#!/bin/bash prefix=@prefix@ exec_prefix=@exec_prefix@ sysconfdir=@sysconfdir@ bindir=@bindir@ sbindir=@sbindir@ # remove init of daemons that we start/stop for init in ntp ssh snmpd openhpid vyatta-keepalived ipvsadm; do update-rc.d -f ${init} remove >/dev/null done case `grep '^RULES_FILE=' /lib/udev/write_net_rules` in *z25_persistent-net.rules* ) vyatta_net_rules=z24_vyatta-net.rules;; *70-persistent-net.rules* ) vyatta_net_rules=69-vyatta-net.rules;; * ) vyatta_net_rules=21-vyatta-net.rules;; esac ln -sf ../vyatta-net.rules /etc/udev/rules.d/$vyatta_net_rules if [ "$sysconfdir" != "/etc" ]; then touch /etc/sudoers cp -p /etc/sudoers /etc/sudoers.bak # for "admin" level sed -i 's/^# %sudo ALL=NOPASSWD: ALL/%sudo ALL=NOPASSWD: ALL/' /etc/sudoers if ! grep -q '^%sudo ALL=NOPASSWD: ALL' /etc/sudoers; then echo -e "\n%sudo ALL=NOPASSWD: ALL" >> /etc/sudoers fi # cleanup any old entries from previous versions sed -i /etc/sudoers \ -e '/### BEGIN VYATTA/,/### END VYATTA/d' \ -e '/Cmnd_Alias IPTABLE/,/PPPOE_CMDS/d' \ -e '/sudo-users/d' \ -e '/env_keep+=VYATTA/d' || true # Add Vyatta entries cat <<"EOF" >>/etc/sudoers ### BEGIN VYATTA Defaults syslog_goodpri=info Defaults env_keep+=VYATTA_* Cmnd_Alias IPTABLES = /sbin/iptables --list -n,\ /sbin/iptables -L -vn,\ /sbin/iptables -L * -vn,\ /sbin/iptables -t * -L -vn, \ /sbin/iptables -Z *,\ /sbin/iptables -Z -t nat Cmnd_Alias IPFLUSH = /sbin/ip route flush cache, \ /sbin/ip route flush cache *,\ /sbin/ip neigh flush to *, \ /sbin/ip neigh flush dev * Cmnd_Alias ETHTOOLP = /usr/sbin/ethtool -p * Cmnd_Alias DATE = /bin/date, /usr/sbin/ntpdate Cmnd_Alias PPPOE_CMDS = /sbin/pppd, /sbin/poff Cmnd_Alias PCAPTURE = /usr/bin/tshark, /usr/bin/tcpdump %operator ALL=NOPASSWD: /sbin/reboot, DATE, IPTABLES, ETHTOOLP, IPFLUSH, \ PPPOE_CMDS, PCAPTURE, /usr/sbin/wanpipemon EOF cat <>/etc/sudoers %users ALL=NOPASSWD: ${bindir}/sudo-users/ ### END VYATTA EOF # set up blacklists for f in blacklist.DSA-1024 blacklist.RSA-2048; do if [ -r "/etc/ssh/$f" ]; then l=$(head -1 $sysconfdir/$f) if ! grep -q "$l" /etc/ssh/$f; then tmp=$(mktemp /tmp/bl.XXXXXXXXXX) cat /etc/ssh/$f $sysconfdir/$f | sort >$tmp mv $tmp /etc/ssh/$f fi else cp $sysconfdir/$f /etc/ssh/$f fi done fi # update crontab for logrotate grep -v logrotate /etc/crontab>/etc/crontab.$$ echo "*/10 * * * * root /usr/sbin/logrotate /etc/logrotate.conf" >> /etc/crontab.$$ rm /etc/crontab mv /etc/crontab.$$ /etc/crontab crontab /etc/crontab # create needed directories mkdir -p /var/log/{user,vrrpd} touch /etc/environment if [ ! -f /etc/bash_completion ]; then echo "source /etc/bash_completion.d/10vyatta-op" > /etc/bash_completion echo "source /etc/bash_completion.d/20vyatta-cfg" >> /etc/bash_completion fi sed -i 's/^set /builtin set /' /etc/bash_completion /usr/sbin/dpkg-reconfigure -f noninteractive openssh-server # Local Variables: # mode: shell-script # sh-indentation: 4 # End: