From 9d0c8946c537a1d857df67be2ffc26255c24bdbb Mon Sep 17 00:00:00 2001 From: Kim Hagen Date: Tue, 9 Feb 2016 02:08:23 -0500 Subject: Use directory /var/lib/dhcp instead of /var/lib/dhcp3. Use directory /etc/dhcp instead of /etc/dhcp3. --- templates/service/dns/forwarding/dhcp/node.def | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'templates/service') diff --git a/templates/service/dns/forwarding/dhcp/node.def b/templates/service/dns/forwarding/dhcp/node.def index 700f703e..f19b000e 100644 --- a/templates/service/dns/forwarding/dhcp/node.def +++ b/templates/service/dns/forwarding/dhcp/node.def @@ -4,5 +4,5 @@ help: Use nameservers received from DHCP server for specified interface commit:expression: exec "/opt/vyatta/sbin/vyatta-dns-forwarding.pl --dhcp-interface $VAR(@)" allowed: local -a array ; - array=( /var/lib/dhcp3/eth* /var/lib/dhcp3/br* ) ; + array=( /var/lib/dhcp/eth* /var/lib/dhcp/br* ) ; echo -n ${array[@]##*/} -- cgit v1.2.3 From 4a03838ea877a3a867b283ba85956795e769d563 Mon Sep 17 00:00:00 2001 From: brennen Date: Mon, 21 Nov 2016 10:59:44 -0800 Subject: Add flag for DNSmasq to query all dns servers. This feature, when used properly, can massively increase DNS performance. See: http://ma.ttwagner.com/make-dns-fly-with-dnsmasq-all-servers/ --- scripts/dns-forwarding/vyatta-dns-forwarding.pl | 4 ++++ templates/service/dns/forwarding/query-all-servers/node.def | 1 + 2 files changed, 5 insertions(+) create mode 100644 templates/service/dns/forwarding/query-all-servers/node.def (limited to 'templates/service') diff --git a/scripts/dns-forwarding/vyatta-dns-forwarding.pl b/scripts/dns-forwarding/vyatta-dns-forwarding.pl index 46e038b5..807afa28 100755 --- a/scripts/dns-forwarding/vyatta-dns-forwarding.pl +++ b/scripts/dns-forwarding/vyatta-dns-forwarding.pl @@ -95,6 +95,10 @@ sub dnsforwarding_get_values { $output .= "cache-size=$cache_size\n"; } + if (defined $query_all_servers) { + $output .= "all-servers\n"; + } + if (defined $ignore_hosts_file) { $output .= "no-hosts\n"; } diff --git a/templates/service/dns/forwarding/query-all-servers/node.def b/templates/service/dns/forwarding/query-all-servers/node.def new file mode 100644 index 00000000..90e8e7ec --- /dev/null +++ b/templates/service/dns/forwarding/query-all-servers/node.def @@ -0,0 +1 @@ +help: Query all DNS servers, respond and cache fastest result -- cgit v1.2.3 From 5ffc3d04434de0e463393c8e6d624072990c6a7e Mon Sep 17 00:00:00 2001 From: Kim Hagen Date: Thu, 27 Apr 2017 16:38:52 +0200 Subject: snmpd would not start when V3 was configured Updated all snmpd daemon commands to systemd type. --- scripts/snmp/vyatta-snmp-v3.pl | 19 ++++++++++--------- scripts/snmp/vyatta-snmp.pl | 11 ++++++----- templates/service/snmp/node.def | 2 +- 3 files changed, 17 insertions(+), 15 deletions(-) (limited to 'templates/service') diff --git a/scripts/snmp/vyatta-snmp-v3.pl b/scripts/snmp/vyatta-snmp-v3.pl index 5cd1ab87..a2d738eb 100755 --- a/scripts/snmp/vyatta-snmp-v3.pl +++ b/scripts/snmp/vyatta-snmp-v3.pl @@ -27,7 +27,10 @@ use Socket; use Socket6; my $snmp_v3_level = 'service snmp v3'; -my $snmp_init = 'invoke-rc.d snmpd'; +my $snmp_restart = 'systemctl restart snmpd.service'; +my $snmp_stop = 'systemctl stop snmpd.service'; +my $snmp_start = 'systemctl start snmpd.service'; +my $snmp_reload = 'systemctl reload snmpd.service'; my $snmpd_conf = '/etc/snmp/snmpd.conf'; my $snmpd_usr_conf = '/usr/share/snmp/snmpd.conf'; my $snmpd_var_conf = '/var/lib/snmp/snmpd.conf'; @@ -35,7 +38,7 @@ my $snmpd_conf_tmp = "/tmp/snmpd.conf.