summaryrefslogtreecommitdiffstats
path: root/server_wizard/scripts
diff options
context:
space:
mode:
Diffstat (limited to 'server_wizard/scripts')
-rw-r--r--server_wizard/scripts/Serverconf.pm160
-rwxr-xr-xserver_wizard/scripts/check_config.sh50
-rwxr-xr-xserver_wizard/scripts/check_domain.sh59
-rwxr-xr-xserver_wizard/scripts/check_network.sh55
-rwxr-xr-xserver_wizard/scripts/check_server_ip.sh65
-rwxr-xr-xserver_wizard/scripts/compute_domain.sh38
-rwxr-xr-xserver_wizard/scripts/compute_ipnet.sh44
-rwxr-xr-xserver_wizard/scripts/compute_server_ip.sh39
-rwxr-xr-xserver_wizard/scripts/do_it_last.sh49
-rwxr-xr-xserver_wizard/scripts/do_it_net.sh207
-rwxr-xr-xserver_wizard/scripts/liste_device.sh48
-rwxr-xr-xserver_wizard/scripts/set_ip.sh40
-rw-r--r--server_wizard/scripts/test.pl3
-rwxr-xr-xserver_wizard/scripts/test.sh6
14 files changed, 863 insertions, 0 deletions
diff --git a/server_wizard/scripts/Serverconf.pm b/server_wizard/scripts/Serverconf.pm
new file mode 100644
index 00000000..0ef2267d
--- /dev/null
+++ b/server_wizard/scripts/Serverconf.pm
@@ -0,0 +1,160 @@
+#!/usr/bin/perl
+
+package Serverconf;
+use lib qw(/usr/lib/perl5/vendor_perl/5.8.1/MDK/Wizard/ /usr/share/wizards/common/scripts/);
+require Vareqval;
+require IFCFG;
+use MDK::Common;
+use strict;
+
+my $o = IFCFG->new;
+
+sub get_hostname {
+ my $host = $o->network_get("HOSTNAME");
+ return $host if $host;
+ "host.domain"
+}
+
+sub check_domain {
+ $ENV{wiz_host_name} =~ /\S+\.\S+/ and return 10;
+ 1
+}
+
+sub check_network {
+ print "$ENV{wiz_ip_net}\n";
+ foreach (split '\.', $ENV{wiz_ip_net}) {
+ $_ >= 0 && $_ < 256 or return 1
+ }
+ return 10
+}
+
+sub get_net {
+ $o->itf_get('NET_ADDR') or "192.168.1.0";
+}
+
+sub compute_server_ip {
+ $o->itf_get('ADDR') or "192.168.1.1"
+}
+
+sub set_ip {
+
+}
+
+sub check_server_ip {
+ my @net = split '\.', $ENV{wiz_ip_net};
+ my @ip = split '\.', $ENV{wiz_ip_server};
+ mapn { $_[0] == $_[1] || $_[0] == 0 or return 0 } \@net, \@ip;
+ return 10
+}
+
+sub do_it_last {
+ my $file = "/etc/sysconfig/mdk_serv";
+ MDK::Common::cp_af($file, $file.".orig");
+ my $date = `date`;
+ open(NEW, "> $file");
+ print NEW "#mdk server basic info $date
+mdk_serv_version=1.0
+wiz_device=$ENV{wiz_device}
+wiz_host_name=$ENV{wiz_host_name}
+wiz_domain_name=$ENV{wiz_domain_name}";
+}
+
+sub get_gateway_dev {
+ $o->network_get('GATEWAYDEV') or "eth0"
+}
+
+sub get_device {
+ "eth0"
+}
+
+sub get_gateway {
+ $o->network_get('GATEWAY')
+}
+
+sub do_it {
+ my $old_ip;
+ my $date = `date`;
+ my $file = "/etc/sysconfig/network";
+ MDK::Common::cp_af($file, $file . ".orig");
+ my %mdk = Vareqval->get($file);
+ my $wiz_ip_netmask = "255.255.255.0";
+ $mdk{FORWARD_IPV4} = "yes";
+ $mdk{HOSTNAME} = $ENV{wiz_host_name} if defined $ENV{wiz_host_name} or
+ die "wiz_host_name not in env";
+ my $hostname = $mdk{HOSTNAME};
+ $mdk{DOMAINNAME} = $ENV{wiz_domain_name} if defined $ENV{wiz_host_name} or
+ die "wiz_domain_name not in env";
+ $mdk{NETWORKING} = "yes";
+ $mdk{GATEWAYDEV} = $ENV{wiz_extn_device} if defined $ENV{wiz_extn_device} or
+ die "wiz_extn_device not in env";
+ $mdk{GATEWAY} = $ENV{wiz_extn_gateway} if defined $ENV{wiz_extn_gateway} or
+ die "wiz_extn_gateway not in env";
+ Vareqval->commit($file, \%mdk);
+ $file = "/etc/sysconfig/network-scripts/ifcfg-$ENV{wiz_device}" if defined $ENV{wiz_device} or
+ die "wiz_device not in env";
+ if (-f $file) {
+ MDK::Common::cp_af($file, "mdk_$file.orig");
+ %mdk = Vareqval->get($file);
+ $old_ip = $mdk{IPADDR} || $o->network_get('IPADDR')
+ }
+ else {
+ system("touch $file");
+ %mdk = Vareqval->get($file);
+ }
+# starting chg_val sequence
+ $mdk{DEVICE} = $ENV{wiz_device};
+ $mdk{BOOTPROTO} = "none";
+ $mdk{IPADDR} = $ENV{wiz_ip_server} if defined $ENV{wiz_ip_server} or
+ die "IPADDR not found in $file";
+ my $new_ip = $mdk{IPADDR};
+ $mdk{NETMASK} = $wiz_ip_netmask;
