Kaynağa Gözat

Tidying gnusocial utils

Bob Mottram 7 yıl önce
ebeveyn
işleme
8b4ddff6eb

+ 16
- 16
src/freedombone-utils-dns Dosyayı Görüntüle

@@ -131,7 +131,7 @@ function create_freedns_updater {
131 131
 }
132 132
 
133 133
 function add_ddns_domain {
134
-    if [ ! $1 ]; then
134
+    if [ ! "$1" ]; then
135 135
         echo $'ddns domain not specified'
136 136
         exit 5638
137 137
     fi
@@ -147,10 +147,10 @@ function add_ddns_domain {
147 147
         exit 5745
148 148
     fi
149 149
     if ! grep -q "$DDNS_PROVIDER" /etc/inadyn.conf; then
150
-        echo '' >> /etc/inadyn.conf
151
-        echo "system $DDNS_PROVIDER" >> /etc/inadyn.conf
152
-        echo '  ssl' >> /etc/inadyn.conf
153
-        echo "  checkip-url $GET_IP_ADDRESS_URL /" >> /etc/inadyn.conf
150
+        { echo '';
151
+          echo "system $DDNS_PROVIDER";
152
+          echo '  ssl';
153
+          echo "  checkip-url $GET_IP_ADDRESS_URL /"; } >> /etc/inadyn.conf
154 154
         if [ $DDNS_USERNAME ]; then
155 155
             echo "  username $DDNS_USERNAME" >> /etc/inadyn.conf
156 156
         fi
@@ -168,7 +168,7 @@ function add_ddns_domain {
168 168
 }
169 169
 
170 170
 function remove_ddns_domain {
171
-    if [ ! $1 ]; then
171
+    if [ ! "$1" ]; then
172 172
         echo $'ddns domain not specified'
173 173
         exit 5638
174 174
     fi
@@ -203,14 +203,14 @@ function configure_dns {
203 203
     # allow changes to resolv.conf
204 204
     chattr -i $resolvconf
205 205
 
206
-    echo 'domain localdomain' > $resolvconf
207
-    echo 'search localdomain' >> $resolvconf
208
-    echo "nameserver $NAMESERVER1" >> $resolvconf
209
-    echo "nameserver $NAMESERVER2" >> $resolvconf
210
-    echo "nameserver $NAMESERVER3" >> $resolvconf
211
-    echo "nameserver $NAMESERVER4" >> $resolvconf
212
-    echo "nameserver $NAMESERVER5" >> $resolvconf
213
-    echo "nameserver $NAMESERVER6" >> $resolvconf
206
+    { echo 'domain localdomain';
207
+      echo 'search localdomain';
208
+      echo "nameserver $NAMESERVER1";
209
+      echo "nameserver $NAMESERVER2";
210
+      echo "nameserver $NAMESERVER3";
211
+      echo "nameserver $NAMESERVER4";
212
+      echo "nameserver $NAMESERVER5";
213
+      echo "nameserver $NAMESERVER6"; } > $resolvconf
214 214
 
215 215
     # prevent resolv.conf from changing
216 216
     resolvconf -u
@@ -222,7 +222,7 @@ function set_hostname {
222 222
     DEFAULT_DOMAIN_NAME="$1"
223 223
 
224 224
     echo "$DEFAULT_DOMAIN_NAME" > /etc/hostname
225
-    hostname $DEFAULT_DOMAIN_NAME
225
+    hostname "$DEFAULT_DOMAIN_NAME"
226 226
     echo "$DEFAULT_DOMAIN_NAME" > /etc/mailname
227 227
 
228 228
     if grep -q "127.0.1.1" /etc/hosts; then
@@ -238,7 +238,7 @@ function set_your_domain_name {
238 238
     fi
239 239
 
240 240
     function_check set_hostname
241
-    set_hostname $DEFAULT_DOMAIN_NAME
241
+    set_hostname "$DEFAULT_DOMAIN_NAME"
242 242
 
243 243
     mark_completed "${FUNCNAME[0]}"
244 244
 }

+ 22
- 21
src/freedombone-utils-filesystem Dosyayı Görüntüle

@@ -32,44 +32,45 @@ TOMB_REPO="https://github.com/dyne/Tomb"
32 32
 TOMB_COMMIT='c80ebd6d6ed77980eb5b559757e03ea13a29bdd1'
33 33
 
34 34
 function mesh_install_tomb {
35
-    chroot ${rootdir} apt-get -yq install cryptsetup zsh pinentry-curses
35
+    # shellcheck disable=SC2154
36
+    chroot "${rootdir}" apt-get -yq install cryptsetup zsh pinentry-curses
36 37
 
37
-    if [ ! -d ${rootdir}/$INSTALL_DIR ]; then
38
-        mkdir -p ${rootdir}/$INSTALL_DIR
38
+    if [ ! -d "${rootdir}/$INSTALL_DIR" ]; then
39
+        mkdir -p "${rootdir}/$INSTALL_DIR"
39 40
     fi
40 41
 
41 42
     if [ -d /repos/tomb ]; then
42
-        mkdir ${rootdir}/$INSTALL_DIR/tomb
43
-        cp -r -p /repos/tomb/. ${rootdir}/$INSTALL_DIR/tomb
44
-        cd ${rootdir}/$INSTALL_DIR/tomb
43
+        mkdir "${rootdir}/$INSTALL_DIR/tomb"
44
+        cp -r -p /repos/tomb/. "${rootdir}/$INSTALL_DIR/tomb"
45
+        cd "${rootdir}/$INSTALL_DIR/tomb" || exit 3648368
45 46
         git pull
46 47
     else
47
-        git_clone $TOMB_REPO ${rootdir}/$INSTALL_DIR/tomb
48
+        git_clone "$TOMB_REPO" "${rootdir}/$INSTALL_DIR/tomb"
48 49
     fi
49 50
 
