diff options
| -rw-r--r-- | debian/vyatta-cfg-system.postinst.in | 17 | ||||
| -rwxr-xr-x[-rw-r--r--] | scripts/install-system | 14 | ||||
| -rw-r--r-- | scripts/snmp/vyatta-snmp.pl | 2 | ||||
| -rwxr-xr-x | scripts/standalone_root_pw_reset | 27 | ||||
| -rw-r--r-- | templates/interfaces/bonding/node.tag/primary/node.def | 6 | ||||
| -rw-r--r-- | templates/interfaces/bridge/node.tag/firewall/in/name/node.def | 18 | ||||
| -rw-r--r-- | templates/interfaces/bridge/node.tag/firewall/in/node.def | 1 | ||||
| -rw-r--r-- | templates/interfaces/bridge/node.tag/firewall/local/name/node.def | 18 | ||||
| -rw-r--r-- | templates/interfaces/bridge/node.tag/firewall/local/node.def | 1 | ||||
| -rw-r--r-- | templates/interfaces/bridge/node.tag/firewall/node.def | 1 | ||||
| -rw-r--r-- | templates/interfaces/bridge/node.tag/firewall/out/name/node.def | 18 | ||||
| -rw-r--r-- | templates/interfaces/bridge/node.tag/firewall/out/node.def | 1 |
12 files changed, 96 insertions, 28 deletions
diff --git a/debian/vyatta-cfg-system.postinst.in b/debian/vyatta-cfg-system.postinst.in index 21d7ff32..a814df9c 100644 --- a/debian/vyatta-cfg-system.postinst.in +++ b/debian/vyatta-cfg-system.postinst.in @@ -55,11 +55,15 @@ Cmnd_Alias IPFLUSH = /sbin/ip route flush cache, \ /sbin/ip route flush cache *,\ /sbin/ip neigh flush to *, \ /sbin/ip neigh flush dev * -Cmnd_Alias ETHTOOLP = /usr/sbin/ethtool -p * +Cmnd_Alias ETHTOOL = /usr/sbin/ethtool -p *, \ + /usr/sbin/ethtool -S *, \ + /usr/sbin/ethtool -a *, \ + /usr/sbin/ethtool -c *, \ + /usr/sbin/ethtool -i * Cmnd_Alias DATE = /bin/date, /usr/sbin/ntpdate Cmnd_Alias PPPOE_CMDS = /sbin/pppd, /sbin/poff Cmnd_Alias PCAPTURE = /usr/bin/tshark, /usr/bin/tcpdump -%operator ALL=NOPASSWD: DATE, IPTABLES, ETHTOOLP, IPFLUSH, \ +%operator ALL=NOPASSWD: DATE, IPTABLES, ETHTOOL, IPFLUSH, \ PPPOE_CMDS, PCAPTURE, /usr/sbin/wanpipemon, /usr/bin/lsof EOF cat <<EOF >>/etc/sudoers @@ -118,6 +122,15 @@ if [ -e /etc/default/mdadm ]; then sed -i 's+^DAEMON_OPTIONS=.*$+DAEMON_OPTIONS="--syslog --program /opt/vyatta/sbin/vyatta-raid-event"+' /etc/default/mdadm fi +# --following is added to resolve issues related to bug 3567 on upgrade from hollywood to islavista-- +# back-up existing /etc/syslog.conf file in hollywood which might be broken +# and replace it with the default syslog.conf in islavista. when system restarts +# after upgrade, whatever is configured in CLI will be written to syslog.conf +# + +cp -p /etc/syslog.conf /etc/syslog.conf.bak +cp -f /opt/vyatta/etc/syslog.conf /etc/syslog.conf + # Local Variables: # mode: shell-script # sh-indentation: 4 diff --git a/scripts/install-system b/scripts/install-system index ff7a5d41..e4464ede 100644..100755 --- a/scripts/install-system +++ b/scripts/install-system @@ -854,6 +854,11 @@ copy_config () { fi } +set_encrypted_password() { + sed -i \ + -e "/ user $1 {/,/}/s/encrypted-password .*\$/encrypted-password \"$2\"/" $3 +} + change_password() { local user=$1 local pwd1="1" @@ -861,9 +866,9 @@ change_password() { until [ "$pwd1" == "$pwd2" ] do - read -p "Enter $user password:" -r -s pwd1 <>/dev/tty 1>&0 + read -p "Enter $user password:" -r -s pwd1 <>/dev/tty 2>&0 echo - read -p "Retype $user password:" -r -s pwd2 <>/dev/tty 1>&0 + read -p "Retype $user password:" -r -s pwd2 <>/dev/tty 2>&0 echo if [ "$pwd1" != "$pwd2" ] @@ -873,10 +878,7 @@ change_password() { # escape any slashes in resulting password local epwd=$(mkpasswd -H md5 "$pwd1" | sed 's:/:\\/:g') - - sed -i \ - -e "/ user $user {/,/}/s/encrypted-password:.