From 266e536732bd759e8c5d729e4faf2ae1fabbec57 Mon Sep 17 00:00:00 2001 From: Christoph Date: Wed, 11 Apr 2018 04:13:19 +0200 Subject: [PATCH] Initial commit --- .gitignore | 3 + conf/create-lx-container.conf.sample | 21 + create-lx-container.sh | 1673 +++++++++++++++++ supported-files/sshd_config | 255 +++ supported-files/templates_root/.bashrc | 71 + supported-files/templates_root/.profile | 24 + .../templates_root/.ssh/authorized_keys2 | 2 + supported-files/templates_root/.vimrc | 173 ++ 8 files changed, 2222 insertions(+) create mode 100644 .gitignore create mode 100644 conf/create-lx-container.conf.sample create mode 100755 create-lx-container.sh create mode 100644 supported-files/sshd_config create mode 100644 supported-files/templates_root/.bashrc create mode 100644 supported-files/templates_root/.profile create mode 100644 supported-files/templates_root/.ssh/authorized_keys2 create mode 100644 supported-files/templates_root/.vimrc diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..a3b58e5 --- /dev/null +++ b/.gitignore @@ -0,0 +1,3 @@ +*.swp +/conf/*.conf +/BAK/* diff --git a/conf/create-lx-container.conf.sample b/conf/create-lx-container.conf.sample new file mode 100644 index 0000000..7e79897 --- /dev/null +++ b/conf/create-lx-container.conf.sample @@ -0,0 +1,21 @@ + +## ======================================================== +## - Configuration File for "create-lx-container.sh" Script +## ======================================================== + +# - LXC_ROOT_DIR +# - +# - The directory where all the LX-Containers are stored. +# - +# - Defaults to: LXC_ROOT_DIR="/var/lib/lxc" +# - +#LXC_ROOT_DIR="/var/lib/lxc" + + +# - LXC_DIST +# - +# - The Linux distribution used for the new LX-Container. +# - +# - Defaults to: LXC_DIST="debian" +# - +#LXC_DIST="debian" diff --git a/create-lx-container.sh b/create-lx-container.sh new file mode 100755 index 0000000..89cc002 --- /dev/null +++ b/create-lx-container.sh @@ -0,0 +1,1673 @@ +#!/usr/bin/env bash + + +working_dir="$(dirname $(realpath $0))" +conf_file="${working_dir}/conf/create-lx-container.conf" + +LOCK_DIR="/tmp/create-lx-container.LOCK" +err_msg="$LOCK_DIR/error.log" + + +# ------------- +# - Some functions +# ------------- + +clean_up() { + + # Perform program exit housekeeping + rm -rf "$LOCK_DIR" + exit $1 +} + +echononl(){ + if $terminal ; then + echo X\\c > /tmp/shprompt$$ + if [ `wc -c /tmp/shprompt$$ | awk '{print $1}'` -eq 1 ]; then + echo -e -n "$*\\c" 1>&2 + else + echo -e -n "$*" 1>&2 + fi + rm /tmp/shprompt$$ + fi +} + +fatal(){ + echo "" + if $terminal ; then + echo -e " [ \033[31m\033[1mFatal\033[m ]: $*" + echo "" + echo -e " \033[31m\033[1mScript was terminated\033[m!" + else + echo " [ Fatal ]: $*" + echo "" + echo " Script was terminated...." + fi + echo "" + clean_up 1 +} + +error (){ + echo "" + if $terminal ; then + echo -e " [ \033[31m\033[1mError\033[m ]: $*" + else + echo "[ Error ]: $*" + fi + echo "" +} + +warn (){ + echo "" + if $terminal ; then + echo -e " [ \033[33m\033[1mWarning\033[m ]: $*" + else + echo "[ Warning ]: $*" + fi + echo "" +} +info (){ + + if $terminal ; then + echo "" + echo -e " [ \033[32m\033[1mInfo\033[m ]: $*" + echo "" + fi +} + +echo_done() { + if $terminal ; then + echo -e "\033[75G[ \033[32mdone\033[m ]" + fi +} +echo_failed(){ + if $terminal && $LOGGING ; then + echo -e "\033[75G[ \033[1;31mfailed\033[m ]" + fi +} +echo_skipped() { + if $terminal && $LOGGING ; then + echo -e "\033[75G[ \033[33m\033[1mskipped\033[m ]" + fi +} + +trim() { + local var="$*" + var="${var#"${var%%[![:space:]]*}"}" # remove leading whitespace characters + var="${var%"${var##*[![:space:]]}"}" # remove trailing whitespace characters + echo -n "$var" +} +is_valid_ipv4() { + local -a octets=( ${1//\./ } ) + local RETURNVALUE=0 + + # return an error if the IP doesn't have exactly 4 octets + [[ ${#octets[@]} -ne 4 ]] && return 1 + + for octet in ${octets[@]} + do + if [[ ${octet} =~ ^[0-9]{1,3}$ ]] + then # shift number by 8 bits, anything larger than 255 will be > 0 + ((RETURNVALUE += octet>>8 )) + else # octet wasn't numeric, return error + return 1 + fi + done + return ${RETURNVALUE} +} +is_valid_mac_address() { + [[ "$1" =~ ^([0-9a-fA-F]{2}:){5}[0-9a-fA-F]{2}$ ]] && return 0 || return 1 +} +netmask2cidr() { + case $1 in + 0x*) + local hex=${1#0x*} quad= + while [ -n "${hex}" ]; do + local lastbut2=${hex#??*} + quad=${quad}${quad:+.}0x${hex%${lastbut2}*} + hex=${lastbut2} + done + set -- ${quad} + ;; + esac + + local i= len= + local IFS=. + for i in $1; do + while [ ${i} != "0" ]; do + len=$((${len} + ${i} % 2)) + i=$((${i} >> 1)) + done + done + + echo "${len}" +} + + +# ------------- +# - Running in a terminal? +# ------------- + +if [[ -t 1 ]] ; then + terminal=true +else + terminal=false +fi + + +# ------------- +# - Read Configurations from $conf_file +# ------------- + +DEFAULT_LXC_ROOT_DIR="/var/lib/lxc" +DEFAULT_LXC_DIST="debian" +DEFAULT_MAC_ADDRESS_1="$(echo -n 00 ; dd bs=1 count=5 if=/dev/random 2>/dev/null | hexdump -v -e '/1 ":%02X"')" + +DEFAULT_IPV6_PREFIX=64 + +if [[ -f "$conf_file" ]]; then + source "$conf_file" + fatal "Configuration file '$(basename ${conf_file})' not found!" +else + warn "No Configuration file '$(basename ${conf_file})'. Using default values.." +fi + +[[ -z "$LXC_ROOT_DIR" ]] || DEFAULT_LXC_ROOT_DIR="$LXC_ROOT_DIR" +[[ -z "$LXC_DIST" ]] || DEFAULT_LXC_DIST="$LXC_DIST" + + + +# ------------- +# - Job is already running? +# ------------- + +# - If job already runs, stop execution.. +# - +if mkdir "$LOCK_DIR" 2> /dev/null ; then + + # - Remove lockdir when the script finishes, or when it receives a signal + # - + trap clean_up SIGHUP SIGINT SIGTERM + +else + + datum="$(date +"%d.%m.%Y %H:%M")" + + msg=" [ Error ]: A previos instance of '$(basename $0)' seems already be running.\n\n Exiting now.." + + error "A previos instance of the script '$(basename $0)' seems already be running." + + exit 1 + +fi + +clear +echo -e " \033[32m---\033[m" +echo -e " \033[32m\033[1mInsert parameter for the new LX Container\033[m" +echo -e " \033[32m---\033[m" +echo + +echo " # Insert root directory for LX Containers." +echo " #" +echo " # Type to accept the default '$DEFAULT_LXC_ROOT_DIR'." +echo "" +echononl "\033[1mRoot directory for LX Containers [$DEFAULT_LXC_ROOT_DIR]:\033[m " +read LXC_ROOT_DIR +if [[ -z "$(trim $LXC_ROOT_DIR)" ]] ; then + LXC_ROOT_DIR="$DEFAULT_LXC_ROOT_DIR" +fi + +echo "" +echo -e "\033[32m--\033[m" +echo "" + +echo " # Insert the name new LX Containers." +echo " #" +echo " # Note: It's NOT the hostname, its only the name of the inew LX Container." +echo " #" +echo "" +echononl "\033[1mName of the Container:\033[m " +read LXC_NAME + +while [[ -z "$(trim $LXC_NAME)" ]]; do + warn "Parameter is needed. Try again.." + echononl "\033[1mName of the Container:\033[m " + read LXC_NAME +done + +echo "" +echo -e "\033[32m--\033[m" +echo "" + +echo " # Insert linux distribution for the new LX Containers." +echo " #" +echo " # Type to accept the default '$DEFAULT_LXC_DIST'." +echo "" +echononl "\033[1mLinux Distribution [$DEFAULT_LXC_DIST]:\033[m " +read LXC_DIST +if [[ -z "$(trim $LXC_DIST)" ]] ; then + LXC_DIST="$DEFAULT_LXC_DIST" +fi + +echo "" +echo -e "\033[32m--\033[m" +echo "" + +echo " # Insert the Code name of the Linux Distribution." +echo " #" +echo " # Example for debian: 'stretch'" +echo "" +echononl "\033[1mCode name:\033[m " +read LXC_RELEASE + +while [[ -z "$(trim $LXC_RELEASE)" ]]; do + warn "Parameter is needed. Try again.." + echononl "\033[1mCode name:\033[m " + read LXC_RELEASE +done + +echo "" +echo -e "\033[32m--\033[m" +echo "" + +echo " # Insert MAC Address for the first network device of the new LX Containers." +echo " #" +echo " # Type to accept the randomised created one '$DEFAULT_MAC_ADDRESS_1'." +echo "" +echononl "\033[1mMAC Address of the firts network device [$DEFAULT_MAC_ADDRESS_1]:\033[m " +read MAC_ADDRESS_1 + +while ! $(is_valid_mac_address $MAC_ADDRESS_1) ; do + if [[ -z "$(trim $MAC_ADDRESS_1)" ]] ; then + MAC_ADDRESS_1="$DEFAULT_MAC_ADDRESS_1" + break + fi + warn "'$MAC_ADDRESS_1' isn't a valid MAC Address." + echononl "\033[1mMAC Address of the firts network device [$DEFAULT_MAC_ADDRESS_1]:\033[m " + read MAC_ADDRESS_1 +done + +echo "" +echo -e "\033[32m--\033[m" +echo "" + +echo " # Insert first IPv4 Address for the new LX Containers." +echo " #" +echo "" +echononl "\033[1mFirst IPv4 Address:\033[m " +read IPV4_ADDRESS_1 + +while ! $(is_valid_ipv4 $IPV4_ADDRESS_1); do + if [[ -z "$(trim $IPV4_ADDRESS_1)" ]]; then + warn "Parameter is needed. Try again.." + else + warn "'$IPV4_ADDRESS_1' is not a valid IPv4 Address. Try again.." + fi + echononl "\033[1mFirst IPv4 Address:\033[m " + read IPV4_ADDRESS_1 +done + +echo "" +echo -e "\033[32m--\033[m" +echo "" + +echo " # Insert