50
-    cd ${rootdir}/$INSTALL_DIR/tomb
51
+    cd "${rootdir}/$INSTALL_DIR/tomb" || exit 7346384
51 52
 
52 53
     git checkout $TOMB_COMMIT -b $TOMB_COMMIT
53 54
 
54
-    chroot ${rootdir} /bin/bash -x <<EOF
55
+    chroot "${rootdir}" /bin/bash -x <<EOF
55 56
 cd $INSTALL_DIR/tomb
56 57
 make install
57 58
 EOF
58
-    if [ ! -f ${rootdir}/usr/local/bin/tomb ]; then
59
+    if [ ! -f "${rootdir}/usr/local/bin/tomb" ]; then
59 60
         exit 93462
60 61
     fi
61 62
 }
62 63
 
63 64
 function install_tomb {
64
-    if [ $INSTALLING_MESH ]; then
65
+    if [ "$INSTALLING_MESH" ]; then
65 66
         mesh_install_tomb
66 67
         return
67 68
     fi
68 69
 
69 70
     function_check set_repo_commit
70
-    set_repo_commit $INSTALL_DIR/tomb "tomb commit" "$TOMB_COMMIT" $TOMB_REPO
71
+    set_repo_commit "$INSTALL_DIR/tomb" "tomb commit" "$TOMB_COMMIT" "$TOMB_REPO"
71 72
 
72
-    if [ -f $COMPLETION_FILE ]; then
73
+    if [ -f "$COMPLETION_FILE" ]; then
73 74
         if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
74 75
             return
75 76
         fi
@@ -77,22 +78,22 @@ function install_tomb {
77 78
 
78 79
     apt-get -yq install cryptsetup zsh pinentry-curses
79 80
 
80
-    if [ ! -d $INSTALL_DIR ]; then
81
-        mkdir -p $INSTALL_DIR
81
+    if [ ! -d "$INSTALL_DIR" ]; then
82
+        mkdir -p "$INSTALL_DIR"
82 83
     fi
83 84
 
84 85
     if [ -d /repos/tomb ]; then
85
-        mkdir $INSTALL_DIR/tomb
86
-        cp -r -p /repos/tomb/. $INSTALL_DIR/tomb
87
-        cd $INSTALL_DIR/tomb
86
+        mkdir "$INSTALL_DIR/tomb"
87
+        cp -r -p /repos/tomb/. "$INSTALL_DIR/tomb"
88
+        cd "$INSTALL_DIR/tomb" || exit 7684638
88 89
         git pull
89 90
     else
90
-        git_clone $TOMB_REPO $INSTALL_DIR/tomb
91
+        git_clone "$TOMB_REPO" "$INSTALL_DIR/tomb"
91 92
     fi
92 93
 
93
-    cd $INSTALL_DIR/tomb
94
+    cd "$INSTALL_DIR/tomb" || exit 364863463
94 95
 
95
-    git checkout $TOMB_COMMIT -b $TOMB_COMMIT
96
+    git checkout "$TOMB_COMMIT" -b "$TOMB_COMMIT"
96 97
     set_completion_param "tomb commit" "$TOMB_COMMIT"
97 98
 
98 99
     make install

+ 34
- 34
src/freedombone-utils-final Dosyayı Görüntüle

@@ -33,9 +33,9 @@ function install_final {
33 33
         return
34 34
     fi
35 35
     # unmount any attached usb drive
36
-    if [ -d $USB_MOUNT ]; then
37
-        umount $USB_MOUNT
38
-        rm -rf $USB_MOUNT
36
+    if [ -d "$USB_MOUNT" ]; then
37
+        umount "$USB_MOUNT"
38
+        rm -rf "$USB_MOUNT"
39 39
     fi
40 40
     function_check split_gpg_key_into_fragments
41 41
     split_gpg_key_into_fragments
@@ -63,32 +63,32 @@ $(get_ssh_server_key)
63 63
     echo ''
64 64
 
65 65
     # add user menu on ssh login
66
-    if ! grep -q 'controluser' /home/$MY_USERNAME/.bashrc; then
67
-        echo 'controluser' >> /home/$MY_USERNAME/.bashrc
66
+    if ! grep -q 'controluser' "/home/$MY_USERNAME/.bashrc"; then
67
+        echo 'controluser' >> "/home/$MY_USERNAME/.bashrc"
68 68
     fi
69
-    if [ ! -f $IMAGE_PASSWORD_FILE ]; then
70
-        if [ -f /root/${PROJECT_NAME}-wifi.cfg ]; then
69
+    if [ ! -f "$IMAGE_PASSWORD_FILE" ]; then
70
+        if [ -f "/root/${PROJECT_NAME}-wifi.cfg" ]; then
71 71
             create_wifi_startup_script
72 72
             echo ''
73 73
             echo $'Shutting down the system. Detatch the ethernet cable, attach wifi dongle, then power on again.'
74 74
             echo ''
75
-            ${PROJECT_NAME}-logging off --restart
75
+            "${PROJECT_NAME}-logging" off --restart
76 76
             systemctl poweroff
77 77
             return
78 78
         fi
79 79
         echo $'Turning off logging'
80
-        ${PROJECT_NAME}-logging off --restart
80
+        "${PROJECT_NAME}-logging" off --restart
81 81
         echo $'Rebooting the system'
82 82
         systemctl reboot -i
83 83
     fi
84 84
     echo $'Turning off logging'
85
-    ${PROJECT_NAME}-logging off --restart
85
+    "${PROJECT_NAME}-logging" off --restart
86 86
 }
87 87
 