*\$/encrypted-password: \"$epwd\"/" \ - $rootfsdir$ofrconfdir/config.boot + set_encrypted_password $user $epwd $rootfsdir$ofrconfdir/config.boot } system_setup () { diff --git a/scripts/snmp/vyatta-snmp.pl b/scripts/snmp/vyatta-snmp.pl index 6de63fb0..58dc374f 100644 --- a/scripts/snmp/vyatta-snmp.pl +++ b/scripts/snmp/vyatta-snmp.pl @@ -163,7 +163,7 @@ sub snmp_write_snmpv3_user { my $vyatta_user = shift; my $user = "rouser $vyatta_user\n"; - system ("sed -i '/user[[:space:]]*vyatta[[:alnum:]]*/d' $snmp_snmpv3_user_conf;"); + system ("sed -i '/user[[:space:]]*vyatta[[:alnum:]]*/d' $snmp_snmpv3_user_conf 2>/dev/null;"); open(my $fh, '>>', $snmp_snmpv3_user_conf) || die "Couldn't open $snmp_snmpv3_user_conf - $!"; print $fh $user; close $fh; diff --git a/scripts/standalone_root_pw_reset b/scripts/standalone_root_pw_reset index f08bf7d6..d089b50d 100755 --- a/scripts/standalone_root_pw_reset +++ b/scripts/standalone_root_pw_reset @@ -23,6 +23,11 @@ # The Vyatta config file: CF=/opt/vyatta/etc/config/config.boot +set_encrypted_password() { + sed -i \ + -e "/ user $1 {/,/}/s/encrypted-password.*\$/encrypted-password \"$2\"/" $3 +} + change_password() { local user=$1 local pwd1="1" @@ -30,9 +35,9 @@ change_password() { until [ "$pwd1" == "$pwd2" ] do - read -p "Enter $user password:" -r -s pwd1 <>/dev/tty 1>&0 + read -p "Enter $user password: " -r -s pwd1 echo - read -p "Retype $user password:" -r -s pwd2 <>/dev/tty 1>&0 + read -p "Retype $user password: " -r -s pwd2 echo if [ "$pwd1" != "$pwd2" ] @@ -42,10 +47,7 @@ change_password() { # escape any slashes in resulting password local epwd=$(mkpasswd -H md5 "$pwd1" | sed 's:/:\\/:g') - - sed -i \ - -e "/ user $user {/,/}/s/encrypted-password:.*\$/encrypted-password: \"$epwd\"/" \ - $CF + set_encrypted_password $user $epwd $CF } echo "Standalone root password recovery tool." @@ -63,21 +65,18 @@ fi # OK, now we know we are running in standalone mode. Talk to the # user. # -echo "Do you wish to reset the root password" -echo -n "to the original default value (vyatta)? (Yes/No) [No]: " -read response +read -p "Do you wish to change the root password? " response response=${response:0:1} if [ "$response" != "y" -a "$response" != "Y" ]; then - echo "OK, the root password will not be reset." + echo "OK, the root password will not be changed." echo -n "Rebooting in 5 seconds..." sleep 5 echo /sbin/reboot -f fi - -echo "Starting process to reset the root password..." +echo "Starting process to change the root password..." echo "Re-mounting root filesystem read/write..." mount -o remount,rw / @@ -92,8 +91,10 @@ fi echo "Saving backup copy of config.boot..." cp $CF ${CF}.before_pwrecovery -echo "Setting the root password..." +echo +change_password root +echo "Root password changed" echo $(date "+%b%e %T") $(hostname) "Root password changed" \ | tee -a /var/log/auth.log >>/var/log/messages diff --git a/templates/interfaces/bonding/node.tag/primary/node.def b/templates/interfaces/bonding/node.tag/primary/node.def index 171c8daf..bae8a499 100644 --- a/templates/interfaces/bonding/node.tag/primary/node.def +++ b/templates/interfaces/bonding/node.tag/primary/node.def @@ -2,11 +2,5 @@ type: txt syntax:expression: exec \ "grep -s $VAR(@) /sys/class/net/$VAR(../@)/bonding/slaves" \ ; "Ethernet interface must be part of the bonding group" -allowed: cat /sys/class/net/$VAR(../@)/bonding/slaves update: sudo sh -c "echo $VAR(@) >/sys/class/net/$VAR(../@)/bonding/primary" help: Specify the primary device - - - - - diff --git a/templates/interfaces/bridge/node.tag/firewall/in/name/node.def b/templates/interfaces/bridge/node.tag/firewall/in/name/node.def new file mode 100644 index 00000000..45ddefa1 --- /dev/null +++ b/templates/interfaces/bridge/node.tag/firewall/in/name/node.def @@ -0,0 +1,18 @@ +type: txt + +help: Set inbound interface filter name + +create:expression: "sh -c \"echo create eth=[$VAR(../../../@)] dir=[$VAR(..)] name=[$VAR(@)] \ +>> /tmp/cli.log && \ +sudo /opt/vyatta/sbin/vyatta-firewall.pl \ +--update-interfaces update $VAR(../../../@) $VAR(..) $VAR(@)\" " + +update:expression: "sh -c \"echo update eth=[$VAR(../../../@)] dir=[$VAR(..)] name=[$VAR(@)] \ +>> /tmp/cli.log && \ +sudo /opt/vyatta/sbin/vyatta-firewall.pl \ +--update-interfaces update $VAR(../../../@) $VAR(..) $VAR(@)\" " + +delete:expression: "sh -c \"echo delete eth=[$VAR(../../../@)] dir=[$VAR(..)] name=[$VAR(@)] \ +>> /tmp/cli.log && \ +sudo /opt/vyatta/sbin/vyatta-firewall.pl \ +--update-interfaces delete $VAR(../../../@) $VAR(..) $VAR(@)\" " diff --git a/templates/interfaces/bridge/node.tag/firewall/in/node.def b/templates/interfaces/bridge/node.tag/firewall/in/node.def new file mode 100644 index 00000000..eccc79b4 --- /dev/null +++ b/templates/interfaces/bridge/node.tag/firewall/in/node.def @@ -0,0 +1 @@ +help: Set filter for forwarded packets on inbound interface diff --git a/templates/interfaces/bridge/node.tag/firewall/local/name/node.def b/templates/interfaces/bridge/node.tag/firewall/local/name/node.def new file mode 100644 index 00000000..29082074 --- /dev/null +++ b/templates/interfaces/bridge/node.tag/firewall/local/name/node.def @@ -0,0 +1,18 @@ +type: txt + +help: Set local filter name + +create:expression: "sh -c \"echo create eth=[$VAR(../../../@)] dir=[$VAR(..)] name=[$VAR(@)] \ +>> /tmp/cli.log && \ +sudo /opt/vyatta/sbin/vyatta-firewall.pl \ +--update-interfaces update $VAR(../../../@) $VAR(..) $VAR(@)\" " + +update:expression: "sh -c \"echo update eth=[$VAR(../../../@)] dir=[$VAR(..)] name=[$VAR(@)] \ +>> /tmp/cli.log && \ +sudo /opt/vyatta/sbin/vyatta-firewall.pl \ +--update-interfaces update $VAR(../../../@) $VAR(..) $VAR(@)\" " + +delete:expression: "sh -c \"echo delete eth=[$VAR(../../../@)] dir=[$VAR(..)] name=[$VAR(@)] \ +>> /tmp/cli.log && \ +sudo /opt/vyatta/sbin/vyatta-firewall.pl \ +--update-interfaces delete $VAR(../../../@) $VAR(..) $VAR(@)\" " diff --git a/templates/interfaces/bridge/node.tag/firewall/local/node.def b/templates/interfaces/bridge/node.tag/firewall/local/node.def new file mode 100644 index 00000000..25958359 --- /dev/null +++ b/templates/interfaces/bridge/node.tag/firewall/local/node.def @@ -0,0 +1 @@ +help: Set filter for packets destined for this router diff --git a/templates/interfaces/bridge/node.tag/firewall/node.def b/templates/interfaces/bridge/node.tag/firewall/node.def new file mode 100644 index 00000000..11748d20 --- /dev/null +++ b/templates/interfaces/bridge/node.tag/firewall/node.def @@ -0,0 +1 @@ +help: Set firewall options diff --git a/templates/interfaces/bridge/node.tag/firewall/out/name/node.def b/templates/interfaces/bridge/node.tag/firewall/out/name/node.def new file mode 100644 index 00000000..13a7c312 --- /dev/null +++ b/templates/interfaces/bridge/node.tag/firewall/out/name/node.def @@ -0,0 +1,18 @@ +type: txt + +help: Set outbound interface filter name + +create:expression: "sh -c \"echo create eth=[$VAR(../../../@)] dir=[$VAR(..)] name=[$VAR(@)] \ +>> /tmp/cli.log && \ +sudo /opt/vyatta/sbin/vyatta-firewall.pl \ +--update-interfaces update $VAR(../../../@) $VAR(..) $VAR(@)\" " + +update:expression: "sh -c \"echo update eth=[$VAR(../../../@)] dir=[$VAR(..)] name=[$VAR(@)] \ +>> /tmp/cli.log && \ +sudo /opt/vyatta/sbin/vyatta-firewall.pl \ +--update-interfaces update $VAR(../../../@) $VAR(..) $VAR(@)\" " + +delete:expression: "sh -c \"echo delete eth=[$VAR(../../../@)] dir=[$VAR(..)] name=[$VAR(@)] \ +>> /tmp/cli.log && \ +sudo /opt/vyatta/sbin/vyatta-firewall.pl \ +--update-interfaces delete $VAR(../../../@) $VAR(..) $VAR(@)\" " diff --git a/templates/interfaces/bridge/node.tag/firewall/out/node.def b/templates/interfaces/bridge/node.tag/firewall/out/node.def new file mode 100644 index 00000000..3aec5f05 --- /dev/null +++ b/templates/interfaces/bridge/node.tag/firewall/out/node.def @@ -0,0 +1 @@ +help: Set filter for forwarded packets on outbound interface |