#!/usr/bin/env bash # ============= # --- Some Definitions # ============= base_dir=/root/Office_Networks chown -R root:root $base_dir logfile=$(mktemp) # --- # --- DON'T MAKE CHANGES AFTER THIS LINE # --- # ============= # --- Some functions # ============= # - Is this script running on terminal ? # - if [[ -t 1 ]] ; then terminal=true else terminal=false fi function usage() { if [ -n "$1" ];then echo -e "\nError: $1" fi cat< network-name possible values are: NONE-WF NONE-CKUBU NONE-CKUBU2 NONE-CKUBU3 123 AK AKB ANW-URB ANW-KM ANW-KB B3-Bornim BLKR CKUBU EBS ELSTER FHXB FLR-BRB GA-AL GA-Ersatz GA-NH GA-Schloss iRights JONAS Kanzlei-Kiel MBR OOLM OPP SPR-BE WF Notice: !! If you are on a readonly system, chroot into /ro !! remountrw rebind on chroot /ro `basename $0` exit rebind off remountro EOF rm -rf $logfile exit } fatal (){ echo "" echo "" if $terminal ; then echo -e "\t[ \033[31m\033[1mFatal\033[m ]: \033[37m\033[1m$*\033[m" echo "" echo -e "\t\033[31m\033[1m Script will be interrupted..\033[m\033[m" else echo "fatal: $*" echo "Firewall Script will be interrupted.." fi echo "" exit 1 } error(){ echo "" if $terminal ; then echo -e "\t[ \033[31m\033[1mFehler\033[m ]: $*" else echo "Error: $*" fi echo "" } warn (){ echo "" if $terminal ; then echo -e "\t[ \033[33m\033[1mWarning\033[m ]: $*" else echo "Warning: $*" fi echo "" } info (){ echo "" if $terminal ; then echo -e "\t[ \033[32m\033[1mInfo\033[m ]: $*" else echo "Info: $*" fi echo "" } echo_OK() { if $terminal ; then echo -en "\\033[45G[ \\033[1;32mOK\\033[0;39m ]\n" else echo " .. [ OK ]" fi } echo_FAILED() { if $terminal ; then echo -en "\\033[45G[ \\033[1;31mFAIL\\033[0;39m ]\n" else echo " .. [ FAIL ]" fi } echo_SKIPPED() { if $terminal ; then echo -en "\033[45G[ \033[37mSKIP\033[m ]\n" else echo " .. [ SKIP ]" fi } # ============= # --- # ============= [ $# -ne "1" ] && usage "wrong number of arguments" case $1 in CKUBU) network=$1 _igmproxy=true _add_support_if=true ;; NONE-CKUBU|NONE-CKUBU2|NONE-CKUBU3|NONE-WF) network=$1 _igmproxy=false _add_support_if=false ;; 123|AK|AKB|ANW-URB|ANW-KM|ANW-KB|B3-Bornim|BLKR|EBS|ELSTER|FHXB|FLR-BRB|GA-AL|GA-Ersatz|GA-NH|GA-Schloss|iRights|JONAS|Kanzlei-Kiel|MBR|OOLM|OPP|SPR-BE|WF) network=$1 _igmproxy=false _add_support_if=true ;; *) usage exit 1 esac clear echo "" echo "" echo -e "\t\033[1;32mChange basic Configuration of this machine to \033[1;37m$network \033[m" echo "" echo "" echo -e "Again: \033[1;37mrunning this script will change your system basically.\033[m" echo "" echo "" echo -n "Type upper case 'YES' to continue executing this script: " read OK if [[ "$OK" = "YES" ]] ; then echo "" echo "" echo -e "\t\033[1;32mConfigure This machine for running as Gateway/Server \033[1;37m$network \033[m" echo "" else fatal "Abort by user request - Answer as not 'YES'" fi if [ "$(stat -c %d:%i /)" = "$(stat -c %d:%i /proc/1/root/.)" ]; then if [[ -d "/ro" ]] ; then error "It seems, this is a readonly system and you are not chrooted.