88 88
 function update_installed_apps_list {
89 89
     # Why does this secondary file exist, apart from COMPLETION_FILE ?
90 90
     # It's so that it is visible to unprivileged users from the user control panel
91
-    cat $COMPLETION_FILE | grep "install_" > /usr/share/${PROJECT_NAME}/installed.txt
91
+    grep "install_" "$COMPLETION_FILE" > "/usr/share/${PROJECT_NAME}/installed.txt"
92 92
 }
93 93
 
94 94
 function create_default_user_removal_daemon {
@@ -96,31 +96,31 @@ function create_default_user_removal_daemon {
96 96
 
97 97
     first_start_daemon_filename=/etc/systemd/system/firststart.service
98 98
     first_start_script=/usr/local/bin/firststart
99
-    echo '#!/bin/bash' > $first_start_script
100
-    echo 'if [ -d /home/fbone]; then' >> $first_start_script
101
-    echo '    userdel -r fbone' >> $first_start_script
102
-    echo '    if [ -d /home/fbone]; then' >> $first_start_script
103
-    echo '        rm -rf /home/fbone' >> $first_start_script
104
-    echo '    fi' >> $first_start_script
105
-    echo 'fi' >> $first_start_script
106
-    echo 'systemctl disable firststart' >> $first_start_script
107
-    echo "rm $first_start_daemon_filename" >> $first_start_script
99
+    { echo '#!/bin/bash';
100
+      echo 'if [ -d /home/fbone]; then';
101
+      echo '    userdel -r fbone';
102
+      echo '    if [ -d /home/fbone]; then';
103
+      echo '        rm -rf /home/fbone';
104
+      echo '    fi';
105
+      echo 'fi';
106
+      echo 'systemctl disable firststart';
107
+      echo "rm $first_start_daemon_filename"; } > $first_start_script
108 108
     chmod +x $first_start_script
109 109
 
110
-    echo '[Unit]' > $first_start_daemon_filename
111
-    echo 'Description=Daemon run on first boot' >> $first_start_daemon_filename
112
-    echo 'After=syslog.target' >> $first_start_daemon_filename
113
-    echo 'After=network.target' >> $first_start_daemon_filename
114
-    echo '' >> $first_start_daemon_filename
115
-    echo '[Service]' >> $first_start_daemon_filename
116
-    echo 'User=root' >> $first_start_daemon_filename
117
-    echo 'Group=root' >> $first_start_daemon_filename
118
-    echo "ExecStart=$first_start_script" >> $first_start_daemon_filename
119
-    echo 'StandardOutput=syslog' >> $first_start_daemon_filename
120
-    echo 'StandardError=syslog' >> $first_start_daemon_filename
121
-    echo '' >> $first_start_daemon_filename
122
-    echo '[Install]' >> $first_start_daemon_filename
123
-    echo 'WantedBy=multi-user.target' >> $first_start_daemon_filename
110
+    { echo '[Unit]';
111
+      echo 'Description=Daemon run on first boot';
112
+      echo 'After=syslog.target';
113
+      echo 'After=network.target';
114
+      echo '';
115
+      echo '[Service]';
116
+      echo 'User=root';
117
+      echo 'Group=root';
118
+      echo "ExecStart=$first_start_script";
119
+      echo 'StandardOutput=syslog';
120
+      echo 'StandardError=syslog';
121
+      echo '';
122
+      echo '[Install]';
123
+      echo 'WantedBy=multi-user.target'; } > $first_start_daemon_filename
124 124
     systemctl enable firststart
125 125
 }
126 126
 

+ 127
- 136
src/freedombone-utils-firewall Dosyayı Görüntüle

@@ -47,7 +47,7 @@ function save_firewall_settings {
47 47
 }
48 48
 
49 49
 function firewall_block_bad_ip_ranges {
50
-    if [ $INSTALLING_MESH ]; then
50
+    if [ "$INSTALLING_MESH" ]; then
51 51
         return
52 52
     fi
53 53
     if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
@@ -135,13 +135,13 @@ function firewall_enable_vpn {
135 135
 }
136 136
 
137 137
 function configure_firewall {
138
-    if [ $INSTALLING_MESH ]; then
138
+    if [ "$INSTALLING_MESH" ]; then
139 139
         mesh_firewall
140 140
         return
141 141
     fi
142 142
     if grep -q "RELATED" /etc/firewall.conf; then
143 143
         # recreate the firewall to remove RELATED
144
-        sed -i "/firewall/d" $COMPLETION_FILE
144
+        sed -i "/firewall/d" "$COMPLETION_FILE"
145 145
     fi
146 146
     if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
147 147
         return
@@ -276,10 +276,10 @@ function configure_internet_protocol {
276 276
         echo 'net.ipv4.tcp_syn_retries = 1' >> /etc/sysctl.conf
277 277
     fi
278 278
     if ! grep -q "keepalive" /etc/sysctl.conf; then
279
-        echo '# keepalive' >> /etc/sysctl.conf
280
-        echo 'net.ipv4.tcp_keepalive_probes = 9' >> /etc/sysctl.conf
281
-        echo 'net.ipv4.tcp_keepalive_intvl = 75' >> /etc/sysctl.conf
282
-        echo 'net.ipv4.tcp_keepalive_time = 7200' >> /etc/sysctl.conf
279
+        { echo '# keepalive';
280
+          echo 'net.ipv4.tcp_keepalive_probes = 9';
281
+          echo 'net.ipv4.tcp_keepalive_intvl = 75';
282
+          echo 'net.ipv4.tcp_keepalive_time = 7200'; } >> /etc/sysctl.conf
283 283
     fi
284 284
     if ! grep -q "net.ipv4.conf.default.send_redirects" /etc/sysctl.conf; then
285 285
         echo "net.ipv4.conf.default.send_redirects = 0" >> /etc/sysctl.conf
@@ -335,103 +335,100 @@ function configure_internet_protocol {
335 335
 }
336 336
 