+ $mdk{NETWORK} = $ENV{wiz_ip_net} if defined $ENV{wiz_ip_net} or
+ die "NETWORK not found in $file";
+ $mdk{ONBOOT} = "yes";
+ $mdk{IPXNETNUM_802_2} = "";
+ $mdk{IPXPRIMARY_802_2} = "no";
+ $mdk{IPXACTIVE_802_2} = "no";
+ $mdk{IPXNETNUM_802_3} = "";
+ $mdk{IPXPRIMARY_802_3} = "no";
+ $mdk{IPXACTIVE_802_3} = "no";
+ $mdk{IPXNETNUM_ETHERII} = "";
+ $mdk{IPXPRIMARY_ETHERII} = "no";
+ $mdk{IPXACTIVE_ETHERII} = "no";
+ $mdk{IPXNETNUM_SNAP} = "";
+ $mdk{IPXPRIMARY_SNAP} = "no";
+ $mdk{IPXACTIVE_SNAP} = "no";
+# chg_val sequence ended
+ Vareqval->commit($file, \%mdk);
+
+ $file = "/etc/hosts";
+ MDK::Common::cp_af($file, $file . ".orig");
+ if (defined $old_ip && $old_ip ne $new_ip) {
+ my $tmp = `mktemp /tmp/Serverconf.XXXXXX`;
+ chomp($tmp);
+ open(OLD, "< $file") or die "can not open $file";
+ open(NEW, "> $tmp") or die "can not open $tmp";
+ while (<OLD>) {
+ if (/^\s*(?!#)*\s*$old_ip/) {
+ print NEW "# removed by mdk_serv script on $date
+#$_
+$new_ip\t$hostname\n";
+ next;
+ }
+ print NEW $_;
+ }
+ close OLD;
+ close NEW;
+ system("mv $tmp $file");
+ }
+ else {
+ open(NEW, ">> $file");
+ print NEW "$new_ip\t$hostname\n";
+ close NEW;
+ }
+ do_it_last();
+ system("/etc/rc.d/init.d/network stop");
+ system("/etc/rc.d/init.d/network start");
+ 10;
+}
+
+1;
diff --git a/server_wizard/scripts/check_config.sh b/server_wizard/scripts/check_config.sh
new file mode 100755
index 00000000..512fd7da
--- /dev/null
+++ b/server_wizard/scripts/check_config.sh
@@ -0,0 +1,50 @@
+#!/bin/bash
+#
+# Wizard
+#
+# Copyright (C) 2000 Mandrakesoft.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+# See file LICENSE for further informations on licensing terms.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+#
+# Authors: Jerome Dumonteil, Maurizio De Cecco, Enzo Maggi
+# icons: Helene Durosini <ln@mandrakesoft.com>
+# <corporate@mandrakesoft.com> http://www.mandrakesoft.com
+
+# script for wizard basic network configuration
+#
+# checking if the provided domain value is correct :
+# strip the @, need at least a dot
+
+echo_debug "$(/bin/date) begin $0"
+
+fic=/etc/sysconfig/mdk_serv
+if [ ! -f "$fic" ] ;then
+ . /etc/sysconfig/network
+ echo_debug "${HOSTNAME}"
+ echo_debug "${DOMAINNAME}"
+ echo -e "\
+# mdk server basic info $(date)\n\
+mdk_serv_version=1.0\n\
+wiz_device=eth0\n\
+wiz_host_name=${HOSTNAME}\n\
+wiz_domain_name=${DOMAINNAME}\n\
+" > ${fic}
+
+fi
+ echo_debug "${wiz_device}"
+ echo_debug "${wiz_host_name}"
+ echo_debug "${wiz_domain_name}"
+exit 1
diff --git a/server_wizard/scripts/check_domain.sh b/server_wizard/scripts/check_domain.sh
new file mode 100755
index 00000000..4575b069
--- /dev/null
+++ b/server_wizard/scripts/check_domain.sh
@@ -0,0 +1,59 @@
+#!/bin/bash
+#
+# Wizard
+#
+# Copyright (C) 2000 Mandrakesoft.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+# See file LICENSE for further informations on licensing terms.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+#
+# Authors: Jerome Dumonteil, Maurizio De Cecco, Enzo Maggi
+# icons: Helene Durosini <ln@mandrakesoft.com>
+# <corporate@mandrakesoft.com> http://www.mandrakesoft.com
+
+# script for wizard basic network configuration
+#
+# checking if the provided domain value is correct :
+# strip the @, need at least a dot
+
+echo_debug "$(date) begin $0"
+
+if [ -z "${wiz_host_name}" ] ;then
+ echo_debug "wiz_host_name is empty, should not."
+ exit 1
+fi
+
+
+test=`echo ${wiz_host_name##*@} |sed -e 's/[^0-9a-zA-Z-\.]//g'|sed -n -e's/^[^.]*\.\(.*\)$/\1/p'|grep "\."`
+
+htest=`echo ${wiz_host_name##*@} |sed -e 's/[^0-9a-zA-Z-\.]//g'|sed -n -e's/^\([^.]*\)\..*$/\1/p'`
+
+echo_debug "test of host : ${htest}"
+
+if [ -z "${htest}" ] ;then
+ echo_debug "host empty, should not."
+ exit 1
+fi
+
+echo_debug "test of domain : ${test}"
+
+if [ -z "${test}" ] ;then
+ echo_debug "domain empty, should not."