\n\n\t \033[1;37mChanges made by this script are not persistent!!\033[m\n\n\t Change root to directory '/ro' (\033[1;37mchroot /ro /bin/bash\033[m) and\n\t run this script again.\033[m" fi echo -n "Type upper case 'YES' for executing anyway: " read OK if [[ "$OK" != "YES" ]] ; then fatal "Abort by user request - Answer as not 'YES'" fi fi echo "" # - Nameserver Bind # - /etc/bind/* # - echo -en "\tNameserver settings.." _rval=true rm -rf /etc/bind if [ "$?" != "0" ]; then _rval=false fi mkdir -p /var/log/named if [ "$?" != "0" ]; then _rval=false fi chown bind:bind /var/log/named > /dev/null 2>&1 cp -a ${base_dir}/${network}/bind /etc/bind if [ "$?" != "0" ]; then _rval=false fi if ! $_rval ; then echo_FAILED else echo_OK fi # - OpenVPN: # - /etc/openvpn/* # - if [[ -d "/etc/openvpn" ]]; then echo -en "\tVPN settings.." /etc/init.d/openvpn stop > /dev/null rm -rf /etc/openvpn cp -a ${base_dir}/${network}/openvpn /etc/openvpn > $logfile 2>&1 if [ "$?" != "0" ]; then echo_FAILED error $(cat $logfile) else echo_OK fi fi if [ -d "/root/.openvpn" ]; then echo -en "\tCleanup private VPN settings for user root.." rm -r /root/.openvpn > $logfile 2>&1 if [ "$?" != "0" ]; then echo_FAILED error $(cat $logfile) else echo_OK fi fi if [ -d "${base_dir}/${network}/.openvpn" ];then echo -en "\tPrivate VPN settings for root user.." cp -a ${base_dir}/${network}/.openvpn /root/.openvpn > $logfile 2>&1 if [ "$?" != "0" ]; then echo_FAILED error $(cat $logfile) else echo_OK fi chown -R root:root /root/.openvpn chmod 700 /root/.openvpn else if [ -d "/root/.openvpn" ];then rm /root/.openvpn fi fi # - DynDNS # - /etc/ddclient.conf if [ -f ${base_dir}/${network}/ddclient.conf.${network} ];then echo -en "\tConfigure DynDNS.." cp -a ${base_dir}/${network}/ddclient.conf.${network} /etc/ddclient.conf > $logfile 2>&1 if [ "$?" != "0" ]; then echo_FAILED error $(cat $logfile) else echo_OK fi fi # - DHCP Server # - /etc/dhcp/dhcpd.conf echo -en "\tDHCP Server settings.." files="dhcpd.conf.${network} dhcpd6.conf.${network} hosts.lan.conf.${network} hosts.w-lan.conf.${network}" failed=false success=false for file in $files ; do file_real_name="${file%.*}" if [[ -f "${base_dir}/${network}/$file" ]]; then if [[ -d /etc/dhcp ]]; then cp -a ${base_dir}/${network}/$file /etc/dhcp/$file_real_name > $logfile 2>&1 if [[ "$?" = "0" ]]; then success=true else failed=true fi elif [[ -d /etc/dhcp3 ]] ;then cp -a ${base_dir}/${network}/$file /etc/dhcp3/$file_real_name > $logfile 2>&1 if [[ "$?" = "0" ]]; then success=true else failed=true fi fi fi done if [[ -f "${base_dir}/${network}/default_isc-dhcp-server.${_network}" ]] ; then cp -a "${base_dir}/${network}/default_isc-dhcp-server.${_network}" "/etc/default/isc-dhcp-server" fi if $failed ; then echo_FAILED error $(cat $logfile) elif $success ; then echo_OK else echo_SKIPPED fi #if [ -f "${base_dir}/${network}/isc-dhcp6-server.${network}" ]; then # echo -en "\tINIT-Script isc-dhcp6-server.." # cp -a ${base_dir}/${network}/isc-dhcp6-server.${network} /etc/init.d/isc-dhcp6-server # if [ "$?" != "0" ]; then # echo_FAILED # else # echo_OK # fi #fi # - DSL: # - /etc/ppp/peers/ (directory) # - # - /etc/ppp/ip-up.d/email_notice # - /etc/ppp/pap-secrets # - /etc/ppp/chap-secrets rval=true echo -en "\tDSL settings.." if [[ -d "/etc/ppp/peers" ]]; then if [[ -d "${base_dir}/${network}/peers" ]]; then cp -a ${base_dir}/${network}/peers/* /etc/ppp/peers/ > $logfile 2>&1 if [ "$?" != "0" ]; then _rval=false fi fi fi #if [[ -d "${base_dir}/${network}/peers" ]]; then # rm -rf /etc/ppp/peers # if [ "$?" != "0" ]; then # _rval=false # fi # mkdir -p /etc/ppp/peers # if [ "$?" != "0" ]; then # _rval=false # fi # chmod 2750 /etc/ppp/peers # if [ "$?" != "0" ]; then # _rval=false # fi # cp -a ${base_dir}/${network}/peers/* /etc/ppp/peers/ > $logfile 2>&1 # if [ "$?" != "0" ]; then # _rval=false # fi #fi if [[ -f "${base_dir}/${network}/email_notice.${network}" ]] ; then cp -a ${base_dir}/${network}/email_notice.${network} /etc/ppp/ip-up.d/email_notice >> $logfile 2>&1 if [ "$?" != "0" ]; then _rval=false fi fi if [[ -f "${base_dir}/${network}/pap-secrets.${network}" ]] ; then cp -a ${base_dir}/${network}/pap-secrets.${network} /etc/ppp/pap-secrets >> $logfile 2>&1 if [ "$?" != "0" ]; then _rval=false fi fi if [[ -f "${base_dir}/${network}/chap-secrets.${network}" ]] ; then cp -a ${base_dir}/${network}/chap-secrets.${network} /etc/ppp/chap-secrets >> $logfile 2>&1 if [ "$?" != "0" ]; then _rval=false fi fi if ! $_rval ; then echo_FAILED error $(cat $logfile) else echo_OK fi # - Postfix SMTP # - /etc/postfix/main.cf # - /etc/mailname # - /etc/postfix/generic # - /etc/postfix/generic.db echo -en "\tConfigure Postfix SMTP Server.." _rval=true /etc/init.d/postfix stop > /dev/null cp -a ${base_dir}/${network}/main.cf.${network} /etc/postfix/main.cf > $logfile 2>&1 if [ -f ${base_dir}/${network}/generic.${network} ]; then cp -a ${base_dir}/${network}/generic.${network} /etc/postfix/generic >> $logfile 2>&1 if [ "$?" != "0" ]; then _rval=false fi cp -a ${base_dir}/${network}/generic.db.${network} /etc/postfix/generic.db >> $logfile 2>&1 if [ "$?" != "0" ]; then _rval=false fi fi if [ -f ${base_dir}/${network}/sasl_passwd.${network} ]; then cp -a ${base_dir}/${network}/sasl_passwd.${network} /etc/postfix/sasl_passwd >> $logfile 2>&1 if [ "$?" != "0" ]; then _rval=false fi cp -a ${base_dir}/${network}/sasl_passwd.db.${network} /etc/postfix/sasl_passwd.db >> $logfile 2>&1 if [ "$?" != "0" ]; then _rval=false fi fi cp -a ${base_dir}/${network}/mailname.${network} /etc/mailname >> $logfile 2>&1 if [ "$?" != "0" ]; then _rval=false fi if ! $_rval ; then echo_FAILED error $(cat $logfile) else echo_OK fi # - Netzwerk: # - /etc/network/interfaces # - /etc/resolv.conf # - /etc/hostname # - /etc/hosts echo -en "\tConfigure network settings.." _rval=true cp -a ${base_dir}/${network}/interfaces.${network} /etc/network/interfaces > $logfile 2>&1 if [ "$?" != "0" ]; then _rval=false fi cp -a ${base_dir}/${network}/resolv.conf.