337 337
 function mesh_firewall {
338
-    FIREWALL_FILENAME=${rootdir}/etc/systemd/system/meshfirewall.service
338
+    # shellcheck disable=SC2154
339
+    FIREWALL_FILENAME="${rootdir}/etc/systemd/system/meshfirewall.service"
339 340
     MESH_FIREWALL_SCRIPT=${rootdir}/usr/bin/mesh-firewall
340 341
 
341
-    echo '#!/bin/bash' > $MESH_FIREWALL_SCRIPT
342
-    echo 'iptables -P INPUT ACCEPT' >> $MESH_FIREWALL_SCRIPT
343
-    echo 'ip6tables -P INPUT ACCEPT' >> $MESH_FIREWALL_SCRIPT
344
-    echo 'iptables -F' >> $MESH_FIREWALL_SCRIPT
345
-    echo 'ip6tables -F' >> $MESH_FIREWALL_SCRIPT
346
-    echo 'iptables -t nat -F' >> $MESH_FIREWALL_SCRIPT
347
-    echo 'ip6tables -t nat -F' >> $MESH_FIREWALL_SCRIPT
348
-    echo 'iptables -X' >> $MESH_FIREWALL_SCRIPT
349
-    echo 'ip6tables -X' >> $MESH_FIREWALL_SCRIPT
350
-    echo 'iptables -P INPUT DROP' >> $MESH_FIREWALL_SCRIPT
351
-    echo 'ip6tables -P INPUT DROP' >> $MESH_FIREWALL_SCRIPT
352
-    echo 'iptables -A INPUT -i lo -j ACCEPT' >> $MESH_FIREWALL_SCRIPT
353
-    echo 'ip6tables -A INPUT -i lo -j ACCEPT' >> $MESH_FIREWALL_SCRIPT
354
-    echo 'iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT' >> $MESH_FIREWALL_SCRIPT
355
-    echo 'ip6tables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT' >> $MESH_FIREWALL_SCRIPT
356
-    echo '' >> $MESH_FIREWALL_SCRIPT
357
-    echo '# Make sure incoming tcp connections are SYN packets' >> $MESH_FIREWALL_SCRIPT
358
-    echo 'iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP' >> $MESH_FIREWALL_SCRIPT
359
-    echo 'ip6tables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP' >> $MESH_FIREWALL_SCRIPT
360
-    echo '' >> $MESH_FIREWALL_SCRIPT
361
-    echo '# Drop packets with incoming fragments' >> $MESH_FIREWALL_SCRIPT
362
-    echo 'iptables -A INPUT -f -j DROP' >> $MESH_FIREWALL_SCRIPT
363
-    echo 'ip6tables -A INPUT -f -j DROP' >> $MESH_FIREWALL_SCRIPT
364
-    echo '' >> $MESH_FIREWALL_SCRIPT
365
-    echo '# Drop bogons' >> $MESH_FIREWALL_SCRIPT
366
-    echo 'iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP' >> $MESH_FIREWALL_SCRIPT
367
-    echo 'ip6tables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP' >> $MESH_FIREWALL_SCRIPT
368
-    echo 'iptables -A INPUT -p tcp --tcp-flags ALL FIN,PSH,URG -j DROP' >> $MESH_FIREWALL_SCRIPT
369
-    echo 'ip6tables -A INPUT -p tcp --tcp-flags ALL FIN,PSH,URG -j DROP' >> $MESH_FIREWALL_SCRIPT
370
-    echo 'iptables -A INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP' >> $MESH_FIREWALL_SCRIPT
371
-    echo 'ip6tables -A INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP' >> $MESH_FIREWALL_SCRIPT
372
-    echo '' >> $MESH_FIREWALL_SCRIPT
373
-    echo '# Incoming malformed NULL packets:' >> $MESH_FIREWALL_SCRIPT
374
-    echo 'iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP' >> $MESH_FIREWALL_SCRIPT
375
-    echo 'ip6tables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP' >> $MESH_FIREWALL_SCRIPT
376
-    echo '' >> $MESH_FIREWALL_SCRIPT
377
-    echo "iptables -A INPUT -p tcp --dport $TOX_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
378
-    echo "ip6tables -A INPUT -p tcp --dport $TOX_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
379
-    echo "iptables -A INPUT -p udp --dport $ZERONET_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
380
-    echo "ip6tables -A INPUT -p udp --dport $ZERONET_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
381
-    echo "iptables -A INPUT -p tcp --dport $ZERONET_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
382
-    echo "ip6tables -A INPUT -p tcp --dport $ZERONET_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
383
-    echo "iptables -A INPUT -p udp --dport $TRACKER_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
384
-    echo "ip6tables -A INPUT -p udp --dport $TRACKER_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
385
-    echo "iptables -A INPUT -p tcp --dport $TRACKER_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
386
-    echo "ip6tables -A INPUT -p tcp --dport $TRACKER_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
387
-    echo "iptables -A INPUT -p udp --dport 1900 -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
388
-    echo "ip6tables -A INPUT -p udp --dport 1900 -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
389
-    chmod +x $MESH_FIREWALL_SCRIPT
390
-
391
-    echo '[Unit]' > $FIREWALL_FILENAME
392
-    echo 'Description=Mesh Firewall' >> $FIREWALL_FILENAME
393
-    echo '' >> $FIREWALL_FILENAME
394
-    echo '[Service]' >> $FIREWALL_FILENAME
395
-    echo 'Type=oneshot' >> $FIREWALL_FILENAME
396
-    echo 'ExecStart=/usr/bin/mesh-firewall' >> $FIREWALL_FILENAME
397
-    echo 'RemainAfterExit=no' >> $FIREWALL_FILENAME
398
-    echo '' >> $FIREWALL_FILENAME
399
-    echo 'TimeoutSec=30' >> $FIREWALL_FILENAME
400
-    echo '' >> $FIREWALL_FILENAME
401
-    echo '[Install]' >> $FIREWALL_FILENAME
402
-    echo 'WantedBy=multi-user.target' >> $FIREWALL_FILENAME
403
-    chmod +x $FIREWALL_FILENAME
342
+    { echo '#!/bin/bash';
343
+      echo 'iptables -P INPUT ACCEPT';
344
+      echo 'ip6tables -P INPUT ACCEPT';
345
+      echo 'iptables -F';
346
+      echo 'ip6tables -F';
347
+      echo 'iptables -t nat -F';
348
+      echo 'ip6tables -t nat -F';
349
+      echo 'iptables -X';
350
+      echo 'ip6tables -X';
351
+      echo 'iptables -P INPUT DROP';
352
+      echo 'ip6tables -P INPUT DROP';
353
+      echo 'iptables -A INPUT -i lo -j ACCEPT';
354
+      echo 'ip6tables -A INPUT -i lo -j ACCEPT';
355
+      echo 'iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT';
356
+      echo 'ip6tables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT';
357
+      echo '';
358
+      echo '# Make sure incoming tcp connections are SYN packets';
359
+      echo 'iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP';
360
+      echo 'ip6tables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP';
361
+      echo '';
362
+      echo '# Drop packets with incoming fragments';
363
+      echo 'iptables -A INPUT -f -j DROP';
364
+      echo 'ip6tables -A INPUT -f -j DROP';
365
+      echo '';
366
+      echo '# Drop bogons';
367
+      echo 'iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP';
368
+      echo 'ip6tables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP';
369
+      echo 'iptables -A INPUT -p tcp --tcp-flags ALL FIN,PSH,URG -j DROP';
370
+      echo 'ip6tables -A INPUT -p tcp --tcp-flags ALL FIN,PSH,URG -j DROP';
371
+      echo 'iptables -A INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP';
372
+      echo 'ip6tables -A INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP';
373
+      echo '';
374
+      echo '# Incoming malformed NULL packets:';
375
+      echo 'iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP';
376
+      echo 'ip6tables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP';
377
+      echo '';
378
+      echo "iptables -A INPUT -p tcp --dport $TOX_PORT -j ACCEPT";
379
+      echo "ip6tables -A INPUT -p tcp --dport $TOX_PORT -j ACCEPT";
380
+      echo "iptables -A INPUT -p udp --dport $ZERONET_PORT -j ACCEPT";
381
+      echo "ip6tables -A INPUT -p udp --dport $ZERONET_PORT -j ACCEPT";
382
+      echo "iptables -A INPUT -p tcp --dport $ZERONET_PORT -j ACCEPT";
383
+      echo "ip6tables -A INPUT -p tcp --dport $ZERONET_PORT -j ACCEPT";
384
+      echo "iptables -A INPUT -p udp --dport $TRACKER_PORT -j ACCEPT";
385
+      echo "ip6tables -A INPUT -p udp --dport $TRACKER_PORT -j ACCEPT";
386
+      echo "iptables -A INPUT -p tcp --dport $TRACKER_PORT -j ACCEPT";
387
+      echo "ip6tables -A INPUT -p tcp --dport $TRACKER_PORT -j ACCEPT";
388
+      echo "iptables -A INPUT -p udp --dport 1900 -j ACCEPT";
389
+      echo "ip6tables -A INPUT -p udp --dport 1900 -j ACCEPT"; } > "$MESH_FIREWALL_SCRIPT"
390
+    chmod +x "$MESH_FIREWALL_SCRIPT"
391
+
392
+    { echo '[Unit]';
393
+      echo 'Description=Mesh Firewall';
394
+      echo '';
395
+      echo '[Service]';
396
+      echo 'Type=oneshot';
397
+      echo 'ExecStart=/usr/bin/mesh-firewall';
398
+      echo 'RemainAfterExit=no';
399
+      echo '';
400
+      echo 'TimeoutSec=30';
401
+      echo '';
402
+      echo '[Install]';
403
+      echo 'WantedBy=multi-user.target'; } > "$FIREWALL_FILENAME"
404
+    chmod +x "$FIREWALL_FILENAME"
404 405
     chroot "$rootdir" systemctl enable meshfirewall
405 406
 }
406 407
 
