diff options
| -rw-r--r-- | Makefile.am | 1 | ||||
| -rw-r--r-- | debian/vyatta-cfg-system.postinst.in | 3 | ||||
| -rw-r--r-- | scripts/vyatta-banner.pl | 130 | ||||
| -rw-r--r-- | templates/system/login/banner/node.def | 1 | ||||
| -rw-r--r-- | templates/system/login/banner/post-login/node.def | 12 | ||||
| -rw-r--r-- | templates/system/login/banner/pre-login/node.def | 13 |
6 files changed, 160 insertions, 0 deletions
diff --git a/Makefile.am b/Makefile.am index 4cbed0c2..4107298d 100644 --- a/Makefile.am +++ b/Makefile.am @@ -41,6 +41,7 @@ sbin_SCRIPTS += scripts/vyatta-bonding.pl sbin_SCRIPTS += scripts/vyatta-raid-event sbin_SCRIPTS += scripts/vyatta-update-arp-params sbin_SCRIPTS += scripts/zone-mgmt/vyatta-zone.pl +sbin_SCRIPTS += scripts/vyatta-banner.pl noinst_DATA = test_bootfile diff --git a/debian/vyatta-cfg-system.postinst.in b/debian/vyatta-cfg-system.postinst.in index 59b43d13..b49576d9 100644 --- a/debian/vyatta-cfg-system.postinst.in +++ b/debian/vyatta-cfg-system.postinst.in @@ -32,6 +32,9 @@ if [ "$sysconfdir" != "/etc" ]; then touch /etc/sudoers cp -p /etc/sudoers /etc/sudoers.bak + # enable ssh banner + sed -i 's/^#Banner/Banner/' /etc/ssh/sshd_config + # for "admin" level sed -i 's/^# %sudo ALL=NOPASSWD: ALL/%sudo ALL=NOPASSWD: ALL/' /etc/sudoers if ! grep -q '^%sudo ALL=NOPASSWD: ALL' /etc/sudoers; then diff --git a/scripts/vyatta-banner.pl b/scripts/vyatta-banner.pl new file mode 100644 index 00000000..5daeb482 --- /dev/null +++ b/scripts/vyatta-banner.pl @@ -0,0 +1,130 @@ +#!/usr/bin/perl +# +# **** License **** +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# A copy of the GNU General Public License is available as +# `/usr/share/common-licenses/GPL' in the Debian GNU/Linux distribution +# or on the World Wide Web at `http://www.gnu.org/copyleft/gpl.html'. +# You can also obtain it by writing to the Free Software Foundation, +# Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, +# MA 02110-1301, USA. +# +# This code was originally developed by Vyatta, Inc. +# Portions created by Vyatta are Copyright (C) 2009 Vyatta, Inc. +# All Rights Reserved. +# +# Author: Stig Thormodsrud +# Date: April 2009 +# Description: Script to setup login banner +# +# **** End License **** +# + +use lib '/opt/vyatta/share/perl5/'; +use Vyatta::Config; + +use Getopt::Long; +use strict; +use warnings; + +my $prelogin_file = '/etc/issue'; +my $prelogin_net_file = '/etc/issue.net'; +my $postlogin_file = '/etc/motd'; + + +sub save_orig_file { + my $file = shift; + + system "mv $file $file.old" if ! -e "$file.old"; + return; +} + +sub restore_orig_file { + my $file = shift; + + system "mv $file.old $file" if -e "$file.old"; + return; +} + +sub write_file_value { + my ($file, $value) = @_; + + open my $F, '>', $file or die "Error: opening $file [$!]"; + print $F "$value"; + close $F; +} + +sub get_banner { + my $banner_type = shift; + + my $config = new Vyatta::Config; + $config->setLevel('system login banner'); + my $text = $config->returnValue($banner_type); + $text =~ s|\\n|\n|g; + $text =~ s|\\t|\t|g; + return $text; +} + +sub add_prelogin { + save_orig_file($prelogin_file); + save_orig_file($prelogin_net_file); + my $text = get_banner('pre-login'); + write_file_value($prelogin_file, $text); + write_file_value($prelogin_net_file, $text); + return; +} + +sub add_postlogin { + save_orig_file($postlogin_file); + my $text = get_banner('post-login'); + write_file_value($postlogin_file, $text); + return; +} + + +# +# main +# +my ($action, $banner_type); + +GetOptions("action=s" => \$action, + "banner-type=s" => \$banner_type, +); + +die "Error: no action" if ! defined $action; +die "Error: no banner-type" if ! defined $banner_type; + +if ($action eq 'update') { + if ($banner_type eq 'pre-login') { + add_prelogin(); + exit 0; + } + if ($banner_type eq 'post-login') { + add_postlogin(); + exit 0; + } +} + +if ($action eq 'delete') { + if ($banner_type eq 'pre-login') { + restore_orig_file($prelogin_file); + restore_orig_file($prelogin_net_file); + exit 0; + } + if ($banner_type eq 'post-login') { + restore_orig_file($postlogin_file); + exit 0; + } +} + +exit 1; + +#end of file diff --git a/templates/system/login/banner/node.def b/templates/system/login/banner/node.def new file mode 100644 index 00000000..2aef97a4 --- /dev/null +++ b/templates/system/login/banner/node.def @@ -0,0 +1 @@ +help: Set system login banners diff --git a/templates/system/login/banner/post-login/node.def b/templates/system/login/banner/post-login/node.def new file mode 100644 index 00000000..98c139b8 --- /dev/null +++ b/templates/system/login/banner/post-login/node.def @@ -0,0 +1,12 @@ +help: Set system loging banner post-login +type: txt + +update: sudo /opt/vyatta/sbin/vyatta-banner.pl \ + --action=update --banner-type=post-login + +delete: sudo /opt/vyatta/sbin/vyatta-banner.pl \ + --action=delete --banner-type=post-login + +comp_help: possible completions: + <txt> Set login banner + (example: "\\n\\n\\tWelcome to Vyatta!\\n") diff --git a/templates/system/login/banner/pre-login/node.def b/templates/system/login/banner/pre-login/node.def new file mode 100644 index 00000000..7cb80380 --- /dev/null +++ b/templates/system/login/banner/pre-login/node.def @@ -0,0 +1,13 @@ +help: Set system loging banner pre-login +type: txt + +update: sudo /opt/vyatta/sbin/vyatta-banner.pl \ + --action=update --banner-type=pre-login + +delete: sudo /opt/vyatta/sbin/vyatta-banner.pl \ + --action=delete --banner-type=pre-login + +comp_help: possible completions: + <txt> Set login banner + (example: "\\n\\n\\tUNAUTHORIZED USE OF THIS SYSTEM\\nIS PROHIBITED!\\n") + |