AniNIX/ShadowArch
3
0
Fork 0
Code Issues 1 Pull Requests 1 Releases Wiki Activity

Renaming package to ShadowArch to follow /wiki/Design_Principles; improved packing; development sync to current state -- massive overhaul

Browse Source
This commit is contained in:
DarkFeather
2019-05-06 02:04:19 -05:00
parent deac12d010
commit c12535de2e
176 changed files with 289 additions and 235 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
AdminScripts/Makefile Normal file
View File

@@ -0,0 +1,28 @@
list=arch-update close-guest fix-sound log-guest open-guest restart-service silent-guardian revproxy simple-web netcli
location=${pkgdir}/usr/local/sbin
perms=0700
compile: ${list}
@echo Nothing to compile.
install: compile
mkdir -p ${location};
for i in ${list}; do cp ./$$i ${location}; done
make checkperm
reverse:
for i in ${list}; do cp ${location}/$$i .; done
cp ${pkgdir}/usr/lib/systemd/system/wifi.service .
test: ${list}
for i in ${list}; do [ "$$(grep -c '#!/bin/bash' $$i)" -ne 1 ]; done
checkperm:
for i in ${list}; do chown root:root ${location}/$$i; chmod ${perms} ${location}/$$i; done
clean:
@echo Nothing to do.
diff:
count=0; for i in ${list}; do echo $$i; diff ./$$i ${location}/$$i; if [ $$? -ne 0 ]; then count=$$(( $$count + 1 )); fi; echo; done; echo Found $$count files to be different.

