diff options
Diffstat (limited to 'scripts/system')
| -rwxr-xr-x | scripts/system/vyatta_check_snmp_name.pl | 31 | ||||
| -rwxr-xr-x | scripts/system/vyatta_check_username.pl | 2 | ||||
| -rwxr-xr-x | scripts/system/vyatta_interface_rescan | 2 | ||||
| -rwxr-xr-x | scripts/system/vyatta_update_console.pl | 103 | ||||
| -rwxr-xr-x | scripts/system/vyatta_update_hosts.pl | 114 | ||||
| -rwxr-xr-x | scripts/system/vyatta_update_ntp.pl | 120 | ||||
| -rwxr-xr-x | scripts/system/vyatta_update_resolv.pl | 15 | ||||
| -rw-r--r-- | scripts/system/vyatta_update_sysctl.pl | 2 | ||||
| -rwxr-xr-x | scripts/system/vyatta_update_syslog.pl | 2 | ||||
| -rwxr-xr-x | scripts/system/vyatta_update_telnet | 84 |
10 files changed, 59 insertions, 416 deletions
diff --git a/scripts/system/vyatta_check_snmp_name.pl b/scripts/system/vyatta_check_snmp_name.pl deleted file mode 100755 index 599fe398..00000000 --- a/scripts/system/vyatta_check_snmp_name.pl +++ /dev/null @@ -1,31 +0,0 @@ -#!/usr/bin/perl - -# **** License **** -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License version 2 as -# published by the Free Software Foundation. -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# General Public License for more details. -# -# This code was originally developed by Vyatta, Inc. -# Portions created by Vyatta are Copyright (C) 2010 Vyatta, Inc. -# All Rights Reserved. -# -# **** End License **** - -use strict; -use warnings; - -foreach my $name (@ARGV) { - die "$name : illegal characters in name\n" - if (!($name =~ /^[a-zA-Z0-9]*$/)); - - # Usernames may only be up to 32 characters long. - die "$name: name may only be up to 32 characters long\n" - if (length($name) > 32); -} - -exit 0; diff --git a/scripts/system/vyatta_check_username.pl b/scripts/system/vyatta_check_username.pl index 30917ecb..9ecc42db 100755 --- a/scripts/system/vyatta_check_username.pl +++ b/scripts/system/vyatta_check_username.pl @@ -68,7 +68,7 @@ foreach my $user (@ARGV) { # User does not exist in system, its okay my $uid = getpwnam($user); - next unless defined($uid); + next unless defined($uid) and $uid ne "1001"; # System accounts should not be listed in vyatta configuration # 1000 is SYS_UID_MIN diff --git a/scripts/system/vyatta_interface_rescan b/scripts/system/vyatta_interface_rescan index eb45da60..2e8ad8ca 100755 --- a/scripts/system/vyatta_interface_rescan +++ b/scripts/system/vyatta_interface_rescan @@ -98,7 +98,7 @@ sub get_phy { return $1; } -# vyatta_net_name leaves files in /dev/.udev/vyatta +# vyatta_net_name leaves files in /run/udev/vyatta # the filename is the interface and the contents are the hardware id sub interface_rescan { my ($VYATTAUDEV, $BOOTFILE) = @_; diff --git a/scripts/system/vyatta_update_console.pl b/scripts/system/vyatta_update_console.pl index 7c36ec7f..ff7c2df1 100755 --- a/scripts/system/vyatta_update_console.pl +++ b/scripts/system/vyatta_update_console.pl @@ -16,8 +16,7 @@ # # **** End License **** -# Update console configuration in /etc/inittab and grub -# based on Vyatta configuration +# Update console configuration in systemd and grub based on Vyatta configuration use strict; use warnings; @@ -26,6 +25,7 @@ use lib "/opt/vyatta/share/perl5"; use Vyatta::Config; use File::Compare; use File::Copy; +use experimental 'smartmatch'; die "$0 expects no arguments\n" if (@ARGV); @@ -44,59 +44,66 @@ sub update { } } -my $INITTAB = "/etc/inittab"; -my $TMPTAB = "/tmp/inittab.