Commit 706fe92f authored by Valentino Lauciani's avatar Valentino Lauciani
Browse files

1)Add 'configure_iptables' function 2)Add 'configure_fail2ban' function 3)Add 'echo_date' function

parent 2d9df31a
......@@ -14,6 +14,8 @@ GITBASEDIRCURREPO=${GITBASEDIR}/group__${gitGroupName}/${gitRepoName}
SSHBASEDIR=/root/.ssh
TMPFILEKEY=/tmp/tmp_key
PUBKEY_VALENTINO="ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAsMicXiH6F7zjhRrjLLyycFBUDHuMi4/wLuZtMteVt+lvC6/s8VtxMB+DDSUrctYV3Sp3Kn9r4tVGhaj6xsTcj45OpLJvSHd1rd+1ke8ehH7TrKWuvrIVkWCz78/1q+Ogx9Wc/c5eq9s5zRvSKFinLx1lxSPjytInlOUVYhp2H7Ofbz0YGItgCm67Cy38C8slmeHEP9EXFMEj4QKqv67leRdTy+POrYMWRqOtELGSIH7P11ImEcyvzldpInP6DOkEBzh7Zyr7059DOi4SuAVz9dSX6YFAZb0gllBU0qxey6z8HCsuZ68s7ahbsKSV9G4xEMAQFIuZtnfVjrK+TYzovw== valentino@albus.int.ingv.it"
setup_sshkey()
{
local key=${1}
......@@ -48,13 +50,23 @@ EOF
# rm ${TMPFILEKEY}
}
echo_date() {
DATE_ECHO=$( date +"%Y-%m-%d %H:%M:%S" )
echo "[${DATE_ECHO}] - ${1}"
}
configure_public_keys()
{
echo ${PUBKEY_VALENTINO} >> ~/.ssh/authorized_keys
}
configure_apt()
{
echo "apt-get update and install" >> $OUTPUTFILE
# install needed bits in a loop because a lot of installs happen
# on VM init, so won't be able to grab the dpkg lock immediately
until apt-get -y update && apt-get -y install nginx git
until apt-get -y update && apt-get -y install nginx git iptables fail2ban
do
echo "Trying again"
sleep 2
......@@ -102,6 +114,76 @@ configure_nginx()
service nginx restart 2>&1 >> $OUTPUTFILE
}
configure_iptables()
{
echo_date "Check \"iptables\" installation:" >> ${OUTPUTFILE} 2>&1
dpkg-query -W -f='${Status} ${Version}\n' iptables
RETURNED_VAL=${?}
echo_date "Done" >> ${OUTPUTFILE} 2>&1
if (( ${RETURNED_VAL} == 0 )) && [ -d ${GITBASEDIR}/cnt.rm.ingv.it/root/etc/firewall/ ]; then
echo_date "COnfiguring \"iptables\":" >> ${OUTPUTFILE} 2>&1
mkdir /etc/firewall
cd /etc/firewall
ln -s ${GITBASEDIR}/cnt.rm.ingv.it/root/etc/firewall/firewall.openall.sh
ln -s ${GITBASEDIR}/cnt.rm.ingv.it/root/etc/firewall/firewall.rules_azure.sh firewall.rules.sh
cd /etc/init.d
ln -s ${GITBASEDIR}/cnt.rm.ingv.it/root/etc/init.d/iptables
/etc/init.d/iptables start >> ${OUTPUTFILE} 2>&1
echo_date "Done" >> ${OUTPUTFILE} 2>&1
fi
}
configure_fail2ban()
{
echo "Check \"fail2ban\" installation:" >> ${OUTPUTFILE} 2>&1
dpkg-query -W -f='${Status} ${Version}\n' fail2ban
RETURNED_VAL=${?}
echo "" >> ${OUTPUTFILE} 2>&1
if (( ${RETURNED_VAL} == 0 )) && [ -d ${GITBASEDIR}/cnt.rm.ingv.it/root/etc/fail2ban/ ]; then
service fail2ban stop >> ${OUTPUTFILE} 2>&1
DIR_FAIL2BAN="/etc/fail2ban"
if [ -d ${DIR_FAIL2BAN} ]; then
cd ${DIR_FAIL2BAN}
if [ -f jail.local ]; then
mv jail.local jail.local__original
ln -s ${GITBASEDIR}/cnt.rm.ingv.it/root/etc/fail2ban/jail.local
fi
fi
# filter.d
DIR_FAIL2BAN_FILTER="/etc/fail2ban/filter.d"
if [ -d ${DIR_FAIL2BAN_FILTER} ]; then
cd ${DIR_FAIL2BAN_FILTER}
CONFIG_FILES="nginx-403.conf nginx-404.conf nginx-FDNE.conf nginx-filenotfound.conf nginx-noscript.conf nginx-req-limit.conf"
for CONFIG_FILE in ${CONFIG_FILES}; do
if [ -f ${CONFIG_FILE} ]; then
mv ${CONFIG_FILE} ${CONFIG_FILE}__original
fi
ln -s ${GITBASEDIR}/cnt.rm.ingv.it/root/etc/fail2ban/filter.d/${CONFIG_FILE}
done
fi
# action.d
DIR_FAIL2BAN_ACTION="/etc/fail2ban/action.d"
if [ -d ${DIR_FAIL2BAN_ACTION} ]; then
cd ${DIR_FAIL2BAN_ACTION}
CONFIG_FILES="sendmail-whois-lines.conf"
for CONFIG_FILE in ${CONFIG_FILES}; do
if [ -f ${CONFIG_FILE} ]; then
mv ${CONFIG_FILE} ${CONFIG_FILE}__original
fi
ln -s ${GITBASEDIR}/cnt.rm.ingv.it/root/etc/fail2ban/action.d/${CONFIG_FILE}
done
fi
service fail2ban start >> ${OUTPUTFILE} 2>&1
fi
}
SEPLINE="============================================="
......@@ -113,8 +195,11 @@ echo "Hello World" >> $OUTPUTFILE
echo "$@" >> $OUTPUTFILE
echo "$SEPLINE" >> $OUTPUTFILE
configure_public_keys
configure_apt
configure_git $gitHostName $gitGroupName $gitRepoName $gitSshPrivateKey
configure_nginx
configure_iptables
configure_fail2ban
cat $OUTPUTFILE
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment