free
/
freedombone
İzle 1
Yıldızla 0
Çatalla 0
Kod Sorunlar 0 Değişiklik İstekleri 0 Sürümler 0 Wiki Aktivite
Kaynağa Gözat

Watchdog to disable keyserver if the database becomes too large

Bob Mottram 7 yıl önce
ebeveyn
4cdef1e0b4
işleme
43a44a1186
1 değiştirilmiş dosya ile 34 ekleme ve 0 silme
Birleşik Görünüm Farklılık Durumunu Göster
  1. 34
    0
      src/freedombone-app-keyserver

+ 34
- 0
src/freedombone-app-keyserver Dosyayı Görüntüle

56 
     echo "0"
 56 
     echo "0"
57 
 }
 57 
 }
58
58
59 
+function keyserver_watchdog {
60 
+    ADMIN_USERNAME=$(cat $COMPLETION_FILE | grep "Admin user" | awk -F ':' '{print $2}')
61 
+    ADMIN_EMAIL_ADDRESS=${ADMIN_USERNAME}@${HOSTNAME}
62 
+    keyserver_size_warning=$"The SKS keyserver database is getting large. Check that you aren't being spammed"
63 
+    keyserver_disabled_warning=$"The SKS keyserver has been disabled because it is getting too large. This is to prevent flooding attacks from crashing the server."
64 
+    keyserver_mail_subject_line=$"${PROJECT_NAME} keyserver warning"
65 
+    keyserver_mail_subject_line_disabled=$"${PROJECT_NAME} keyserver disabled"
66 
+    read_config_param KEYSERVER_DOMAIN_NAME
67 
+    keyserver_watchdog_script=/etc/cron.hourly/keyserver-watchdog
68 
+    echo '#!/bin/bash' > $keyserver_watchdog_script
69 
+    echo "dirsize=\$(du /var/lib/sks/DB | awk -F ' ' '{print \$1}')" >> $keyserver_watchdog_script
70 
+    echo 'if [ $dirsize -gt 450000 ]; then' >> $keyserver_watchdog_script
71 
+
72 
+    echo "  echo \"$keyserver_size_warning\" | mail -s \"$keyserver_mail_subject_line\" $ADMIN_EMAIL_ADDRESS" >> $keyserver_watchdog_script
73 
+
74 
+    echo '  if [ $dirsize -gt 500000 ]; then' >> $keyserver_watchdog_script
75 
+    echo "    nginx_dissite $KEYSERVER_DOMAIN_NAME" >> $keyserver_watchdog_script
76 
+    echo '    systemctl stop sks' >> $keyserver_watchdog_script
77 
+    echo '    systemctl disable sks' >> $keyserver_watchdog_script
78 
+    echo "    echo \"$keyserver_disabled_warning\" | mail -s \"$keyserver_mail_subject_line_disabled\" $ADMIN_EMAIL_ADDRESS" >> $keyserver_watchdog_script
79 
+    echo '  fi' >> $keyserver_watchdog_script
80 
+    echo 'fi' >> $keyserver_watchdog_script
81 
+
82 
+    chmod +x $keyserver_watchdog_script
83 
+}
84 
+
85 
+
59 
 function configure_firewall_for_keyserver {
 86 
 function configure_firewall_for_keyserver {
60 
     if [[ $ONION_ONLY != "no" ]]; then
 87 
     if [[ $ONION_ONLY != "no" ]]; then
61 
         return
 88 
         return
88 
 }
 115 
 }
89
116
90 
 function upgrade_keyserver {
 117 
 function upgrade_keyserver {
118 
+    keyserver_watchdog
119 
+
91 
     CURR_KEYSERVER_WEB_COMMIT=$(get_completion_param "keyserver web commit")
 120 
     CURR_KEYSERVER_WEB_COMMIT=$(get_completion_param "keyserver web commit")
92 
     if [[ "$CURR_KEYSERVER_WEB_COMMIT" == "$KEYSERVER_WEB_COMMIT" ]]; then
 121 
     if [[ "$CURR_KEYSERVER_WEB_COMMIT" == "$KEYSERVER_WEB_COMMIT" ]]; then
93 
         return
 122 
         return
260
289
261 
 function remove_keyserver {
 290 
 function remove_keyserver {
262 
     systemctl stop sks
 291 
     systemctl stop sks
292 
+    if [ -f /etc/cron.hourly/keyserver-watchdog ]; then
293 
+        rm /etc/cron.hourly/keyserver-watchdog
294 
+    fi
263 
     apt-get -qy remove sks dirmngr
 295 
     apt-get -qy remove sks dirmngr
264
296
265 
     read_config_param "KEYSERVER_DOMAIN_NAME"
 297 
     read_config_param "KEYSERVER_DOMAIN_NAME"
770 
     set_completion_param "keyserver onion domain" "$KEYSERVER_ONION_HOSTNAME"
 802 
     set_completion_param "keyserver onion domain" "$KEYSERVER_ONION_HOSTNAME"
771 
     set_completion_param "sks onion domain" "$SKS_ONION_HOSTNAME"
 803 
     set_completion_param "sks onion domain" "$SKS_ONION_HOSTNAME"
772
804
805 
+    keyserver_watchdog
806 
+
773 
     APP_INSTALLED=1
 807 
     APP_INSTALLED=1
774 
 }
 808 
 }
775
809