free
/
freedombone
Bevaka 1
Stjärnmärk 0
Förgrening 0
Kod Ärenden 0 Pull-förfrågningar 0 Släpp 0 Wiki Activity
Bläddra i källkod

Watchdog to disable keyserver if the database becomes too large

Bob Mottram 8 år sedan
förälder
4cdef1e0b4
incheckning
43a44a1186
1 ändrade filer med 34 tillägg och 0 borttagningar
Delad Vy Visa Diff Statistik
  1. 34
    0
      src/freedombone-app-keyserver

+ 34
- 0
src/freedombone-app-keyserver Visa fil 

@@ -56,6 +56,33 @@ function check_keyserver_directory_size {
56 56 
     echo "0"
57 57 
 }
58 58
59 
+function keyserver_watchdog {
60 
+    ADMIN_USERNAME=$(cat $COMPLETION_FILE | grep "Admin user" | awk -F ':' '{print $2}')
61 
+    ADMIN_EMAIL_ADDRESS=${ADMIN_USERNAME}@${HOSTNAME}
62 
+    keyserver_size_warning=$"The SKS keyserver database is getting large. Check that you aren't being spammed"
63 
+    keyserver_disabled_warning=$"The SKS keyserver has been disabled because it is getting too large. This is to prevent flooding attacks from crashing the server."
64 
+    keyserver_mail_subject_line=$"${PROJECT_NAME} keyserver warning"
65 
+    keyserver_mail_subject_line_disabled=$"${PROJECT_NAME} keyserver disabled"
66 
+    read_config_param KEYSERVER_DOMAIN_NAME
67 
+    keyserver_watchdog_script=/etc/cron.hourly/keyserver-watchdog
68 
+    echo '#!/bin/bash' > $keyserver_watchdog_script
69 
+    echo "dirsize=\$(du /var/lib/sks/DB | awk -F ' ' '{print \$1}')" >> $keyserver_watchdog_script
70 
+    echo 'if [ $dirsize -gt 450000 ]; then' >> $keyserver_watchdog_script
71 
+
72 
+    echo "  echo \"$keyserver_size_warning\" | mail -s \"$keyserver_mail_subject_line\" $ADMIN_EMAIL_ADDRESS" >> $keyserver_watchdog_script
73 
+
74 
+    echo '  if [ $dirsize -gt 500000 ]; then' >> $keyserver_watchdog_script
75 
+    echo "    nginx_dissite $KEYSERVER_DOMAIN_NAME" >> $keyserver_watchdog_script
76 
+    echo '    systemctl stop sks' >> $keyserver_watchdog_script
77 
+    echo '    systemctl disable sks' >> $keyserver_watchdog_script
78 
+    echo "    echo \"$keyserver_disabled_warning\" | mail -s \"$keyserver_mail_subject_line_disabled\" $ADMIN_EMAIL_ADDRESS" >> $keyserver_watchdog_script
79 
+    echo '  fi' >> $keyserver_watchdog_script
80 
+    echo 'fi' >> $keyserver_watchdog_script
81 
+
82 
+    chmod +x $keyserver_watchdog_script
83 
+}
84 
+
85 
+
59 86 
 function configure_firewall_for_keyserver {
60 87 
     if [[ $ONION_ONLY != "no" ]]; then
61 88 
         return
 
@@ -88,6 +115,8 @@ function reconfigure_keyserver {
88 115 
 }
89 116
90 117 
 function upgrade_keyserver {
118 
+    keyserver_watchdog
119 
+
91 120 
     CURR_KEYSERVER_WEB_COMMIT=$(get_completion_param "keyserver web commit")
92 121 
     if [[ "$CURR_KEYSERVER_WEB_COMMIT" == "$KEYSERVER_WEB_COMMIT" ]]; then
93 122 
         return
 
@@ -260,6 +289,9 @@ function restore_remote_keyserver {
260 289
261 290 
 function remove_keyserver {
262 291 
     systemctl stop sks
292 
+    if [ -f /etc/cron.hourly/keyserver-watchdog ]; then
293 
+        rm /etc/cron.hourly/keyserver-watchdog
294 
+    fi
263 295 
     apt-get -qy remove sks dirmngr
264 296
265 297 
     read_config_param "KEYSERVER_DOMAIN_NAME"
 
@@ -770,6 +802,8 @@ function install_keyserver {
770 802 
     set_completion_param "keyserver onion domain" "$KEYSERVER_ONION_HOSTNAME"
771 803 
     set_completion_param "sks onion domain" "$SKS_ONION_HOSTNAME"
772 804
805 
+    keyserver_watchdog
806 
+
773 807 
     APP_INSTALLED=1
774 808 
 }
775 809