diff options
author | Stephen Hemminger <stephen.hemminger@vyatta.com> | 2009-06-16 15:31:49 -0700 |
---|---|---|
committer | An-Cheng Huang <ancheng@vyatta.com> | 2009-07-17 14:56:04 -0700 |
commit | 5ec82316b089d0be4f544937fbd3ed5d3333c829 (patch) | |
tree | 9e29e450cbb1cdb392e358f88373c6e227f6f15d /scripts/system | |
parent | 3f05a5d8e5fed097dc3ddd3139ae72b4208cdccc (diff) | |
download | vyatta-cfg-system-5ec82316b089d0be4f544937fbd3ed5d3333c829.tar.gz vyatta-cfg-system-5ec82316b089d0be4f544937fbd3ed5d3333c829.zip |
Make telnet management smarter
Bug 4591
Consolidate check for telnet login
Don't remove /etc/securetty edit it
(cherry picked from commit c6c477f2ffb0f2fd4cf12882f22c2c44ab57cc46)
Diffstat (limited to 'scripts/system')
-rwxr-xr-x | scripts/system/vyatta_update_telnet | 82 |
1 files changed, 82 insertions, 0 deletions
diff --git a/scripts/system/vyatta_update_telnet b/scripts/system/vyatta_update_telnet new file mode 100755 index 00000000..0725a85f --- /dev/null +++ b/scripts/system/vyatta_update_telnet @@ -0,0 +1,82 @@ +#! /bin/bash +# Script to control telnet daemon parameters +# and block changes when logged in over telnet + +# Block changes to telnet daemon when logged in over telnet +pid=$(who -um | awk -F " " '{print $7}') +if ps --pid $(ps --pid $pid -o ppid=) -o cmd= | grep -q telnetd +then + echo "Please configure telnet settings via ssh or console." + exit 1 +fi + +usage() { + echo "Usage: $0 enable <port>" + echo " $0 disable" + echo " $0 allow-root {true|false}" + exit 1; +} + +allow-root() { + case "$1" in + true) ;; + false) ;; + *) echo "Expect true or false" + usage ;; + esac + + sudo sed -i -e '/^# Pseudo-terminal (telnet)/,$d' /etc/securetty + + if [ $1 = "false" ]; then + return + fi + + sudo sh -c "cat >>/etc/securetty" <<EOF +# Pseudo-terminal (telnet) +pts/0 +pts/1 +pts/2 +pts/3 +pts/4 +pts/5 +pts/6 +pts/7 +pts/8 +pts/9 +pts/10 +pts/11 +pts/12 +pts/13 +pts/14 +pts/15 +pts/16 +pts/17 +pts/18 +pts/19 +EOF + +} + +case "$1" in + allow-root) + allow-root $2 + ;; + + enable) + if [ -z "$2" ] + then echo "Missing port number"; + usage + fi + exec sudo /opt/vyatta/sbin/telnetd.init restart "$2" + ;; + + disable) + exec sudo /opt/vyatta/sbin/telnetd.init stop + ;; + + *) + echo "Unknown argument $1"; + usage + ;; +esac + |