+ exit 1
+fi
+
+# all seems to be ok
+exit 10
+
diff --git a/server_wizard/scripts/check_network.sh b/server_wizard/scripts/check_network.sh
new file mode 100755
index 00000000..6533dbb6
--- /dev/null
+++ b/server_wizard/scripts/check_network.sh
@@ -0,0 +1,55 @@
+#!/bin/bash
+#
+# Wizard
+#
+# Copyright (C) 2000 Mandrakesoft.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+# See file LICENSE for further informations on licensing terms.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+#
+# Authors: Jerome Dumonteil, Maurizio De Cecco, Enzo Maggi
+# icons: Helene Durosini <ln@mandrakesoft.com>
+# <corporate@mandrakesoft.com> http://www.mandrakesoft.com
+
+# script for wizard basic network configuration
+#
+# assuming :
+# - C class network, mask 255.255.255.0
+#
+# checking if the provided network address is correct
+
+echo_debug "$(date) begin $0"
+# ip is tested as ip=a.b.c.d
+
+a=`echo ${wiz_ip_net}|sed -n -e 's/^\([0-9]\{1,3\}\)\..*$/\1/p'`
+b=`echo ${wiz_ip_net}|sed -n -e 's/^[0-9]\{1,3\}\.\([0-9]\{1,3\}\)\..*$/\1/p'`
+c=`echo ${wiz_ip_net}|sed -n -e 's/^[0-9]\{1,3\}\.[0-9]\{1,3\}\.\([0-9]\{1,3\}\)\..*$/\1/p'`
+d=`echo ${wiz_ip_net}|sed -n -e 's/^.*\.\([0-9]\{1,3\}\)$/\1/p'`
+
+echo_debug "ip -$a-$b-$c-$d-"
+
+if [ -z "$a" -o -z "$b" -o -z "$c" -o -z "$d" ]; then
+ echo_debug "incomplete ip"
+ exit 1
+fi
+
+if [ $a -gt 255 -o $b -gt 255 -o $c -gt 255 -o $d -ne 0 ]; then
+ echo_debug "not a network ip"
+ exit 1
+fi
+
+
+# all seems to be ok
+exit 10
diff --git a/server_wizard/scripts/check_server_ip.sh b/server_wizard/scripts/check_server_ip.sh
new file mode 100755
index 00000000..1b98fee0
--- /dev/null
+++ b/server_wizard/scripts/check_server_ip.sh
@@ -0,0 +1,65 @@
+#!/bin/bash
+#
+# Wizard
+#
+# Copyright (C) 2000 Mandrakesoft.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+# See file LICENSE for further informations on licensing terms.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+#
+# Authors: Jerome Dumonteil, Maurizio De Cecco, Enzo Maggi
+# icons: Helene Durosini <ln@mandrakesoft.com>
+# <corporate@mandrakesoft.com> http://www.mandrakesoft.com
+
+# script for wizard basic network configuration
+#
+# assuming :
+# - C class network, mask 255.255.255.0
+#
+# checking if the provided server address is correct (belongs to network...)
+
+echo_debug "$(date) begin $0"
+#truncating addresses
+n_trunc=${wiz_ip_net%.*}
+s_trunc=${wiz_ip_server%.*}
+d=${wiz_ip_server##*.}
+
+
+echo_debug "_${wiz_ip_net}_ _${wiz_ip_server}_ ${s_trunc} $d"
+
+if [ -z "${s_trunc}" ]; then
+ echo_debug "incorrect address"
+ exit 1
+fi
+
+if [ "${s_trunc}" != "${n_trunc}" ]; then
+ echo_debug "server not in network"
+ exit 1
+fi
+
+if [ -z "$d" ]; then
+ echo_debug "not a server ip"
+ exit 1
+fi
+
+if [ $d -gt 254 -o $d -lt 1 ]; then
+ echo_debug "not a server ip"
+ exit 1
+fi
+
+
+# all seems to be ok
+exit 10
+
diff --git a/server_wizard/scripts/compute_domain.sh b/server_wizard/scripts/compute_domain.sh
new file mode 100755
index 00000000..18bf2b76
--- /dev/null
+++ b/server_wizard/scripts/compute_domain.sh
@@ -0,0 +1,38 @@
+#!/bin/bash
+#
+# Wizard
+#
+# Copyright (C) 2000 Mandrakesoft.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+# See file LICENSE for further informations on licensing terms.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+#
+# Authors: Jerome Dumonteil, Maurizio De Cecco, Enzo Maggi
+# icons: Helene Durosini <ln@mandrakesoft.com>
+# <corporate@mandrakesoft.com> http://www.mandrakesoft.com
+
+# script for wizard basic network configuration
+#
+# return on stdout the domain name (computed from hostname)
+
+echo_debug "$(date) begin $0"
+test=`echo ${wiz_host_name##*@}|sed -e 's/[^0-9a-zA-Z-\.]//g'|sed -n -e's/^[^.]*\.\(.*\)$/\1/p'`
+
+echo_debug "computed domain: ${test}"
+
+echo ${test}
+
+exit 0
+
diff --git a/server_wizard/scripts/compute_ipnet.sh b/server_wizard/scripts/compute_ipnet.sh
new file mode 100755
index 00000000..98387e58
--- /dev/null
+++ b/server_wizard/scripts/compute_ipnet.sh
@@ -0,0 +1,44 @@
+#!/bin/bash
+#
+# Wizard
+#
+# Copyright (C) 2000 Mandrakesoft.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+# See file LICENSE for further informations on licensing terms.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+#
+# Authors: Jerome Dumonteil, Maurizio De Cecco, Enzo Maggi
+# icons: Helene Durosini <ln@mandrakesoft.com>
+# <corporate@mandrakesoft.com> http://www.mandrakesoft.com
+
+# script for wizard basic network configuration
+#
+# return on stdout the default value for server ip address
+
+echo_debug "$(date) begin $0"
+echo_debug "$wiz_device"
+
+nfile="/etc/sysconfig/network-scripts/ifcfg-${wiz_device}"
+t=`get_val ${nfile} NETWORK`