${network} /etc/resolv.conf >> $logfile 2>&1 if [ "$?" != "0" ]; then _rval=false fi cp -a ${base_dir}/${network}/hosts.${network} /etc/hosts >> $logfile 2>&1 if [ "$?" != "0" ]; then _rval=false fi cp -a ${base_dir}/${network}/hostname.${network} /etc/hostname >> $logfile 2>&1 if [ "$?" != "0" ]; then _rval=false fi if ! $_rval ; then echo_FAILED error $(cat $logfile) else echo_OK fi # - /root/bin directory # - src_dir=${base_dir}/${network}/bin dst_dir=$(realpath /root/bin) echo -en "\t/root/bin directory" omitted=false msg="" if [[ -d "$src_dir" ]]; then if [[ ! -d "$dst_dir" ]]; then mkdir $dst_dir > $logfile 2>&1 fi # - Delete all existing files/directories of $dst_dir, but # - ommit directory, where this script is running.. # - while IFS='' read -r -d '' file ; do if [[ "$(basename $file)" = "$(basename $(realpath $(dirname $0)))" ]]; then omitted=true msg="Existing Directory '$(basename $file)' was not deleted, because this script is running there!" continue fi rm -r $file done < <(find "$dst_dir" -mindepth 1 -maxdepth 1 -print0) while IFS='' read -r -d '' file ; do if [[ "$(realpath $(dirname $0))" = "${dst_dir}/$(basename $file)" ]] ; then omitted=true if [[ -n "$msg" ]];then msg="$msg\n\t New Directory '$(basename $file)' was also not copied." continue else msg="Directory '$(basename $file)' was omitted, because this script is running there!" fi fi cp -a ${file} ${dst_dir}/ > $logfile 2>&1 done < <(find "$src_dir" -mindepth 1 -maxdepth 1 -print0) if ! $_rval ; then echo_FAILED error $(cat $logfile) else echo_OK fi if $omitted ; then info "$msg" fi else echo_SKIPPED fi # - /usr/local/src directory # - echo -en "\t/usr/local/src directory" if [[ -d "${base_dir}/${network}/src" ]]; then cp -a ${base_dir}/${network}/src/* /usr/local/src/ > $logfile 2>&1 if ! $_rval ; then echo_FAILED error $(cat $logfile) else echo_OK fi else echo_SKIPPED fi # - /usr/local/sbin directory # - echo -en "\t/usr/local/sbin directory" if [[ -d "${base_dir}/${network}/sbin" ]]; then cp -a ${base_dir}/${network}/sbin/* /usr/local/sbin/ > $logfile 2>&1 if ! $_rval ; then echo_FAILED error $(cat $logfile) else echo_OK fi else echo_SKIPPED fi # - Firewall: # - _rval=true echo -en "\tFirewall.." if [[ -d "${base_dir}/${network}/ipt-firewall" ]]; then if [[ -d "/etc/ipt-firewall" ]]; then rm -rf /etc/ipt-firewall fi mkdir -p /etc/ipt-firewall cp -a ${base_dir}/${network}/ipt-firewall /etc/ > $logfile 2>&1 if [ "$?" != "0" ]; then _rval=false fi else if [[ -d "/etc/ipt-firewall" ]]; then rm -rf /etc/ipt-firewall >> $logfile 2>&1 fi fi if [ -f ${base_dir}/${network}/ipt-firewall.${network} ]; then cp -a ${base_dir}/${network}/ipt-firewall.${network} /etc/init.d/ipt-firewall >> $logfile 2>&1 if [ "$?" != "0" ]; then _rval=false fi else rm -f /etc/init.d/ipt-firewall >> $logfile 2>&1 fi if [ -f ${base_dir}/${network}/ip6t-firewall.${network} ]; then cp -a ${base_dir}/${network}/ip6t-firewall.