103
AdminScripts/arch-update Executable file
View File

@@ -0,0 +1,103 @@
#!/bin/bash
set -x
export logfile="/var/log/sysupdate.log"
export tmpfile=/tmp/shadowarch-cowerfile
unset apply
while getopts "al:h" OPTION
do
case $OPTION in
a) export apply="true"; ;;
c) export logfile=${OPTARG}; ;;
*) printf "ShadowArch Update Checker\n-a Apply changes\n-l Logfile\n-h Show this helptext\n"; exit 1;;
esac;
done
date > $logfile
# Update
echo == Updating Arch Packages == | tee -a $logfile
if [ ! -z "$apply" ]; then
pacman -Syu --force 2>&1 | tee -a $logfile # I've been having troubles with this causing crashes while online.
# Hook for MediaWiki
if [ `grep $(date +$F) /var/log/pacman.log | grep -c mediawiki` -eq 1 ] && [ -d /usr/share/webapps/mediawiki ]; then
php /usr/share/webapps/mediawiki/maintenance/update.php | tee -a $logfile
for i in `find /usr/share/webapps/ -maxdepth 1 -type d | grep mediawiki\-`; do
rsync -avz --exclude images --exclude Images --exclude LocalSettings.php /usr/share/webapps/mediawiki/ "$i"
php "$i"/maintenance/update.php
done
fi
# Hook for TT-RSS
if [ `grep $(date +$F) /var/log/pacman.log | grep -c tt-rss` -eq 1 ] && [ -d /usr/share/webapps/tt-rss ]; hten
/usr/bin/runuser -u http -- /usr/bin/php /usr/share/webapps/tt-rss/update.php --update-schema
fi
# Hook for Grimoire
if [ `grep $(date +$F) /var/log/pacman.log | grep -c 'upgraded postgresql '` -eq 1 ]; then
echo "Updating PostGreSQL databases" | tee -a $logfile
#Clear old backups.
rm -Rf /var/lib/postgres/olddata
#Stop the service and save old database version.
if [ -f /usr/lib/systemd/system/grimoire.service ]; then systemctl stop grimoire; else systemctl stop postgresql.service; fi
su -l postgres -c 'mv /var/lib/postgres/data /var/lib/postgres/olddata'
# Init new database and upgrade.
su -l postgres -c 'initdb --locale en_US.UTF-8 -E UTF8 -D /var/lib/postgres/data' | tee -a $logfile
upstr=`grep "$(date +%F)" /var/log/pacman.log | grep 'upgraded postgresql '`
oldver=`echo $upstr | rev | cut -f 2 -d '>' | cut -f 1 -d '(' | rev | sed s/\ -//`
newver=`echo $upstr | rev | cut -f 1 -d '>' | cut -f 2 -d ')' | rev`
# Upgrade the database.
su -l postgres -c "pg_upgrade -d /var/lib/postgres/olddata/ -D /var/lib/postgres/data/ -b /opt/pgsql-$oldver/bin/ -B /usr/bin/" | tee -a $logfile
# Create dump file for restores.
/opt/pgsql-$oldver/bin/pg_ctl -D /var/lib/postgres/olddata/ start
/opt/pgsql-$oldver/bin/pg_dumpall >> /var/lib/postgres/olddata/dump.psql
/opt/pgsql-$oldver/bin/pg_ctl -D /var/lib/postgres/olddata/ stop
# Restart the service.
if [ -f /usr/lib/systemd/system/grimoire.service ]; then systemctl start grimoire; else systemctl start postgresql.service; fi
echo "Updated PostGreSQL databases" | tee -a $logfile
fi
else
checkupdates | tee -a $logfile
fi
echo | tee -a $logfile
# Get AUR list of update candidates
echo == AUR Candidate List == | tee -a $logfile
if [ ! -z "$apply" ]; then
cower -u | cut -f 2 -d ' ' &> $tmpfile
echo Edit the package list.
read
${EDITOR} ${tmpfile}
chmod 0755 $tmpfile;
printf "What deprivileged user do you want to use? "
read deprivuser;
sudo -u "$deprivuser" /bin/bash -c "for i in `cat $tmpfile`; do cd /usr/local/src/"$i"; git pull; makepkg -sri; done"
(echo Updated the following AUR packages:; cat $tmpfile) | tee -a $logfile
rm $tmpfile;
else
cower -u | tee -a $logfile
fi
echo | tee -a $logfile
# Update AniNIX packages
echo == Updating AniNIX Packages == | tee -a $logfile
if [ ! -z "$apply" ]; then
for i in ; do #`find /usr/local/src/ -maxdepth 6 -type f -name config -exec egrep -l aninix\|foundation {} \; | sed 's#.git/config$##'`; do
cd "$i"
git pull
make
make install
done
fi
# Generate list of installed packages
echo == Generated installed-packages list == | tee -a $logfile
pacman -Qqe | egrep '^[a-z]' | sed 's#local/##' > /var/log/installed-packages.txt
# Generate list of orphaned packages
echo == Generated orphaned-packages list == | tee -a $logfile
pacman -Qdtq > /var/log/orphaned-packages.txt
echo | tee -a $logfile
date | tee -a $logfile
printf '\n\n' | tee -a $logfile

4
AdminScripts/close-guest Executable file
View File

@@ -0,0 +1,4 @@
#!/bin/bash
usermod -G guest guest
chsh -s /usr/local/bin/noshell guest
passwd guest

4
AdminScripts/fix-sound Executable file
View File

@@ -0,0 +1,4 @@
#!/bin/bash
rmmod snd_hda_intel
modprobe snd_hda_intel
alsactl init

4
AdminScripts/log-guest Executable file
View File

@@ -0,0 +1,4 @@
#!/bin/bash
chsh -s /usr/local/bin/logged-shell guest
usermod -a -G ssh_allow_grp guest
passwd guest