407 408
 function firewall_add {
408
-    firewall_name=$(echo "$1" | sed "s| |-|g")
409
+    firewall_name=$(string="$1" ; echo "${string// /-}")
409 410
     firewall_port=$2
410 411
     firewall_protocol="$3"
411 412
 
412
-    if ! grep -q "${firewall_name}=${firewall_port}" $FIREWALL_CONFIG; then
413
-        echo "${firewall_name}=${firewall_port}" >> $FIREWALL_CONFIG
414
-        if [ ! ${firewall_protocol} ]; then
415
-            iptables -C INPUT -p udp --dport ${firewall_port} -j ACCEPT
416
-            if [ ! "$?" = "0" ]; then
417
-                iptables -A INPUT -p udp --dport ${firewall_port} -j ACCEPT
413
+    if ! grep -q "${firewall_name}=${firewall_port}" "$FIREWALL_CONFIG"; then
414
+        echo "${firewall_name}=${firewall_port}" >> "$FIREWALL_CONFIG"
415
+        if [ ! "${firewall_protocol}" ]; then
416
+            if ! iptables -C INPUT -p udp --dport "${firewall_port}" -j ACCEPT; then
417
+                iptables -A INPUT -p udp --dport "${firewall_port}" -j ACCEPT
418 418
             fi
419 419
 
