#!/usr/bin/env bash base_dir=/root/Office_Networks chown -R root:root $base_dir logfile=$(mktemp) function usage() { if [ -n "$1" ];then echo -e "\nError: $1" fi cat< network-name possible values are: NONE-WF NONE-CKUBU AKB ANW-URB ANW-KM B3-Bornim CKUBU FLR-BRB GA-AL GA-Ersatz GA-NH GA-Schloss JONAS Kanzlei-Kiel MBR OOLM OPP ReachOut SPR-BE WF Notice: !! To change the network, you have to chroot into /ro !! remountrw rebind on chroot /ro `basename $0` exit rebind off remountro EOF rm -rf $logfile exit } error(){ echo "" if $terminal ; then echo -e "\t[ \033[31m\033[1mFehler\033[m ]: $*" else echo "Error: $*" fi echo "" } warn (){ echo "" if $terminal ; then echo -e "\t[ \033[33m\033[1mWarning\033[m ]: $*" else echo "Warning: $*" fi echo "" } info (){ echo "" if $terminal ; then echo -e "\t[ \033[32m\033[1mInfo\033[m ]: $*" else echo "Info: $*" fi echo "" } echo_OK() { echo -en "\\033[45G[ \\033[1;32mOK\\033[0;39m ]\n" } echo_FAILED() { echo -en "\\033[45G[ \\033[1;31mFAIL\\033[0;39m ]\n" } echo_SKIPPED() { echo -en "\\033[45G[ \\033[37mSkipped\\033[0;39m ]\n" } [ $# -ne "1" ] && usage "wrong number of arguments" case $1 in CKUBU) network=$1 _igmproxy=true _add_support_if=true ;; NONE-CKUBU|NONE-WF) network=$1 _igmproxy=false _add_support_if=false ;; AKB|ANW-URB|ANW-KM|B3-Bornim|FLR-BRB|GA-AL|GA-Ersatz|GA-NH|GA-Schloss|JONAS|Kanzlei-Kiel|MBR|OOLM|OPP|ReachOut|SPR-BE|WF) network=$1 _igmproxy=false _add_support_if=true ;; *) usage exit 1 esac echo "" echo "Configure gateway for network \"$network\".." echo "" # - Nameserver Bind # - /etc/bind/* # - echo -en "\tNameserver settings.." _rval=true rm -rf /etc/bind if [ "$?" != "0" ]; then _rval=false fi mkdir -p /var/log/named if [ "$?" != "0" ]; then _rval=false fi chown bind:bind /var/log/named > /dev/null 2>&1 cp -a ${base_dir}/${network}/bind /etc/bind if [ "$?" != "0" ]; then _rval=false fi if ! $_rval ; then echo_FAILED else echo_OK fi # - OpenVPN: # - /etc/openvpn/* # - if [[ -d "/etc/openvpn" ]]; then echo -en "\tVPN settings.." /etc/init.d/openvpn stop > /dev/null rm -rf /etc/openvpn cp -a ${base_dir}/${network}/openvpn /etc/openvpn > $logfile 2>&1 if [ "$?" != "0" ]; then echo_FAILED error $(cat $logfile) else echo_OK fi fi if [ -d "/root/.openvpn" ]; then echo -en "\tCleanup private VPN settings for user root.." rm -r /root/.openvpn > $logfile 2>&1 if [ "$?" != "0" ]; then echo_FAILED error $(cat $logfile) else echo_OK fi fi if [ -d "${base_dir}/${network}/.openvpn" ];then echo -en "\tPrivate VPN settings for root user.." cp -a ${base_dir}/${network}/.openvpn /root/.openvpn > $logfile 2>&1 if [ "$?" != "0" ]; then echo_FAILED error $(cat $logfile) else echo_OK fi chown -R root:root /root/.openvpn chmod 700 /root/.openvpn else if [ -d "/root/.openvpn" ];then rm /root/.openvpn fi fi # - DynDNS # - /etc/ddclient.conf if [ -f ${base_dir}/${network}/ddclient.conf.${network} ];then echo -en "\tConfigure DynDNS.." cp -a ${base_dir}/${network}/ddclient.conf.