111
AdminScripts/netcli Executable file
View File

@@ -0,0 +1,111 @@
#!/bin/bash
# Global variables
unset conf
unset network
unset type
interface="wlp4s0"
# Print helptext
function usage() {
echo Usage: $0 '[-i interface] -f conf_name'
echo " $0 -a # Connect to any known secured network"
echo " $0 -l # List networks and arp"
echo " $0 -o SSID # Connect to open network "
echo " $0 -u # Bring up interface"
echo " $0 -d # Stop the interface"
echo " $0 -I # Info "
echo " $0 -h # Usage"
echo
echo Add -v to increase verbosity.
echo "Add -t TYPE to override type guessing, where type is eth or wifi"
echo Default interface is "${interface}"
}
# Try to guess if we're ether or wifi
function guessType() {
if [ "$(echo "${interface}" | egrep -c '^enp|^eth|^eno')" -ne 1 ]; then
echo "wifi"
else
echo "ether"
fi
}
# Clean up running processes
function cleanUp() {
killall wpa_supplicant dhcpcd 2>&1
ip link set "$interface" down
}
# Connect to a given open network
# param network: an open ESSID
function connectOpen() {
network="$1"
cleanUp
ip link set "$interface" up
if [ "$type" == "wifi" ]; then
iw dev "$interface" connect "$network"
fi
}
# Connect to any known secured access point
function connectAny() {
cleanUp
ip link set "$interface" up
if [ "$type" == "wifi" ]; then
for i in `iwlist "$interface" scanning | grep ESSID | cut -f 2 -d \" | tr '[:upper:]' '[:lower:]'`; do
if [ -f /etc/wpa_supplicant/"$i".conf ]; then
/root/bin/wifi "$i" "$interface"
if [ $? -eq 0 ]; then
exit 0;
fi
fi
done
fi
}
# Connect using the WPA Conf file saved
# param conf: the conf file
function connect() {
conf="$1"
cleanUp
ip link set "${interface}" up
if [ "$type" == wifi ]; then
wpa_supplicant -i "$interface" -c "$conf" -B
fi
}
# Get the information on current interfaces
function netInfo() {
ip addr list
ip route list
iwlist scanning
}
### MAIN FUNCTION ###
if [ `echo "$0" | egrep -c '(^|/)netcli$'` -eq 1 ]; then
type=`guessType`
while getopts 'adf:hIi:lo:t:uv' OPTION 2>/dev/null; do
case "${OPTION}" in
a) connectAny ;;
f) connect "/etc/wpa_supplicant/${OPTARG}.conf" ;;
d) cleanUp; exit 0 ;;
h) usage; exit 0 ;;
i) interface="${OPTARG}"; type=`guessType` ;;
I) netInfo; exit 0; ;;
l) if [ "$type" == "wifi" ]; then echo SSID Broadcasts:; iwlist "${interface}" scanning | egrep Encryption\|ESSID | sed 's/ *//' | sed 's/ESSID://' ; fi; echo; echo ARP list:; arp -a; exit $? ;;
o) connectOpen "${OPTARG}" ;;
t) if [ "$OPTARG" != "wifi" ] && [ "$OPTARG" != "eth" ]; then usage; exit 1; fi; type="${OPTARG}" ;;
u) if ! [ "$(ip link list "${interface}" | grep -m 1 -c \ UP\ )" -ne 1 ]; then ip link set "${interface}" up; fi ;;
v) set -x ;;
*) usage; exit 1 ;;
esac
done
# Attempt DHCP Lease -- if this fails, static routing will need to be added TODO
sleep 3
dhcpcd "$interface"
exit $?
fi

4
AdminScripts/open-guest Executable file
View File

@@ -0,0 +1,4 @@
#!/bin/bash
chsh -s /bin/bash guest
usermod -a -G ssh_allow_grp guest
passwd guest

12
AdminScripts/restart-service Executable file
View File

@@ -0,0 +1,12 @@
#!/bin/bash
if [ "$1" == "" ]; then
echo Usage: $0 '[service(s)...]';
exit 1;
fi
for i in $@; do
systemctl daemon-reload
systemctl restart $i
sleep 3
systemctl status -l $i | head -n 6
done

