo -e "\n\t\033[33m\033[1mEingabe erforderlich.\033[m\n"
echononl "Users: "
read users
done
else
echononl "Users [${_users}]: "
read users
if [[ "X$users" = "X" ]]; then
users=$_users
fi
fi
# ----------
# - Main part of script
# ----------
if $terminal ; then
echo ""
echo ""
echo -e " \033[1mMain part of script - Goimg to revoke requested user..\033[m"
echo ""
fi
declare -a user_req_for_del_arr=()
for _user in ${users} ; do
user_req_for_del_arr+=("${_user}")
done
for _user in "${user_req_for_del_arr[@]}" ; do
echononl " Revoke user \033[1m${_user}\033[m from OpenVPN instance \033[1m${OPENVPN_INSTANCE}\033[m"
echo "1" | /usr/local/src/openvpn/get_all_keys.sh 2> /dev/null | grep -q -i $_user
if [[ $? -eq 0 ]] ; then
echo "1" | /usr/local/src/openvpn/get_revoked_keys.sh 2> /dev/null | grep -q -i $_user
if [[ $? -gt 0 ]] ; then
/usr/local/src/openvpn/revoke_key.sh -b -S -C ${OPENVPN_INSTANCE} -N ${_user} > ${log_file} 2>&1
if [[ $? -gt 0 ]]; then
echo_failed
error "$(cat ${log_file})"
else
echo_done
fi
else
echo_skipped
warn_only_terminal "User \033]1m${_user}\033[mn already revoked!"
fi
else
echo_skipped
warn_only_terminal "User \033]1m${_user}\033[mn has no OpenVPN credentials."
fi
done
echo ""
clean_up 0