+if [ -z "$t" ]; then
+ echo ${wiz_ip_net}
+else
+ echo "$t"
+fi
+
+echo_debug "net adr : ${t}"
+
+exit 0
+
diff --git a/server_wizard/scripts/compute_server_ip.sh b/server_wizard/scripts/compute_server_ip.sh
new file mode 100755
index 00000000..c16c9a80
--- /dev/null
+++ b/server_wizard/scripts/compute_server_ip.sh
@@ -0,0 +1,39 @@
+#!/bin/bash
+#
+# Wizard
+#
+# Copyright (C) 2000 Mandrakesoft.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+# See file LICENSE for further informations on licensing terms.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+#
+# Authors: Jerome Dumonteil, Maurizio De Cecco, Enzo Maggi
+# icons: Helene Durosini <ln@mandrakesoft.com>
+# <corporate@mandrakesoft.com> http://www.mandrakesoft.com
+
+# script for wizard basic network configuration
+#
+# return on stdout the default value for server ip address
+
+echo_debug "$(date) begin $0"
+
+adr="${wiz_ip_net%.*}.1"
+
+echo_debug "serv adr : ${adr}"
+
+echo ${adr}
+
+exit 0
+
diff --git a/server_wizard/scripts/do_it_last.sh b/server_wizard/scripts/do_it_last.sh
new file mode 100755
index 00000000..479be201
--- /dev/null
+++ b/server_wizard/scripts/do_it_last.sh
@@ -0,0 +1,49 @@
+#!/bin/bash
+#
+# Wizard
+#
+# Copyright (C) 2000 Mandrakesoft.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+# See file LICENSE for further informations on licensing terms.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+#
+# Authors: Jerome Dumonteil, Maurizio De Cecco, Enzo Maggi
+# icons: Helene Durosini <ln@mandrakesoft.com>
+# <corporate@mandrakesoft.com> http://www.mandrakesoft.com
+
+# script for wizard network configuration
+#
+# restarting all services
+
+# putting a few infos in /etc/sysconfig/mdk_serv file
+
+echo_debug "$(date) begin $0"
+fic=/etc/sysconfig/mdk_serv
+
+bck_file ${fic}
+
+echo_debug "saving server basic info"
+
+echo -e "\
+# mdk server basic info $(date)\n\
+mdk_serv_version=1.0\n\
+wiz_device=${wiz_device}\n\
+wiz_host_name=${wiz_host_name}\n\
+wiz_domain_name=${wiz_domain_name}\n\
+" > ${fic}
+
+
+# all is ok
+exit 10
diff --git a/server_wizard/scripts/do_it_net.sh b/server_wizard/scripts/do_it_net.sh
new file mode 100755
index 00000000..839dda54
--- /dev/null
+++ b/server_wizard/scripts/do_it_net.sh
@@ -0,0 +1,207 @@
+#!/bin/bash
+#
+# Wizard
+#
+# Copyright (C) 2000 Mandrakesoft.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+# See file LICENSE for further informations on licensing terms.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+#
+# Authors: Jerome Dumonteil, Maurizio De Cecco, Enzo Maggi
+# icons: Helene Durosini <ln@mandrakesoft.com>
+# <corporate@mandrakesoft.com> http://www.mandrakesoft.com
+
+# script for wizard network configuration
+#
+# install default for network
+# change files :
+# /etc/sysconfig/network
+# /etc/sysconfig/network-cripts/ifcfg-ethx
+# /etc/hosts
+# /etc/HOSTNAME
+#
+
+echo_debug "$(date) begin $0"
+
+if [ ! -f /etc/sysconfig/network ]; then
+ [ -d /etc/sysconfig ] || exit 1
+ echo_debug "warning, no network file"
+ echo "# warning, this file was not create during install $(date)"\
+ > /etc/sysconfig/network
+fi
+
+bck_file /etc/sysconfig/network
+
+# first loading values
+. /etc/sysconfig/network
+
+# default value for netmask
+export wiz_ip_netmask=255.255.255.0
+
+# configuring /etc/sysconfig/network
+
+if [ "${FORWARD_IPV4}" = "false" ]; then
+ echo_debug "putting FORWARD_IPV4 to \"yes\""
+ chg_val /etc/sysconfig/network FORWARD_IPV4 yes
+fi
+
+if [ "${HOSTNAME}" != "${wiz_host_name}" ]; then
+ echo_debug "changing hostname from ${HOSTNAME} to ${wiz_host_name}"
+ chg_val /etc/sysconfig/network HOSTNAME ${wiz_host_name}
+fi
+
+if [ "${DOMAINNAME}" != "${wiz_domain_name}" ]; then
+ echo_debug "changing domain name from ${DOMAINNAME} to ${wiz_domain_name}"
+ chg_val /etc/sysconfig/network DOMAINNAME ${wiz_domain_name}
+fi
+
+if [ "${NETWORKING}" != "yes" ]; then
+ echo_debug "WARNING, NETWORKING was ${NETWORKING}"
+ chg_val /etc/sysconfig/network NETWORKING yes
+fi
+
+if [ "${GATEWAYDEV}" != "${wiz_extn_device}" ]; then
+ echo_debug "changing GATEWAYDEV name from ${GATEWAYDEV} to ${wiz_extn_device}"
+ chg_val /etc/sysconfig/network GATEWAYDEV ${wiz_extn_device}
+fi
+
+if [ "${GATEWAY}" != "${wiz_extn_gateway}" ]; then
+ echo_debug "changing GATEWAY name from ${GATEWAY} to ${wiz_extn_gateway}"
+ chg_val /etc/sysconfig/network GATEWAY ${wiz_extn_gateway}
+fi
+
+
+# now reloading
+echo_debug "reloading net params"
+. /etc/sysconfig/network
+
+# configuring /etc/sysconfig/network-scripts/.
+file="/etc/sysconfig/network-scripts/ifcfg-${wiz_device}"
+
+if [ -f ${file} ]; then
+ echo_debug "WARNING ${file} already exists, saved."