${network} /etc/ddclient.conf > $logfile 2>&1 if [ "$?" != "0" ]; then echo_FAILED error $(cat $logfile) else echo_OK fi fi # - DHCP Server # - /etc/dhcp/dhcpd.conf echo -en "\tDHCP Server settings.." files="dhcpd.conf.${network} dhcpd6.conf.${network} hosts.lan.conf.${_network} hosts.w-lan.conf.${_network}" failed=false success=false for file in $files ; do file_real_name="${file%.*}" if [[ -f "${base_dir}/${network}/$file" ]]; then if [[ -d /etc/dhcp ]]; then cp -a ${base_dir}/${network}/$file /etc/dhcp/ > $logfile 2>&1 if [[ "$?" = "0" ]]; then success=true else failed=true fi elif [[ -d /etc/dhcp3 ]] ;then cp -a ${base_dir}/${network}/$file /etc/dhcp3/ > $logfile 2>&1 if [[ "$?" = "0" ]]; then success=true else failed=true fi fi fi done if $failed ; then echo_FAILED error $(cat $logfile) elif $success ; then echo_OK else echo_SKIPPED fi #if [ -f "${base_dir}/${network}/isc-dhcp6-server.${network}" ]; then # echo -en "\tINIT-Script isc-dhcp6-server.." # cp -a ${base_dir}/${network}/isc-dhcp6-server.${network} /etc/init.d/isc-dhcp6-server # if [ "$?" != "0" ]; then # echo_FAILED # else # echo_OK # fi #fi # - DSL: # - /etc/ppp/peers/dsl-provider # - /etc/ppp/ip-up.d/email_notice rval=true echo -en "\tDSL settings.." if [[ -d "/etc/ppp/peers" ]]; then if [[ -d "{base_dir}/${network}/peers" ]]; then cp -a ${base_dir}/${network}/peers/* /etc/ppp/peers/ > $logfile 2>&1 if [ "$?" != "0" ]; then _rval=false fi fi fi if [[ -f "{base_dir}/${network}/email_notice.${network}" ]] ; then cp -a ${base_dir}/${network}/email_notice.${network} /etc/ppp/ip-up.d/email_notice >> $logfile 2>&1 if [ "$?" != "0" ]; then _rval=false fi fi cp -a ${base_dir}/${network}/pap-secrets.${network} /etc/ppp/pap-secrets >> $logfile 2>&1 if [ "$?" != "0" ]; then _rval=false fi cp -a ${base_dir}/${network}/chap-secrets.${network} /etc/ppp/chap-secrets >> $logfile 2>&1 if [ "$?" != "0" ]; then _rval=false fi if ! $_rval ; then echo_FAILED error $(cat $logfile) else echo_OK fi # - Postfix SMTP # - /etc/postfix/main.cf # - /etc/mailname # - /etc/postfix/generic # - /etc/postfix/generic.db echo -en "\tConfigure Postfix SMTP Server.." _rval=true /etc/init.d/postfix stop > /dev/null cp -a ${base_dir}/${network}/main.cf.${network} /etc/postfix/main.cf > $logfile 2>&1 if [ -f ${base_dir}/${network}/generic.${network} ]; then cp -a ${base_dir}/${network}/generic.${network} /etc/postfix/generic >> $logfile 2>&1 if [ "$?" != "0" ]; then _rval=false fi cp -a ${base_dir}/${network}/generic.db.${network} /etc/postfix/generic.db >> $logfile 2>&1 if [ "$?" != "0" ]; then _rval=false fi fi if [ -f ${base_dir}/${network}/sasl_passwd.${network} ]; then cp -a ${base_dir}/${network}/sasl_passwd.${network} /etc/postfix/sasl_passwd >> $logfile 2>&1 if [ "$?" != "0" ]; then _rval=false fi cp -a ${base_dir}/${network}/sasl_passwd.db.${network} /etc/postfix/sasl_passwd.db >> $logfile 2>&1 if [ "$?" != "0" ]; then _rval=false fi fi cp -a ${base_dir}/${network}/mailname.