$$"; my $snmpd_usr_conf_tmp = "/tmp/snmpd.usr.conf.$$"; my $snmpd_var_conf_tmp = "/tmp/snmpd.var.conf.$$"; my $versionfile = '/opt/vyatta/etc/version'; -my $local_agent = 'unix:/var/run/snmpd.socket'; +my $local_agent = 'unix:/run/snmpd.socket'; my $oldEngineID = ""; my $setserialno = ""; @@ -53,7 +56,7 @@ sub randhex { } sub snmpd_running { - open( my $pidf, '<', "/var/run/snmpd.pid" ) + open( my $pidf, '<', "/run/snmpd.pid" ) or return; my $pid = <$pidf>; close $pidf; @@ -77,9 +80,7 @@ sub check_snmp_exit_code { } sub snmpd_stop { - system( -"start-stop-daemon --stop --exec /usr/sbin/snmpd --oknodo -R 2 > /dev/null 2>&1" - ); + system("$snmp_stop > /dev/null 2>&1"); if ( check_snmp_exit_code($?) ) { print "ERROR: Can not stop snmpd!\n"; exit(1); @@ -87,7 +88,7 @@ sub snmpd_stop { } sub snmpd_start { - system("$snmp_init start > /dev/null 2>&1"); + system("$snmp_start > /dev/null 2>&1"); if ( check_snmp_exit_code($?) ) { print "ERROR: Can not start snmpd!\n"; exit(1); @@ -95,7 +96,7 @@ sub snmpd_start { } sub snmpd_update { - system("$snmp_init reload > /dev/null 2>&1"); + system("$snmp_reload > /dev/null 2>&1"); if ( check_snmp_exit_code($?) ) { print "ERROR: Can not reload snmpd!\n"; exit(1); @@ -103,7 +104,7 @@ sub snmpd_update { } sub snmpd_restart { - system("$snmp_init restart > /dev/null 2>&1"); + system("$snmp_restart > /dev/null 2>&1"); if ( check_snmp_exit_code($?) ) { print "ERROR: Can not restart snmpd!\n"; exit(1); diff --git a/scripts/snmp/vyatta-snmp.pl b/scripts/snmp/vyatta-snmp.pl index 90f710e8..d744f2ad 100755 --- a/scripts/snmp/vyatta-snmp.pl +++ b/scripts/snmp/vyatta-snmp.pl @@ -36,20 +36,21 @@ use Socket; use Socket6; my $mibdir = '/opt/vyatta/share/snmp/mibs'; -my $snmp_init = 'invoke-rc.d snmpd'; +my $snmp_start = 'systemctl start snmpd.service'; +my $snmp_stop = 'systemctl stop snmpd.service'; my $snmp_conf = '/etc/snmp/snmpd.conf'; my $snmp_client = '/etc/snmp/snmp.conf'; my $snmp_tmp = "/tmp/snmpd.conf.$$"; my $snmp_snmpv3_user_conf = '/usr/share/snmp/snmpd.conf'; my $snmp_snmpv3_createuser_conf = '/var/lib/snmp/snmpd.conf'; my $versionfile = '/opt/vyatta/etc/version'; -my $local_agent = 'unix:/var/run/snmpd.socket'; +my $local_agent = 'unix:/run/snmpd.socket'; my $password_file = '/config/snmp/superuser_pass'; my $snmp_level = 'service snmp'; sub snmp_running { - open (my $pidf, '<', "/var/run/snmpd.pid") + open (my $pidf, '<', "/run/snmpd.pid") or return; my $pid = <$pidf>; close $pidf; @@ -61,12 +62,12 @@ sub snmp_running { } sub snmp_stop { - system("$snmp_init stop > /dev/null 2>&1"); + system("$snmp_stop > /dev/null 2>&1"); } sub snmp_start { # we must stop snmpd first for creating vyatta user - system("$snmp_init stop > /dev/null 2>&1"); + system("$snmp_stop > /dev/null 2>&1"); open (my $fh, '>', $snmp_tmp) or die "Couldn't open $snmp_tmp - $!"; diff --git a/templates/service/snmp/node.def b/templates/service/snmp/node.def index 9fb161dc..7c8c372b 100644 --- a/templates/service/snmp/node.def +++ b/templates/service/snmp/node.def @@ -22,6 +22,6 @@ end:if [ -f "/tmp/snmp.$PPID" ] then sudo /opt/vyatta/sbin/vyatta-snmp-v3.pl --update-snmp; else - sudo invoke-rc.d snmpd start > /dev/null 2>&1; + sudo systemctl start snmpd.service > /dev/null 2>&1; fi fi -- cgit v1.2.3 From 23fab8056330696c4aa26ba0ac7ded5dc405cb90 Mon Sep 17 00:00:00 2001 From: Ewald van Geffen Date: Sat, 29 Apr 2017 23:04:55 +0200 Subject: T167: "set service ssh allow-root" does not function --- templates/service/ssh/allow-root/node.def | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'templates/service') diff --git a/templates/service/ssh/allow-root/node.def b/templates/service/ssh/allow-root/node.def index c1e6abf2..2f8e4354 100644 --- a/templates/service/ssh/allow-root/node.def +++ b/templates/service/ssh/allow-root/node.def @@ -1,5 +1,5 @@ help: Enable root login over ssh -create: sudo sed -i -e '/^PermitRootLogin/s/no/yes/' /etc/ssh/sshd_config +create: sudo sed -i -e '/^PermitRootLogin/s/no\|without-password\|yes/yes/' /etc/ssh/sshd_config -delete: sudo sed -i -e '/^PermitRootLogin/s/yes/no/' /etc/ssh/sshd_config +delete: sudo sed -i -e '/^PermitRootLogin/s/no\|without-password\|yes/no/' /etc/ssh/sshd_config -- cgit v1.2.3 From 7ddab704b12dc447a2d8e2acb9178a0d90f63b78 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Sat, 9 Dec 2017 15:28:24 +0100 Subject: T414: Remove 'telnet' service Telnet remote logins have been deprecated for decades. As Debian 'jessie' busybox no longer has a telnetd applet, this service is no longer available. --- Makefile.am | 1 - debian/changelog | 6 ++ scripts/system/vyatta_update_telnet | 84 ------------------------ templates/service/telnet/allow-root/node.def | 3 - templates/service/telnet/listen-address/node.def | 7 -- templates/service/telnet/node.def | 8 --- templates/service/telnet/port/node.def | 9 --- 7 files changed, 6 insertions(+), 112 deletions(-) delete mode 100755 scripts/system/vyatta_update_telnet delete mode 100644 templates/service/telnet/allow-root/node.def delete mode 100644 templates/service/telnet/listen-address/node.def delete mode 100644 templates/service/telnet/node.def delete mode 100644 templates/service/telnet/port/node.def (limited to 'templates/service') diff --git a/Makefile.am b/Makefile.am index 169df296..9dfc957c 100644 --- a/Makefile.am +++ b/Makefile.am @@ -56,7 +56,6 @@ sbin_SCRIPTS += scripts/system/vyatta_update_sysctl.pl sbin_SCRIPTS += scripts/system/vyatta_update_syslog.pl sbin_SCRIPTS += scripts/system/vyatta_update_console.pl sbin_SCRIPTS += scripts/system/vyatta_update_ntp.pl -sbin_SCRIPTS += scripts/system/vyatta_update_telnet sbin_SCRIPTS += scripts/system/irq-affinity.pl sbin_SCRIPTS += scripts/snmp/vyatta-snmp.pl sbin_SCRIPTS += scripts/snmp/vyatta-snmp-v3.pl diff --git a/debian/changelog b/debian/changelog index 2d7dc77f..8d4ebc05 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +vyatta-cfg-system (0.20.44+vyos2+current4) unstable; urgency=medium + + * T414: Remove telnetd service + + -- Christian Poessinger Sat, 09 Dec 2017 15:29:45 +0100 + vyatta-cfg-system (0.20.44+vyos2+current3) unstable; urgency=medium [ Kim Hagen ] diff --git a/scripts/system/vyatta_update_telnet b/scripts/system/vyatta_update_telnet deleted file mode 100755 index f50eef79..00000000 --- a/scripts/system/vyatta_update_telnet +++ /dev/null @@ -1,84 +0,0 @@ -#! /bin/bash -# Script to control telnet daemon parameters -# and block changes when logged in over telnet - -# Block changes to telnet daemon when logged in over telnet -pid=$(who -um | awk -F " " '{print $7}') -if [ -n "$pid" ]; then - if ps --pid $(ps --pid $pid -o ppid=) -o cmd= | grep -q telnetd - then - echo "Please configure telnet settings via ssh or console." - exit 1 - fi -fi - -usage() { - echo "Usage: $0 enable " - echo " $0 disable" - echo " $0 allow-root {true|false}" - exit 1; -} - -allow-root() { - case "$1" in - true) ;; - false) ;; - *) echo "Expect true or false" - usage ;; - esac - - sudo sed -i -e '/^# Pseudo-terminal (telnet)/,$d' /etc/securetty - - if [ $1 = "false" ]; then - return - fi - - sudo sh -c "cat >>/etc/securetty" < 0 && $VAR(@) <= 65535 ; \ - "Port number must be in range 1 to 65535" -commit:expression: exec "sudo /opt/vyatta/sbin/is_port_available.pl $VAR(@)"; \ - "Port $VAR(@) is already in use!" -- cgit v1.2.3 From 9703bda9c3e6d7172851ba4420679364fb3e62f0 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Thu, 28 Dec 2017 00:39:54 +0100 Subject: T297: Fix DNS Forwarding server does not allow IPv6 address in name-server --- debian/changelog | 6 ++++++ templates/service/dns/forwarding/name-server/node.def | 6 ++++-- 2 files changed, 10 insertions(+), 2 deletions(-) (limited to 'templates/service') diff --git a/debian/changelog b/debian/changelog index d1169cde..0675e402 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +vyatta-cfg-system (0.20.44+vyos2+current7) unstable; urgency=medium + + * T297: Fix DNS Forwarding server does not allow IPv6 address in name-server + + -- Christian Poessinger Thu, 28 Dec 2017 00:39:04 +0100 + vyatta-cfg-system (0.20.44+vyos2+current6) unstable; urgency=medium * T496: remove diagnostic partition for RAID1 installs diff --git a/templates/service/dns/forwarding/name-server/node.def b/templates/service/dns/forwarding/name-server/node.def index 3ed4c459..ac7e45b6 100644 --- a/templates/service/dns/forwarding/name-server/node.def +++ b/templates/service/dns/forwarding/name-server/node.def @@ -1,3 +1,5 @@ multi: -type: ipv4 -help: DNS server to forward queries +type: ipv4,ipv6 +help: Domain Name Server (DNS) +val_help: ipv4; Domain Name Server (DNS) address +val_help: ipv6; Domain Name Server (DNS) address -- cgit v1.2.3 From 9177a5ac53f02dfd321d4068105cb74d562e12de Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Sun, 31 Dec 2017 15:33:03 +0100 Subject: T507: fix regex to avoid multiple MAC lines in sshd_config --- templates/service/ssh/macs/node.def | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'templates/service') diff --git a/templates/service/ssh/macs/node.def b/templates/service/ssh/macs/node.def index ee6c60e1..f9bf4176 100644 --- a/templates/service/ssh/macs/node.def +++ b/templates/service/ssh/macs/node.def @@ -1,10 +1,11 @@ type: txt -help: Specifies the available MAC (message authentication code) algorithms. The MAC algorithm is used in protocol version 2 for data integrity protection. Multiple algorithms must be comma-separated. See 'man sshd_config' for supported MACs. +help: Allowed message authentication algorithms +comp_help: Specifies the available MAC (message authentication code) algorithms. The MAC algorithm is used in protocol version 2 for data integrity protection. Multiple algorithms must be comma-separated. See 'ssh -Q mac' for supported MACs. create: sudo sed -i -e '$ a \ MACs $VAR(@)' /etc/ssh/sshd_config delete: sudo sed -i -e '/^MACs $VAR(@)$/d' /etc/ssh/sshd_config -update: sudo sed -i -e '/^MACs/c \ -MACs $VAR(@)' /etc/ssh/sshd_config \ No newline at end of file +update: sudo sed -i -e '/^MACs.*$/c \ +MACs $VAR(@)' /etc/ssh/sshd_config -- cgit v1.2.3 From fd332e6dd8e155d0e73ad8264b75f681b82089f8 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Sun, 31 Dec 2017 15:33:34 +0100 Subject: T507: fix regex to avoid multiple Cipher lines in sshd_config --- templates/service/ssh/ciphers/node.def | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'templates/service') diff --git a/templates/service/ssh/ciphers/node.def b/templates/service/ssh/ciphers/node.def index 7eab846e..0394b8e4 100644 --- a/templates/service/ssh/ciphers/node.def +++ b/templates/service/ssh/ciphers/node.def @@ -25,5 +25,5 @@ Ciphers $VAR(@)' /etc/ssh/sshd_config delete: sudo sed -i -e '/^Ciphers $VAR(@)$/d' /etc/ssh/sshd_config -update: sudo sed -i -e '/^Ciphers/c \ +update: sudo sed -i -e '/^Ciphers.*$/c \ Ciphers $VAR(@)' /etc/ssh/sshd_config -- cgit v1.2.3 From 39c3c6b0cb5a2b34cadcad857bc70577f1fefba3 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Sun, 31 Dec 2017 15:33:56 +0100 Subject: T507: Add new OpenSSH ciphers --- templates/service/ssh/ciphers/node.def | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) (limited to 'templates/service') diff --git a/templates/service/ssh/ciphers/node.def b/templates/service/ssh/ciphers/node.def index 0394b8e4..b5e5af68 100644 --- a/templates/service/ssh/ciphers/node.def +++ b/templates/service/ssh/ciphers/node.def @@ -1,21 +1,26 @@ type: txt help: Allowed ciphers val_help: txt; Cipher string -val_help: 3des-cbc; 3DES CBC +val_help: aes128-gcm@openssh.com; AES 128 GCM +val_help: aes256-gcm@openssh.com; AES 256 GCM +val_help: chacha20-poly1305@openssh.com; ChaCha20 Poly1305 +val_help: 3des-cbc; 3DES CBC (weak) val_help: aes128-cbc; AES 128 CBC val_help: aes192-cbc; AES 192 CBC val_help: aes256-cbc; AES 256 CBC val_help: aes128-ctr; AES 128 CTR val_help: aes192-ctr; AES 192 CTR val_help: aes256-ctr; AES 256 CTR -val_help: arcfour128; AC4 128 -val_help: arcfour256; AC4 256 -val_help: arcfour; AC4 +val_help: arcfour128; AC4 128 (broken) +val_help: arcfour256; AC4 256 (broken) +val_help: arcfour; AC4 (broken) val_help: blowfish-cbc; Blowfish CBC val_help: cast128-cbc; CAST 128 CBC comp_help: Multiple ciphers can be specified as a comma-separated list. -syntax:expression: pattern $VAR(@) "^((3des-cbc|aes128-cbc|aes192-cbc|aes256-cbc|aes128-ctr|aes192-ctr|\ +syntax:expression: pattern $VAR(@) "^((aes128-gcm@openssh.com|\ +aes256-gcm@openssh.com|chacha20-poly1305@openssh.com|\ +3des-cbc|aes128-cbc|aes192-cbc|aes256-cbc|aes128-ctr|aes192-ctr|\ aes256-ctr|arcfour128|arcfour256|arcfour|\ blowfish-cbc|cast128-cbc)(,|$))+$"; \ "$VAR(@) is not a valid cipher list" -- cgit v1.2.3 From ed9ab6155a9ae94a9b9bb214c42fb8dad6dfbf04 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Sun, 31 Dec 2017 15:34:42 +0100 Subject: T507: Add support for key exchange algorithms --- templates/service/ssh/key-exchange/node.def | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 