+ bck_file ${file}
+ oldip=`get_val ${file} IPADDR`
+else
+ oldip=""
+ touch ${file}
+fi
+
+
+echo_debug "starting chg_val sequence"
+
+chg_val ${file} DEVICE "${wiz_device}"
+chg_val ${file} BOOTPROTO none
+chg_val ${file} IPADDR "${wiz_ip_server}"
+# by default, just accept ../24 network :
+chg_val ${file} NETMASK "${wiz_ip_netmask}"
+chg_val ${file} NETWORK "${wiz_ip_net}"
+chg_val ${file} BROADCAST "${wiz_ip_net%.*}.255"
+chg_val ${file} ONBOOT yes
+chg_val ${file} IPXNETNUM_802_2 ""
+chg_val ${file} IPXPRIMARY_802_2 no
+chg_val ${file} IPXACTIVE_802_2 no
+chg_val ${file} IPXNETNUM_802_3 ""
+chg_val ${file} IPXPRIMARY_802_3 no
+chg_val ${file} IPXACTIVE_802_3 no
+chg_val ${file} IPXNETNUM_ETHERII ""
+chg_val ${file} IPXPRIMARY_ETHERII no
+chg_val ${file} IPXACTIVE_ETHERII no
+chg_val ${file} IPXNETNUM_SNAP ""
+chg_val ${file} IPXPRIMARY_SNAP no
+chg_val ${file} IPXACTIVE_SNAP no
+
+echo_debug "chg_val sequence ended"
+
+#loading new values
+. ${file}
+
+
+# now setup of /etc/hosts
+#
+# <warning> all this assumes that ip address of server is hard coded
+# in /etc/hosts, which may be wrong in some situations
+#
+
+
+
+# first, storing new hostname (/etc/sysconfig/network has been reloaded)
+bck_file /etc/HOSTNAME
+echo ${HOSTNAME} > /etc/HOSTNAME
+hostname ${HOSTNAME}
+echo_debug "done hostname"
+
+hostalias=`echo ${HOSTNAME} |sed -e 's|^\([^.]*\)\..*$|\1|'`
+
+# replacing . by \. for use in sed command
+chgipaddr=`echo ${IPADDR} |sed -e 's/\./\\./g'`
+
+TMPFILE=`mktemp /tmp/temp.XXXXXX` || exit 1
+TMPFIL2=`mktemp /tmp/temp.XXXXXX` || exit 1
+cat /etc/hosts > ${TMPFILE}
+bck_file /etc/hosts
+#cp -f /etc/hosts /var/tmp/wiz_bck/orig/
+
+cat ${TMPFILE}|sed -e '/^[[:space:]]*'"${chgipaddr}"'[[:space:]]\{1,\}.*$/{
+i \
+# removed by mdk_serv script on '"$(date)"'
+s//#&/
+a \
+'"${IPADDR} ${HOSTNAME} ${hostalias}"'
+}
+' > ${TMPFIL2}
+
+if [ -z "`grep -E "^[[:space:]]*${chipaddr}[[:space:]]+" ${TMPFIL2}`" ]; then
+ echo "${IPADDR} ${HOSTNAME} ${hostalias}" >> ${TMPFIL2}
+fi
+
+
+
+if [ -n "${oldip}" -a "${oldip}" != "${IPADDR}" ]; then
+ chgoldip=`echo ${oldip} |sed -e 's/\./\\./g'`
+ cat ${TMPFIL2}|sed -e '/^[[:space:]]*'"${chgoldip}"'[[:space:]]\{1,\}.*$/{
+i \
+# removed by mdk_serv script on '"$(date)"'
+s//#&/
+}
+' > /etc/hosts
+else
+ cat ${TMPFIL2} > /etc/hosts
+fi
+
+rm -f ${TMPFIL2}
+rm -f ${TMPFILE}
+
+echo_debug "done /etc/hosts"
+
+
+
+#
+# </warning> see above
+#
+
+# storing network values in /etc/sysconfig/mdk_serv
+echo_debug "storing network values"
+${CWD}/scripts/do_it_last.sh
+
+# restarting network
+echo_debug "restarting network"
+/etc/rc.d/init.d/network stop
+/etc/rc.d/init.d/network start
+echo_debug "done restarting network"
+
+# all is ok
+exit 10
+
diff --git a/server_wizard/scripts/liste_device.sh b/server_wizard/scripts/liste_device.sh
new file mode 100755
index 00000000..0dbdba9b
--- /dev/null
+++ b/server_wizard/scripts/liste_device.sh
@@ -0,0 +1,48 @@
+#!/bin/bash
+#
+# Wizard
+#
+# Copyright (C) 2000 Mandrakesoft.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+# See file LICENSE for further informations on licensing terms.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+#
+# Authors: Jerome Dumonteil, Maurizio De Cecco, Enzo Maggi
+# icons: Helene Durosini <ln@mandrakesoft.com>
+# <corporate@mandrakesoft.com> http://www.mandrakesoft.com
+
+# script for wizard basic network configuration
+#
+# return on stdout the list of allowed devices for network interfaces
+
+# this script should be improved (use of detect)
+
+liste=""
+
+liste=$liste"`/sbin/ifconfig -a | /bin/awk ' /^eth/ { print $1"\n"$1, $4,":",$5 } '`\n"
+
+# display only configured device
+#for i in 0 1 2 3 ;do
+# liste=${liste}"eth$i\nethernet adapter \
+# `ifconfig -a | grep eth$i| sed -n -e '1{s/.*HWaddr \(.*\)$/\1/p;}'`\n"
+
+# liste=${liste}"eth$i\neth$i \
+# `dmesg | grep eth$i| sed -n -e '1{s/^[^:]*: *\(.*\)$/\1/p;}'`\n"
+#done
+
+echo -ne "${liste}"
+
+exit 0
+
diff --git a/server_wizard/scripts/set_ip.sh b/server_wizard/scripts/set_ip.sh
new file mode 100755
index 00000000..e5787e95
--- /dev/null
+++ b/server_wizard/scripts/set_ip.sh
@@ -0,0 +1,40 @@
+#!/bin/bash
+#
+# Wizard
+#
+# Copyright (C) 2000 Mandrakesoft.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+# See file LICENSE for further informations on licensing terms.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+#
+# Authors: Jerome Dumonteil, Maurizio De Cecco, Enzo Maggi
+# icons: Helene Durosini <ln@mandrakesoft.com>
+# <corporate@mandrakesoft.com> http://www.mandrakesoft.com
+
+# script for wizard basic network configuration
+#
+# assuming :
+# - C class network, mask 255.255.255.0
+#
+# checking if the provided network address is correct
+
+# ip is tested as ip=a.b.c.d
+
+echo_debug "$(date) begin $0"
+echo_debug "$wiz_device"
+file=/etc/sysconfig/mdk_serv
+bck_file ${file}
+chg_val ${file} wiz_device ${wiz_device}
+exit 1
diff --git a/server_wizard/scripts/test.pl b/server_wizard/scripts/test.pl
new file mode 100644
index 00000000..f1c7c1da
--- /dev/null
+++ b/server_wizard/scripts/test.pl
@@ -0,0 +1,3 @@
+use Serverconf;
+
+Serverconf::do_it();
diff --git a/server_wizard/scripts/test.sh b/server_wizard/scripts/test.sh
new file mode 100755
index 00000000..dabc4f38
--- /dev/null
+++ b/server_wizard/scripts/test.sh
@@ -0,0 +1,6 @@
+#!/bin/bash
+
+#if [ -n "${oldip}" -a "${oldip}" != "${IPADDR}" ]; then