${network} /etc/mailname >> $logfile 2>&1 if [ "$?" != "0" ]; then _rval=false fi if ! $_rval ; then echo_FAILED error $(cat $logfile) else echo_OK fi # - Netzwerk: # - /etc/network/interfaces # - /etc/resolv.conf # - /etc/hostname # - /etc/hosts echo -en "\tConfigure network settings.." _rval=true cp -a ${base_dir}/${network}/interfaces.${network} /etc/network/interfaces > $logfile 2>&1 if [ "$?" != "0" ]; then _rval=false fi cp -a ${base_dir}/${network}/resolv.conf.${network} /etc/resolv.conf >> $logfile 2>&1 if [ "$?" != "0" ]; then _rval=false fi cp -a ${base_dir}/${network}/hosts.${network} /etc/hosts >> $logfile 2>&1 if [ "$?" != "0" ]; then _rval=false fi cp -a ${base_dir}/${network}/hostname.${network} /etc/hostname >> $logfile 2>&1 if [ "$?" != "0" ]; then _rval=false fi if ! $_rval ; then echo_FAILED error $(cat $logfile) else echo_OK fi # - /usr/local/src directory # - echo -en "\t/root/bin directory" if [[ -d "${base_dir}/${network}/bin" ]]; then if [[ ! -d "/root/bin" ]]; then mkdir /root/bin > $logfile 2>&1 fi cp -a ${base_dir}/${network}/bin/* /root/bin/ > $logfile 2>&1 if ! $_rval ; then echo_FAILED error $(cat $logfile) else echo_OK fi else echo_SKIPPED fi # - /usr/local/src directory # - echo -en "\t/usr/local/src directory" if [[ -d "${base_dir}/${network}/src" ]]; then cp -a ${base_dir}/${network}/src/* /usr/local/src/ > $logfile 2>&1 if ! $_rval ; then echo_FAILED error $(cat $logfile) else echo_OK fi else echo_SKIPPED fi # - /usr/local/sbin directory # - echo -en "\t/usr/local/sbin directory" if [[ -d "${base_dir}/${network}/sbin" ]]; then cp -a ${base_dir}/${network}/sbin/* /usr/local/sbin/ > $logfile 2>&1 if ! $_rval ; then echo_FAILED error $(cat $logfile) else echo_OK fi else echo_SKIPPED fi # - Firewall: # - _rval=true echo -en "\tFirewall.." if [[ -d "${base_dir}/${network}/ipt-firewall" ]]; then if [[ -d "/etc/ipt-firewall" ]]; then rm -rf /etc/ipt-firewall fi mkdir -p /etc/ipt-firewall cp -a ${base_dir}/${network}/ipt-firewall /etc/ > $logfile 2>&1 if [ "$?" != "0" ]; then _rval=false fi else if [[ -d "/etc/ipt-firewall" ]]; then rm -rf /etc/ipt-firewall >> $logfile 2>&1 fi fi if [ -f ${base_dir}/${network}/ipt-firewall.${network} ]; then cp -a ${base_dir}/${network}/ipt-firewall.${network} /etc/init.d/ipt-firewall >> $logfile 2>&1 if [ "$?" != "0" ]; then _rval=false fi else rm -f /etc/init.d/ipt-firewall >> $logfile 2>&1 fi if [ -f ${base_dir}/${network}/ip6t-firewall.${network} ]; then cp -a ${base_dir}/${network}/ip6t-firewall.${network} /etc/init.d/ip6t-firewall >> $logfile 2>&1 if [ "$?" != "0" ]; then _rval=false fi else if [ -f "/etc/init.d/ip6t-firewall" ]; then rm -f /etc/init.d/ip6t-firewall >> $logfile 2>&1 fi fi if [ -f ${base_dir}/${network}/ip6t-firewall.${network} ]; then echo -en "\tFirewall IPv6.." cp -a ${base_dir}/${network}/ip6t-firewall.${network} /etc/init.d/ip6t-firewall >> $logfile 2>&1 if [ "$?" != "0" ]; then _rval=false fi else if [ -f "/etc/init.d/ip6t-firewall" ]; then rm /etc/init.d/ip6t-firewall fi fi if [[ -f "${base_dir}/${network}/ipt-firewall.service.