${network} /etc/init.d/ip6t-firewall >> $logfile 2>&1 if [ "$?" != "0" ]; then _rval=false fi else if [ -f "/etc/init.d/ip6t-firewall" ]; then rm -f /etc/init.d/ip6t-firewall >> $logfile 2>&1 fi fi if [ -f ${base_dir}/${network}/ip6t-firewall.${network} ]; then echo -en "\tFirewall IPv6.." cp -a ${base_dir}/${network}/ip6t-firewall.${network} /etc/init.d/ip6t-firewall >> $logfile 2>&1 if [ "$?" != "0" ]; then _rval=false fi else if [ -f "/etc/init.d/ip6t-firewall" ]; then rm /etc/init.d/ip6t-firewall fi fi if [[ -f "${base_dir}/${network}/ipt-firewall.service.${network}" ]]; then cp ${base_dir}/${network}/ipt-firewall.service.${network} /etc/systemd/system/ipt-firewall.service >> $logfile 2>&1 if [ "$?" != "0" ]; then _rval=false fi systemctl daemon-reload >> $logfile 2>&1 if [ "$?" != "0" ]; then _rval=false fi systemctl enable ipt-firewall.service >> $logfile 2>&1 if [ "$?" != "0" ]; then _rval=false fi else if [[ -f "/etc/systemd/system/ipt-firewall.service" ]]; then systemctl disable ipt-firewall.service >> $logfile 2>&1 rm /etc/systemd/system/ipt-firewall.service >> $logfile 2>&1 fi fi if [[ -f "${base_dir}/${network}/ip6t-firewall.service.${network}" ]]; then cp ${base_dir}/${network}/ip6t-firewall.service.${network} /etc/systemd/system/ip6t-firewall.service >> $logfile 2>&1 if [ "$?" != "0" ]; then _rval=false fi systemctl daemon-reload >> $logfile 2>&1 if [ "$?" != "0" ]; then _rval=false fi systemctl enable ip6t-firewall.service >> $logfile 2>&1 if [ "$?" != "0" ]; then _rval=false fi else if [[ -f "/etc/systemd/system/ip6t-firewall.service" ]]; then systemctl disable ip6t-firewall.service >> $logfile 2>&1 rm /etc/systemd/system/ip6t-firewall.service >> $logfile 2>&1 fi fi if ! $_rval ; then echo_FAILED error $(cat $logfile) else echo_OK fi # - Check Script Onlinestatus # - echo -en "\tCheck Script Onlinestatus.." _rval=true if [[ -d "${base_dir}/${network}/check_net" ]]; then if [[ -d "/etc/check_net" ]]; then rm -rf /etc/check_net > $logfile 2>&1 fi mkdir -p /etc/check_net cp -a ${base_dir}/${network}/check_net /etc/ >> $logfile 2>&1 if [ "$?" != "0" ]; then _rval=false fi else if [[ -d "/etc/check_net" ]]; then rm -rf /etc/check_net >> $logfile 2>&1 fi fi if [ -f ${base_dir}/${network}/check_net.service.${network} ] ; then cp -a ${base_dir}/${network}/check_net.service.${network} /etc/systemd/system/check_net.service >> $logfile 2>&1 if [ "$?" != "0" ]; then _rval=false fi systemctl daemon-reload >> $logfile 2>&1 systemctl enable check_net.service >> $logfile 2>&1 if [ "$?" != "0" ]; then _rval=false fi else if [[ -f "/etc/systemd/system/check_net.service" ]]; then systemctl disable check_net.service >> $logfile 2>&1 rm /etc/systemd/system/check_net.service >> $logfile 2>&1 systemctl daemon-reload fi fi if [[ -f "${base_dir}/${network}/check_net-logrotate.${network}" ]]; then cp -a ${base_dir}/${network}/check_net-logrotate.${network} /etc/logrotated.d/check_net >> $logfile 2>&1 if [ "$?" != "0" ]; then _rval=false fi else if [[ -f "/etc/logrotated.d/check_net" ]]; then rm /etc/logrotated.d/check_net >> $logfile 2>&1 fi fi if ! $_rval ; then echo_FAILED error $(cat $logfile) else echo_OK fi # - Other files # - if [ -f ${base_dir}/${network}/igmpproxy.conf.