IPv4 Address for the gateway." +echo " #" +echo "" +echononl "\033[1mIPv4 (first) Gateway Address:\033[m " +read IPV4_GATEWAY_1 + +while ! $(is_valid_ipv4 $IPV4_GATEWAY_1) ; do + if [[ -z "$(trim $IPV4_GATEWAY_1)" ]]; then + warn "Parameter is needed. Try again" + else + warn "'$IPV4_GATEWAY_1' is not a valid IPv4 Address. Try again.." + fi + echononl "\033[1mIPv4 (first) Gateway Address:\033[m " + read IPV4_GATEWAY_1 +done + +echo "" +echo -e "\033[32m--\033[m" +echo "" + +echo " # Insert Netmask for the first IPv4 Address." +echo " #" +echo "" +echononl "\033[1mNetmask (first) IPv4 Address:\033[m " +read IPV4_NETMASK_1 + +while ! $(is_valid_ipv4 $IPV4_NETMASK_1) ; do + if [[ -z "$(trim $IPV4_NETMASK_1)" ]]; then + warn "Parameter is needed. Try again" + else + warn "'$IPV4_NETMASK_1' is not a valid netmask. Try again.." + fi + echononl "\033[1mNetmask (first) IPv4 Address:\033[m " + read IPV4_NETMASK_1 +done +IPV4_PREFIX_1="$(netmask2cidr $IPV4_NETMASK_1)" +IPV6_PREFIX_1=$DEFAULT_IPV6_PREFIX + + + + +echo "" +echo -e "\033[32m--\033[m" +echo "" +echononl "\033[1mDo you want to apply a second IPv4 Address? [yes/no]: " +read OK +[[ "$(trim ${OK,,})" = "yes" ]] && _second_ipv4=true || _second_ipv4=false + +if $_second_ipv4 ; then + + _last_octet=${MAC_ADDRESS_1: -2} + _new_last_octet="$(printf "%X\n" $((0x$_last_octet + 1)))" + if [[ ${#_new_last_octet} -eq 1 ]]; then + _new_last_octet="0$_new_last_octet" + elif [[ ${#_new_last_octet} -eq 3 ]]; then + _new_last_octet="00" + fi + DEFAULT_MAC_ADDRESS_2="${MAC_ADDRESS_1:0:14}:$_new_last_octet" + + echo "" + echo -e "\033[32m--\033[m" + echo "" + + echo " # Insert MAC Address for the second network device of the new LX Containers." + echo " #" + echo " # Type to accept the randomised created one '$DEFAULT_MAC_ADDRESS_2'." + echo "" + echononl "\033[1mMAC Address of the second network device [$DEFAULT_MAC_ADDRESS_2]:\033[m " + read MAC_ADDRESS_2 + + while ! $(is_valid_mac_address $MAC_ADDRESS_2) ; do + if [[ -z "$(trim $MAC_ADDRESS_2)" ]] ; then + MAC_ADDRESS_2="$DEFAULT_MAC_ADDRESS_2" + break + fi + warn "'$MAC_ADDRESS_2' isn't a valid MAC Address." + echononl "\033[1mMAC Address of the second network device [$DEFAULT_MAC_ADDRESS_2]:\033[m " + read MAC_ADDRESS_2 + done + + echo "" + echo -e "\033[32m--\033[m" + echo "" + + echo " # Insert second IPv4 Address for the new LX Containers." + echo " #" + echo "" + echononl "\033[1mSecond IPv4 Address:\033[m " + read IPV4_ADDRESS_2 + + while ! $(is_valid_ipv4 $IPV4_ADDRESS_2); do + if [[ -z "$(trim $IPV4_ADDRESS_2)" ]]; then + warn "Parameter is needed. Try again.." + else + warn "'$IPV4_ADDRESS_2' is not a valid IPv4 Address. Try again.." + fi + echononl "\033[1mSecond IPv4 Address:\033[m " + read IPV4_ADDRESS_2 + done + + echo "" + echo -e "\033[32m--\033[m" + echo "" + + echo " # Insert IPv4 Address for the gateway (second)." + echo " #" + echo " # Normally, the second gateway is the same as the first one. Change if you" + echo " # know what you are doing." + echo " #" + echo " # Type to accept the default one" + echo "" + echononl "\033[1mIPv4 (second) Gateway Address [$IPV4_GATEWAY_1]:\033[m " + read IPV4_GATEWAY_2 + + while ! $(is_valid_ipv4 $IPV4_GATEWAY_2) ; do + if [[ -z "$(trim $IPV4_GATEWAY_2)" ]]; then + IPV4_GATEWAY_2="$IPV4_GATEWAY_1" + break + else + warn "'$IPV4_GATEWAY_2' is not a valid IPv4 Address. Try again.." + fi + echononl "\033[1mIPv4 (second) Gateway Address:\033[m " + read IPV4_GATEWAY_2 + done + + echo "" + echo -e "\033[32m--\033[m" + echo "" + + echo " # Insert Netmask for the first IPv4 Address." + echo " #" + echo " # Type to accept the default one" + echo "" + echononl "\033[1mNetmask (second) IPv4 Address [$IPV4_NETMASK_1]:\033[m " + read IPV4_NETMASK_2 + + while ! $(is_valid_ipv4 $IPV4_NETMASK_2) ; do + if [[ -z "$(trim $IPV4_NETMASK_2)" ]]; then + IPV4_NETMASK_2="$IPV4_NETMASK_1" + break + else + warn "'$IPV4_NETMASK_2' is not a valid netmask. Try again.." + fi + echononl "\033[1mNetmask (second) IPv4 Address:\033[m " + read IPV4_NETMASK_2 + done + IPV4_PREFIX_2="$(netmask2cidr $IPV4_NETMASK_2)" + IPV6_PREFIX_2=$DEFAULT_IPV6_PREFIX +fi + + +echo "" +echo -e "\033[32m--\033[m" +echo "" + +echo " # Insert full quallified hostname for the new LX Container." +echo " #" +echo "" +echononl "\033[1mFull qualified hostname:\033[m " +read FQ_HOSTNAME + +while [[ -z "$(trim $IPV4_NETMASK_1)" ]]; do + warn "Parameter is needed. Try again" + echononl "\033[1mFull qualified hostname::\033[m " + read FQ_HOSTNAME +done +HOSTNAME="$(echo "$FQ_HOSTNAME" | cut -f1 -d'.')" + + +echo "" +echo "" +echo -e " \033[32m---\033[m" +echo -e " \033[32m\033[1mParameter Summary\033[m" +echo -e " \033[32m---\033[m" +echo "" +echo " Root directory LX Container..........: $LXC_ROOT_DIR" +echo "" +echo " Name of the new LX Container.........: $LXC_NAME" +echo " Linux distribution...................: $LXC_DIST" +echo " Code name (or release number)........: $LXC_RELEASE" +echo "" +echo " MAC Address (first) network device...: $MAC_ADDRESS_1" +echo " IPv4 Address (first).................: $IPV4_ADDRESS_1" +echo " IPv4 Gateway Address (first).........: $IPV4_GATEWAY_1" +echo " Netmask first IPv4 Address...........: $IPV4_NETMASK_1" +echo " CIDR (IPv4 Prefix) of netmask........: $IPV4_PREFIX_1" +if $_second_ipv4 ; then + echo "" + echo " MAC Address (second) network device..: $MAC_ADDRESS_2" + echo " IPv4 Address (second)................: $IPV4_ADDRESS_2" + echo " IPv4 Gateway Address (second)........: $IPV4_GATEWAY_2" + echo " Netmask second IPv4 Address..........: $IPV4_NETMASK_2" + echo " CIDR (IPv4 Prefix) of netmask........: $IPV4_PREFIX_2" +fi +echo "" +echo " Hostname.............................: $HOSTNAME" +echo " Full qualified hostname..............: $FQ_HOSTNAME" +echo "" + +echononl "\033[1mStart creation script with this parameters [yes/no]:\033[m " +read OK +[[ "$(trim ${OK,,})" = "yes" ]] || fatal "Start script with different parameters." + + +echo "" + +# --- +# - Create the base container +# --- + +echo "" +echo "" +echo -e " \033[37m\033[1mCreate the base container..\033[m" +echo "" + +msg="Create Lx Container '$LXC_NAME' .." +length_msg=${#msg} +echo -en "\033[1G \033[1;30m[ ... ] \033[32m$msg\033[m" + +lxc-create -n $LXC_NAME -t $LXC_DIST -- --release $LXC_RELEASE --arch amd64 > /dev/null 2> $err_msg + +if [[ $? -eq 0 ]] ; then + msg_ok="Lx Container 'LXC_NAME' created." + length_msg_ok=${#msg_ok} + blank_signs="" + if [[ $length_msg -gt $length_msg_ok ]]; then + number_blank_sign=$(expr $length_msg - $length_msg_ok) + index_i=0 + while [[ $index_i -lt $number_blank_sign ]] ; do + blank_signs="$blank_signs " + (( index_i++ )) + done + fi + echo -e "\033[1G [ \033[32m\033[1mok\033[m ] ${msg_ok}${blank_signs}" +else + msg_failed="Creation of Lx Container '$LXC_NAME' failed!" + length_msg_failed=${#msg_failed} + blank_signs="" + if [[ $length_msg -gt $length_msg_failed ]]; then + number_blank_sign=$(expr $length_msg - $length_msg_failed) + index_i=0 + while [[ $index_i -lt $number_blank_sign ]] ; do + blank_signs="$blank_signs " + (( index_i++ )) + done + fi + echo -e "\033[1G [ \033[31m\033[1mfailed\033[m ] ${msg_failed}${blank_signs}" + error "$(cat $err_msg)" +fi + + +# --- +# - Configure the new LX Container +# --- + +echo "" +echo "" +echo -e " \033[37m\033[1mConfigure the new LX Container..\033[m" +echo "" + +# - Create an empty fstab '${LXC_ROOT_DIR}/${LXC_NAME}/fstab' +# - +msg="Create an empty file '${LXC_ROOT_DIR}/${LXC_NAME}/fstab' .." +length_msg=${#msg} +echo -en "\033[1G \033[1;30m[ ... ] \033[32m$msg\033[m" + +touch ${LXC_ROOT_DIR}/${LXC_NAME}/fstab > /dev/null 2>$err_msg + +if [[ $? -eq 0 ]] ; then + msg_ok="Empty file '${LXC_ROOT_DIR}/${LXC_NAME}' created." + length_msg_ok=${#msg_ok} + blank_signs="" + if [[ $length_msg -gt $length_msg_ok ]]; then + number_blank_sign=$(expr $length_msg - $length_msg_ok) + index_i=0 + while [[ $index_i -lt $number_blank_sign ]] ; do + blank_signs="$blank_signs " + (( index_i++ )) + done + fi + echo -e "\033[1G [ \033[32m\033[1mok\033[m ] ${msg_ok}${blank_signs}" +else + msg_failed="Creation of (empty) file '${LXC_ROOT_DIR}/${LXC_NAME}/fstab' failed!" + length_msg_failed=${#msg_failed} + blank_signs="" + if [[ $length_msg -gt $length_msg_failed ]]; then + number_blank_sign=$(expr $length_msg - $length_msg_failed) + index_i=0 + while [[ $index_i -lt $number_blank_sign ]] ; do + blank_signs="$blank_signs " + (( index_i++ )) + done + fi + echo -e "\033[1G [ \033[31m\033[1mfailed\033[m ] ${msg_failed}${blank_signs}" + error "$(cat $err_msg)" +fi + +# - Backup original configuration file +# - +msg="Backup original Container configuration file '${LXC_ROOT_DIR}/${LXC_NAME}/config' .." +length_msg=${#msg} +echo -en "\033[1G \033[1;30m[ ... ] \033[32m$msg\033[m" + +cp ${LXC_ROOT_DIR}/${LXC_NAME}/config ${LXC_ROOT_DIR}/${LXC_NAME}/config.ORIG + +if [[ $? -eq 0 ]] ; then + msg_ok="File '${LXC_ROOT_DIR}/${LXC_NAME}/config.ORIG' saved." + length_msg_ok=${#msg_ok} + blank_signs="" + if [[ $length_msg -gt $length_msg_ok ]]; then + number_blank_sign=$(expr $length_msg - $length_msg_ok) + index_i=0 + while [[ $index_i -lt $number_blank_sign ]] ; do + blank_signs="$blank_signs " + (( index_i++ )) + done + fi + echo -e "\033[1G [ \033[32m\033[1mok\033[m ] ${msg_ok}${blank_signs}" +else + msg_failed="Could not backup file '${LXC_ROOT_DIR}/${LXC_NAME}/config'!" + length_msg_failed=${#msg_failed} + blank_signs="" + if [[ $length_msg -gt $length_msg_failed ]]; then + number_blank_sign=$(expr $length_msg - $length_msg_failed) + index_i=0 + while [[ $index_i -lt $number_blank_sign ]] ; do + blank_signs="$blank_signs " + (( index_i++ )) + done + fi + echo -e "\033[1G [ \033[31m\033[1mfailed\033[m ] ${msg_failed}${blank_signs}" + error "$(cat $err_msg)" +fi + +# - Create the Container configuration file +# - +msg="Create Container Configuration '${LXC_ROOT_DIR}/${LXC_NAME}/config' .." +echo -en "\033[1G \033[1;30m[ ... ] \033[32m$msg\033[m" + +_failed=false +cat << EOF > ${LXC_ROOT_DIR}/${LXC_NAME}/config 2> $err_msg +lxc.rootfs = /var/lib/lxc/${LXC_NAME}/rootfs + +# Common configuration +lxc.include = /usr/share/lxc/config/${LXC_DIST}.common.conf + + +# Container specific configuration +lxc.mount = /var/lib/lxc/${LXC_NAME}/fstab +lxc.utsname = $LXC_NAME +lxc.arch = amd64 +lxc.autodev = 1 +lxc.kmsg = 0 + + +# Network configuration + +### Device 1 +lxc.network.type = veth +lxc.network.flags = up +lxc.network.link = br0 +lxc.network.name = eth0 +lxc.network.hwaddr = $MAC_ADDRESS_1 +# IPv4 +lxc.network.ipv4 = ${IPV4_ADDRESS_1}/$IPV4_PREFIX_1 +lxc.network.ipv4.gateway = ${IPV4_GATEWAY_1} +# IPv6 +#lxc.network.ipv6 = ${IPV6_ADDRESS_1}/$IPV6_PREFIX_1 +#lxc.network.ipv6.gateway = $IPV6_GATEWAY_1 + +EOF +if [[ $? -ne 0 ]]; then + _failed=true +fi + +if [[ -n "$IPV4_ADDRESS_2" ]]; then + cat << EOF >> ${LXC_ROOT_DIR}/${LXC_NAME}/config 2>> $err_msg +### Device 2 +lxc.network.type = veth +lxc.network.flags = up +lxc.network.link = br0 +lxc.network.name = eth1 +lxc.network.hwaddr = $MAC_ADDRESS_2 +## IPv4 +lxc.network.ipv4 = ${IPV4_ADDRESS_2}/$IPV4_PREFIX_2 +## IPv6 +#lxc.network.ipv6 = ${IPV6_ADDRESS_2}/$IPV6_PREFIX_2 + +EOF + if [[ $? -ne 0 ]]; then + _failed=true + fi +fi + +cat << EOF >> ${LXC_ROOT_DIR}/${LXC_NAME}/config 2>> $err_msg + +# Mount iso file inside LX Container +#lxc.aa_profile = unconfined +#lxc.cgroup.devices.allow = b 7:* rwm +#lxc.cgroup.devices.allow = c 10:237 rwm + + +# Autostart +lxc.start.auto = 1 +lxc.start.delay = 5 +lxc.start.order = 100 +EOF +if [[ $? -ne 0 ]]; then + _failed=true +fi + +if $_failed ; then + msg_failed="Creation of '${LXC_ROOT_DIR}/${LXC_NAME}/config' failed!" + length_msg_failed=${#msg_failed} + blank_signs="" + if [[ $length_msg -gt $length_msg_failed ]]; then + number_blank_sign=$(expr $length_msg - $length_msg_failed) + index_i=0 + while [[ $index_i -lt $number_blank_sign ]] ; do + blank_signs="$blank_signs " + (( index_i++ )) + done + fi + echo -e "\033[1G [ \033[31m\033[1mfailed\033[m ] ${msg_failed}${blank_signs}" + error "$(cat $err_msg)" +else + msg_ok="Container Configuration '${LXC_ROOT_DIR}/${LXC_NAME}/config' created." + length_msg_ok=${#msg_ok} + blank_signs="" + if [[ $length_msg -gt $length_msg_ok ]]; then + number_blank_sign=$(expr $length_msg - $length_msg_ok) + index_i=0 + while [[ $index_i -lt $number_blank_sign ]] ; do + blank_signs="$blank_signs " + (( index_i++ )) + done + fi + echo -e "\033[1G [ \033[32m\033[1mok\033[m ] ${msg_ok}${blank_signs}" +fi + + + +# --- +# - Adjust network configuration +# --- + +echo "" +echo "" +echo -e " \033[37m\033[1mAdjust network configuration inside the new LX Container ..\033[m" +echo "" + + +# - Backup file '/etc/network/interfaces' inside the Container +# - +msg="Backup file '${LXC_ROOT_DIR}/${LXC_NAME}/rootfs/etc/network/interfaces' .." +echo -en "\033[1G \033[1;30m[ ... ] \033[32m$msg\033[m" + +cp ${LXC_ROOT_DIR}/${LXC_NAME}/rootfs/etc/network/interfaces \ + ${LXC_ROOT_DIR}/${LXC_NAME}/rootfs/etc/network/interfaces.ORIG + +if [[ $? -eq 0 ]] ; then + msg_ok="File '${LXC_ROOT_DIR}/${LXC_NAME}/rootfs/etc/network/interfaces.ORIG' saved." + length_msg_ok=${#msg_ok} + blank_signs="" + if [[ $length_msg -gt $length_msg_ok ]]; then + number_blank_sign=$(expr $length_msg - $length_msg_ok) + index_i=0 + while [[ $index_i -lt $number_blank_sign ]] ; do + blank_signs="$blank_signs " + (( index_i++ )) + done + fi + echo -e "\033[1G [ \033[32m\033[1mok\033[m ] ${msg_ok}${blank_signs}" +else + msg_failed="Could not backup file '${LXC_ROOT_DIR}/${LXC_NAME}/rootfs/etc/network/interfaces'!" + length_msg_failed=${#msg_failed} + blank_signs="" + if [[ $length_msg -gt $length_msg_failed ]]; then + number_blank_sign=$(expr $length_msg - $length_msg_failed) + index_i=0 + while [[ $index_i -lt $number_blank_sign ]] ; do + blank_signs="$blank_signs " + (( index_i++ )) + done + fi + echo -e "\033[1G [ \033[31m\033[1mfailed\033[m ] ${msg_failed}${blank_signs}" + error "$(cat $err_msg)" +fi + + +# - Create Containers network configuration +# - +msg="Create a new file '${LXC_ROOT_DIR}/${LXC_NAME}/rootfs/etc/network/interfaces' .." +echo -en "\033[1G \033[1;30m[ ... ] \033[32m$msg\033[m" + +_failed=false +if [[ -z "$IPV4_ADDRESS_2" ]] ; then + cat << EOF > ${LXC_ROOT_DIR}/${LXC_NAME}/rootfs/etc/network/interfaces + +#----------------------------- +# lo: loopback +#----------------------------- +auto lo +iface lo inet loopback + + +#----------------------------- +# eth0 +#----------------------------- +auto eth0 +iface eth0 inet manual +iface eth0 inet6 manual + +EOF + if [[ $? -ne 0 ]]; then + _failed=true + fi + +else + cat << EOF > ${LXC_ROOT_DIR}/${LXC_NAME}/rootfs/etc/network/interfaces 2> $err_msg + +#----------------------------- +# lo: loopback +#----------------------------- +auto lo +iface lo inet loopback + + +#----------------------------- +# eth0 +#----------------------------- +auto eth0 +iface eth0 inet manual + up ip route add default via ${IPV4_GATEWAY_1} dev eth0 table 100 + up ip rule add from ${IPV4_ADDRESS_1} table 100 prio 100 + + + +#----------------------------- +# eth1 +#----------------------------- + +auto eth1 +iface eth1 inet manual + up ip route add default via ${IPV4_GATEWAY_2} dev eth1 table 200 + up ip rule add from ${IPV4_ADDRESS_2} table 200 prio 120 +EOF + if [[ $? -ne 0 ]]; then + _failed=true + fi +fi + +if $_failed ; then + msg_failed="Failed to create file '${LXC_ROOT_DIR}/${LXC_NAME}/rootfs/etc/network/interfaces'!" + length_msg_failed=${#msg_failed} + blank_signs="" + if [[ $length_msg -gt $length_msg_failed ]]; then + number_blank_sign=$(expr $length_msg - $length_msg_failed) + index_i=0 + while [[ $index_i -lt $number_blank_sign ]] ; do + blank_signs="$blank_signs " + (( index_i++ )) + done + fi + echo -e "\033[1G [ \033[31m\033[1mfailed\033[m ] ${msg_failed}${blank_signs}" + error "$(cat $err_msg)" +else + msg_ok="New file '${LXC_ROOT_DIR}/${LXC_NAME}/rootfs/etc/network/interfaces' created." + length_msg_ok=${#msg_ok} + blank_signs="" + if [[ $length_msg -gt $length_msg_ok ]]; then + number_blank_sign=$(expr $length_msg - $length_msg_ok) + index_i=0 + while [[ $index_i -lt $number_blank_sign ]] ; do + blank_signs="$blank_signs " + (( index_i++ )) + done + fi + echo -e "\033[1G [ \033[32m\033[1mok\033[m ] ${msg_ok}${blank_signs}" +fi + + + +# --- +# - Some post-installation tasks on the new LX Container +# --- + +echo "" +echo "" +echo -e " \033[37m\033[1mSome post-installation tasks inside the new LX Container '${LXC_NAME}' ..