${network}" ]]; then cp ${base_dir}/${network}/ipt-firewall.service.${network} /etc/systemd/system/ipt-firewall.service >> $logfile 2>&1 if [ "$?" != "0" ]; then _rval=false fi systemctl daemon-reload >> $logfile 2>&1 if [ "$?" != "0" ]; then _rval=false fi systemctl enable ipt-firewall.service >> $logfile 2>&1 if [ "$?" != "0" ]; then _rval=false fi else if [[ -f "/etc/systemd/system/ipt-firewall.service" ]]; then systemctl disable ipt-firewall.service >> $logfile 2>&1 rm /etc/systemd/system/ipt-firewall.service >> $logfile 2>&1 fi fi if [[ -f "${base_dir}/${network}/ip6t-firewall.service.${network}" ]]; then cp ${base_dir}/${network}/ip6t-firewall.service.${network} /etc/systemd/system/ip6t-firewall.service >> $logfile 2>&1 if [ "$?" != "0" ]; then _rval=false fi systemctl daemon-reload >> $logfile 2>&1 if [ "$?" != "0" ]; then _rval=false fi systemctl enable ip6t-firewall.service >> $logfile 2>&1 if [ "$?" != "0" ]; then _rval=false fi else if [[ -f "/etc/systemd/system/ip6t-firewall.service" ]]; then systemctl disable ip6t-firewall.service >> $logfile 2>&1 rm /etc/systemd/system/ip6t-firewall.service >> $logfile 2>&1 fi fi if ! $_rval ; then echo_FAILED error $(cat $logfile) else echo_OK fi # - Check Script Onlinestatus # - echo -en "\tCheck Script Onlinestatus.." _rval=true if [[ -d "${base_dir}/${network}/check_net" ]]; then if [[ -d "/etceck_net" ]]; then rm -rf /etc/check_net > $logfile 2>&1 fi mkdir -p /etc/check_net cp -a ${base_dir}/${network}/check_net /etc/ >> $logfile 2>&1 if [ "$?" != "0" ]; then _rval=false fi else if [[ -d "/etc/check_net" ]]; then rm -rf /etc/check_net >> $logfile 2>&1 fi fi if [ -f ${base_dir}/${network}/check_net.service.${_network} ] ; then cp -a ${base_dir}/${network}/check_net.service.${_network} /etc/systemd/system/check_net.service >> $logfile 2>&1 if [ "$?" != "0" ]; then _rval=false fi systemctl daemon-reload >> $logfile 2>&1 systemctl enable check_net.service >> $logfile 2>&1 if [ "$?" != "0" ]; then _rval=false fi else if [[ -f "/etc/systemd/system/check_net.service" ]]; then systemctl disable check_net.service >> $logfile 2>&1 rm /etc/systemd/system/check_net.service >> $logfile 2>&1 systemctl daemon-reload fi fi if [[ -f "${base_dir}/${network}/check_net-logrotate.${_network}" ]]; then cp -a ${base_dir}/${network}/check_net-logrotate.${_network} /etc/logrotated.d/check_net >> $logfile 2>&1 if [ "$?" != "0" ]; then _rval=false fi else if [[ -f "/etc/logrotated.d/check_net" ]]; then rm /etc/logrotated.d/check_net >> $logfile 2>&1 fi fi if ! $_rval ; then echo_FAILED error $(cat $logfile) else echo_OK fi # - Other files # - if [ -f ${base_dir}/${network}/igmpproxy.conf.${network} ];then echo -en "\tConfigure igmproxy (Entertain TV).." PID=`ps aux | grep "/igmpproxy " | grep -v grep | awk '{print$2}'` kill -9 $PID > /dev/null 2>&1 cp -a ${base_dir}/${network}/igmpproxy.conf.