+if [ -f "/etc/motd" -a "${oldip}" != "${IPADDR}" ]; then
+echo "toto\n"
+fi \ No newline at end of file
generated by cgit v1.2.1 (git 2.21.0) at 2024-05-27 03:37:24 +0000
span class="hl str">'@1@2', 0, 1) if gdmconf.exists(): gdmconf.set_shell_variable('DisallowTCP', 'false', '\[security\]', '^\s*$') if kdmrc.exists(): kdmrc.replace_line_matching('^(ServerArgsLocal=.*?)-nolisten tcp(.*)$', '@1@2', 0, 0, 'X-\*-Core', '^\s*$') else: if not val_startx or not val_xservers or not val_kdmrc or val_gdmconf != 'true': self.log.info(_('Forbidding the X server to listen to tcp connection')) if not val_startx: startx.exists() and startx.replace_line_matching('serverargs="(.*?)( -nolisten tcp)?"', 'serverargs="@1 -nolisten tcp"') if not val_xservers: xservers.exists() and xservers.replace_line_matching('(\s*[^#]+/usr/bin/X .*?)( -nolisten tcp)?$', '@1 -nolisten tcp', 0, 1) if val_gdmconf != 'true': gdmconf.exists() and gdmconf.set_shell_variable('DisallowTCP', 'true', '\[security\]', '^\s*$') if not val_kdmrc: kdmrc.exists() and kdmrc.replace_line_matching('^(ServerArgsLocal=.*)$', '@1 -nolisten tcp', 'ServerArgsLocal=-nolisten tcp', 0, 'X-\*-Core', '^\s*$') def set_shell_timeout(self, val): ''' Set the shell timeout. A value of zero means no timeout.''' msec = self.configfiles.get_config_file(SHELLCONF) try: timeout = int(val) except: self.log.error(_('Invalid shell timeout "%s"') % val) return old = msec.get_shell_variable('TMOUT') if old: old = int(old) if old != timeout: self.log.info(_('Setting shell timeout to %s') % timeout) msec.set_shell_variable('TMOUT', timeout) def set_shell_history_size(self, size): ''' Set shell commands history size. A value of -1 means unlimited.''' try: size = int(size) except: self.log.error(_('Invalid shell history size "%s"') % size) return msec = self.configfiles.get_config_file(SHELLCONF) val = msec.get_shell_variable('HISTFILESIZE') if val: val = int(val) if size >= 0: if val != size: self.log.info(_('Setting shell history size to %s') % size) msec.set_shell_variable('HISTFILESIZE', size) else: if val != None: self.log.info(_('Removing limit on shell history size')) msec.remove_line_matching('^HISTFILESIZE=') def set_win_parts_umask(self, umask): ''' Set umask option for mounting vfat and ntfs partitions. If umask is '-1', default system umask is used.''' fstab = self.configfiles.get_config_file(FSTAB) try: test_umask = int(umask) except: self.log.error(_('Invalid file system umask "%s"') % umask) return if umask == "-1": fstab.replace_line_matching("(.*\s(vfat|ntfs|ntfs-3g)\s+)umask=\d+(\s.*)", "@1defaults@3", 0, 1) fstab.replace_line_matching("(.*\s(vfat|ntfs|ntfs-3g)\s+)umask=\d+,(.*)", "@1@3", 0, 1) fstab.replace_line_matching("(.*\s(vfat|ntfs|ntfs-3g)\s+\S+),umask=\d+(.*)", "@1@3", 0, 1) else: fstab.replace_line_matching("(.*\s(vfat|ntfs|ntfs-3g)\s+\S*)umask=\d+(.*)", "@1umask="+umask+"@3", 0, 1) fstab.replace_line_matching("(.*\s(vfat|ntfs|ntfs-3g)\s+)(?!.*umask=)(\S+)(.*)", "@1@3,umask="+umask+"@4", 0, 1) def allow_reboot(self, arg): ''' Allow system reboot and shutdown to local users.''' shutdownallow = self.configfiles.get_config_file(SHUTDOWNALLOW) sysctlconf = self.configfiles.get_config_file(SYSCTLCONF) kdmrc = self.configfiles.get_config_file(KDMRC) gdmconf = self.configfiles.get_config_file(GDMCONF) inittab = self.configfiles.get_config_file(INITTAB) shutdown = self.configfiles.get_config_file(SHUTDOWN) poweroff = self.configfiles.get_config_file(POWEROFF) reboot = self.configfiles.get_config_file(REBOOT) halt = self.configfiles.get_config_file(HALT) gdm230 = self.configfiles.get_config_file(GDM230) val_shutdownallow = shutdownallow.exists() val_shutdown = shutdown.exists() val_poweroff = poweroff.exists() val_reboot = reboot.exists() val_halt = halt.exists() val_sysctlconf = sysctlconf.get_shell_variable('kernel.sysrq') val_inittab = inittab.get_match(CTRALTDEL_REGEXP) val_gdmconf = gdmconf.get_shell_variable('SystemMenu') oldval_kdmrc = kdmrc.get_shell_variable('AllowShutdown', 'X-:\*-Core', '^\s*$') if arg == "yes": if val_shutdownallow or not val_shutdown or not val_poweroff or not val_reboot or not val_halt: self.log.info(_('Allowing reboot and shutdown to the console user')) shutdownallow.exists() and shutdownallow.move(SUFFIX) shutdown.exists() or shutdown.symlink(CONSOLE_HELPER) poweroff.exists() or poweroff.symlink(CONSOLE_HELPER) reboot.exists() or reboot.symlink(CONSOLE_HELPER) halt.exists() or halt.symlink(CONSOLE_HELPER) if val_sysctlconf == '0': self.log.info(_('Allowing SysRq key to the console user')) sysctlconf.set_shell_variable('kernel.sysrq', 1) if val_gdmconf == 'false': self.log.info(_('Allowing Shutdown/Reboot in GDM')) if gdmconf.exists(): if gdm230.exists(): # TODO: log a message, as this variable is ignored on new gdm? pass else: gdmconf.set_shell_variable('SystemMenu', 'true', '\[greeter\]', '^\s*$') if kdmrc.exists(): if oldval_kdmrc != 'All': self.log.info(_('Allowing Shutdown/Reboot in KDM')) kdmrc.set_shell_variable('AllowShutdown', 'All', 'X-:\*-Core', '^\s*$') if not val_inittab: self.log.info(_('Allowing Ctrl-Alt-Del from console')) inittab.exists() and inittab.replace_line_matching(CTRALTDEL_REGEXP, 'ca::ctrlaltdel:/sbin/shutdown -t3 -r now', 1) else: if not val_shutdownallow or val_shutdown or val_poweroff or val_reboot or val_halt: self.log.info(_('Forbidding reboot and shutdown to the console user')) if not