$$"; +sub update_getty{ + my $directory = "/etc/systemd/system"; + my $config = new Vyatta::Config; + $config->setLevel("system console device"); + my @ttys; + + foreach my $tty ($config->listNodes()) { + push(@ttys, "serial-getty\@$tty.service"); + } + + opendir DIR, $directory or die "Couldn't open dir '$directory': $!"; + while (my $file = readdir(DIR)) { + next unless ($file =~ /^serial-getty/); + if ( not $file ~~ @ttys ) { + system("systemctl stop $file"); + if (-e "$directory/getty.target.wants/$file") { + unlink "$directory/getty.target.wants/$file" + or die "Failed to remove file $file: $!\n"; + } + if (-e "$directory/$file") { + unlink "$directory/$file" + or die "Failed to remove file $file: $!\n"; + } + system("systemctl daemon-reload"); + } + } + closedir DIR; -sub update_inittab { - open(my $inittab, '<', $INITTAB) - or die "Can't open $INITTAB: $!"; + foreach my $tty ($config->listNodes()) { + my $SGETTY = "/lib/systemd/system/serial-getty\@.service"; + my $TMPGETTY = "/etc/systemd/system/serial-getty\@$tty.service"; + my $SYMGETTY = "/etc/systemd/system/getty.target.wants/serial-getty\@$tty.service"; - open(my $tmp, '>', $TMPTAB) - or die "Can't open $TMPTAB: $!"; + open(my $sgetty, '<', $SGETTY) + or die "Can't open $SGETTY: $!"; - # Clone original inittab but remove all references to serial lines - # and Xen consoles - print {$tmp} grep {!/^T|^# Vyatta|^h/} <$inittab>; - close $inittab; + open(my $tmp, '>', $TMPGETTY) + or die "Can't open $TMPGETTY: $!"; - my $config = new Vyatta::Config; - $config->setLevel("system console device"); + my $speed = $config->returnValue("$tty speed"); + if ($tty =~ /^hvc\d/) { + $speed = 38400 unless $speed; + } else { + $speed = 9600 unless $speed; + } - print {$tmp} "# Vyatta console configuration (do not modify)\n"; - - my $serial_id = 0; - my $xen_id = 0; - - foreach my $tty ($config->listNodes()) { - my $speed = $config->returnValue("$tty speed"); - if ($tty =~ /^hvc\d/) { - $speed = 38400 unless $speed; - printf {$tmp} "h%d:23:respawn:", $xen_id; - printf {$tmp} "/sbin/getty %d %s\n", $speed, $tty; - $xen_id++; - } else { - $speed = 9600 unless $speed; - printf {$tmp} "T%d:23:respawn:", $serial_id; - if ($config->exists("$tty modem")) { - printf {$tmp} "/sbin/mgetty -x0 -s %d %s\n", $speed, $tty; - } else { - printf {$tmp} "/sbin/getty -L %s %d vt100\n", $tty, $speed; - } - - # id field is limited to 4 characters - if (++$serial_id >= 1000) { - warn "Ignoring $tty only 1000 serial devices supported\n"; - last; - } - } + while (<$sgetty>) { + if (/^ExecStart=/) { + $_ =~ s/115200,38400,9600/$speed/g; + } + print {$tmp} $_; } + close $sgetty; close $tmp; - - if (update($INITTAB, $TMPTAB)) { - - # This is same as telinit q - it tells init to re-examine inittab - kill 1, 1; + symlink("$TMPGETTY","$SYMGETTY"); + system("systemctl daemon-reload"); + if ( system("systemctl status serial-getty\@$tty.service 2>&1 > /dev/null")) { + system("systemctl start serial-getty\@$tty.service"); } + } } my $GRUBCFG = "/boot/grub/grub.cfg"; @@ -135,7 +142,7 @@ sub update_grub { update($GRUBCFG, $GRUBTMP); } -update_inittab; +update_getty; update_grub; exit 0; diff --git a/scripts/system/vyatta_update_hosts.pl b/scripts/system/vyatta_update_hosts.pl deleted file mode 100755 index 22b141ab..00000000 --- a/scripts/system/vyatta_update_hosts.pl +++ /dev/null @@ -1,114 +0,0 @@ -#!