Make telnet management smarter

Bug 4591
Consolidate check for telnet login
Don't remove /etc/securetty edit it
(cherry picked from commit c6c477f2ffb0f2fd4cf12882f22c2c44ab57cc46)

1 files changed, 82 insertions, 0 deletions

diff --git a/scripts/system/vyatta_update_telnet b/scripts/system/vyatta_update_telnet
new file mode 100755
index 00000000..0725a85f
--- /dev/null
+++ b/scripts/system/vyatta_update_telnet
@@ -0,0 +1,82 @@
+#! /bin/bash
+# Script to control telnet daemon parameters
+# and block changes when logged in over telnet
+
+# Block changes to telnet daemon when logged in over telnet
+pid=$(who -um | awk -F " " '{print $7}')
+if ps --pid $(ps --pid $pid -o ppid=) -o cmd= | grep -q telnetd
+then
+    echo "Please configure telnet settings via ssh or console."
+    exit 1
+fi
+
+usage() {
+    echo "Usage: $0 enable <port>"
+    echo "       $0 disable"
+    echo "       $0 allow-root {true|false}"
+    exit 1;
+}
+
+allow-root() {
+    case "$1" in
+    true) ;;
+    false) ;;
+        *)  echo "Expect true or false"
+	    usage ;;
+    esac
+
+    sudo sed -i -e '/^# Pseudo-terminal (telnet)/,$d' /etc/securetty
+
+    if [ $1 = "false" ]; then
+	return
+    fi
+
+    sudo sh -c "cat >>/etc/securetty" <<EOF
+# Pseudo-terminal (telnet)
+pts/0
+pts/1
+pts/2
+pts/3
+pts/4
+pts/5
+pts/6
+pts/7
+pts/8
+pts/9
+pts/10
+pts/11
+pts/12
+pts/13
+pts/14
+pts/15
+pts/16
+pts/17
+pts/18
+pts/19
+EOF
+
+}
+
+case "$1" in
+    allow-root) 
+	allow-root $2
+	;;
+
+    enable)
+	if [ -z "$2" ]
+	then echo "Missing port number";
+	    usage
+	fi
+	exec sudo /opt/vyatta/sbin/telnetd.init restart "$2"
+	;;
+
+    disable)
+	exec sudo /opt/vyatta/sbin/telnetd.init stop
+	;;
+
+    *)  
+	echo "Unknown argument $1";
+	usage 
+	;;
+esac
+