\033[m" +echo "" + +msg="Backup file '${LXC_ROOT_DIR}/${LXC_NAME}/rootfs/etc/apt/sources.list' .." +mv "${LXC_ROOT_DIR}/${LXC_NAME}/rootfs/etc/apt/sources.list" "${LXC_ROOT_DIR}/${LXC_NAME}/rootfs/etc/apt/sources.list.ORIG" > $err_msg 2>&1 + + +# - Backup 'sources.list'-file. +# - +if [[ $? -eq 0 ]] ; then + msg_ok="File '${LXC_ROOT_DIR}/${LXC_NAME}/rootfs/etc/apt/sources.list.ORIG' created." + length_msg_ok=${#msg_ok} + blank_signs="" + if [[ $length_msg -gt $length_msg_ok ]]; then + number_blank_sign=$(expr $length_msg - $length_msg_ok) + index_i=0 + while [[ $index_i -lt $number_blank_sign ]] ; do + blank_signs="$blank_signs " + (( index_i++ )) + done + fi + echo -e "\033[1G [ \033[32m\033[1mok\033[m ] ${msg_ok}${blank_signs}" +else + msg_failed="Backup of file '${LXC_ROOT_DIR}/${LXC_NAME}/rootfs/etc/apt/sources.list' failed!" + length_msg_failed=${#msg_failed} + blank_signs="" + if [[ $length_msg -gt $length_msg_failed ]]; then + number_blank_sign=$(expr $length_msg - $length_msg_failed) + index_i=0 + while [[ $index_i -lt $number_blank_sign ]] ; do + blank_signs="$blank_signs " + (( index_i++ )) + done + fi + echo -e "\033[1G [ \033[31m\033[1mfailed\033[m ] ${msg_failed}${blank_signs}" + error "$(cat $err_msg)" +fi + + +# - Create new 'sources.list'-file. +# - +msg="Create file '${LXC_ROOT_DIR}/${LXC_NAME}/rootfs/etc/apt/sources.list' .." +cat << EOF > ${LXC_ROOT_DIR}/${LXC_NAME}/rootfs/etc/apt/sources.list 2> $err_msg + +deb http://ftp.de.debian.org/debian/ $LXC_RELEASE main non-free contrib +deb-src http://ftp.de.debian.org/debian/ $LXC_RELEASE main non-free contrib + +deb http://security.debian.org/ $LXC_RELEASE/updates main contrib non-free +deb-src http://security.debian.org/ $LXC_RELEASE/updates main contrib non-free + +# $LXC_RELEASE-updates, previously known as 'volatile' +deb http://ftp.de.debian.org/debian/ $LXC_RELEASE-updates main contrib non-free +deb-src http://ftp.de.debian.org/debian/ $LXC_RELEASE-updates main contrib non-free + +# $LXC_RELEASE-backports, previously on backports.debian.org +deb http://ftp.de.debian.org/debian/ $LXC_RELEASE-backports main contrib non-free +deb-src http://ftp.de.debian.org/debian/ $LXC_RELEASE-backports main contrib non-free + +EOF + +if [[ $? -eq 0 ]] ; then + msg_ok="New file '${LXC_ROOT_DIR}/${LXC_NAME}/rootfs/etc/apt/sources.list' created." + length_msg_ok=${#msg_ok} + blank_signs="" + if [[ $length_msg -gt $length_msg_ok ]]; then + number_blank_sign=$(expr $length_msg - $length_msg_ok) + index_i=0 + while [[ $index_i -lt $number_blank_sign ]] ; do + blank_signs="$blank_signs " + (( index_i++ )) + done + fi + echo -e "\033[1G [ \033[32m\033[1mok\033[m ] ${msg_ok}${blank_signs}" +else + msg_failed="Creation of file '${LXC_ROOT_DIR}/${LXC_NAME}/rootfs/etc/apt/sources.list' failed!" + length_msg_failed=${#msg_failed} + blank_signs="" + if [[ $length_msg -gt $length_msg_failed ]]; then + number_blank_sign=$(expr $length_msg - $length_msg_failed) + index_i=0 + while [[ $index_i -lt $number_blank_sign ]] ; do + blank_signs="$blank_signs " + (( index_i++ )) + done + fi + echo -e "\033[1G [ \033[31m\033[1mfailed\033[m ] ${msg_failed}${blank_signs}" + error "$(cat $err_msg)" +fi + + +# - Backup symlink '/bin/sh'. Move to '/bin/sh.ORIG'. +# - +echo "" +msg="Move Symlink '/bin/sh' to '/bin/sh.ORIG' .." +echo -en "\033[1G \033[1;30m[ ... ] \033[32m$msg\033[m" + +mv "${LXC_ROOT_DIR}/${LXC_NAME}/rootfs/bin/sh" "${LXC_ROOT_DIR}/${LXC_NAME}/rootfs/bin/sh.ORIG" > $err_msg 2>&1 + +if [[ $? -eq 0 ]] ; then + msg_ok="Symlink '${LXC_ROOT_DIR}/${LXC_NAME}/rootfs/bin/sh.ORIG' saved." + length_msg_ok=${#msg_ok} + blank_signs="" + if [[ $length_msg -gt $length_msg_ok ]]; then + number_blank_sign=$(expr $length_msg - $length_msg_ok) + index_i=0 + while [[ $index_i -lt $number_blank_sign ]] ; do + blank_signs="$blank_signs " + (( index_i++ )) + done + fi + echo -e "\033[1G [ \033[32m\033[1mok\033[m ] ${msg_ok}${blank_signs}" +else + msg_failed="Saving Symlink '${LXC_ROOT_DIR}/${LXC_NAME}/rootfs/etc/bin/sh' failed!" + length_msg_failed=${#msg_failed} + blank_signs="" + if [[ $length_msg -gt $length_msg_failed ]]; then + number_blank_sign=$(expr $length_msg - $length_msg_failed) + index_i=0 + while [[ $index_i -lt $number_blank_sign ]] ; do + blank_signs="$blank_signs " + (( index_i++ )) + done + fi + echo -e "\033[1G [ \033[31m\033[1mfailed\033[m ] ${msg_failed}${blank_signs}" + error "$(cat $err_msg)" +fi + + +# - Create new symlink '/bin/sh' +# - +msg="Create new Symlink '/bin/sh' pointing to 'bash' .." +echo -en "\033[1G \033[1;30m[ ... ] \033[32m$msg\033[m" + +ln -s bash ${LXC_ROOT_DIR}/${LXC_NAME}/rootfs/bin/sh > $err_msg 2>&1 + +if [[ $? -eq 0 ]] ; then + msg_ok="New Symlink '${LXC_ROOT_DIR}/${LXC_NAME}/rootfs/bin/sh' created." + length_msg_ok=${#msg_ok} + blank_signs="" + if [[ $length_msg -gt $length_msg_ok ]]; then + number_blank_sign=$(expr $length_msg - $length_msg_ok) + index_i=0 + while [[ $index_i -lt $number_blank_sign ]] ; do + blank_signs="$blank_signs " + (( index_i++ )) + done + fi + echo -e "\033[1G [ \033[32m\033[1mok\033[m ] ${msg_ok}${blank_signs}" +else + msg_failed="Creation of new Symlink '${LXC_ROOT_DIR}/${LXC_NAME}/rootfs/etc/bin/sh' failed!" + length_msg_failed=${#msg_failed} + blank_signs="" + if [[ $length_msg -gt $length_msg_failed ]]; then + number_blank_sign=$(expr $length_msg - $length_msg_failed) + index_i=0 + while [[ $index_i -lt $number_blank_sign ]] ; do + blank_signs="$blank_signs " + (( index_i++ )) + done + fi + echo -e "\033[1G [ \033[31m\033[1mfailed\033[m ] ${msg_failed}${blank_signs}" + error "$(cat $err_msg)" +fi + + +# - Add entry for hostname in /etc/hosts +# - +echo "" +msg="Add entry for hostname '$FQ_HOSTNAME' to file '${LXC_ROOT_DIR}/${LXC_NAME}/rootfs/etc/hosts' .." +echo -en "\033[1G \033[1;30m[ ... ] \033[32m$msg\033[m" + +perl -i.ORIG -n -p -e "s/^(\s*127\.0\.0\.1.*)/\1\n127.0.1.1 $FQ_HOSTNAME $HOSTNAME\n/" ${LXC_ROOT_DIR}/${LXC_NAME}/rootfs/etc/hosts > $err_msg 2>&1 + +if [[ $? -eq 0 ]] ; then + msg_ok="Entry '127.0.1.1 $FQ_HOSTNAME $HOSTNAME' added to '${LXC_ROOT_DIR}/${LXC_NAME}/rootfs/etc/hosts'." + length_msg_ok=${#msg_ok} + blank_signs="" + if [[ $length_msg -gt $length_msg_ok ]]; then + number_blank_sign=$(expr $length_msg - $length_msg_ok) + index_i=0 + while [[ $index_i -lt $number_blank_sign ]] ; do + blank_signs="$blank_signs " + (( index_i++ )) + done + fi + echo -e "\033[1G [ \033[32m\033[1mok\033[m ] ${msg_ok}${blank_signs}" +else + msg_failed="Adding entry '127.0.1.1 $FQ_HOSTNAME $HOSTNAME' to '${LXC_ROOT_DIR}/${LXC_NAME}/rootfs/etc/hosts' failed!" + length_msg_failed=${#msg_failed} + blank_signs="" + if [[ $length_msg -gt $length_msg_failed ]]; then + number_blank_sign=$(expr $length_msg - $length_msg_failed) + index_i=0 + while [[ $index_i -lt $number_blank_sign ]] ; do + blank_signs="$blank_signs " + (( index_i++ )) + done + fi + echo -e "\033[1G [ \033[31m\033[1mfailed\033[m ] ${msg_failed}${blank_signs}" + error "$(cat $err_msg)" +fi + + +# - Backup Containers file '/etc/hostname' +# - +echo "" +msg="Backup file '${LXC_ROOT_DIR}/${LXC_NAME}/rootfs/etc/hostname' .." +echo -en "\033[1G \033[1;30m[ ... ] \033[32m$msg\033[m" + +mv "${LXC_ROOT_DIR}/${LXC_NAME}/rootfs/etc/hostname" "${LXC_ROOT_DIR}/${LXC_NAME}/rootfs/etc/hostname.ORIG" > $err_msg 2>&1 + +if [[ $? -eq 0 ]] ; then + msg_ok="File '${LXC_ROOT_DIR}/${LXC_NAME}/rootfs/etc/hostname.ORIG' saved." + length_msg_ok=${#msg_ok} + blank_signs="" + if [[ $length_msg -gt $length_msg_ok ]]; then + number_blank_sign=$(expr $length_msg - $length_msg_ok) + index_i=0 + while [[ $index_i -lt $number_blank_sign ]] ; do + blank_signs="$blank_signs " + (( index_i++ )) + done + fi + echo -e "\033[1G [ \033[32m\033[1mok\033[m ] ${msg_ok}${blank_signs}" +else + msg_failed="Could not backup file '${LXC_ROOT_DIR}/${LXC_NAME}/rootfs/etc/hostname'!" + length_msg_failed=${#msg_failed} + blank_signs="" + if [[ $length_msg -gt $length_msg_failed ]]; then + number_blank_sign=$(expr $length_msg - $length_msg_failed) + index_i=0 + while [[ $index_i -lt $number_blank_sign ]] ; do + blank_signs="$blank_signs " + (( index_i++ )) + done + fi + echo -e "\033[1G [ \033[31m\033[1mfailed\033[m ] ${msg_failed}${blank_signs}" + error "$(cat $err_msg)" +fi + + +# - Write new Containers file /etc/hostname +# - +msg="Create a new file '${LXC_ROOT_DIR}/${LXC_NAME}/rootfs/etc/hostname' .." +echo -en "\033[1G \033[1;30m[ ... ] \033[32m$msg\033[m" + +echo "$HOSTNAME" > "${LXC_ROOT_DIR}/${LXC_NAME}/rootfs/etc/hostname" 2>$err_msg + +if [[ $? -eq 0 ]] ; then + msg_ok="New file '${LXC_ROOT_DIR}/${LXC_NAME}/rootfs/etc/hostname' created." + length_msg_ok=${#msg_ok} + blank_signs="" + if [[ $length_msg -gt $length_msg_ok ]]; then + number_blank_sign=$(expr $length_msg - $length_msg_ok) + index_i=0 + while [[ $index_i -lt $number_blank_sign ]] ; do + blank_signs="$blank_signs " + (( index_i++ )) + done + fi + echo -e "\033[1G [ \033[32m\033[1mok\033[m ] ${msg_ok}${blank_signs}" +else + msg_failed="Failed to create file '${LXC_ROOT_DIR}/${LXC_NAME}/rootfs/etc/hostname'!" + length_msg_failed=${#msg_failed} + blank_signs="" + if [[ $length_msg -gt $length_msg_failed ]]; then + number_blank_sign=$(expr $length_msg - $length_msg_failed) + index_i=0 + while [[ $index_i -lt $number_blank_sign ]] ; do + blank_signs="$blank_signs " + (( index_i++ )) + done + fi + echo -e "\033[1G [ \033[31m\033[1mfailed\033[m ] ${msg_failed}${blank_signs}" + error "$(cat $err_msg)" +fi + + +# - Backup Containers file '/etc/ssh/sshd_config' +# - +echo "" +msg="Backup file '${LXC_ROOT_DIR}/${LXC_NAME}/rootfs/etc/ssh/sshd_config' .." +echo -en "\033[1G \033[1;30m[ ... ] \033[32m$msg\033[m" + +mv "${LXC_ROOT_DIR}/${LXC_NAME}/rootfs/etc/ssh/sshd_config" "${LXC_ROOT_DIR}/${LXC_NAME}/rootfs/etc/ssh/sshd_config.ORIG" > $err_msg 2>&1 + +if [[ $? -eq 0 ]] ; then + msg_ok="File '${LXC_ROOT_DIR}/${LXC_NAME}/rootfs/etc/ssh/sshd_config.ORIG' saved." + length_msg_ok=${#msg_ok} + blank_signs="" + if [[ $length_msg -gt $length_msg_ok ]]; then + number_blank_sign=$(expr $length_msg - $length_msg_ok) + index_i=0 + while [[ $index_i -lt $number_blank_sign ]] ; do + blank_signs="$blank_signs " + (( index_i++ )) + done + fi + echo -e "\033[1G [ \033[32m\033[1mok\033[m ] ${msg_ok}${blank_signs}" +else + msg_failed="Could not backup file '${LXC_ROOT_DIR}/${LXC_NAME}/rootfs/etc/ssh/sshd_config'!" + length_msg_failed=${#msg_failed} + blank_signs="" + if [[ $length_msg -gt $length_msg_failed ]]; then + number_blank_sign=$(expr $length_msg - $length_msg_failed) + index_i=0 + while [[ $index_i -lt $number_blank_sign ]] ; do + blank_signs="$blank_signs " + (( index_i++ )) + done + fi + echo -e "\033[1G [ \033[31m\033[1mfailed\033[m ] ${msg_failed}${blank_signs}" + error "$(cat $err_msg)" +fi + +# - Create new containers file '/etc/ssh/sshd_config' +# - + +msg="Create a new file '${LXC_ROOT_DIR}/${LXC_NAME}/rootfs/etc/ssh/sshd_config' .." +echo -en "\033[1G \033[1;30m[ ... ] \033[32m$msg\033[m" + +if [[ -f "${working_dir}/supported-files/sshd_config" ]]; then + cp -a "${working_dir}/supported-files/sshd_config" \ + "${LXC_ROOT_DIR}/${LXC_NAME}/rootfs/etc/ssh/sshd_config" 2>$err_msg + + if [[ $? -eq 0 ]] ; then + msg_ok="New file '${LXC_ROOT_DIR}/${LXC_NAME}/rootfs/etc/ssh/sshd_config' created." + length_msg_ok=${#msg_ok} + blank_signs="" + if [[ $length_msg -gt $length_msg_ok ]]; then + number_blank_sign=$(expr $length_msg - $length_msg_ok) + index_i=0 + while [[ $index_i -lt $number_blank_sign ]] ; do + blank_signs="$blank_signs " + (( index_i++ )) + done + fi + echo -e "\033[1G [ \033[32m\033[1mok\033[m ] ${msg_ok}${blank_signs}" + else + msg_failed="Failed to create file '${LXC_ROOT_DIR}/${LXC_NAME}/rootfs/etc/ssh/sshd_config'!" + length_msg_failed=${#msg_failed} + blank_signs="" + if [[ $length_msg -gt $length_msg_failed ]]; then + number_blank_sign=$(expr $length_msg - $length_msg_failed) + index_i=0 + while [[ $index_i -lt $number_blank_sign ]] ; do + blank_signs="$blank_signs " + (( index_i++ )) + done + fi + echo -e "\033[1G [ \033[31m\033[1mfailed\033[m ] ${msg_failed}${blank_signs}" + error "$(cat $err_msg)" + fi +else + echo -e "\033[1G [ \033[31m\033[1mskipped ] $msg" +fi + + +# - Backup Containers file '/root/.bashrc' +# - +echo "" +msg="Backup file '${LXC_ROOT_DIR}/${LXC_NAME}/rootfs//root/.bashrc' .." +echo -en "\033[1G \033[1;30m[ ... ] \033[32m$msg\033[m" + +mv "${LXC_ROOT_DIR}/${LXC_NAME}/rootfs/root/.bashrc" "${LXC_ROOT_DIR}/${LXC_NAME}/rootfs/root/.bashrc.ORIG" > $err_msg 2>&1 + +if [[ $? -eq 0 ]] ; then + msg_ok="File '${LXC_ROOT_DIR}/${LXC_NAME}/rootfs/root/.bashrc.ORIG' saved." + length_msg_ok=${#msg_ok} + blank_signs="" + if [[ $length_msg -gt $length_msg_ok ]]; then + number_blank_sign=$(expr $length_msg - $length_msg_ok) + index_i=0 + while [[ $index_i -lt $number_blank_sign ]] ; do + blank_signs="$blank_signs " + (( index_i++ )) + done + fi + echo -e "\033[1G [ \033[32m\033[1mok\033[m ] ${msg_ok}${blank_signs}" +else + msg_failed="Could not backup file '${LXC_ROOT_DIR}/${LXC_NAME}/rootfs/root/.bashrc'!" + length_msg_failed=${#msg_failed} + blank_signs="" + if [[ $length_msg -gt $length_msg_failed ]]; then + number_blank_sign=$(expr $length_msg - $length_msg_failed) + index_i=0 + while [[ $index_i -lt $number_blank_sign ]] ; do + blank_signs="$blank_signs " + (( index_i++ )) + done + fi + echo -e "\033[1G [ \033[31m\033[1mfailed\033[m ] ${msg_failed}${blank_signs}" + error "$(cat $err_msg)" +fi + + +# - Create new containers file '/root/.bashrc' +# - +msg="Create a new file '${LXC_ROOT_DIR}/${LXC_NAME}/rootfs/root/.bashrc' .." +echo -en "\033[1G \033[1;30m[ ... ] \033[32m$msg\033[m" + +if [[ -f "${working_dir}/supported-files/templates_root/.bashrc" ]]; then + cp -a "${working_dir}/supported-files/templates_root/.bashrc" \ + "${LXC_ROOT_DIR}/${LXC_NAME}/rootfs/root/.bashrc" 2>$err_msg + + if [[ $? -eq 0 ]] ; then + msg_ok="New file '${LXC_ROOT_DIR}/${LXC_NAME}/rootfs/root/.bashrc' created." + length_msg_ok=${#msg_ok} + blank_signs="" + if [[ $length_msg -gt $length_msg_ok ]]; then + number_blank_sign=$(expr $length_msg - $length_msg_ok) + index_i=0 + while [[ $index_i -lt $number_blank_sign ]] ; do + blank_signs="$blank_signs " + (( index_i++ )) + done + fi + echo -e "\033[1G [ \033[32m\033[1mok\033[m ] ${msg_ok}${blank_signs}" + else + msg_failed="Failed to create file '${LXC_ROOT_DIR}/${LXC_NAME}/rootfs/root/.bashrc'!" + length_msg_failed=${#msg_failed} + blank_signs="" + if [[ $length_msg -gt $length_msg_failed ]]; then + number_blank_sign=$(expr $length_msg - $length_msg_failed) + index_i=0 + while [[ $index_i -lt $number_blank_sign ]] ; do + blank_signs="$blank_signs " + (( index_i++ )) + done + fi + echo -e "\033[1G [ \033[31m\033[1mfailed\033[m ] ${msg_failed}${blank_signs}" + error "$(cat $err_msg)" + fi +else + echo -e "\033[1G [ \033[31m\033[1mskipped ] $msg" +fi + + +# - Backup Containers file '/root/.profile' +# - +msg="Backup file '${LXC_ROOT_DIR}/${LXC_NAME}/rootfs//root/.profile' .." +echo -en "\033[1G \033[1;30m[ ... ] \033[32m$msg\033[m" + +mv "${LXC_ROOT_DIR}/${LXC_NAME}/rootfs/root/.profile" "${LXC_ROOT_DIR}/${LXC_NAME}/rootfs/root/.profile.ORIG" > $err_msg 2>&1 + +if [[ $? -eq 0 ]] ; then + msg_ok="File '${LXC_ROOT_DIR}/${LXC_NAME}/rootfs/root/.profile.ORIG' saved." + length_msg_ok=${#msg_ok} + blank_signs="" + if [[ $length_msg -gt $length_msg_ok ]]; then + number_blank_sign=$(expr $length_msg - $length_msg_ok) + index_i=0 + while [[ $index_i -lt $number_blank_sign ]] ; do + blank_signs="$blank_signs " + (( index_i++ )) + done + fi + echo -e "\033[1G [ \033[32m\033[1mok\033[m ] ${msg_ok}${blank_signs}" +else + msg_failed="Could not backup file '${LXC_ROOT_DIR}/${LXC_NAME}/rootfs/root/.profile'!" + length_msg_failed=${#msg_failed} + blank_signs="" + if [[ $length_msg -gt $length_msg_failed ]]; then + number_blank_sign=$(expr $length_msg - $length_msg_failed) + index_i=0 + while [[ $index_i -lt $number_blank_sign ]] ; do + blank_signs="$blank_signs " + (( index_i++ )) + done + fi + echo -e "\033[1G [ \033[31m\033[1mfailed\033[m ] ${msg_failed}${blank_signs}" + error "$(cat $err_msg)" +fi + + +# - Create new containers file '/root/.profile' +# - +msg="Create a new file '${LXC_ROOT_DIR}/${LXC_NAME}/rootfs/root/.profile' .." +echo -en "\033[1G \033[1;30m[ ... ] \033[32m$msg\033[m" + +if [[ -f "${working_dir}/supported-files/templates_root/.profile" ]]; then + cp -a "${working_dir}/supported-files/templates_root/.profile" \ + "${LXC_ROOT_DIR}/${LXC_NAME}/rootfs/root/.profile" 2>$err_msg + + if [[ $? -eq 0 ]] ; then + msg_ok="New file '${LXC_ROOT_DIR}/${LXC_NAME}/rootfs/root/.profile' created." + length_msg_ok=${#msg_ok} + blank_signs="" + if [[ $length_msg -gt $length_msg_ok ]]; then + number_blank_sign=$(expr $length_msg - $length_msg_ok) + index_i=0 + while [[ $index_i -lt $number_blank_sign ]] ; do + blank_signs="$blank_signs " + (( index_i++ )) + done + fi + echo -e "\033[1G [ \033[32m\033[1mok\033[m ] ${msg_ok}${blank_signs}" + else + msg_failed="Failed to create file '${LXC_ROOT_DIR}/${LXC_NAME}/rootfs/root/.profile'!" + length_msg_failed=${#msg_failed} + blank_signs="" + if [[ $length_msg -gt $length_msg_failed ]]; then + number_blank_sign=$(expr $length_msg - $length_msg_failed) + index_i=0 + while [[ $index_i -lt $number_blank_sign ]] ; do + blank_signs="$blank_signs " + (( index_i++ )) + done + fi + echo -e "\033[1G [ \033[31m\033[1mfailed\033[m ] ${msg_failed}${blank_signs}" + error "$(cat $err_msg)" + fi +else + echo -e "\033[1G [ \033[31m\033[1mskipped ] $msg" +fi + + +# - Create new containers file '/root/.vimrc' +# - +msg="Create a new file '${LXC_ROOT_DIR}/${LXC_NAME}/rootfs/root/.vimrc' .." +echo -en "\033[1G \033[1;30m[ ... ] \033[32m$msg\033[m" + +if [[ -f "${working_dir}/supported-files/templates_root/.vimrc" ]]; then + cp -a "${working_dir}/supported-files/templates_root/.vimrc" \ + "${LXC_ROOT_DIR}/${LXC_NAME}/rootfs/root/.vimrc" 2>$err_msg + + if [[ $? -eq 0 ]] ; then + msg_ok="New file '${LXC_ROOT_DIR}/${LXC_NAME}/rootfs/root/.vimrc' created." + length_msg_ok=${#msg_ok} + blank_signs="" + if [[ $length_msg -gt $length_msg_ok ]]; then + number_blank_sign=$(expr $length_msg - $length_msg_ok) + index_i=0 + while [[ $index_i -lt $number_blank_sign ]] ; do + blank_signs="$blank_signs " + (( index_i++ )) + done + fi + echo -e "\033[1G [ \033[32m\033[1mok\033[m ] ${msg_ok}${blank_signs}" + else + msg_failed="Failed to create file '${LXC_ROOT_DIR}/${LXC_NAME}/rootfs/root/.vimrc'!" + length_msg_failed=${#msg_failed} + blank_signs="" + if [[ $length_msg -gt $length_msg_failed ]]; then + number_blank_sign=$(expr $length_msg - $length_msg_failed) + index_i=0 + while [[ $index_i -lt $number_blank_sign ]] ; do + blank_signs="$blank_signs " + (( index_i++ )) + done + fi + echo -e "\033[1G [ \033[31m\033[1mfailed\033[m ] ${msg_failed}${blank_signs}" + error "$(cat $err_msg)" + fi +else + echo -e "\033[1G [ \033[31m\033[1mskipped ] $msg" +fi + + +# - Create new containers directory '/root/.ssh' +# - +echo "" +msg="Create a new directory '${LXC_ROOT_DIR}/${LXC_NAME}/rootfs/root/.ssh' .." +echo -en "\033[1G \033[1;30m[ ... ] \033[32m$msg\033[m" + +if [[ -f "${working_dir}/supported-files/templates_root/.ssh/authorized_keys2" ]] || + [[ -f "${working_dir}/supported-files/templates_root/.ssh/authorized_keys" ]]; then + + mkdir "${LXC_ROOT_DIR}/${LXC_NAME}/rootfs/root/.ssh" > $err_msg 2>&1 + + if [[ $? -eq 0 ]] ; then + msg_ok="New directory '${LXC_ROOT_DIR}/${LXC_NAME}/rootfs/root/.ssh' created." + length_msg_ok=${#msg_ok} + blank_signs="" + if [[ $length_msg -gt $length_msg_ok ]]; then + number_blank_sign=$(expr $length_msg - $length_msg_ok) + index_i=0 + while [[ $index_i -lt $number_blank_sign ]] ; do + blank_signs="$blank_signs " + (( index_i++ )) + done + fi + echo -e "\033[1G [ \033[32m\033[1mok\033[m ] ${msg_ok}${blank_signs}" + + msg="Copy supported files to '${LXC_ROOT_DIR}/${LXC_NAME}/rootfs/root/.ssh/' .." + cp -a "${working_dir}/supported-files/templates_root/.ssh" \ + "${LXC_ROOT_DIR}/${LXC_NAME}/rootfs/root/" > $err_msg 2>&1 + + if [[ $? -eq 0 ]] ; then + msg_ok="Supported files copied to new directory '${LXC_ROOT_DIR}/${LXC_NAME}/rootfs/root/.ssh'." + length_msg_ok=${#msg_ok} + blank_signs="" + if [[ $length_msg -gt $length_msg_ok ]]; then + number_blank_sign=$(expr $length_msg - $length_msg_ok) + index_i=0 + while [[ $index_i -lt $number_blank_sign ]] ; do + blank_signs="$blank_signs " + (( index_i++ )) + done + fi + echo -e "\033[1G [ \033[32m\033[1mok\033[m ] ${msg_ok}${blank_signs}" + else + msg_failed="Failed to copy supported files to '${LXC_ROOT_DIR}/${LXC_NAME}/rootfs/root/.ssh'!" + length_msg_failed=${#msg_failed} + blank_signs="" + if [[ $length_msg -gt $length_msg_failed ]]; then + number_blank_sign=$(expr $length_msg - $length_msg_failed) + index_i=0 + while [[ $index_i -lt $number_blank_sign ]] ; do + blank_signs="$blank_signs " + (( index_i++ )) + done + fi + echo -e "\033[1G [ \033[31m\033[1mfailed\033[m ] ${msg_failed}${blank_signs}" + error "$(cat $err_msg)" + fi + + else + msg_failed="Failed to create directory '${LXC_ROOT_DIR}/${LXC_NAME}/rootfs/root/.ssh'!" + length_msg_failed=${#msg_failed} + blank_signs="" + if [[ $length_msg -gt $length_msg_failed ]]; then + number_blank_sign=$(expr $length_msg - $length_msg_failed) + index_i=0 + while [[ $index_i -lt $number_blank_sign ]] ; do + blank_signs="$blank_signs " + (( index_i++ )) + done + fi + echo -e "\033[1G [ \033[31m\033[1mfailed\033[m ] ${msg_failed}${blank_signs}" + error "$(cat $err_msg)" + fi +else + echo -e "\033[1G [ \033[31m\033[1mskipped ] $msg" +fi + + + +# --- +# - Start the new LX Container +# --- + +echo "" +echo "" +echo -e " \033[37m\033[1mStart the new LX Container '${LXC_NAME}' ..\033[m" +echo "" + +msg="Start Container '${LXC_NAME}' as a background process .." +echo -en "\033[1G \033[1;30m[ ... ] \033[32m$msg\033[m" + +lxc-start -d -n $LXC_NAME > /dev/null 2> $err_msg + +if [[ $? -eq 0 ]] ; then + msg_ok="LX Container '${LXC_NAME}' started successfully." + length_msg_ok=${#msg_ok} + blank_signs="" + if [[ $length_msg -gt $length_msg_ok ]]; then + number_blank_sign=$(expr $length_msg - $length_msg_ok) + index_i=0 + while [[ $index_i -lt $number_blank_sign ]] ; do + blank_signs="$blank_signs " + (( index_i++ )) + done + fi + echo -e "\033[1G [ \033[32m\033[1mok\033[m ] ${msg_ok}${blank_signs}" +else + msg_failed="Starting Container '${LXC_NAME}' failed!" + length_msg_failed=${#msg_failed} + blank_signs="" + if [[ $length_msg -gt $length_msg_failed ]]; then + number_blank_sign=$(expr $length_msg - $length_msg_failed) + index_i=0 + while [[ $index_i -lt $number_blank_sign ]] ; do + blank_signs="$blank_signs " + (( index_i++ )) + done + fi + echo -e "\033[1G [ \033[31m\033[1mfailed\033[m ] ${msg_failed}${blank_signs}" + error "$(cat $err_msg)" +fi + + + +echo "" +# - Write summary for LX Container +# - +msg="Write summary for LX Container '${LXC_NAME}' to file '${working_dir}/conf/${LXC_NAME}.conf' .." +echo -en "\033[1G \033[1;30m[ ... ] \033[32m$msg\033[m" + +_failed=false +cat << EOF > ${working_dir}/conf/${LXC_NAME}.conf 2> $err_msg +LXC_ROOT_DIR=$LXC_ROOT_DIR= + +LXC_NAME=$LXC_NAME + +LXC_DIST=$LXC_DIST +LXC_RELEASE=$LXC_REALEASE + +MAC_ADDRESS_1=$MAC_ADDRESS_1 +IPV4_ADDRESS_1=$IPV4_ADDRESS_1 +IPV4_NETMASK_1=$IPV4_NETMASK_1 +IPV4_GATEWAY_1=$IPV4_GATEWAY_1 +IPV4_PREFIX_1=$IPV4_PREFIX_1 + +EOF + +if [[ $? -ne 0 ]]; then + _failed=true +fi + +if $_second_ipv4 ; then + cat << EOF >> ${working_dir}/conf/${LXC_NAME}.conf 2>> $err_msg +MAC_ADDRESS_2=$MAC_ADDRESS_2 +IPV4_ADDRESS_2=$IPV4_ADDRESS_2 +IPV4_NETMASK_2=$IPV4_NETMASK_2 +IPV4_GATEWAY_2=$IPV4_GATEWAY_2 +IPV4_PREFIX_2=$IPV4_PREFIX_2 + +EOF + if [[ $? -ne 0 ]]; then + _failed=true + fi +fi + +cat << EOF >> ${working_dir}/conf/${LXC_NAME}.conf 2>> $err_msg +HOSTNAME=$HOSTNAME +FQ_HOSTNAME=$FQ_HOSTNAME +EOF + +if [[ $? -ne 0 ]]; then + _failed=true +fi + +if $_failed ; then + msg_failed="Failed to create summary file '${working_dir}/conf/${LXC_NAME}.conf'!" + length_msg_failed=${#msg_failed} + blank_signs="" + if [[ $length_msg -gt $length_msg_failed ]]; then + number_blank_sign=$(expr $length_msg - $length_msg_failed) + index_i=0 + while [[ $index_i -lt $number_blank_sign ]] ; do + blank_signs="$blank_signs " + (( index_i++ )) + done + fi + echo -e "\033[1G [ \033[31m\033[1mfailed\033[m ] ${msg_failed}${blank_signs}" + error "$(cat $err_msg)" +else + msg_ok="Summary file '${working_dir}/conf/${LXC_NAME}.conf' created." + length_msg_ok=${#msg_ok} + blank_signs="" + if [[ $length_msg -gt $length_msg_ok ]]; then + number_blank_sign=$(expr $length_msg - $length_msg_ok) + index_i=0 + while [[ $index_i -lt $number_blank_sign ]] ; do + blank_signs="$blank_signs " + (( index_i++ )) + done + fi + echo -e "\033[1G [ \033[32m\033[1mok\033[m ] ${msg_ok}${blank_signs}" +fi + + + + + + + +echo "" +info "Directly access to the new container with command: \033[1;32mlxc-attach -n $LXC_NAME\033[m" +echo "" +clean_up 0 diff --git a/supported-files/sshd_config b/supported-files/sshd_config new file mode 100644 index 0000000..67da343 --- /dev/null +++ b/supported-files/sshd_config @@ -0,0 +1,255 @@ +# Package generated configuration file +# See the sshd_config(5) manpage for details + +#----------------------------- +# Daemon +#----------------------------- + +# What ports, IPs and protocols we listen for +Port 22 + +# Use these options to restrict which interfaces/protocols sshd will bind to +#ListenAddress :: +#ListenAddress 0.0.0.0 +#ListenAddress 176.9.117.77 + +# Specifies the protocol versions sshd(8) supports. +# The possible values are ‘1’ , `2' and ‘1,2’. +# The default is ‘2’. +Protocol 2 + +# HostKeys for protocol version 2 +HostKey /etc/ssh/ssh_host_rsa_key +HostKey /etc/ssh/ssh_host_ecdsa_key +HostKey /etc/ssh/ssh_host_ed25519_key + +# Lifetime and size of ephemeral version 1 server key +KeyRegenerationInterval 3600 +ServerKeyBits 768 + +# Specifies the maximum number of concurrent unauthenticated connections +# to the SSH daemon. See sshd_config(5) for specifiing the three colon +# separated values. +# The default is 10. +#MaxStartups 10:30:100 +#MaxStartups 3 +MaxStartups 10:30:100 + +# Specifies the maximum number of authentication attempts permitted per +# connection. +# The default is 6. +MaxAuthTries 3 + +# Specifies the maximum number of open sessions permitted per network +# connection. +# The default is 10. +MaxSessions 10 + + +#----------------------------- +# Authentication +#----------------------------- + +# Specifies whether sshd(8) separates privileges by creating an unprivileged +# child process to deal with incoming network traffic. +# The default is "yes" (for security). +UsePrivilegeSeparation yes + +# The server disconnects after this time if the user has not +# successfully logged in. +# The default is 120 seconds. +LoginGraceTime 120 + +# Specifies whether root can log in using ssh(1). +# The default is "yes". +#PermitRootLogin yes +PermitRootLogin without-password +#PermitRootLogin no + +# Specifies whether sshd(8) should check file modes and ownership of the +# user's files and home directory before accepting login. This is normally +# desirable because novices sometimes accidentally leave their directory or +# files world-writable. Note that this does not apply to ChrootDirectory, +# whose permissions and ownership are checked unconditionally. +# The default is “yes”. +StrictModes yes + +# Specifies whether pure RSA authentication is allowed. This option +# applies to protocol version 1 only. +# The default is “yes”. +RSAAuthentication