shutdownallow.exists(): self.configfiles.get_config_file(SHUTDOWNALLOW, SUFFIX).touch() shutdown.exists() and shutdown.unlink() poweroff.exists() and poweroff.unlink() reboot.exists() and reboot.unlink() halt.exists() and halt.unlink() if val_sysctlconf != '0': self.log.info(_('Forbidding SysRq key to the console user')) sysctlconf.set_shell_variable('kernel.sysrq', 0) if val_gdmconf != 'false': self.log.info(_('Forbidding Shutdown/Reboot in GDM')) if gdmconf.exists(): if gdm230.exists(): # TODO: log a message, as this variable is ignored on new gdm? pass else: gdmconf.set_shell_variable('SystemMenu', 'false', '\[greeter\]', '^\s*$') if kdmrc.exists(): if oldval_kdmrc != 'None': self.log.info(_('Forbidding Shutdown/Reboot in KDM')) kdmrc.set_shell_variable('AllowShutdown', 'None', 'X-:\*-Core', '^\s*$') if val_inittab: self.log.info(_('Forbidding Ctrl-Alt-Del from console')) inittab.exists() and inittab.remove_line_matching(CTRALTDEL_REGEXP) def allow_user_list(self, arg): ''' Allow display managers (kdm and gdm) to display list of local users.''' kdmrc = self.configfiles.get_config_file(KDMRC) gdmconf = self.configfiles.get_config_file(GDMCONF) gdm230 = self.configfiles.get_config_file(GDM230) oldval_gdmconf = gdmconf.get_shell_variable('Browser') oldval_kdmrc = kdmrc.get_shell_variable('ShowUsers', 'X-\*-Greeter', '^\s*$') if arg == "yes": if kdmrc.exists(): if oldval_kdmrc != 'NotHidden': self.log.info(_("Allowing list of users in KDM")) kdmrc.set_shell_variable('ShowUsers', 'NotHidden', 'X-\*-Greeter', '^\s*$') if gdmconf.exists(): if gdm230.exists(): pass else: if oldval_gdmconf != 'true': self.log.info(_("Allowing list of users in GDM")) gdmconf.set_shell_variable('Browser', 'true') else: if kdmrc.exists(): if oldval_kdmrc != 'Selected': self.log.info(_("Forbidding list of users in KDM")) kdmrc.set_shell_variable('ShowUsers', 'Selected', 'X-\*-Greeter', '^\s*$') if gdmconf.exists(): if gdm230.exists(): pass else: if oldval_gdmconf != 'false': self.log.info(_("Forbidding list of users in GDM")) gdmconf.set_shell_variable('Browser', 'false') def allow_autologin(self, arg): ''' Allow autologin.''' autologin = self.configfiles.get_config_file(AUTOLOGIN) val = autologin.get_shell_variable('AUTOLOGIN') if val != arg: if arg == "yes": self.log.info(_('Allowing autologin')) autologin.set_shell_variable('AUTOLOGIN', 'yes') else: self.log.info(_('Forbidding autologin')) autologin.set_shell_variable('AUTOLOGIN', 'no') def password_loader(self, value): '''Unused''' self.log.info(_('Activating password in boot loader')) liloconf = self.configfiles.get_config_file(LILOCONF) liloconf.exists() and (liloconf.replace_line_matching('^password=', 'password="' + value + '"', 0, 1) or \ liloconf.insert_after('^boot=', 'password="' + value + '"')) and \ Perms.chmod(liloconf.path, 0600) # TODO encrypt password in grub menulst = self.configfiles.get_config_file(MENULST) menulst.exists() and (menulst.replace_line_matching('^password\s', 'password "' + value + '"') or \ menulst.insert_at(0, 'password "' + value + '"')) and \ Perms.chmod(menulst.path, 0600) # TODO add yaboot support def nopassword_loader(self): '''Unused''' self.log.info(_('Removing password in boot loader')) liloconf = self.configfiles.get_config_file(LILOCONF) liloconf.exists() and liloconf.remove_line_matching('^password=', 1) menulst = self.configfiles.get_config_file(MENULST) menulst.exists() and menulst.remove_line_matching('^password\s') def enable_console_log(self, arg, expr='*.*', dev='tty12'): ''' Log syslog messages on console terminal 12.''' syslogconf = self.configfiles.get_config_file(SYSLOGCONF) val = syslogconf.get_match('\s*[^#]+/dev/([^ ]+)', '@1') if arg == "yes": if dev != val: self.log.info(_('Enabling log on console')) syslogconf.exists() and syslogconf.replace_line_matching('\s*[^#]+/dev/', expr + ' /dev/' + dev, 1) else: if val != None: self.log.info(_('Disabling log on console')) syslogconf.exists() and syslogconf.remove_line_matching('\s*[^#]+/dev/') def authorize_services(self, arg): ''' Allow full access to network services controlled by tcp_wrapper (see hosts.deny(5)). If yes, all services are allowed. If local, only connections to local services are authorized. If no, the services must be authorized manually in /etc/hosts.allow (see hosts.allow(5)).''' hostsdeny = self.configfiles.get_config_file(HOSTSDENY) if hostsdeny.get_match(ALL_REGEXP): val = "no" elif hostsdeny.get_match(ALL_LOCAL_REGEXP): val = "local" else: val = "yes" if val != arg: if arg == "yes": self.log.info(_('Authorizing all services')) hostsdeny.remove_line_matching(ALL_REGEXP, 1) hostsdeny.remove_line_matching(ALL_LOCAL_REGEXP, 1) elif arg == "no": self.log.info(_('Disabling all services')) hostsdeny.remove_line_matching(ALL_LOCAL_REGEXP, 1) hostsdeny.replace_line_matching(ALL_REGEXP, 'ALL:ALL:DENY', 1) elif arg == "local": self.log.info(_('Disabling non local services')) hostsdeny.remove_line_matching(ALL_REGEXP, 1) hostsdeny.replace_line_matching(ALL_LOCAL_REGEXP, 'ALL:ALL EXCEPT 127.0.0.1:DENY', 1) def enable_sulogin(self, arg): ''' Ask for root password when going to single user level (man sulogin(8)).''' inittab = self.configfiles.get_config_file(INITTAB) val = inittab.get_match(SULOGIN_REGEXP) if arg == "yes": if not val: self.log.info(_('Enabling sulogin in single user runlevel')) inittab.replace_line_matching('[^#]+:S:', '~~:S:wait:/sbin/sulogin', 1) else: if val: self.log.info(_('Disabling sulogin in