diff options
| -rw-r--r-- | tools/conf/etc/ssh/sshd_config | 141 | ||||
| -rw-r--r-- | tools/gitolite.html | 102 | ||||
| -rw-r--r-- | tools/index.html | 5 | ||||
| -rw-r--r-- | tools/openssh.html | 36 | ||||
| -rw-r--r-- | tools/qemu.html | 29 | ||||
| -rw-r--r-- | tools/scripts/config-install.sh | 4 | ||||
| -rw-r--r-- | tools/scripts/install-postgres.sh | 16 | ||||
| -rw-r--r-- | tools/scripts/setup-gitolite.sh | 43 | ||||
| -rw-r--r-- | tools/scripts/setup-nginx.sh (renamed from tools/scripts/install-nginx.sh) | 0 | ||||
| -rw-r--r-- | tools/scripts/setup-openssh.sh | 43 | ||||
| -rw-r--r-- | tools/scripts/setup-php.sh (renamed from tools/scripts/install-php.sh) | 0 | ||||
| -rw-r--r-- | tools/scripts/setup-postgresql.sh | 87 | ||||
| -rw-r--r-- | tools/scripts/system-iptables.sh | 6 | ||||
| -rw-r--r-- | tools/scripts/system-qemu.sh | 65 |
14 files changed, 460 insertions, 117 deletions
diff --git a/tools/conf/etc/ssh/sshd_config b/tools/conf/etc/ssh/sshd_config new file mode 100644 index 0000000..5e07530 --- /dev/null +++ b/tools/conf/etc/ssh/sshd_config @@ -0,0 +1,141 @@ +# $OpenBSD: sshd_config,v 1.98 2016/02/17 05:29:04 djm Exp $ + +# This is the sshd server system-wide configuration file. See +# sshd_config(5) for more information. + +# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin + +# The strategy used for options in the default sshd_config shipped with +# OpenSSH is to specify options with their default value where +# possible, but leave them commented. Uncommented options override the +# default value. + +Port 2222 +#AddressFamily any +AddressFamily inet +#ListenAddress 0.0.0.0 +#ListenAddress :: + +# The default requires explicit activation of protocol 1 +Protocol 2 + +# HostKey for protocol version 1 +#HostKey /etc/ssh/ssh_host_key +# HostKeys for protocol version 2 +#HostKey /etc/ssh/ssh_host_rsa_key +#HostKey /etc/ssh/ssh_host_dsa_key +#HostKey /etc/ssh/ssh_host_ecdsa_key +#HostKey /etc/ssh/ssh_host_ed25519_key + +# Lifetime and size of ephemeral version 1 server key +#KeyRegenerationInterval 1h +#ServerKeyBits 1024 + +# Ciphers and keying +#RekeyLimit default none + +# Logging +# obsoletes QuietMode and FascistLogging +#SyslogFacility AUTH +#LogLevel INFO +LogLevel VERBOSE + +# Authentication: + +LoginGraceTime 1m +#PermitRootLogin prohibit-password +PermitRootLogin no +#StrictModes yes +#MaxAuthTries 6 +MaxAuthTries 3 +#MaxSessions 10 + +#RSAAuthentication yes +#PubkeyAuthentication yes + +AllowGroups admin users gitolite + +# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 +# but this is overridden so installations will only check .ssh/authorized_keys +AuthorizedKeysFile .ssh/authorized_keys + +#AuthorizedPrincipalsFile none + +#AuthorizedKeysCommand none +#AuthorizedKeysCommandUser nobody + +# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts +#RhostsRSAAuthentication no +# similar for protocol version 2 +#HostbasedAuthentication no +# Change to yes if you don't trust ~/.ssh/known_hosts for +# RhostsRSAAuthentication and HostbasedAuthentication +#IgnoreUserKnownHosts no +# Don't read the user's ~/.rhosts and ~/.shosts files +#IgnoreRhosts yes + +# To disable tunneled clear text passwords, change to no here! +#PasswordAuthentication yes +PasswordAuthentication no +#PermitEmptyPasswords no + +# Change to no to disable s/key passwords +#ChallengeResponseAuthentication yes +ChallengeResponseAuthentication no + +# Kerberos options +#KerberosAuthentication no +#KerberosOrLocalPasswd yes +#KerberosTicketCleanup yes +#KerberosGetAFSToken no + +# GSSAPI options +#GSSAPIAuthentication no +#GSSAPICleanupCredentials yes + +# Set this to 'yes' to enable PAM authentication, account processing, +# and session processing. If this is enabled, PAM authentication will +# be allowed through the ChallengeResponseAuthentication and +# PasswordAuthentication. Depending on your PAM configuration, +# PAM authentication via ChallengeResponseAuthentication may bypass +# the setting of "PermitRootLogin without-password". +# If you just want the PAM account and session checks to run without +# PAM authentication, then enable this but set PasswordAuthentication +# and ChallengeResponseAuthentication to 'no'. +#UsePAM no + +#AllowAgentForwarding yes +#AllowTcpForwarding yes +#GatewayPorts no +#X11Forwarding no +#X11DisplayOffset 10 +#X11UseLocalhost yes +#PermitTTY yes +#PrintMotd yes +#PrintLastLog yes +#TCPKeepAlive yes +#UseLogin no +UsePrivilegeSeparation sandbox +#PermitUserEnvironment no +#Compression delayed +#ClientAliveInterval 0 +#ClientAliveCountMax 3 +#UseDNS no +#PidFile /var/run/sshd.pid +#MaxStartups 10:30:100 +#PermitTunnel no +#ChrootDirectory none +#VersionAddendum none + +# no default banner path +Banner /etc/issues + +# override default of no subsystems +Subsystem sftp /usr/lib/ssh/sftp-server + +# Example of overriding settings on a per-user basis +#Match User anoncvs +# X11Forwarding no +# AllowTcpForwarding no +# PermitTTY no +# ForceCommand cvs server diff --git a/tools/gitolite.html b/tools/gitolite.html index 8616798..58d6d96 100644 --- a/tools/gitolite.html +++ b/tools/gitolite.html @@ -2,33 +2,28 @@ <html dir="ltr" lang="en"> <head> <meta charset='utf-8'> - <title>1. Gitolite</title> + <title>Gitolite</title> </head> <body> <a href="index.html">Tools Index</a> - <h1>1. Gitolite</h1> + <h1>Gitolite</h1> - <h2 id="install">1.1. Install Gitolite</h2> + <h2 id="install">1. Install Gitolite</h2> <p>Install <a href="../ports/gitolite/">Gitolite port</a> first;</p> + <pre> $ prt-get depinst gitolite </pre> - <p>This setup is based on documentation from - <a href="https://wiki.archlinux.org/index.php/Gitolite">Arch Wiki</a>. Mount point;</p> - - <pre> - # mkdir -p /srv/gitolite - # mount /srv/gitolite - </pre> + <h2 id="config">2. Configure Gitolite</h2> - <p>Create user;</p> + <p>Create user and home directory;</p> <pre> + # mkdir -p /srv/gitolite # useradd -U -d /srv/gitolite gitolite - # passwd gitolite # chown gitolite:gitolite /srv/gitolite </pre> @@ -36,10 +31,14 @@ locked and can login via ssh. This password will not be used.</p> - <h2 id="config">1.2. Configure Gitolite</h2> + <pre> + # passwd gitolite + </pre> - <p>You need to copy a public key, read <a href="openssh.html#ssh">ssh</a> - how to create one.</p> + <p>Copy public key that will be used for + authenticating gitolite administrator, read + <a href="openssh.html#ssh">ssh</a> how to + create one.</p> <pre> $ sudo install -o gitolite -g gitolite /home/bob/.ssh/gitolite.pub /srv/gitolite/gitolite.pub @@ -66,7 +65,7 @@ $ ssh -v -i ~/.ssh/gitulite_rsa gitolite@localhost -p 2222 </pre> - <h2 id="admin">1.3. Gitolite Administration</h2> + <h2 id="admin">3. Gitolite Administration</h2> <p>Read how to setup <a href="openssh.html#sshid">ssh identities</a>, <a href="http://gitolite.com/gitolite/gitolite.html#basic-admin">gitolite documentation</a>. @@ -76,7 +75,7 @@ $ git clone gitolite:gitolite-admin </pre> - <h3>1.3.1. Recover Admin Account</h3> + <h3>3.1. Recover Admin Account</h3> <p>First copy the key to remote server, in this example key is on same server;</p> @@ -97,13 +96,13 @@ $ exit </pre> - <h3 id="adminusers">1.3.2. Users</h3> + <h3 id="adminusers">3.2. Users</h3> <p>Gitolite helps add and remove users from authorized_keys by allowing add or remove keys from keydir directory in clone.