yes + +# Specifies whether public key authentication is allowed. Note that this +# option applies to protocol version 2 only. +# The default is “yes”. +PubkeyAuthentication yes + +# Specifies the file that contains the public keys that can be used for +# user authentication. The format is described in the AUTHORIZED_KEYS FILE +# FORMAT section of sshd(8). +# AuthorizedKeysFile may contain tokens of the form %T which are substituted +# during connection setup. The following tokens are defined: %% is replaced +# by a literal '%', %h is replaced by the home directory of the user being +# authenticated, and %u is replaced by the username of that user. After +# expansion, AuthorizedKeysFile is taken to be an absolute path or one relative +# to the user's home directory. Multiple files may be listed, separated by +# whitespace. +# The default is “.ssh/authorized_keys .ssh/authorized_keys2”. +#AuthorizedKeysFile %h/.ssh/authorized_keys + +# Specifies whether password authentication is allowed. +# Change to no to disable tunnelled clear text passwords +# The default is "yes". +#PasswordAuthentication yes +PasswordAuthentication no + +# When password authentication is allowed, it specifies whether the +# server allows login to accounts with empty password strings. +# The default is “no”. +PermitEmptyPasswords no + +# Specifies whether challenge-response authentication is allowed (e.g. via PAM). +# The default is “yes”. +ChallengeResponseAuthentication no + +# Don't read the user's ~/.rhosts and ~/.shosts files +IgnoreRhosts yes +# For this to work you will also need host keys in /etc/ssh_known_hosts +RhostsRSAAuthentication no +# similar for protocol version 2 +HostbasedAuthentication no + +# Specifies whether sshd(8) should ignore the user's ~/.ssh/known_hosts +# during RhostsRSAAuthentication or HostbasedAuthentication. +# The default is “no”. +# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication +#IgnoreUserKnownHosts yes + +# If specified, login is allowed only for user names that match one of +# the patterns. +# The allow/deny directives are processed in the following order: DenyUsers, +# AllowUsers, DenyGroups, and finally AllowGroups. +# By default, login is allowed for all users. +#AllowUsers chris cityslang sysadm + +# Set this to 'yes' to enable PAM authentication, account processing, +# and session processing. If this is enabled, PAM authentication will +# be allowed through the ChallengeResponseAuthentication and +# PasswordAuthentication. Depending on your PAM configuration, +# PAM authentication via ChallengeResponseAuthentication may bypass +# the setting of "PermitRootLogin without-password". +# If you just want the PAM account and session checks to run without +# PAM authentication, then enable this but set PasswordAuthentication +# and ChallengeResponseAuthentication to 'no'. +UsePAM yes + +# Specifies whether login(1) is used for interactive login sessions. +# Note that login(1) is never used for remote command execution. +# Note also, that if this is enabled, X11Forwarding will be disabled +# because login(1) does not know how to handle xauth(1) cookies. If +# UsePrivilegeSeparation is specified, it will be disabled after +# authentication. +# The default is “no”. +#UseLogin no + + +#----------------------------- +# Logging +#----------------------------- + +# Gives the facility code that is used when logging messages from sshd(8). +# The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2, +# LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. +# The default is AUTH. +SyslogFacility AUTH + +# Gives the verbosity level that is used when logging messages from +# sshd(8). +# The default is INFO. +LogLevel INFO + + +#----------------------------- +# Behavior +#----------------------------- + +# Specifies whether the distribution-specified extra version suffix is included +# during initial protocol handshake. +# The default is "yes". +DebianBanner no + +# The contents of the specified file are sent to the remote user before +# authentication is allowed. +# By default, no banner is displayed. +#Banner /etc/issue.net + +# Specifies whether sshd(8) should print /etc/motd when a user logs in +# interactively. (On some systems it is also printed by the shell, +# /etc/profile, or equivalent.) +# The default is “yes”. +PrintMotd no + +# Specifies what environment variables sent by the client will be copied +# into the session's environ(7). +# The default is not to accept any environment variables. +AcceptEnv LANG LC_* + +# Configures an external subsystem (e.g. file transfer daemon). +# By default no subsystems are defined. +Subsystem sftp /usr/lib/openssh/sftp-server + +# Specifies whether sshd(8) should look up the remote host name and check +# that the resolved host name for the remote IP address maps back to the +# very same IP address. +# The default is “yes”. +UseDNS no + +# Specifies whether X11 forwarding is permitted. The argument must be +# “yes” or “no”. See sshd_config(5) for further expalnation +# The default is “no”. +#X11Forwarding yes + +# Specifies the first display number available for sshd(8)'s X11 +# forwarding. This prevents sshd from interfering with real X11 servers. +# The default is 10. +X11DisplayOffset 10 + +# Specifies whether the system should send TCP keepalive messages to the +# other side. If they are sent, death of the connection or crash of one +# of the machines will be properly noticed. However, this means +# that connections will die if the route is down temporarily, and some +# people find it annoying. On the other hand, if TCP keepalives are not +# sent, sessions may hang indefinitely on the server, leaving “ghost” users +# and consuming server resources. +# +# The default is “yes” (to send TCP keepalive messages), and the server +# will notice if the network goes down or the client host crashes. This +# avoids infinitely hanging sessions. +TCPKeepAlive yes + +#Specifies whether sshd(8) should print the date and time of the last +# user login when a user logs in interactively. +# The default is “yes”. +PrintLastLog yes + + +#----------------------------- +# Kerberos options +#----------------------------- +#KerberosAuthentication no +#KerberosGetAFSToken no +#KerberosOrLocalPasswd yes +#KerberosTicketCleanup yes + + +#----------------------------- +# GSSAPI options +#----------------------------- + +#GSSAPIAuthentication no +#GSSAPICleanupCredentials yes + + + + + diff --git a/supported-files/templates_root/.bashrc b/supported-files/templates_root/.bashrc new file mode 100644 index 0000000..533e4fd --- /dev/null +++ b/supported-files/templates_root/.bashrc @@ -0,0 +1,71 @@ +# ~/.bashrc: executed by bash(1) for non-login shells. + +# don't put duplicate lines in the history. See bash(1) for more options +# don't overwrite GNU Midnight Commander's setting of `ignorespace'. +export HISTCONTROL=$HISTCONTROL${HISTCONTROL+,}ignoredups +# ... or force ignoredups and ignorespace +export HISTCONTROL=ignoreboth + +# append to the history file, don't overwrite it +shopt -s histappend + + +# check the window size after each command and, if necessary, +# update the values of LINES and COLUMNS. +shopt -s checkwinsize + + +# Note: PS1 and umask are already set in /etc/profile. You should not +# need this unless you want different defaults for root. +# PS1='${debian_chroot:+($debian_chroot)}\h:\w\$ ' +# umask 022 +export PS1='\h:\w \$ ' +umask 022 + + +# You may uncomment the following lines if you want `ls' to be colorized: +export LS_OPTIONS='--color=auto' +eval "`dircolors`" +alias ls='ls $LS_OPTIONS' +alias ll='ls $LS_OPTIONS -l' +alias la='ls $LS_OPTIONS -al' +alias l='ls $LS_OPTIONS -lA' +# +# Some more alias to avoid making mistakes: +#alias rm='rm -i' +#alias cp='cp -i' +#alias mv='mv -i' + +alias ..='cd ..' +alias ...='cd ../..' +alias ....