420
-            iptables -C INPUT -p tcp --dport ${firewall_port} -j ACCEPT
421
-            if [ ! "$?" = "0" ]; then
422
-                iptables -A INPUT -p tcp --dport ${firewall_port} -j ACCEPT
420
+            if ! iptables -C INPUT -p tcp --dport "${firewall_port}" -j ACCEPT; then
421
+                iptables -A INPUT -p tcp --dport "${firewall_port}" -j ACCEPT
423 422
             fi
424 423
         else
425 424
             if [[ "${firewall_protocol}" == *"udp"* ]]; then
426
-                iptables -C INPUT -p udp --dport ${firewall_port} -j ACCEPT
427
-                if [ ! "$?" = "0" ]; then
428
-                    iptables -A INPUT -p udp --dport ${firewall_port} -j ACCEPT
425
+                if ! iptables -C INPUT -p udp --dport "${firewall_port}" -j ACCEPT; then
426
+                    iptables -A INPUT -p udp --dport "${firewall_port}" -j ACCEPT
429 427
                 fi
430 428
             fi
431 429
             if [[ "${firewall_protocol}" == *"tcp"* ]]; then
432
-                iptables -C INPUT -p tcp --dport ${firewall_port} -j ACCEPT
433
-                if [ ! "$?" = "0" ]; then
434
-                    iptables -A INPUT -p tcp --dport ${firewall_port} -j ACCEPT
430
+                if ! iptables -C INPUT -p tcp --dport "${firewall_port}" -j ACCEPT; then
431
+                    iptables -A INPUT -p tcp --dport "${firewall_port}" -j ACCEPT
435 432
                 fi
436 433
             fi
437 434
         fi
@@ -440,33 +437,29 @@ function firewall_add {
440 437
 }
441 438
 
442 439
 function firewall_add_range {
443
-    firewall_name=$(echo "$1" | sed "s| |-|g")
440
+    firewall_name=$(string="$1" ; echo "${string// /-}")
444 441
     firewall_port_start=$2
445 442
     firewall_port_end=$3
446 443
     firewall_protocol="$4"
447 444
 
448
-    if ! grep -q "${firewall_name}=${firewall_port_start}:${firewall_port_end}" $FIREWALL_CONFIG; then
449
-        echo "${firewall_name}=${firewall_port_start}:${firewall_port_end}" >> $FIREWALL_CONFIG
450
-        if [ ! ${firewall_protocol} ]; then
451
-            iptables -C INPUT -p udp --dport ${firewall_port_start}:${firewall_port_end} -j ACCEPT
452
-            if [ ! "$?" = "0" ]; then
453
-                iptables -A INPUT -p udp --dport ${firewall_port_start}:${firewall_port_end} -j ACCEPT
445
+    if ! grep -q "${firewall_name}=${firewall_port_start}:${firewall_port_end}" "$FIREWALL_CONFIG"; then
446
+        echo "${firewall_name}=${firewall_port_start}:${firewall_port_end}" >> "$FIREWALL_CONFIG"
447
+        if [ ! "${firewall_protocol}" ]; then
448
+            if ! iptables -C INPUT -p udp --dport "${firewall_port_start}":"${firewall_port_end}" -j ACCEPT; then
449
+                iptables -A INPUT -p udp --dport "${firewall_port_start}":"${firewall_port_end}" -j ACCEPT
454 450
             fi
455
-            iptables -C INPUT -p tcp --dport ${firewall_port_start}:${firewall_port_end} -j ACCEPT
456
-            if [ ! "$?" = "0" ]; then
457
-                iptables -A INPUT -p tcp --dport ${firewall_port_start}:${firewall_port_end} -j ACCEPT
451
+            if ! iptables -C INPUT -p tcp --dport "${firewall_port_start}":"${firewall_port_end}" -j ACCEPT; then
452
+                iptables -A INPUT -p tcp --dport "${firewall_port_start}":"${firewall_port_end}" -j ACCEPT
458 453
             fi
459 454
         else
460 455
             if [[ "${firewall_protocol}" == *"udp"* ]]; then
461
-                iptables -C INPUT -p udp --dport ${firewall_port_start}:${firewall_port_end} -j ACCEPT
462
-                if [ ! "$?" = "0" ]; then
463
-                    iptables -A INPUT -p udp --dport ${firewall_port_start}:${firewall_port_end} -j ACCEPT
456
+                if ! iptables -C INPUT -p udp --dport "${firewall_port_start}":"${firewall_port_end}" -j ACCEPT; then
457
+                    iptables -A INPUT -p udp --dport "${firewall_port_start}":"${firewall_port_end}" -j ACCEPT
464 458
                 fi
465 459
             fi
466 460
             if [[ "${firewall_protocol}" == *"tcp"* ]]; then
467
-                iptables -C INPUT -p tcp --dport ${firewall_port_start}:${firewall_port_end} -j ACCEPT
468
-                if [ ! "$?" = "0" ]; then
469
-                    iptables -A INPUT -p tcp --dport ${firewall_port_start}:${firewall_port_end} -j ACCEPT
461
+                if ! iptables -C INPUT -p tcp --dport "${firewall_port_start}":"${firewall_port_end}" -j ACCEPT; then
462
+                    iptables -A INPUT -p tcp --dport "${firewall_port_start}":"${firewall_port_end}" -j ACCEPT
470 463
                 fi
471 464
             fi
472 465
         fi
@@ -479,23 +472,23 @@ function firewall_remove {
479 472
     firewall_port=$1
480 473
     firewall_protocol="$2"
481 474
 
482
-    if [ ! -f $FIREWALL_CONFIG ]; then
475
+    if [ ! -f "$FIREWALL_CONFIG" ]; then
483 476
         return
484 477
     fi
485 478
 