</p> - <h4>Add User</h4> + <h4>3.2.1. Add User</h4> <pre> $ mv bob.pub keydir/ @@ -112,7 +111,7 @@ $ git push </pre> - <h4>Remove User</h4> + <h4>3.2.2. Remove User</h4> <pre> $ git rm keydir/bob.pub @@ -120,9 +119,9 @@ $ git push </pre> - <h3 id="adminrep">1.3.3. Repositories</h3> + <h3 id="adminrep">3.3. Repositories</h3> - <h4>Add Repository</h4> + <h4>3.3.1. Add Repository</h4> <p>Add repository atom and user bob to devteam group, edit conf/gitolite.conf;</p> @@ -169,8 +168,7 @@ $ git push </pre> - <p> - <h4>Rename Repository</h4> + <h4>3.3.2 Rename Repository</h4> <p>Rename rep void to sysdoc, on remote host;</p> @@ -193,12 +191,12 @@ $ git push </pre> - <h2 id="hooks">1.4. Gitolite Hooks</h2> + <h2 id="hooks">4. Gitolite Hooks</h2> <p>Example from <a href="http://gitolite.com/gitolite/cookbook.html#v3.6-variation-repo-specific-hooks">Cookbook</a> how to apply hooks only to certain repos. Uncomment or add - this line on /srv/gitolite/.gitolite.rc, within the %RC block;</p> + this line on /srv/gitolite/.gitolite.rc, within the %RC block;</p> <pre> LOCAL_CODE => "$rc{GL_ADMIN_BASE}/local", @@ -234,7 +232,7 @@ git "standard" names (pre-receive, post-receive, post-update), you use descriptive names (e.g. "deploy", "RSS-post", etc).</p> - <h3 id="gtl-deploy">1.4.1. Deploy Hook</h3> + <h3 id="gtl-deploy">4.1. Deploy Hook</h3> <p>This manual create two users; one gitolite that handle git central server and system www for web servers. To avoid permission @@ -242,9 +240,9 @@ we have permission to use chown, this way files end up with right www user ownership and permissions.</p> - <p>This hook allows to select wich branch is deployed and if exists, - calls a script inside project folder with user www. This allows to - do post deploy (checkout) tasks such as composer update.</p> + <p>This hook allows to select wich branch is deployed and if exists, + calls a script inside project folder with user www. This allows to + do post deploy (checkout) tasks such as composer update.</p> <p>Create <a href="../conf/srv/gitoliteolite/deployweb">deployweb</a> in gitolite-admin/local/hooks/repo-specific;</p> @@ -254,29 +252,29 @@ </pre> <pre> - #!/bin/bash + #!/bin/bash - ###################################################################### - # - # Put this file in your gitolite-admin; - # ~/gitolite-admin/local/hooks/repo-specific/deployweb - # - while read oldrev newrev refname - do - BRANCH=$(git rev-parse --symbolic --abbrev-ref $refname) - echo "Commit was for branch $BRANCH" + ###################################################################### + # + # Put this file in your gitolite-admin; + # ~/gitolite-admin/local/hooks/repo-specific/deployweb + # + while read oldrev newrev refname + do + BRANCH=$(git rev-parse --symbolic --abbrev-ref $refname) + echo "Commit was for branch $BRANCH" - if [[ "$BRANCH" == "master" ]];then + if [[ "$BRANCH" == "master" ]];then - # Get project name from current directory (without .git) - PROJECT=$(basename "$PWD") - PROJECT=${PROJECT%.git} + # Get project name from current directory (without .git) + PROJECT=$(basename "$PWD") + PROJECT=${PROJECT%.git} - echo "Project $PROJECT added to deploy list." - echo $PWD > /srv/gitolite/deploy/$PROJECT - fi + echo "Project $PROJECT added to deploy list." + echo $PWD > /srv/gitolite/deploy/$PROJECT + fi - done + done </pre> <p>Create deploy directory on remote;</p> @@ -422,10 +420,10 @@ <a href="index.html">Tools Index</a> <p>This is part of the c9-doc Manual. - Copyright (C) 2016 - c9 team. - See the file <a href="../fdl-1.3-standalone.html">Gnu Free Documentation License</a> - for copying conditions.</p> + Copyright (C) 2016 + c9 team. + See the file <a href="../fdl-1.3-standalone.html">Gnu Free Documentation License</a> + for copying conditions.</p> </body> </html> diff --git a/tools/index.html b/tools/index.html index d20ccfa..c6fbae7 100644 --- a/tools/index.html +++ b/tools/index.html @@ -127,9 +127,8 @@ <a href="openssh.html">OpenSSH</a> <ul> <li><a href="openssh.html#sshd">1. Server</a></li> - <li><a href="openssh.html#sshdconf">2. Configure Server</a></li> - <li><a href="openssh.html#ssh">3. Client</a></li> - <li><a href="openssh.html#reverse">4. Reverse connection</a></li> + <li><a href="openssh.html#ssh">2. Client</a></li> + <li><a href="openssh.html#reverse">3. Reverse connection</a></li> </ul> </li> <li><a href="gitolite.html">Gitolite</a> diff --git a/tools/openssh.html b/tools/openssh.html index 3fe72e3..d0a549c 100644 --- a/tools/openssh.html +++ b/tools/openssh.html @@ -2,11 +2,11 @@ <html dir="ltr" lang="en"> <head> <meta charset='utf-8'> - <title>1. OpenSSH</title> + <title>OpenSSH</title> </head> <body> <a href="index.html">Tools Index</a> - <h1>1. OpenSSH</h1> + <h1>OpenSSH</h1> <p>OpenBSD Secure Shell, is a suite of security-related network-level utilities based on the SSH protocol, @@ -14,7 +14,7 @@ encryption of network traffic over multiple authentication methods and by providing secure tunneling capabilities.</p> - <h2 id="sshd">1.1. Server</h2> + <h2 id="sshd">1. Server</h2> <p>Crux openssh port install this files to etc;</p> @@ -45,7 +45,7 @@ $ man sshd </pre> - <h3 id="sshdconf">1.1.1. Configure Server</h3> + <h3 id="sshdconf">1.1. Configure Server</h3> <p>Read OpenSSH server <a href="http://www.cyberciti.biz/tips/linux-unix-bsd-openssh-server-best-practices.html">Best Security Practices</a>, @@ -68,7 +68,12 @@ #ListenAddress :: </pre> - <p>Authentication settings;</p> + <pre> + # The default requires explicit activation of protocol 1 + Protocol 2 + </pre> + + <p>Authentication settings;</p> <pre> # Authentication: @@ -114,9 +119,10 @@ Banner /etc/issue </pre> + <h3 id="iptables">1.2. Configure iptables</h3> <p>Iptables;</p> - <p>Example of <a href="../src/bash/iptables/iptables.sh">iptable script</a></p> + <p>Example of <a href="scripts/system-iptables.sh">system-iptables.sh</a></p> <pre> $IPT -A INPUT -i ${PUB_IF} -p tcp --dport 2222 --sport 1024:65535 -m state --state ESTABLISHED -j ACCEPT @@ -124,6 +130,8 @@ $IPT -A OUTPUT -o ${PUB_IF} -p tcp --sport 2222 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT </pre> + <h3 id="syslogng">1.3. Configure Syslog-ng</h3> + <p>Change SyslogFacility in accordance with <a href="syslog-ng.html#syslog-conf">syslog-ng configuration;</a></p> <pre> @@ -154,7 +162,7 @@ # ss -f inet -l -p | grep ssh </pre> - <h2 id="ssh">1.2. Client</h2> + <h2 id="ssh">2. Client</h2> <p>To create new key;</p> @@ -186,7 +194,7 @@ $ chmod 600 ~/.ssh/gitolite </pre> - <h3 id="sshpubkey">1.2.1. Install