about summary refs log tree commit diff stats
path: root/core
diff options
context:
space:
mode:
authorSilvino Silva <silvino@bk.ru>2018-07-16 14:33:23 +0100
committerSilvino Silva <silvino@bk.ru>2018-07-16 14:33:23 +0100
commitbdea1c23d13c417a00b71654670aed309cfa302a (patch)
tree397f398b79141f234e18cd4619c96c71d4bf0862 /core
parent8c5096c08932dc5d636f5ddbc65392dacf3bc962 (diff)
downloaddoc-bdea1c23d13c417a00b71654670aed309cfa302a.tar.gz
core linux, backup and iptables script fix
Diffstat (limited to 'core')
-rw-r--r--core/linux.html13
-rw-r--r--core/scripts/backup-system.sh157
-rw-r--r--core/scripts/iptables.sh36
3 files changed, 151 insertions, 55 deletions
diff --git a/core/linux.html b/core/linux.html
index f04b193..1592fc4 100644
--- a/core/linux.html
+++ b/core/linux.html
@@ -559,6 +559,9 @@
 
             <dd>HugeTLB file system support</dd>
 
+            <dt>CONFIG_FUSE_FS=y</dt>
+            <dd>FUSE (Filesystem in Userspace) support</dd>
+
         </dl>
 
         <h3 id="hack">2.1.2.12 Kernel hacking</h3>
@@ -682,6 +685,16 @@
         </dl>
 
         <h3 id="crypt">2.1.2.14 Cryptographic API</h3>
+
+        <pre>
+            RIPEMD-160 digest algorithm 
+            SHA384 and SHA512 digest algorithms 
+            Whirlpool digest algorithms 
+            LRW support 
+            Serpent cipher algorithm 
+            Twofish cipher algorithm
+        </pre>
+
         <h3 id="virt">2.1.2.15 Virtualization</h3>
 
         <dl>
diff --git a/core/scripts/backup-system.sh b/core/scripts/backup-system.sh
index 49b9873..ba6a961 100644
--- a/core/scripts/backup-system.sh
+++ b/core/scripts/backup-system.sh
@@ -1,4 +1,12 @@
-#!/bin/sh
+#!/bin/bash
+
+ROOT_DIR=
+DEST_DIR=/root/backup
+PORT_PKG="${DEST_DIR}/crux"
+PORT_PRT="${DEST_DIR}/ports"
+DATA_CNF="${DEST_DIR}/conf"
+DATA_USR="${DEST_DIR}/user"
+DATA_SRV="${DEST_DIR}/srv"
 
 ConfirmOrExit ()
 {
@@ -50,9 +58,9 @@ mkbk_coll_ports() {
         --directory=$ROOT_DIR/usr/ports/${col} \
         --exclude=.git/ \
         .
-
 }
 
+
 mkbk_metadata() {
 
     # archive pkgutils data
@@ -158,8 +166,8 @@ mkbk_user_metadata() {
 
             # encript data
             #gpg --output "${DATA_USR}/meta-${user}.tar.gz.gpg" \
-            #    --encrypt --recipient user@host \
-            #    "${DATA_USR}/meta-${user}.tar.gz"
+                #    --encrypt --recipient user@host \
+                #    "${DATA_USR}/meta-${user}.tar.gz"
 
             tar --xattrs -zcpf "${DATA_USR}/gitolite-${user}.tar.gz" \
                 $dir/gitolite-admin
@@ -167,34 +175,56 @@ mkbk_user_metadata() {
     done
 }
 
-echo -n "root directory you want backup (/mnt/):\n "
-#read ROOT_DIR
-ROOT_DIR=$1
-
-echo -n "where you want to save (/home/user):\n "
-DEST_DIR=$2
-
-# Temporary directory
-PORT_PKG="${DEST_DIR}/crux"
-PORT_PRT="${DEST_DIR}/ports"
-DATA_CNF="${DEST_DIR}/conf"
-DATA_USR="${DEST_DIR}/user"
-DATA_SRV="${DEST_DIR}/srv"
+print_data () {
+    echo "ROOT_DIR=${ROOT_DIR}"
+    echo "DEST_DIR=${DEST_DIR}"
+    echo "PORT_PKG=${PORT_PKG}"
+    echo "PORT_PRT=${PORT_PRT}"
+    echo "DATA_CNF=${DATA_CNF}"
+    echo "DATA_USR=${DATA_USR}"
+    echo "DATA_SRV=${DATA_SRV}"
+}
 