${network} ];then echo -en "\tConfigure igmproxy (Entertain TV).." PID=`ps aux | grep "/igmpproxy " | grep -v grep | awk '{print$2}'` kill -9 $PID > /dev/null 2>&1 cp -a ${base_dir}/${network}/igmpproxy.conf.${network} /usr/local/igmpproxy/etc/igmpproxy.conf > $logfile 2>&1 if [ "$?" != "0" ]; then echo_FAILED error $(cat $logfile) else echo_OK fi fi if [ -f ${base_dir}/${network}/aiccu.conf.${network} ]; then echo -en "\tConfigure aiccu (IPv6 Tunnel).." cp -a ${base_dir}/${network}/aiccu.conf.${network} /etc/aiccu.conf > $logfile 2>&1 if [ "$?" != "0" ]; then echo_FAILED error $(cat $logfile) else echo_OK fi fi if [ -f ${base_dir}/${network}/aiccu.${network} ]; then echo -en "\tSetting /etc/defaults/aiccu.." cp -a ${base_dir}/${network}/aiccu.${network} /etc/default/aiccu > $logfile 2>&1 if [ "$?" != "0" ]; then echo_FAILED error $(cat $logfile) else echo_OK fi fi if [ -f ${base_dir}/${network}/radvd.conf.${network} ]; then echo -en "\tConfigure radvd (Router Advertisment Daemon).." cp -a ${base_dir}/${network}/radvd.conf.${network} /etc/radvd.conf > $logfile 2>&1 if [ "$?" != "0" ]; then echo_FAILED error $(cat $logfile) else echo_OK fi fi if [ -f ${base_dir}/${network}/hostapd.conf.${network} ]; then echo -en "\tConfigure hostapd (integrated Accesspoint).." cp -a ${base_dir}/${network}/hostapd.conf.${network} /etc/hostapd/hostapd.conf > $logfile 2>&1 if [ "$?" != "0" ]; then echo_FAILED error $(cat $logfile) else echo_OK fi fi if $_add_support_if ; then if ! grep -e "eth1:rescue " /etc/network/interfaces > /dev/null ; then echo -en "\tAdd interface eth1:rescue.." cat << EOF >> /etc/network/interfaces auto eth1:rescue iface eth1:rescue inet static address 172.16.1.1 network 172.16.1.0 netmask 255.255.255.0 broadcast 172.16.1.255 EOF if [ "$?" != "0" ]; then echo_FAILED else echo_OK fi fi fi ## - Cron (root) ## - echo -en "\tSetting up cronjobs.." if [ -f "${base_dir}/${network}/cron_root.${network}" ];then cp -a ${base_dir}/${network}/cron_root.${network} /var/spool/cron/crontabs/root > $logfile 2>&1 fi if [ "$?" != "0" ]; then echo_FAILED error $(cat $logfile) else echo_OK fi echo -en "\tSetting up rc.local.." if [ -f "${base_dir}/${network}/rc.local.${network}" ];then cp -a ${base_dir}/${network}/rc.local.${network} /etc/rc.local > $logfile 2>&1 fi if [ "$?" != "0" ]; then echo_FAILED error $(cat $logfile) else echo_OK fi if [ "$(stat -c %d:%i /)" = "$(stat -c %d:%i /proc/1/root/.)" ]; then if [[ -d "/ro" ]] ; then warn "Again: this script was \033[1;37mnot\033[m running in a chrooted environment." fi else info "Programm was running in a chrooted environment.\n\n\t\033[1;37mExit from chroot environment and restart to make changes active..\033[m" fi if $_add_support_if ; then info "After restarting, you can reach this machine\n\t at ip-address: \033[1;33m172.16.1.1\033[m" fi exit 0