Public Keys</h3> + <h3 id="sshpubkey">2.1. Install Public Keys</h3> <p>Send gitolite.pub public key to server. In this example bob (administrator of gitolite) is on same host, @@ -215,7 +223,7 @@ $ ssh -P 2222 bob@remote.org </pre> - <h3 id="sshid">1.2.2. Configure Identities</h3> + <h3 id="sshid">2.2. Configure Identities</h3> <p>When you have multiple accounts/identities you can configure ssh client so you dont need to give @@ -270,7 +278,7 @@ <p>Logout just detach from session with ctrl + b d </p> - <h2 id="reverse">1.3. Reverse connection</h2> + <h2 id="reverse">3. Reverse connection</h2> <p>This information is inspired by <a href="http://www.vdomck.org/2005/11/reversing-ssh-connection.html">Reverse SSH connections</a> @@ -295,10 +303,10 @@ <a href="index.html">Tools Index</a> <p>This is part of the c9-doc Manual. -Copyright (C) 2016 -c9 team. -See the file <a href="fdl-1.3-standalone.html">Gnu Free Documentation License</a> -for copying conditions.</p> + Copyright (C) 2016 + c9 team. + See the file <a href="fdl-1.3-standalone.html">Gnu Free Documentation License</a> + for copying conditions.</p> </body> diff --git a/tools/qemu.html b/tools/qemu.html index 272a26b..0079dfc 100644 --- a/tools/qemu.html +++ b/tools/qemu.html @@ -123,7 +123,7 @@ <pre> # DEV="br0" - # TAP="tap5" + # TAP="tap1" </pre> <pre> @@ -135,12 +135,26 @@ # ip link set ${TAP} master ${DEV} </pre> + <h3>2.2. Routing</h3> + + <p>Create interface with correct permissions set for kvm group.</p> + + <pre> + # sysctl -w net.ipv4.ip_forward=1 + # iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o eth0 -j MASQUERADE + </pre> + + <h2 id="guest">Guest System</h2> + + <p>Start qemu with 512 of ram, mydisk.img as disk and boot from iso</p> + <p>See <a href="scripts/system-qemu.sh">scripts/system-qemu.sh</a>, as template. Run virtual machine that uses above tap device;</p> <pre> $ ISO=~/crux-3.2.iso $ IMG=~/crux-img.qcow2 + $ TAP="tap1" $ qemu-system-x86_64 \ -enable-kvm \ @@ -151,19 +165,6 @@ -net nic,model=virtio -net tap,ifname=${TAP},script=no,downscript=no </pre> - <h3>2.2. Routing</h3> - - <p>Create interface with correct permissions set for kvm group.</p> - - <pre> - # sysctl -w net.ipv4.ip_forward=1 - # iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o eth0 -j MASQUERADE - </pre> - - <h2 id="guest">Guest System</h2> - - <p>Start qemu with 512 of ram, mydisk.img as disk and boot from iso</p> - <pre> $ ISO=~/crux-3.2.iso $ IMG=~/crux-img.qcow2 diff --git a/tools/scripts/config-install.sh b/tools/scripts/config-install.sh deleted file mode 100644 index 061081f..0000000 --- a/tools/scripts/config-install.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/sh - -CONF_DIR="$(dirname `dirname $0`)/conf" -echo "CONF_DIR=$CONF_DIR\n" diff --git a/tools/scripts/install-postgres.sh b/tools/scripts/install-postgres.sh deleted file mode 100644 index 06666e0..0000000 --- a/tools/scripts/install-postgres.sh +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/sh - -. `dirname $0`/config-install.sh - -prt-get depinst postgresql - -cp -R $CONF_DIR/etc/rc.d/postgresql /etc/rc.d/ - -mkdir /srv/pgsql/ -touch /var/log/postgresql -chown postgres:postgres /srv/pgsql /var/log/postgresql - -sudo -u postgres initdb -D /srv/pgsql/data - -cp $CONF_DIR/srv/pgsql/data/pg_hba.conf /srv/pgsql/data/ -chown postgres:postgres /srv/pgsql/data/pg_hba.conf diff --git a/tools/scripts/setup-gitolite.sh b/tools/scripts/setup-gitolite.sh new file mode 100644 index 0000000..c42db14 --- /dev/null +++ b/tools/scripts/setup-gitolite.sh @@ -0,0 +1,43 @@ +#!