-echo "ROOT_DIR=${ROOT_DIR}"
-echo "DEST_DIR=${DEST_DIR}"
-echo "PORT_PKG=${PORT_PKG}"
-echo "PORT_PRT=${PORT_PRT}"
-echo "DATA_CNF=${DATA_CNF}"
-echo "DATA_USR=${DATA_USR}"
-echo "DATA_SRV=${DATA_SRV}"
+print_help() {
+    echo "usage: backup-system [options]"
+    echo "options:"
+    echo "  -r,   --root                root directory to backup, default /"
+    echo "  -d,   --destination         save backup, default /root/backup"
+    echo "  -h,   --help                print help and exit"
+}
 
+while [ "$1" ]; do
+    case $1 in
+        -r|--root)
+            ROOT_DIR=$2
+            if [ ${ROOT_DIR} == "/" ]; then
+                ROOT_DIR=""
+            fi
+            shift ;;
+        -d|--destination)
+            DEST_DIR=$2
+
+            # Destination directory
+            PORT_PKG="${DEST_DIR}/crux"
+            PORT_PRT="${DEST_DIR}/ports"
+            DATA_CNF="${DEST_DIR}/conf"
+            DATA_USR="${DEST_DIR}/user"
+            DATA_SRV="${DEST_DIR}/srv"
+            shift ;;
+        -h|--help)
+            print_help
+            exit 0 ;;
+        *)
+            echo "backup-system: invalid option $1"
+            print_help
+            exit 1 ;;
+    esac
+    shift
+done
+
+print_data
 ConfirmOrExit
 
-if [ ${ROOT_DIR} == "/" ]; then
-    ROOT_DIR=""
-fi
-
 mkdir -p ${PORT_PKG}
 mkdir -p ${PORT_PRT}
 mkdir -p ${DATA_CNF}
@@ -204,20 +234,59 @@ mkdir -p ${DATA_SRV}
 # Light backup data
 mkbk_metadata
 mkbk_etc_conf
-mkbk_user_metadata
-mkbk_srv_www
-mkbk_srv_pgsql
-mkbk_srv_gitolite
-
-# Port system
-mkbk_coll_ports "core"
-mkbk_coll_pkg "core"
-mkbk_coll_ports "opt"
-mkbk_coll_pkg "opt"
-mkbk_coll_ports "contrib"
-mkbk_coll_pkg "contrib"
-mkbk_coll_ports "xorg"
-mkbk_coll_pkg "xorg"
-
-mkbk_coll_pkg "other"
 
+while true
+do
+    echo -n "Backup user metadata ? Please confirm (y or n) :"
+    read CONFIRM
+    case $CONFIRM in
+        n|N|no|NO|No) break ;;
+        y|Y|YES|yes|Yes)
+            echo "Accept - you entered $CONFIRM"
+            mkbk_user_metadata
+            break
+            ;;
+        *) echo "Please enter only y or n"
+    esac
+done
+
+while true
+do
+    echo -n "Backup server data ? Please confirm (y or n) :"
+    read CONFIRM
+    case $CONFIRM in
+        n|N|no|NO|No) break ;;
+        y|Y|YES|yes|Yes)
+            echo "Accept - you entered $CONFIRM"
+            mkbk_srv_www
+            mkbk_srv_pgsql
+            mkbk_srv_gitolite
+            break
+            ;;
+        *) echo "Please enter only y or n"
+    esac
+done
+
+
+while true
+do
+    echo -n "Backup port system ? Please confirm (y or n) :"
+    read CONFIRM
+    case $CONFIRM in
+        n|N|no|NO|No) break ;;
+        y|Y|YES|yes|Yes)
+            echo "Accept - you entered $CONFIRM"
+            mkbk_coll_ports "core"
+            mkbk_coll_pkg "core"
+            mkbk_coll_ports "opt"
+            mkbk_coll_pkg "opt"
+            mkbk_coll_ports "contrib"
+            mkbk_coll_pkg "contrib"
+            mkbk_coll_ports "xorg"
+            mkbk_coll_pkg "xorg"
+            mkbk_coll_pkg "other"
+            break
+            ;;
+        *) echo "Please enter only y or n"
+    esac
+done
diff --git a/core/scripts/iptables.sh b/core/scripts/iptables.sh
index 1304210..db1078d 100644
--- a/core/scripts/iptables.sh
+++ b/core/scripts/iptables.sh
@@ -265,14 +265,23 @@ case $TYPE in
         $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in tap1 --physdev-out tap2 -s ${BR_NET} -d ${BR_NET} -j ACCEPT
         $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in tap2 --physdev-out tap1 -s ${BR_NET} -d ${BR_NET} -j ACCEPT
 
+        $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in tap1 --physdev-out tap3 -s ${BR_NET} -d ${BR_NET} -j ACCEPT
+        $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in tap3 --physdev-out tap1 -s ${BR_NET} -d ${BR_NET} -j ACCEPT
+
+        $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in tap3 --physdev-out tap2 -s ${BR_NET} -d ${BR_NET} -j ACCEPT
+        $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in tap2 --physdev-out tap3 -s ${BR_NET} -d ${BR_NET} -j ACCEPT
+
         # Tap1 can access external http
         $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in ${PUB_IF} --physdev-out tap1 -j cli_http_in
         $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in tap1 --physdev-out ${PUB_IF} -j cli_http_out
 
-        ####### Forward TAP2 ssh and https  ######
+        ####### Forward TAP2 ssh, http and https  ######
         $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in ${PUB_IF} --physdev-out tap2 -j srv_ssh_in
         $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in tap2 --physdev-out ${PUB_IF} -j srv_ssh_out
 
+        $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in ${PUB_IF} --physdev-out tap2 -j srv_http_in
+        $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in tap2 --physdev-out ${PUB_IF} -j srv_http_out
+
         $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in ${PUB_IF} --physdev-out tap2 -j srv_https_in
         $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in tap2 --physdev-out ${PUB_IF} -j srv_https_out
         #
@@ -296,35 +305,40 @@ case $TYPE in
         #Less noise
         $IPT -A INPUT -i ${BR_IF} -d ${PUB_IP} -p tcp  --sport 3030 --dport 1024:65535 -j DROP
 
-        $IPT -A INPUT -i ${BR_IF} -d ${PUB_IP} -s ${BR_NET} -m physdev --physdev-in tap2 -j srv_dns_in
         $IPT -A INPUT -i ${BR_IF} -d ${PUB_IP} -s ${BR_NET} -m physdev --physdev-in tap1 -j srv_dns_in
+        $IPT -A INPUT -i ${BR_IF} -d ${PUB_IP} -s ${BR_NET} -m physdev --physdev-in tap2 -j srv_dns_in
+        $IPT -A INPUT -i ${BR_IF} -d ${PUB_IP} -s ${BR_NET} -m physdev --physdev-in tap3 -j srv_dns_in
 
-        $IPT -A INPUT -i ${BR_IF} -m physdev --physdev-in tap2 -j srv_dhcp
         $IPT -A INPUT -i ${BR_IF} -m physdev --physdev-in tap1 -j srv_dhcp
+        $IPT -A INPUT -i ${BR_IF} -m physdev --physdev-in tap2 -j srv_dhcp
+        $IPT -A INPUT -i ${BR_IF} -m physdev --physdev-in tap3 -j srv_dhcp
+
         $IPT -A INPUT -i ${BR_IF} -m physdev --physdev-in ${PUB_IF} -s ${GW} -d ${PUB_IP}  -j srv_dhcp
 
         $IPT -A INPUT -i ${BR_IF} -d ${PUB_IP} -j cli_dns_in
         $IPT -A INPUT -i ${BR_IF} -d ${PUB_IP} -j cli_https_in
+        $IPT -A INPUT -i ${BR_IF} -d ${PUB_IP} -j cli_http_in
         $IPT -A INPUT -i ${BR_IF} -d ${PUB_IP} -j cli_git_in
         $IPT -A INPUT -i ${BR_IF} -d ${PUB_IP} -j cli_ssh_in
 
         ####### Output Chain ######
         $IPT -A OUTPUT -j blocker
+
         #Less noise
         $IPT -A OUTPUT -o ${BR_IF} -s ${PUB_IP} -p tcp --dport 3030 --sport 1024:65535 -j DROP
 
         $IPT -A OUTPUT -o ${BR_IF} -s ${PUB_IP} -d ${DNS} -j cli_dns_out
-        $IPT -A OUTPUT -o ${BR_IF} -s ${PUB_IP} -d 10.0.0.4 -j srv_dns_out
-        $IPT -A OUTPUT -o ${BR_IF} -s ${PUB_IP} -d 10.0.0.3 -j srv_dns_out
+        $IPT -A OUTPUT -o ${BR_IF} -s ${PUB_IP} -d ${BR_NET} -j srv_dns_out
 
         $IPT -A OUTPUT -o ${BR_IF} -s ${PUB_IP} -d ${BR_NET} -j cli_ssh_out
         $IPT -A OUTPUT -o ${BR_IF} -s ${PUB_IP} -d ${BR_NET} -j cli_git_out
+        $IPT -A OUTPUT -o ${BR_IF} -s ${PUB_IP} -d ${BR_NET} -j cli_http_out
 
         $IPT -A OUTPUT -o ${BR_IF} -s ${PUB_IP} -d ${BR_NET} -j srv_dhcp
         $IPT -A OUTPUT -o ${BR_IF} -s ${PUB_IP} -j cli_https_out
-        $IPT -A OUTPUT -o ${BR_IF} -s ${PUB_IP} -j cli_https_out
+        #$IPT -A OUTPUT -o ${BR_IF} -s ${PUB_IP} -j cli_http_out
         $IPT -A OUTPUT -o ${BR_IF} -s ${PUB_IP} -j cli_git_out
-        $IPT -A OUTPUT -o ${BR_IF} -s ${PUB_IP} -d cli_ssh_out
+        #$IPT -A OUTPUT -o ${BR_IF} -s ${PUB_IP} -j cli_ssh_out
 
         ####### PostRouting Chain ######
         #Less noise
@@ -337,8 +351,8 @@ case $TYPE in
         ## log everything else and drop
         iptables_log
 
-	#$IPT -t nat -A POSTROUTING -j LOG --log-level 7 --log-prefix "iptables: POSTROUTING: "
-	# $IPT -t nat -A PREROUTING -j LOG --log-level 7 --log-prefix "iptables: PREROUTING: "
+        #$IPT -t nat -A POSTROUTING -j LOG --log-level 7 --log-prefix "iptables: POSTROUTING: "
+        # $IPT -t nat -A PREROUTING -j LOG --log-level 7 --log-prefix "iptables: PREROUTING: "
 
         iptables-save > /etc/iptables/net.v4
         exit 0
@@ -363,7 +377,7 @@ case $TYPE in
 	$IPT -A INPUT -i ${PUB_IF} -d ${PUB_IP} -s ${BR_NET} -j srv_https_in
 	$IPT -A INPUT -i ${PUB_IF} -d ${PUB_IP} -s ${BR_NET} -j srv_ssh_in
 	$IPT -A INPUT -i ${PUB_IF} -d ${PUB_IP} -s ${BR_NET} -j srv_git_in
-        $IPT -A INPUT -i ${PUB_IF} -d ${PUB_IP} -s ${BR_NET} -j cli_http_in
+        #$IPT -A INPUT -i ${PUB_IF} -d ${PUB_IP} -s ${BR_NET} -j cli_http_in
 
 
 	$IPT -A INPUT -i ${PUB_IF} -d ${PUB_IP} -j srv_https_in
@@ -375,7 +389,7 @@ case $TYPE in
         $IPT -A OUTPUT -j blocker
 
 	$IPT -A OUTPUT -o ${PUB_IF} -d ${DNS} -s ${PUB_IP} -j cli_dns_out
-	$IPT -A OUTPUT -o ${PUB_IF} -d ${BR_NET} -s ${PUB_IP} -j cli_http_out
+	#$IPT -A OUTPUT -o ${PUB_IF} -d ${BR_NET} -s ${PUB_IP} -j cli_http_out
 	$IPT -A OUTPUT -o ${PUB_IF} -d ${BR_NET} -s ${PUB_IP} -j srv_https_out
 	$IPT -A OUTPUT -o ${PUB_IF} -d ${BR_NET} -s ${PUB_IP} -j srv_ssh_out
 	$IPT -A OUTPUT -o ${PUB_IF} -d ${BR_NET} -s ${PUB_IP} -j srv_git_out