/usr/bin/perl -w -# -# Module: vyatta_update_hosts.pl -# -# **** License **** -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License version 2 as -# published by the Free Software Foundation. -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# General Public License for more details. -# -# This code was originally developed by Vyatta, Inc. -# Portions created by Vyatta are Copyright (C) 2012-2013 Vyatta, Inc. -# All Rights Reserved. -# -# Description: -# Script to update '/etc/hosts' on commit of 'system host-name' and -# 'system domain-name' config. -# -# **** End License **** -# - -use strict; -use English; -use lib "/opt/vyatta/share/perl5/"; - -use File::Temp qw(tempfile); -use Vyatta::File qw(touch); -use Vyatta::Config; -use Getopt::Long; - -my $HOSTS_CFG = '/etc/hosts'; -my $HOSTS_TMPL = "/tmp/hosts.XXXXXX"; -my $HOSTNAME_CFG = '/etc/hostname'; -my $MAILNAME_CFG = '/etc/mailname'; -my $restart_services = 1; - -sub set_hostname { - my ( $hostname ) = @_; - system("hostname $hostname"); - open (my $f, '>', $HOSTNAME_CFG) - or die("$0: Error! Unable to open $HOSTNAME_CFG for output: $!\n"); - print $f "$hostname\n"; - close ($f); -} - -sub set_mailname { - my ( $mailname ) = @_; - open (my $f, '>', $MAILNAME_CFG) - or die("$0: Error! Unable to open $MAILNAME_CFG for output: $!\n"); - print $f "$mailname\n"; - close ($f); -} - -if ($EUID != 0) { - printf("This program must be run by root.\n"); - exit 1; -} - -GetOptions("restart-services!" => \$restart_services); - -my $vc = new Vyatta::Config(); - -$vc->setLevel('system'); -my $host_name = $vc->returnValue('host-name'); -my $domain_name = $vc->returnValue('domain-name'); -my $mail_name; -my $hosts_line = "127.0.1.1\t "; - -if (! defined $host_name) { - $host_name = 'vyatta'; -} -$mail_name = $host_name; - -if (defined $domain_name) { - $mail_name .= '.' . $domain_name; - $hosts_line .= $host_name . '.' . $domain_name; -} -$hosts_line .= " $host_name\t #vyatta entry\n"; - -my ($out, $tempname) = tempfile($HOSTS_TMPL, UNLINK => 1) - or die "Can't create temp file: $!"; - -if (! -e $HOSTS_CFG) { - touch $HOSTS_CFG; -} -open (my $in, '<', $HOSTS_CFG) - or die("$0: Error! Unable to open '$HOSTS_CFG' for input: $!\n"); - -while (my $line = <$in>) { - if ($line =~ m:^127.0.1.1:) { - next; - } - print $out $line; -} -print $out $hosts_line; - -close ($in); -close ($out); - -system("cp $tempname $HOSTS_CFG") == 0 - or die "Can't copy $tempname to $HOSTS_CFG: $!"; - -set_hostname $host_name; -set_mailname $mail_name; - -# Restart services that use the system hostname; -# add more ase needed. -if ($restart_services) { - system("invoke-rc.d rsyslog restart"); -} diff --git a/scripts/system/vyatta_update_ntp.pl b/scripts/system/vyatta_update_ntp.pl deleted file mode 100755 index 36a2807e..00000000 --- a/scripts/system/vyatta_update_ntp.pl +++ /dev/null @@ -1,120 +0,0 @@ -#! /usr/bin/perl - -# **** License **** -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License version 2 as -# published by the Free Software Foundation. -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# General Public License for more details. -# -# This code was originally developed by Vyatta, Inc. -# Portions created by Vyatta are Copyright (C) 2007 Vyatta, Inc. -# All Rights Reserved. -# -# **** End License **** - -# Filter ntp.conf - remove old servers and add current ones - -use strict; -use lib "/opt/vyatta/share/perl5"; -use Vyatta::Config; -use NetAddr::IP; -use Getopt::Long; - -my $dhclient_script = 0; - -GetOptions("dhclient-script=i" => \$dhclient_script, -); - -sub ntp_format { - my ($cidr_or_host) = @_; - my $ip = NetAddr::IP->new($cidr_or_host); - if (defined($ip)) { - my $address = $ip->addr(); - my $mask = $ip->mask(); - - if ($ip->masklen() == 32) { - if ($ip->version() == 6) { - return "-6 $address"; - } else { - return "$address"; - } - } else { - if ($ip->version() == 6) { - return "-6 $address mask $mask"; - } else { - return "$address mask $mask"; - } - } - } else { - return undef; - } -} - -my @ntp; -if (-e '/etc/ntp.conf') { - open (my $file, '<', '/etc/ntp.conf') - or die("$0: Error! Unable to open '/etc/ntp.conf' for input: $!\n"); - @ntp = <$file>; - close ($file); -} - -open (my $output, '>', '/etc/ntp.conf') - or die("$0: Error! Unable to open '/etc/ntp.conf' for output: $!\n"); - -my $cfg = new Vyatta::Config; -$cfg->setLevel("system ntp"); - -foreach my $line (@ntp) { - if ($line =~ /^# VyOS CLI configuration options/) { - print $output $line; - print $output "\n"; - last; - } else { - print $output $line; - } -} - -my @servers; -my @clients; - -if ($dhclient_script == 1) { - @servers = $cfg->listOrigNodes("server"); - @clients = $cfg->returnOrigValues("client address"); -} else { - @servers = $cfg->listNodes("server"); - @clients = $cfg->returnValues("client address"); -} - -if (scalar(@servers) > 0) { - print $output "# Servers\n\n"; - foreach my $server (@servers) { - my $server_addr = ntp_format($server); - if (defined($server_addr)) { - print $output "server $server_addr iburst"; - for my $property (qw(dynamic noselect preempt prefer)) { - if ($dhclient_script == 1) { - print $output " $property" if ($cfg->existsOrig("server $server $property")); - } else { - print $output " $property" if ($cfg->exists("server $server $property")); - } - } - print $output "\nrestrict $server_addr nomodify notrap nopeer noquery\n"; - } - } - print $output "\n"; -} - -if (scalar(@clients) > 0) { - print $output "# Clients\n\n"; - foreach my $client (@clients) { - my $address = ntp_format($client); - print $output "restrict $address nomodify notrap nopeer\n"; - } - print $output "\n"; -} - -exit 0; diff --git a/scripts/system/vyatta_update_resolv.pl b/scripts/system/vyatta_update_resolv.pl index 51617fce..de09a760 100755 --- a/scripts/system/vyatta_update_resolv.pl +++ b/scripts/system/vyatta_update_resolv.pl @@ -30,7 +30,6 @@ use Vyatta::Config; my $dhclient_script = 0; my $config_mode = 0; -my $ntp_config = 0; GetOptions("dhclient-script=i" => \$dhclient_script, "config-mode=i" => \$config_mode, @@ -45,7 +44,6 @@ my $disable_dhcp_nameservers = undef; if ($config_mode == 1) { $disable_dhcp_nameservers = $vc->exists('disable-dhcp-nameservers'); - $ntp_config = $vc->exists('ntp server'); } else { $disable_dhcp_nameservers = $vc->existsOrig('disable-dhcp-nameservers'); } @@ -53,7 +51,6 @@ if ($config_mode == 1) { if ($dhclient_script == 1) { @search_domains = $vc->returnOrigValues('domain-search domain'); $domain_name = $vc->returnOrigValue('domain-name'); - $ntp_config = $vc->existsOrig('ntp server'); } else { @search_domains = $vc->returnValues('domain-search domain'); $domain_name = $vc->returnValue('domain-name'); @@ -132,7 +129,6 @@ if ($domain_name && length($domain_name) > 0) { if (($dhclient_script == 1) || ($config_mode == 1)) { my @current_dhcp_nameservers; - my $restart_ntp = 0; # code below to add new name-servers received from dhcp client, but only if disable-dhcp-nameservers # hasn't been enabled. @@ -168,7 +164,6 @@ if (($dhclient_script == 1) || ($config_mode == 1)) { or die "$! error trying to overwrite"; print $rf "#nameserver written by vyatta_update_resolv.pl (dhcp)\nnameserver\t$ns\n"; close $rf; - $restart_ntp = 1; } } } @@ -206,7 +201,6 @@ if (($dhclient_script == 1) || ($config_mode == 1)) { $cmd = "sed -i -n '/nameserver\t$dhcpnameserver/".'