${network} /usr/local/igmpproxy/etc/igmpproxy.conf > $logfile 2>&1 if [ "$?" != "0" ]; then echo_FAILED error $(cat $logfile) else echo_OK fi fi if [ -f ${base_dir}/${network}/aiccu.conf.${network} ]; then echo -en "\tConfigure aiccu (IPv6 Tunnel).." cp -a ${base_dir}/${network}/aiccu.conf.${network} /etc/aiccu.conf > $logfile 2>&1 if [ "$?" != "0" ]; then echo_FAILED error $(cat $logfile) else echo_OK fi fi if [ -f ${base_dir}/${network}/aiccu.${network} ]; then echo -en "\tSetting /etc/defaults/aiccu.." cp -a ${base_dir}/${network}/aiccu.${network} /etc/default/aiccu > $logfile 2>&1 if [ "$?" != "0" ]; then echo_FAILED error $(cat $logfile) else echo_OK fi fi if [ -f ${base_dir}/${network}/radvd.conf.${network} ]; then echo -en "\tConfigure radvd (Router Advertisment Daemon).." cp -a ${base_dir}/${network}/radvd.conf.${network} /etc/radvd.conf > $logfile 2>&1 if [ "$?" != "0" ]; then echo_FAILED error $(cat $logfile) else echo_OK fi fi if $_add_support_if ; then if ! grep -e "eth1:rescue " /etc/network/interfaces > /dev/null ; then echo -en "\tAdd interface eth1:rescue.." cat << EOF >> /etc/network/interfaces auto eth1:rescue iface eth1:rescue inet static address 172.16.1.1 network 172.16.1.0 netmask 255.255.255.0 broadcast 172.16.1.255 EOF if [ "$?" != "0" ]; then echo_FAILED else echo_OK fi fi fi ## - Cron (root) ## - echo -en "\tSetting up cronjobs.." if [ "$network" = "NONE-CKUBU" -o "$network" = "NONE-WF" -o "$network" = "GA-Ersatz" ];then cp -a ${base_dir}/crontab_root.NONE /var/spool/cron/crontabs/root > $logfile 2>&1 else if [ -f ${base_dir}/${network}/cron_root.${network} ];then cp -a ${base_dir}/${network}/cron_root.${network} /var/spool/cron/crontabs/root > $logfile 2>&1 fi fi if [ "$?" != "0" ]; then echo_FAILED error $(cat $logfile) else echo_OK fi echo -en "\tSetting up rc.local.." if [ "$network" = "NONE-CKUBU" -o "$network" = "NONE-WF" -o "$network" = "GA-Ersatz" ];then cp -a ${base_dir}/rc.local.NONE /etc/rc.local > $logfile 2>&1 else #cp -a ${base_dir}/rc.local /etc/rc.local cp -a ${base_dir}/${network}/rc.local.${network} /etc/rc.local > $logfile 2>&1 fi if [ "$?" != "0" ]; then echo_FAILED error $(cat $logfile) else echo_OK fi if $_add_support_if ; then echo -e " After restarting, you can reach that device" echo -e " at ip-address: \\033[1;33m172.16.1.1\\033[0;39m" fi if [ "$(stat -c %d:%i /)" = "$(stat -c %d:%i /proc/1/root/.)" ]; then warn "This is NOT a chrooted environment. Maybe thats ok. \n\n\t\033[1;37mIf this is a readonly system, take care, you are chrooted into /ro.\n\tOtherwise changes are not persistent.\033[m" #echo "" #echo "" #echo -e " \\033[1;31m Take care, you are chrooted into /ro. Otherwise" #echo -e " changes are not persistent \\033[0;39m !!" #echo "" #echo "" else info "Programm was running in a chrooted environment.\n\n\t\033[1;37mExit from chroot environment and restart to make changes active..\033[m" #echo "" #echo "" #echo -e " \\033[1;33mExit from chroot environment and restart to make changes active..\\033[0;39m" #echo "" fi exit 0