42
AdminScripts/revproxy Executable file
View File

@@ -0,0 +1,42 @@
#!/bin/bash
# Establish iptables-based reverse proxy
# Thanks to user55518 in http://unix.stackexchange.com/questions/111841/regular-expression-in-bash-to-validate-ip-address#111843
re='^[1-2]\{0,1\}[0-9]\{0,1\}[0-9]\{1\}\.[1-2]\{0,1\}[0-9]\{0,1\}[0-9]\{1\}\.[1-2]\{0,1\}[0-9]\{0,1\}[0-9]\{1\}\.[1-2]\{0,1\}[0-9]\{0,1\}[0-9]\{1\}$'
if [ ! -z "$1" ] && [ "$1" == "--reset" ]; then
iptables -F -t nat
exit $?
fi
if [ ! -z "$1" ] && [ "$1" == "--list" ]; then
iptables -S -t nat
exit $?
fi
if [ -z "$1" ] || [ -z "$2" ] || ! (echo "$2" | grep -x "$re" &> /dev/null) || [ -z "$3" ]; then
printf "Usage: $0 localport remoteIP remoteport [ --local ]\n"
printf " $0 --reset\n"
printf " $0 --list\n"
exit 1
fi
# Tell the kernel to allow forwarding packets.
echo 1 > /proc/sys/net/ipv4/ip_forward
# Set up masquerading if not already done
if [ `iptables -S -t nat | grep -c '\-A POSTROUTING -j MASQUERADE'` -ne 1 ]; then
iptables -t nat -A POSTROUTING -j MASQUERADE;
fi
# Handle local forwarding.
if [ "$4" == "--local" ] || [ "$2" == "127.0.0.1" ]; then
iptables -t nat -I OUTPUT -p tcp -o lo --dport "$1" -j REDIRECT --to-ports "$3"
iptables -t nat -A PREROUTING -p tcp --dport "$1" -j REDIRECT --to "$3"
else # Handle remote
iptables -t nat -A PREROUTING -p tcp -m tcp --dport "$1" -j DNAT --to-destination "$2":"$3"
fi
echo Done -- all traffic connecting to port "$1" will be redirected to "$2":"$3"

12
AdminScripts/shadowarch-sync Normal file
View File

@@ -0,0 +1,12 @@
#!/bin/bash
# File: shadowarch-sync
#
# Description: This file syncs the ShadowArch customization files over the ones created by other packages, like filesystem and pacman
#
# Package: AniNIX::Foundation/ShadowArch
# Copyright: WTFPL
#
# Author: DarkFeather <darkfeather@aninix.net>
rsync -avz /opt/aninix/ShadowArch/etc/ /etc/

42
AdminScripts/silent-guardian Executable file
View File

@@ -0,0 +1,42 @@
#!/bin/bash
DEPRIV=depriv
if [ ! -f /usr/local/src/SharedLibraries/Bash/header ]; then
echo This script requires the SharedLibraries package.
exit 1;
fi
source /usr/local/src/SharedLibraries/Bash/header
export logfile="/var/log/silent-guardian.log"
logstatement "Started $(date)"
# Fix the Webserver permissions
if [ -f /srv/http ]; then
chown -R $DEPRIV:http /srv/http/*
find /srv/http/* -type f -exec chmod 0640 {} \;
find /srv/http/* -type d -exec chmod 0750 {} \;
fi;
# Fix the media permissions
/usr/local/bin/yggdrasil-lock
# fix the WolfPack results location
if [ -x /usr/local/bin/wolfpack ]; then
find /srv/wolfpack -type d -exec chmod 0755 {} \;
find /srv/wolfpack -type f -exec chmod 0644 {} \;
fi
# Guard root
chmod 0700 /root
chown -R root:root /root
find /root -type d -exec chmod 0700 {} \;
# Guard home directories
chmod 0750 /home/*
# Guard LDAP
if [ -d /etc/openldap ]; then
chown ldap:ldap /var/lib/openldap/openldap-data/*
fi
logstatement "Ended $(date)"
logstatement " "

2
AdminScripts/simple-web Normal file
View File

@@ -0,0 +1,2 @@
#!/bin/bash
python -m http.server 8000