='cd ../../..' + + +alias poweroff='echo -e "\n\tplease use: /sbin/poweroff\n"' +alias reboot='echo -e "\n\tplease use: /sbin/reboot\n"' + + +# Alias definitions. +# You may want to put all your additions into a separate file like +# ~/.bash_aliases, instead of adding them here directly. +# See /usr/share/doc/bash-doc/examples in the bash-doc package. + +if [ -f ~/.bash_aliases ]; then + . ~/.bash_aliases +fi + +# enable programmable completion features (you don't need to enable +# this, if it's already enabled in /etc/bash.bashrc and /etc/profile +# sources /etc/bash.bashrc). +if [ -f /etc/bash_completion ] && ! shopt -oq posix; then + . /etc/bash_completion +fi + + +export EDITOR=vim + +export LINES=64 + +## - set beep more quiet +## - +#xset b 10 500 50 diff --git a/supported-files/templates_root/.profile b/supported-files/templates_root/.profile new file mode 100644 index 0000000..1a97c71 --- /dev/null +++ b/supported-files/templates_root/.profile @@ -0,0 +1,24 @@ +# ~/.profile: executed by Bourne-compatible login shells. + +if [ "$BASH" ]; then + if [ -f ~/.bashrc ]; then + . ~/.bashrc + fi +fi + +# set PATH so it includes user's private bin if it exists +if [ -d "$HOME/bin" ] ; then + PATH="$HOME/bin:$PATH" +fi +if [ -d "$HOME/bin/admin-stuff" ] ; then + PATH="$HOME/bin/admin-stuff:$PATH" +fi + +# this is for the midnight-commander +# to become the last directory the midnight commander was in +# as the current directory when leaving the midnight commander +# +# . /usr/lib/mc/bin/mc.sh +. /usr/share/mc/bin/mc.sh + +mesg n diff --git a/supported-files/templates_root/.ssh/authorized_keys2 b/supported-files/templates_root/.ssh/authorized_keys2 new file mode 100644 index 0000000..464bdb4 --- /dev/null +++ b/supported-files/templates_root/.ssh/authorized_keys2 @@ -0,0 +1,2 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCyWbdnjnN/xfy1F6kPbsRXp8zvJEh8uHfTZuZKyaRV/iRuhsvqRiDB+AhUAlIaPwgQ8itaI6t5hijD+sZf+2oXXbNy3hkOHTrCDKCoVAWfMRKPuA1m8RqS4ZXXgayaeCzVnPEq6UrC5z0wO/XBwAktT37RRSQ/Hq2zCHy36NQEQYrhF3+ytX7ayb10pJAMVGRctYmr5YnLEVMSIREbPxZTNc80H1zqNPVJwYZhl8Ox61U4MoNhJmJwbKWPRPZsJpbTh9W2EU37tdwRBVQP6yxhua3TR6C7JnNPVY0IK23BYlNtQEDY4PHcIuewkamEWpP0+jhEjtwy1TqjRPdU/y+2uQjC6FSOVMsSPxgd8mw4cSsfp+Ard7P+YOevUXD81+jFZ3Wz0PRXbWMWAm2OCe7n8jVvkXMz+KxSYtrsvKNw1WugJq1z//bJNMTK6ISWpqaXDevGYQRJJ8dPbMmbey40WpS5CA/l29P7fj/cOl59w3LZGshrMOm7lVz9qysVV0ylfE3OpfKCGitkpY0Asw4lSkuLHoNZnDo6I5/ulRuKi6gsLk27LO5LYS8Zm1VOis/qHk1Gg1+QY47C4RzdTUxlU1CGesPIiQ1uUX2Z4bD7ebTrrOuEFcmNs3Wu5nif21Qq0ELEWhWby6ChFrbFHPn+hWlDwNM0Nr11ftwg0+sqVw== root@luna +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5IhVprsvVOcFPbZzD9xR0nCjZ/9qVG6RhLJ7QBSts81nRvLwnmvcMBHSf5Rfaigey7Ff5dLHfJnxRE0KDATn6n2yd/5mXpn2GAA8hDVfhdsmsb5U7bROjZNr8MmIUrP7c3msUGx1FtvzhwxtyvIWOFQpWx+W5biBa6hFjIxT1pkUJqe6fclp7xbGYKZiqZRBS4qKG5CpKnisuOYDsqYPND+OkU+PShoxGVzp1JywIVze7qeKv6GyYbRA9SP9Np+5Mit6B21Io4zOI81c2Rz6sPX7mwEAQEs7iCm2hzG8qJws45Lb4ERqDkVEVhGNUyHjHgGebS1sZx1mLExdurXlPm1l/EamkncDFDCutHXtLP7lsFFiym7fKUjSEgiiLmyu5Xm+mwZvesKa1FYNaeiFWfYZpCJrNzIk+ffs+mgg3kmL4Sd4Ooy7jXPX+WJe5Xyh1KLU/+Wj2TVrhN+LbmupYAti/Wgd3DA1v601svmG82aLmyJRtKC0rGMePH3kDbtqU72kYpzI8mXERe1TIQ00Z77kQBR/7BF/9y5/0YmYDcXt1wNCoSie+mzz3xYcEdLAc7T+DhYpd4M6VgWnuz/exzRzhQwoSdEKkEED8CpEoBrEWEiMdrlElGmlkVomLU7P9i9j1rshX/pAq0asnqeSoPdC3vNbU3keiJQnhIHECvw== chris@luna diff --git a/supported-files/templates_root/.vimrc b/supported-files/templates_root/.vimrc new file mode 100644 index 0000000..0bf54d9 --- /dev/null +++ b/supported-files/templates_root/.vimrc @@ -0,0 +1,173 @@ +" An example for a vimrc file. +" +" Maintainer: Bram Moolenaar +" Last change: 1999 Sep 09 +" +" To use it, copy it to +" for Unix and OS/2: ~/.vimrc +" for Amiga: s:.vimrc +" for MS-DOS and Win32: $VIM\_vimrc + +" This line should not be removed as it ensures that various options are +" properly set to work with the Vim-related packages available in Debian. +runtime! debian.vim + +set nocompatible " Use Vim defaults (much better!) +set bs=2 " allow backspacing over everything in insert mode +set ai " always set autoindenting on +" set backup " keep a backup file +"set viminfo='20,\"50 " read/write a .viminfo file, don't store more + " than 50 lines of registers +set viminfo='20,\"50,:20,%,n~/.viminfo +set history=50 " keep 50 lines of command line history +set ruler " show the cursor position all the time +set ignorecase " suchen case-insenitiv +set showmatch " zeige passende klammern +set shell=/bin/bash " shell to start with ! +set expandtab " tabs --> blanks +set showmode " anzeige INSERT/REPLACE/... + +" set smartcase " Do smart case matching + +set incsearch " Incremental search + " Start searching when you type the first character of + " the search string. As you type in more characters, the + " search is refined. + +set t_Co=256 " To enable 256 colors in vim, put this your .vimrc before setting the colorscheme + +" einrueckung +set shiftwidth=3 +set tabstop=3 +" Round indent to multiple of 'shiftwidth' for > and < commands +set shiftround + +" For Win32 GUI: remove 't' flag from 'guioptions': no tearoff menu entries +" let &guioptions = substitute(&guioptions, "t", "", "g") + +" Don't use Ex mode, use Q for formatting +map Q gq + +" Make p in isual Visual mode replace the selected text with the "" register. +vnoremap p :let current_reg = @"gvdi=current_reg + +" Switch syntax highlighting on, when the terminal has colors +" Also switch on highlighting the last used search pattern. +if &t_Co > 2 || has("gui_running") + syntax on + set hlsearch +endif + +" Only do this part when compiled with support for autocommands. +if has("autocmd") + +" In text files, always limit the width of text to 78 characters + autocmd BufRead *.txt set tw=78 + + augroup cprog + " Remove all cprog autocommands + au! + + " When starting to edit a file: + " For C and C++ files set formatting of comments and set C-indenting on. + " For other files switch it off. + " Don't change the order, it's important that the line with * comes first. + autocmd FileType * set formatoptions=tcql nocindent comments& + autocmd FileType c,cpp set formatoptions=croql cindent comments=sr:/*,mb:*,el:*/,:// + augroup END + + augroup gzip + " Remove all gzip autocommands + au! + + " Enable editing of gzipped files + " set binary mode before reading the file + autocmd BufReadPre,FileReadPre *.gz,*.bz2 set bin + autocmd BufReadPost,FileReadPost *.gz call GZIP_read("gunzip") + autocmd BufReadPost,FileReadPost *.bz2 call GZIP_read("bunzip2") + autocmd BufWritePost,FileWritePost *.gz call GZIP_write("gzip") + autocmd BufWritePost,FileWritePost *.bz2 call GZIP_write("bzip2") + autocmd FileAppendPre *.gz call GZIP_appre("gunzip") + autocmd FileAppendPre *.bz2 call GZIP_appre("bunzip2") + autocmd FileAppendPost *.gz call GZIP_write("gzip") + autocmd FileAppendPost *.bz2 call GZIP_write("bzip2") + + " After reading compressed file: Uncompress text in buffer with "cmd" + fun! GZIP_read(cmd) + let ch_save = &ch + set ch=2 + execute "'[,']!" . a:cmd + set nobin + let &ch = ch_save + execute ":doautocmd BufReadPost " . expand("%:r") + endfun + + " After writing compressed file: Compress written file with "cmd" + fun! GZIP_write(cmd) + if rename(expand(""), expand(":r")) == 0 + execute "!" . a:cmd . " :r" + endif + endfun + + " Before appending to compressed file: Uncompress file with "cmd" + fun! GZIP_appre(cmd) + execute "!" . a:cmd . " " + call rename(expand(":r"), expand("")) + endfun + + augroup END + + " This is disabled, because it changes the jumplist. Can't use CTRL-O to go + " back to positions in previous files more than once. + if 0 + " When editing a file, always jump to the last cursor position. + " This must be after the uncompress commands. + autocmd BufReadPost * if line("'\"") && line("'\"") <= line("$") | exe "normal `\"" | endif + endif + +endif " has("autocmd") + +" toggle syntax highlighting +map :if exists("syntax_on") syntax off else syntax on endif +map :nohls + +" use to toggle line numbers +nmap :set number! + + +" If using a dark background within the editing area and syntax highlighting +" turn on this option as well +set background=dark + + +" set color for search +hi clear search +hi search term=bold,reverse cterm=bold,reverse gui=bold,reverse + +" set color for Comment +hi clear Comment +"highlight Comment term=bold cterm=bold ctermfg=LightBlue guifg=#80a0ff gui=bold +"highlight Comment term=none cterm=none ctermfg=LightBlue guifg=#80a0ff gui=bold +"highlight Comment term=bold cterm=bold ctermfg=grey guifg=#80a0ff gui=bold +highlight Comment term=none cterm=none ctermfg=grey guifg=#80a0ff gui=bold +"highlight Comment term=none cterm=none ctermfg=177 guifg=#80a0ff gui=bold +"highlight Comment term=none cterm=none ctermfg=215 guifg=#80a0ff gui=bold + +" Go back to the position the cursor was on the last time this file was edited +au BufReadPost * if line("'\"") > 0 && line("'\"") <= line("$")|execute("normal `\"")|endif + +" visual shifting (does not exit Visual mode) +vnoremap < >gv + +" Scroll when cursor gets within 3 characters of top/bottom edge +set scrolloff=3 + +" Show line, column number, and relative position within a file in the status line +" set statusline=%F%m%r%h%w\ [FORMAT=%{&ff}]\ [TYPE=%Y]\ [ASCII=\%03.3b]\ [HEX=\%02.2B]\ [POS=%04l,%04v][%p%%]\ [LEN=%L] +"set statusline=\ %F\ %(\|\ flags:\ %R%M%H%W\ %)%(\|\ type:\ %Y\ %)%(\|\ format:\ %{&ff}\ %)%(\|\ syntax:\ %{synIDattr(synID(line('.'),col('.'),0),'name')}%)\ \ %=line:\ %l/%L\ \|\ column:\ %c%V\ \|\ relative\:\ %p%%\ +set statusline=\ %F\ %(\|\ flags:\ %R%M%H%W\ %)%(\|\ type:\ %Y\ %)%(\|\ format:\ %{&ff}\ %)\ \ %=line:\ %l/%L\ \|\ col:\ %c%V\ \|\ %p%% +" Always show status line, even for one window +set laststatus=2 +highlight StatusLine cterm=none ctermfg=white ctermbg=blue +