single user runlevel')) inittab.remove_line_matching('~~:S:wait:/sbin/sulogin') def enable_msec_cron(self, arg): ''' Perform hourly security check for changes in system configuration.''' mseccron = self.configfiles.get_config_file(MSECCRON) val = mseccron.exists() if arg == "yes": if not val: self.log.info(_('Enabling msec periodic runs')) mseccron.symlink(MSECBIN) else: if val: self.log.info(_('Disabling msec periodic runs')) mseccron.unlink() def enable_at_crontab(self, arg): ''' Enable crontab and at for users. Put allowed users in /etc/cron.allow and /etc/at.allow (see man at(1) and crontab(1)).''' cronallow = self.configfiles.get_config_file(CRONALLOW) atallow = self.configfiles.get_config_file(ATALLOW) val_cronallow = cronallow.get_match('root') val_atallow = atallow.get_match('root') if arg == "yes": if val_cronallow or val_atallow: self.log.info(_('Enabling crontab and at')) if val_cronallow: cronallow.exists() and cronallow.move(SUFFIX) if val_atallow: atallow.exists() and atallow.move(SUFFIX) else: if not val_cronallow or not val_atallow: self.log.info(_('Disabling crontab and at')) cronallow.replace_line_matching('root', 'root', 1) atallow.replace_line_matching('root', 'root', 1) def allow_xauth_from_root(self, arg): ''' Allow to export display when passing from the root account to the other users. See pam_xauth(8) for more details.''' export = self.configfiles.get_config_file(EXPORT) allow = export.get_match('^\*$') if arg == 'yes': if not allow: self.log.info(_('Allowing export display from root')) export.insert_at(0, '*') else: if allow: self.log.info(_('Forbidding export display from root')) export.remove_line_matching('^\*$') def allow_root_login(self, arg): ''' Allow direct root login on terminal.''' securetty = self.configfiles.get_config_file(SECURETTY) kde = self.configfiles.get_config_file(KDE) gdm = self.configfiles.get_config_file(GDM) gdmconf = self.configfiles.get_config_file(GDMCONF) xdm = self.configfiles.get_config_file(XDM) gdm230 = self.configfiles.get_config_file(GDM230) val = {} val_kde = kde.get_match('auth required (?:/lib/security/)?pam_listfile.so onerr=succeed item=user sense=deny file=/etc/bastille-no-login') val_gdm = gdm.get_match('auth required (?:/lib/security/)?pam_listfile.so onerr=succeed item=user sense=deny file=/etc/bastille-no-login') val_xdm = xdm.get_match('auth required (?:/lib/security/)?pam_listfile.so onerr=succeed item=user sense=deny file=/etc/bastille-no-login') num = 0 for n in range(1, 7): s = 'tty' + str(n) if securetty.get_match(s): num = num + 1 s = 'vc/' + str(n) if securetty.get_match(s): num = num + 1 if arg == "yes": if val_kde or val_gdm or val_xdm or num != 12: self.log.info(_('Allowing direct root login')) if gdmconf.exists(): if gdm230.exists(): pass else: gdmconf.set_shell_variable('ConfigAvailable', 'true', '\[greeter\]', '^\s*$') for cnf in [kde, gdm, xdm]: if cnf.exists(): cnf.remove_line_matching('^auth\s*required\s*(?:/lib/security/)?pam_listfile.so.*bastille-no-login', 1) for n in range(1, 7): s = 'tty' + str(n) securetty.replace_line_matching(s, s, 1) s = 'vc/' + str(n) securetty.replace_line_matching(s, s, 1) else: if gdmconf.exists(): if gdm230.exists(): pass else: gdmconf.set_shell_variable('ConfigAvailable', 'false', '\[greeter\]', '^\s*$') if (kde.exists() and not val_kde) or (gdm.exists() and not val_gdm) or (xdm.exists() and not val_xdm) or num > 0: self.log.info(_('Forbidding direct root login')) bastillenologin = self.configfiles.get_config_file(BASTILLENOLOGIN) bastillenologin.replace_line_matching('^\s*root', 'root', 1) # TODO: simplify this for cnf in [kde, gdm, xdm]: if cnf.exists(): (cnf.replace_line_matching('^auth\s*required\s*(?:/lib/security/)?pam_listfile.so.*bastille-no-login', 'auth required pam_listfile.so onerr=succeed item=user sense=deny file=/etc/bastille-no-login') or cnf.insert_at(0, 'auth required pam_listfile.so onerr=succeed item=user sense=deny file=/etc/bastille-no-login')) securetty.remove_line_matching('.+', 1) # bogus functions def secure_tmp(self, param): """Use secure location for temporary files. If this parameter is set to 'yes', user home directory will be used for temporary files. Otherwise, /tmp will be used.""" shell = self.configfiles.get_config_file(SHELLCONF) val = shell.get_shell_variable('SECURE_TMP') if val != param: if param == 'yes': self.log.info(_('Using secure location for temporary files')) else: self.log.info(_('Not using secure location for temporary files')) shell.set_shell_variable('SECURE_TMP', param) pass def enable_startup_msec(self, param): """Enforce MSEC settings on system startup""" pass def enable_startup_perms(self, param): """Enforce MSEC file directory permissions on system startup. If this parameter is set to 'enforce', system permissions will be enforced automatically, according to system security settings.""" pass def allow_curdir_in_path(self, param): """Include current directory into user PATH by default""" msec = self.configfiles.get_config_file(SHELLCONF) val = msec.get_shell_variable('ALLOW_CURDIR_IN_PATH') if val != param: if param == 'yes': self.log.info(_('Allowing including current directory in path')) msec.set_shell_variable('ALLOW_CURDIR_IN_PATH', param) else: self.log.info(_('Not allowing including current directory in path')) msec.set_shell_variable('ALLOW_CURDIR_IN_PATH', param)
generated by cgit v1.2.1 (git 2.21.0) at 2024-05-27 03:37:24 +0000