486
-    if grep -q "=${firewall_port}" $FIREWALL_CONFIG; then
487
-        if [ ! ${firewall_protocol} ]; then
488
-            iptables -D INPUT -p udp --dport ${firewall_port} -j ACCEPT
489
-            iptables -D INPUT -p tcp --dport ${firewall_port} -j ACCEPT
479
+    if grep -q "=${firewall_port}" "$FIREWALL_CONFIG"; then
480
+        if [ ! "${firewall_protocol}" ]; then
481
+            iptables -D INPUT -p udp --dport "${firewall_port}" -j ACCEPT
482
+            iptables -D INPUT -p tcp --dport "${firewall_port}" -j ACCEPT
490 483
         else
491 484
             if [[ "${firewall_protocol}" == *"udp"* ]]; then
492
-                iptables -D INPUT -p udp --dport ${firewall_port} -j ACCEPT
485
+                iptables -D INPUT -p udp --dport "${firewall_port}" -j ACCEPT
493 486
             fi
494 487
             if [[ "${firewall_protocol}" == *"tcp"* ]]; then
495
-                iptables -D INPUT -p tcp --dport ${firewall_port} -j ACCEPT
488
+                iptables -D INPUT -p tcp --dport "${firewall_port}" -j ACCEPT
496 489
             fi
497 490
         fi
498
-        sed -i "/=${firewall_port}/d" $FIREWALL_CONFIG
491
+        sed -i "/=${firewall_port}/d" "$FIREWALL_CONFIG"
499 492
         save_firewall_settings
500 493
     fi
501 494
 }
@@ -509,7 +502,7 @@ function domain_to_hex_string {
509 502
         characters=$(echo -n "$segment" | wc -c)
510 503
         hexnum=$(echo "obase=16; $characters" | bc)
511 504
         echo -n "|"
512
-        if [ $(echo -n "$hexnum" | wc -c) -lt 2 ]; then
505
+        if [ "$(echo -n "$hexnum" | wc -c)" -lt 2 ]; then
513 506
             echo -n "0"
514 507
         fi
515 508
         echo -n "$hexnum|$segment"
@@ -523,20 +516,19 @@ function firewall_block_domain {
523 516
     blocked_domain="$1"
524 517
     if [[ "$blocked_domain" == *'@'* ]]; then
525 518
         # Don't try to block email/microblog addresses
526
-        echo "${blocked_domain}" >> $FIREWALL_DOMAINS
519
+        echo "${blocked_domain}" >> "$FIREWALL_DOMAINS"
527 520
         return
528 521
     fi
529
-    if ! grep -q "$blocked_domain" $FIREWALL_DOMAINS; then
530
-        hexstr=$(domain_to_hex_string $blocked_domain)
531
-        iptables -C INPUT -p udp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP
532
-        if [ ! "$?" = "0" ]; then
522
+    if ! grep -q "$blocked_domain" "$FIREWALL_DOMAINS"; then
523
+        hexstr=$(domain_to_hex_string "$blocked_domain")
524
+        if ! iptables -C INPUT -p udp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP; then
533 525
             iptables -A INPUT -p udp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP
534 526
             iptables -A INPUT -p tcp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP
535 527
             iptables -A OUTPUT -p udp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP
536 528
             iptables -A OUTPUT -p tcp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP
537 529
             iptables -I FORWARD -p udp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP
538 530
             iptables -I FORWARD -p tcp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP
539
-            echo "${blocked_domain}" >> $FIREWALL_DOMAINS
531
+            echo "${blocked_domain}" >> "$FIREWALL_DOMAINS"
540 532
             save_firewall_settings
541 533
         fi
542 534
 
@@ -559,13 +551,12 @@ function firewall_block_ip {
559 551
         # Don't try to block email/microblog addresses
560 552
         return
561 553
     fi
562
-    if ! grep -q "$blocked_ip" $FIREWALL_DOMAINS; then
563
-        iptables -C INPUT -s $blocked_ip -j DROP
564
-        if [ ! "$?" = "0" ]; then
565
-            iptables -A INPUT -s $blocked_ip -j DROP
566
-            iptables -A OUTPUT -s $blocked_ip -j DROP
554
+    if ! grep -q "$blocked_ip" "$FIREWALL_DOMAINS"; then
555
+        if ! iptables -C INPUT -s "$blocked_ip" -j DROP; then
556
+            iptables -A INPUT -s "$blocked_ip" -j DROP
557
+            iptables -A OUTPUT -s "$blocked_ip" -j DROP
567 558
 
568
-            echo "${blocked_ip}" >> $FIREWALL_DOMAINS
559
+            echo "${blocked_ip}" >> "$FIREWALL_DOMAINS"
569 560
             save_firewall_settings
570 561
         fi
571 562
     fi
@@ -577,31 +568,31 @@ function firewall_unblock_ip {
577 568
         # Don't try to block email/microblog addresses
578 569
         return
579 570
     fi
580
-    if grep -q "$blocked_ip" $FIREWALL_DOMAINS; then
581
-        iptables -D INPUT -s $blocked_ip -j DROP
582
-        iptables -D OUTPUT -s $blocked_ip -j DROP
571
+    if grep -q "$blocked_ip" "$FIREWALL_DOMAINS"; then
572
+        iptables -D INPUT -s "$blocked_ip" -j DROP
573
+        iptables -D OUTPUT -s "$blocked_ip" -j DROP
583 574
 
584
-        sed -i '/$blocked_ip/d' $FIREWALL_DOMAINS
585
-        echo "${blocked_ip}" >> $FIREWALL_DOMAINS
575
+        sed -i "/$blocked_ip/d" "$FIREWALL_DOMAINS"
576
+        echo "${blocked_ip}" >> "$FIREWALL_DOMAINS"
586 577
         save_firewall_settings
587 578
     fi
588 579
 }
589 580
 
590 581
 function firewall_refresh_blocklist {
591
-    if [ ! -f /root/${PROJECT_NAME}-firewall-domains.cfg ]; then
582
+    if [ ! -f "/root/${PROJECT_NAME}-firewall-domains.cfg" ]; then
592 583
         return
593 584
     fi
594 585
 
595
-    while read blocked_domain; do
596
-        firewall_block_domain $blocked_domain
597
-    done </root/${PROJECT_NAME}-firewall-domains.cfg
586
+    while read -r blocked_domain; do
587
+        firewall_block_domain "$blocked_domain"
588
+    done <"/root/${PROJECT_NAME}-firewall-domains.cfg"
598 589
 }
599 590
 
600 591
 function firewall_unblock_domain {
601 592
     unblocked_domain="$1"
602
-    if grep -q "${unblocked_domain}" $FIREWALL_DOMAINS; then
593
+    if grep -q "${unblocked_domain}" "$FIREWALL_DOMAINS"; then
603 594
         if [[ "${unblocked_domain}" != *'@'* ]]; then
604
-            hexstr=$(domain_to_hex_string $unblocked_domain)
595
+            hexstr=$(domain_to_hex_string "$unblocked_domain")
605 596
             iptables -D INPUT -p udp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP
606 597
             iptables -D INPUT -p tcp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP
607 598
             iptables -D OUTPUT -p udp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP
@@ -610,7 +601,7 @@ function firewall_unblock_domain {
610 601
             iptables -D FORWARD -p tcp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP
611 602
             save_firewall_settings
612 603
         fi
613
-        sed -i "/${unblocked_domain}/d" $FIREWALL_DOMAINS
604
+        sed -i "/${unblocked_domain}/d" "$FIREWALL_DOMAINS"
614 605
     fi
615 606
 }
616 607
 

+ 14
- 15
src/freedombone-utils-git Dosyayı Görüntüle

@@ -37,22 +37,21 @@ function git_clone {
37 37
 }
38 38
 
39 39
 function git_pull {
40
-    if [ ! $1 ]; then
40
+    if [ ! "$1" ]; then
41 41
         echo $'git_pull no repo specified'
42 42
     fi
43 43
 
44 44
     git merge --abort
45 45
     git stash
46
-    git remote set-url origin $1
46
+    git remote set-url origin "$1"
47 47
     git checkout master
48 48
     git pull
49 49
 
50
-    if [ $2 ]; then
50
+    if [ "$2" ]; then
51 51
         # delete any existing branch
52
-        git branch -D $2
52
+        git branch -D "$2"
53 53
         # check out the new branch
54
-        git checkout $2 -b $2
55
-        if [ ! "$?" = "0" ]; then
54
+        if ! git checkout "$2" -b "$2"; then
56 55
             echo $"Unable to checkout $1 $2"
57 56
             exit 72357
58 57
         fi
@@ -63,8 +62,8 @@ function commit_has_changed {
63 62
     repo_dir=$1
64 63
     repo_commit_name=$2
65 64
     repo_commit=$3
66
-    if [ -d $repo_dir ]; then
67
-        if grep -q "$repo_commit_name" $COMPLETION_FILE; then
65
+    if [ -d "$repo_dir" ]; then
66
+        if grep -q "$repo_commit_name" "$COMPLETION_FILE"; then
68 67
             CURRENT_REPO_COMMIT=$(get_completion_param "$repo_commit_name")
69 68
             if [[ "$CURRENT_REPO_COMMIT" != "$repo_commit" ]]; then
70 69
                 echo "1"
@@ -86,13 +85,13 @@ function set_repo_commit {
86 85
     repo_commit=$3
87 86
     repo_url=$4
88 87
 
89
-    if [[ $(commit_has_changed $repo_dir $repo_commit_name $repo_commit) == "1" ]]; then
90
-        cd $repo_dir
91
-        git_pull $repo_url $repo_commit
88
+    if [[ $(commit_has_changed "$repo_dir" "$repo_commit_name" "$repo_commit") == "1" ]]; then
89
+        cd "$repo_dir" || exit 3856835
90
+        git_pull "$repo_url" "$repo_commit"
92 91
 
93 92
         # application specific stuff after updating the repo
94 93
         if [[ $repo_dir == *"www"* ]]; then
95
-            chown -R www-data:www-data $repo_dir
94
+            chown -R www-data:www-data "$repo_dir"
96 95
         fi
97 96
         if [[ $repo_dir == *"gpgit" ]]; then
98 97
             if [ ! -f /usr/bin/gpgit.pl ]; then
@@ -107,12 +106,12 @@ function set_repo_commit {
107 106
         fi
108 107
         if [[ $repo_dir == *"cleanup-maildir" ]]; then
109 108
             if [ ! -f /usr/bin/cleanup-maildir ]; then
110
-                cp $INSTALL_DIR/cleanup-maildir/cleanup-maildir /usr/bin
109
+                cp "$INSTALL_DIR/cleanup-maildir/cleanup-maildir" /usr/bin
111 110
             else
112
-                HASH1=$(sha256sum $INSTALL_DIR/cleanup-maildir/cleanup-maildir | awk -F ' ' '{print $1}')
111
+                HASH1=$(sha256sum "$INSTALL_DIR/cleanup-maildir/cleanup-maildir" | awk -F ' ' '{print $1}')
113 112
                 HASH2=$(sha256sum /usr/bin/cleanup-maildir | awk -F ' ' '{print $1}')
114 113
                 if [[ "$HASH1" != "$HASH2" ]]; then
115
-                    cp $INSTALL_DIR/cleanup-maildir/cleanup-maildir /usr/bin
114
+                    cp "$INSTALL_DIR/cleanup-maildir/cleanup-maildir" /usr/bin
116 115
                 fi
117 116
             fi
118 117
         fi

+ 503
- 506
src/freedombone-utils-gnusocialtools
Dosya farkı çok büyük olduğundan ihmal edildi
Dosyayı Görüntüle