{n;x;d;};x;1d;p;${x;p;}'."' /etc/resolv.conf"; } system($cmd); - $restart_ntp = 1; } } else { for my $dhcpnameserver (@dhcp_nameservers_in_resolvconf) { @@ -225,18 +219,9 @@ if (($dhclient_script == 1) || ($config_mode == 1)) { $cmd = "sed -i -n '/nameserver\t$dhcpnameserver/".'{n;x;d;};x;1d;p;${x;p;}'."' /etc/resolv.conf"; } system($cmd); - $restart_ntp = 1; } } } - if ($restart_ntp == 1) { - # this corresponds to what is done in name-server/node.def as a fix for bug 1300 - if ($ntp_config == 1) { - system("sudo /opt/vyatta/sbin/vyatta_update_ntp.pl --dhclient-script $dhclient_script"); - my $cmd_ntp_restart = "if [ -f /etc/ntp.conf ] && grep -q '^server' /etc/ntp.conf; then /usr/sbin/invoke-rc.d ntp restart >&/dev/null; fi &"; - system($cmd_ntp_restart); - } - } } # The following will re-write '/etc/resolv.conf' line by line, diff --git a/scripts/system/vyatta_update_sysctl.pl b/scripts/system/vyatta_update_sysctl.pl index ddf10115..6e33c5d0 100644 --- a/scripts/system/vyatta_update_sysctl.pl +++ b/scripts/system/vyatta_update_sysctl.pl @@ -62,7 +62,7 @@ sub set_sysctl_value { my $ovalue = get_sysctl_value($sysctl_opt); if ($nvalue ne $ovalue) { - my $cmd = "$SYSCTL -w $sysctl_opt=$nvalue 2>&1 1>&-"; + my $cmd = "$SYSCTL -w $sysctl_opt=$nvalue 2>&1> /dev/null"; system($cmd); if ($? >> 8) { die "exec of $SYSCTL failed: '$cmd'"; diff --git a/scripts/system/vyatta_update_syslog.pl b/scripts/system/vyatta_update_syslog.pl index dd834c92..37d017e3 100755 --- a/scripts/system/vyatta_update_syslog.pl +++ b/scripts/system/vyatta_update_syslog.pl @@ -93,7 +93,7 @@ sub print_outchannel { # Force outchannel size to be 1k more than logrotate config to guarantee rotation $size = ($size + 5) * 1024; print $fh "\$outchannel $channel,$target,$size,/usr/sbin/logrotate ${LOGROTATE_CFG_DIR}/$channel\n"; - print $fh join( ';', @{ $entries{$target}{selector} } ), " \$$channel\n"; + print $fh join( ';', @{ $entries{$target}{selector} } ), " :omfile:\$$channel\n"; } my $config = new Vyatta::Config; diff --git a/scripts/system/vyatta_update_telnet b/scripts/system/vyatta_update_telnet deleted file mode 100755 index f50eef79..00000000 --- a/scripts/system/vyatta_update_telnet +++ /dev/null @@ -1,84 +0,0 @@ -#! /bin/bash -# Script to control telnet daemon parameters -# and block changes when logged in over telnet - -# Block changes to telnet daemon when logged in over telnet -pid=$(who -um | awk -F " " '{print $7}') -if [ -n "$pid" ]; then - if ps --pid $(ps --pid $pid -o ppid=) -o cmd= | grep -q telnetd - then - echo "Please configure telnet settings via ssh or console." - exit 1 - fi -fi - -usage() { - echo "Usage: $0 enable <port>" - echo " $0 disable" - echo " $0 allow-root {true|false}" - exit 1; -} - -allow-root() { - case "$1" in - true) ;; - false) ;; - *) echo "Expect true or false" - usage ;; - esac - - sudo sed -i -e '/^# Pseudo-terminal (telnet)/,$d' /etc/securetty - - if [ $1 = "false" ]; then - return - fi - - sudo sh -c "cat >>/etc/securetty" <<EOF -# Pseudo-terminal (telnet) -pts/0 -pts/1 -pts/2 -pts/3 -pts/4 -pts/5 -pts/6 -pts/7 -pts/8 -pts/9 -pts/10 -pts/11 -pts/12 -pts/13 -pts/14 -pts/15 -pts/16 -pts/17 -pts/18 -pts/19 -EOF - -} - -case "$1" in - allow-root) - allow-root $2 - ;; - - enable) - if [ -z "$2" ] - then echo "Missing port number"; - usage - fi - exec sudo /opt/vyatta/sbin/telnetd.init restart $2 $3 - ;; - - disable) - exec sudo /opt/vyatta/sbin/telnetd.init stop - ;; - - *) - echo "Unknown argument $1"; - usage - ;; -esac - |