/bin/sh + +# First we define the function +ConfirmOrExit () +{ + while true + do + echo -n "Please confirm (y or n) :" + read CONFIRM + case $CONFIRM in + y|Y|YES|yes|Yes) break ;; + n|N|no|NO|No) + echo "Aborting - you entered $CONFIRM" + exit + ;; + *) echo "Please enter only y or n" + esac + done + echo "You entered $CONFIRM. Continuing ..." +} + + +# Absolute path to this script, e.g. /home/user/bin/foo.sh +SCRIPT=$(readlink -f "$0") +# Absolute path this script is in, thus /home/user/bin +SCRIPTPATH=$(dirname "$SCRIPT") + +DIR=$(dirname "$SCRIPTPATH"); +DIR_CONF=$DIR"/conf" + +echo "SCRIPT=$SCRIPT"; +echo "SCRIPTPATH=$SCRIPTPATH"; +echo "DIR=$DIR"; +echo "DIR_CONF=$DIR_CONF"; +ConfirmOrExit + + prt-get depinst gitolite + + mkdir -p /srv/gitolite + useradd -U -d /srv/gitolite gitolite + chown gitolite:gitolite /srv/gitolite + +exit 0; diff --git a/tools/scripts/install-nginx.sh b/tools/scripts/setup-nginx.sh index decacc1..decacc1 100644 --- a/tools/scripts/install-nginx.sh +++ b/tools/scripts/setup-nginx.sh diff --git a/tools/scripts/setup-openssh.sh b/tools/scripts/setup-openssh.sh new file mode 100644 index 0000000..14afe8b --- /dev/null +++ b/tools/scripts/setup-openssh.sh @@ -0,0 +1,43 @@ +#!/bin/sh + +# First we define the function +ConfirmOrExit () +{ + while true + do + echo -n "Please confirm (y or n) :" + read CONFIRM + case $CONFIRM in + y|Y|YES|yes|Yes) break ;; + n|N|no|NO|No) + echo "Aborting - you entered $CONFIRM" + exit + ;; + *) echo "Please enter only y or n" + esac + done + echo "You entered $CONFIRM. Continuing ..." +} + + +# Absolute path to this script, e.g. /home/user/bin/foo.sh +SCRIPT=$(readlink -f "$0") +# Absolute path this script is in, thus /home/user/bin +SCRIPTPATH=$(dirname "$SCRIPT") + +DIR=$(dirname "$SCRIPTPATH"); +DIR_CONF=$DIR"/conf" + +echo "SCRIPT=$SCRIPT"; +echo "SCRIPTPATH=$SCRIPTPATH"; +echo "DIR=$DIR"; +echo "DIR_CONF=$DIR_CONF"; +ConfirmOrExit + + + #installer overwrite system init script + cp -R $DIR_CONF/etc/ssh/sshd_config /etc/ssh/sshd_config + + sh /etc/rc.d/sshd start + +exit 0; diff --git a/tools/scripts/install-php.sh b/tools/scripts/setup-php.sh index 4c28173..4c28173 100644 --- a/tools/scripts/install-php.sh +++ b/tools/scripts/setup-php.sh diff --git a/tools/scripts/setup-postgresql.sh b/tools/scripts/setup-postgresql.sh new file mode 100644 index 0000000..4e1ee3a --- /dev/null +++ b/tools/scripts/setup-postgresql.sh @@ -0,0 +1,87 @@ +#!/bin/sh + +# First we define the function +ConfirmOrExit () +{ + while true + do + echo -n "Please confirm (y or n) :" + read CONFIRM + case $CONFIRM in + y|Y|YES|yes|Yes) break ;; + n|N|no|NO|No) + echo "Aborting - you entered $CONFIRM" + exit + ;; + *) echo "Please enter only y or n" + esac + done + echo "You entered $CONFIRM. Continuing ..." +} + + +# Absolute path to this script, e.g. /home/user/bin/foo.sh +SCRIPT=$(readlink -f "$0") +# Absolute path this script is in, thus /home/user/bin +SCRIPTPATH=$(dirname "$SCRIPT") + +DIR=$(dirname "$SCRIPTPATH"); +DIR_CONF=$DIR"/conf" + +echo "SCRIPT=$SCRIPT"; +echo "SCRIPTPATH=$SCRIPTPATH"; +echo "DIR=$DIR"; +echo "DIR_CONF=$DIR_CONF"; +ConfirmOrExit + +IS_INSTALL=$(prt-get isinst postgresql); +echo $IS_INSTALL; +if [ "$IS_INSTALL" = "package postgresql is installed" ] +then + echo "updating postgresql" + OLD_VERSION=$(prt-get current postgresql); + echo $OLD_VERSION; + + sudo -u postgres pg_dumpall > /srv/pgsql/dump-$OLD_VERSION.sql + + sh /etc/rc.d/postgresql stop + + #extra backup, in case ... + tar --xattrs -zcpf /srv/pgsql/data-$OLD_VERSION.tar.gz \ + --directory=/srv/pgsql/data . + + rm -R /srv/pgsql/data + + prt-get update postgresql + + NEW_VERSION=$(prt-get current postgresql); + echo $NEW_VERSION; + + sudo -u postgres initdb -D /srv/pgsql/data + + rejmerge + #installer overwrite system init script + cp -R $DIR_CONF/etc/rc.d/postgresql /etc/rc.d/ + + sh /etc/rc.d/postgresql start + sleep 5 + + sudo -u postgres psql -d postgres -f /srv/pgsql/dump-$OLD_VERSION.sql + +else + echo "install postgresql and dependencies" + prt-get depinst postgresql + + cp -R $DIR_CONF/etc/rc.d/postgresql /etc/rc.d/ + + mkdir /srv/pgsql/ + touch /var/log/postgresql + chown postgres:postgres /srv/pgsql /var/log/postgresql + + sudo -u postgres initdb -D /srv/pgsql/data + + cp $DIR_CONF/srv/pgsql/data/pg_hba.conf /srv/pgsql/data/ + chown postgres:postgres /srv/pgsql/data/pg_hba.conf +fi + +exit 0; diff --git a/tools/scripts/system-iptables.sh b/tools/scripts/system-iptables.sh index 4ec3b79..429efde 100644 --- a/tools/scripts/system-iptables.sh +++ b/tools/scripts/system-iptables.sh @@ -339,9 +339,9 @@ $IPT -A OUTPUT -o ${PUB_IF} -p tcp --sport 1024:65535 --dport 1024: -m state -- # $IPT -A OUTPUT -o ${PUB_IF} -p tcp --dport 2100 -j ACCEPT # $IPT -A OUTPUT -o ${PUB_IF} -p tcp --dport 9990 -j ACCEPT # -# echo "Allow wesnoth" -# $IPT -A OUTPUT -o ${PUB_IF} -p tcp --dport 15000 -m state --state NEW -j ACCEPT -# $IPT -A OUTPUT -o ${PUB_IF} -p tcp --dport 14998 -m state --state NEW -j ACCEPT + echo "Allow wesnoth" + $IPT -A OUTPUT -o ${PUB_IF} -p tcp --dport 15000 -m state --state NEW -j ACCEPT + $IPT -A OUTPUT -o ${PUB_IF} -p tcp --dport 14998 -m state --state NEW -j ACCEPT ##### END your rules ############ # Less log of known traffic diff --git a/tools/scripts/system-qemu.sh b/tools/scripts/system-qemu.sh index 8c68e70..489af5e 100644 --- a/tools/scripts/system-qemu.sh +++ b/tools/scripts/system-qemu.sh @@ -1,15 +1,58 @@ #!/bin/sh -ISO=~/crux-3.2.iso -IMG=~/crux-img.qcow2 -TAP=$1 +# First we define the function +ConfirmOrExit () +{ + while true + do + echo -n "Please confirm (y or n) :" + read CONFIRM + case $CONFIRM in + y|Y|YES|yes|Yes) break ;; + n|N|no|NO|No) + echo "Aborting - you entered $CONFIRM" + exit + ;; + *) echo "Please enter only y or n" + esac + done + echo "You entered $CONFIRM. Continuing ..." +} -echo "TAP: $TAP" +SCRIPT=$(readlink -f "$0") +# Absolute path this script is in, thus /home/user/bin +SCRIPTPATH=$(dirname "$SCRIPT") -qemu-system-x86_64 \ - -enable-kvm \ - -m 1024 \ - -boot d \ - -cdrom ${ISO} \ - -hda ${IMG} \ - -net nic,model=virtio -net tap,ifname=${TAP},script=no,downscript=no +DIR=$(dirname "$SCRIPTPATH"); +DIR_LOCAL="$(dirname $(dirname ${DIR}))/local"; + +MEM=$1 +TAP=$2 +ISO_FILE="${DIR_LOCAL}/$3" +IMG="${DIR_LOCAL}/$4" + +echo "MEM (512): $MEM" +echo "TAP (tap1): $TAP" +echo "ISO_FILE (crux-3.2.iso): $ISO_FILE" +echo "IMG (crux-img.qcow2): $IMG" +ConfirmOrExit + +if [ "$ISO_FILE" = "$DIR_LOCAL/" ] +then + qemu-system-x86_64 \ + -enable-kvm \ + -m $MEM \ + -boot c \ + -hda ${IMG} \ + -net nic,model=virtio -net tap,ifname=${TAP},script=no,downscript=no +else + qemu-system-x86_64 \ + -enable-kvm \ + -m $MEM \ + -boot d \ + -cdrom ${ISO_FILE} \ + -hda ${IMG} \ + -net nic,model=virtio -net tap,ifname=${TAP},script=no,downscript=no +fi + +exit 0; |