diff options
author | Rick Balocca <rbalocca@vyatta.com> | 2008-07-15 14:50:44 -0700 |
---|---|---|
committer | Rick Balocca <rbalocca@vyatta.com> | 2008-07-15 14:50:44 -0700 |
commit | fb24b39ff9241f7e72e8ca3f42629a29f928fbca (patch) | |
tree | aee372ab8a578a6611f11545e52e4927a3c793ec | |
parent | 325cfa1ed8dfe41aaf393bdf04f38c6b392f7994 (diff) | |
parent | 2d9868a5b7d97cd493c7035b9057784125f0fe9c (diff) | |
download | vyatta-cfg-system-fb24b39ff9241f7e72e8ca3f42629a29f928fbca.tar.gz vyatta-cfg-system-fb24b39ff9241f7e72e8ca3f42629a29f928fbca.zip |
Merge branch 'hollywood' into islavista
5 files changed, 70 insertions, 46 deletions
diff --git a/templates/interfaces/ethernet/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/authentication/type/node.def b/templates/interfaces/ethernet/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/authentication/type/node.def index b531afee..7155495d 100644 --- a/templates/interfaces/ethernet/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/authentication/type/node.def +++ b/templates/interfaces/ethernet/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/authentication/type/node.def @@ -1,7 +1,7 @@ type: txt help: Set authentication type syntax:expression: $VAR(@) in "plaintext-password", "ah"; \ - "authentication must be simple or ah" + "authentication must be plaintext-password or ah" comp_help: possible completions: - plaintext-password Set plain text password mode - ah Set IP Authentication Header mode + plaintext-password Set plain text password mode + ah Set IP Authentication Header mode diff --git a/templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.tag/authentication/type/node.def b/templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.tag/authentication/type/node.def index 1547d62c..687c6af6 100644 --- a/templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.tag/authentication/type/node.def +++ b/templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.tag/authentication/type/node.def @@ -1,7 +1,7 @@ type: txt help: Set authentication type syntax:expression: $VAR(@) in "plaintext-password", "ah"; \ - "authentication must be simple or ah" + "authentication must be plaintext-password or ah" comp_help: possible completions: - plaintext-password Set plain text password mode - ah Set IP Authentication Header mode + plaintext-password Set plain text password mode + ah Set IP Authentication Header mode diff --git a/templates/service/ssh/allow-root/node.def b/templates/service/ssh/allow-root/node.def index f476087d..9aa98826 100644 --- a/templates/service/ssh/allow-root/node.def +++ b/templates/service/ssh/allow-root/node.def @@ -1,6 +1,7 @@ -type: bool +type: txt default: false help: Enable/disable root login over ssh +syntax:expression: $VAR(@) in "true", "false" ; "must be true or false" update: if [ \"$VAR(@)\" == \"true\" ]; then sudo ed - /etc/ssh/sshd_config <<-"EOF" /^PermitRootLogin/s/no/yes/ diff --git a/templates/service/telnet/allow-root/node.def b/templates/service/telnet/allow-root/node.def index d1a25f4e..347a9476 100644 --- a/templates/service/telnet/allow-root/node.def +++ b/templates/service/telnet/allow-root/node.def @@ -1,24 +1,36 @@ -type: bool +type: txt default: false help: Enable/disable root login -update:expression: " \ - if ! env | grep -q SSH_TTY=; then \ - if [[ \"`tty`\" == /dev/pts/* ]]; then \ - echo \"Please configure telnet settings via ssh or console.\"; \ - exit 1; \ - fi; \ - fi; \ - if [ \"$VAR(@)\" == \"true\" ]; then \ - sudo mv -f /etc/securetty /etc/securetty.allow-root >&/dev/null; \ - else - sudo mv -f /etc/securetty.allow-root /etc/securetty >&/dev/null; \ - fi ; /bin/true" -delete:expression: " \ - if ! env | grep -q SSH_TTY=; then \ - if [[ \"`tty`\" == /dev/pts/* ]]; then \ - echo \"Please configure telnet settings via ssh or console.\"; \ - exit 1; \ - fi; \ - fi; \ - sudo mv -f /etc/securetty.allow-root /etc/securetty >&/dev/null ; \ - /bin/true" + +syntax:expression: $VAR(@) in "true", "false" ; "must be true or false" + +update: pids=`who -u | awk -F " " '{print $7}'` + for i in $pids + do + ppid=`ps -p $i -o ppid=` + if ps -p $ppid -o cmd= | grep -q telnetd + then + echo "Please configure telnet settings via ssh or console." + exit 1 + fi + done + if [ "$VAR(@)" == "true" ] + then + sudo mv -f /etc/securetty /etc/securetty.allow-root >&/dev/null + else + sudo mv -f /etc/securetty.allow-root /etc/securetty >&/dev/null + fi + /bin/true + +delete: pids=`who -u | awk -F " " '{print $7}'` + for i in $pids + do + ppid=`ps -p $i -o ppid=` + if ps -p $ppid -o cmd= | grep -q telnetd + then + echo "Please configure telnet settings via ssh or console." + exit 1 + fi + done + sudo mv -f /etc/securetty.allow-root /etc/securetty >&/dev/null + /bin/true diff --git a/templates/service/telnet/node.def b/templates/service/telnet/node.def index 5976addd..399f25ac 100644 --- a/templates/service/telnet/node.def +++ b/templates/service/telnet/node.def @@ -1,18 +1,29 @@ help: Enable/disable Network Virtual Terminal Protocol (TELNET) protocol -delete:expression: " \ - if ! env | grep -q SSH_TTY=; then \ - if [[ \"`tty`\" == /dev/pts/* ]]; then \ - echo \"Please configure telnet settings via ssh or console.\"; \ - exit 1; \ - fi; \ - fi; \ - sudo /opt/vyatta/sbin/telnetd.init stop" -end:expression: " \ - if ! env | grep -q SSH_TTY=; then \ - if [[ \"`tty`\" == /dev/pts/* ]]; then \ - echo \"Please configure telnet settings via ssh or console.\"; \ - exit 1; \ - fi; \ - fi; \ - if [ -z \"$VAR(port/@)\" ]; then exit 0; fi; \ - sudo /opt/vyatta/sbin/telnetd.init restart $VAR(port/@)" + +delete: pids=`who -u | awk -F " " '{print $7}'` + for i in $pids + do + ppid=`ps -p $i -o ppid=` + if ps -p $ppid -o cmd= | grep -q telnetd + then + echo "Please configure telnet settings via ssh or console." + exit 1 + fi + done + sudo /opt/vyatta/sbin/telnetd.init stop + +end: pids=`who -u | awk -F " " '{print $7}'` + for i in $pids + do + ppid=`ps -p $i -o ppid=` + if ps -p $ppid -o cmd= | grep -q telnetd + then + echo "Please configure telnet settings via ssh or console." + exit 1 + fi + done + if [ -z "$VAR(port/@)" ] + then + exit 0 + fi + sudo /opt/vyatta/sbin/telnetd.init restart $VAR(port/@) |