templates/service/ssh/key-exchange/node.def (limited to 'templates/service') diff --git a/templates/service/ssh/key-exchange/node.def b/templates/service/ssh/key-exchange/node.def new file mode 100644 index 00000000..a3c91b0b --- /dev/null +++ b/templates/service/ssh/key-exchange/node.def @@ -0,0 +1,11 @@ +type: txt +help: Allowed key exchange algorithms +comp_help: Specifies the available KEX (key exchange) algorithms. The KEX algorithm is used in protocol version 2 for key negotiation upon session creation. Multiple algorithms must be comma-separated. See 'ssh -Q kex' for supported KEX algorithms. + +create: sudo sed -i -e '$ a \ +KexAlgorithms $VAR(@)' /etc/ssh/sshd_config + +delete: sudo sed -i -e '/^KexAlgorithms $VAR(@)$/d' /etc/ssh/sshd_config + +update: sudo sed -i -e '/^KexAlgorithms.*$/c \ +KexAlgorithms $VAR(@)' /etc/ssh/sshd_config -- cgit v1.2.3 From 6f63930251beed98bb6d20567631db235dab1d16 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Sun, 31 Dec 2017 15:35:29 +0100 Subject: T507: Add support for SSHd loglevel configuration --- templates/service/ssh/loglevel/node.def | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 templates/service/ssh/loglevel/node.def (limited to 'templates/service') diff --git a/templates/service/ssh/loglevel/node.def b/templates/service/ssh/loglevel/node.def new file mode 100644 index 00000000..f66ec068 --- /dev/null +++ b/templates/service/ssh/loglevel/node.def @@ -0,0 +1,19 @@ +type: txt +help: Log Level +val_help: QUIET; stay silent +val_help: FATAL; log fatals only +val_help: ERROR; log errors and fatals only +val_help: INFO; default log level +val_help: VERBOSE; enable logging of failed login attempts +comp_help: Gives the verbosity level that is used when logging messages from sshd(8). The default is INFO. + +syntax:expression: pattern $VAR(@) "^((QUIET|FATAL|ERROR|INFO|VERBOSE)(,|$))+$"; \ +"$VAR(@) is not a valid log level" + +create: sudo sed -i -e '/^LogLevel.*$/c \ +LogLevel $VAR(@)' /etc/ssh/sshd_config + +delete: sudo sed -i -e '/^LogLevel $VAR(@)$/d' /etc/ssh/sshd_config + +update: sudo sed -i -e '/^LogLevel.*$/c \ +LogLevel $VAR(@)' /etc/ssh/sshd_config -- cgit v1.2.3 From 33346b68ed7155478fd435af963c2eeaf63a5f8a Mon Sep 17 00:00:00 2001 From: Alain Lamar Date: Mon, 1 Jan 2018 12:43:23 +0100 Subject: T122: Add config nodes for user/group access controls in sshd_config --- templates/service/ssh/allow-groups/node.def | 11 +++++++++++ templates/service/ssh/allow-users/node.def | 11 +++++++++++ templates/service/ssh/deny-groups/node.def | 11 +++++++++++ templates/service/ssh/deny-users/node.def | 11 +++++++++++ templates/service/ssh/sshd-option/node.def | 8 ++++++++ 5 files changed, 52 insertions(+) create mode 100644 templates/service/ssh/allow-groups/node.def create mode 100644 templates/service/ssh/allow-users/node.def create mode 100644 templates/service/ssh/deny-groups/node.def create mode 100644 templates/service/ssh/deny-users/node.def create mode 100644 templates/service/ssh/sshd-option/node.def (limited to 'templates/service') diff --git a/templates/service/ssh/allow-groups/node.def b/templates/service/ssh/allow-groups/node.def new file mode 100644 index 00000000..2d6aa75b --- /dev/null +++ b/templates/service/ssh/allow-groups/node.def @@ -0,0 +1,11 @@ +type: txt +help: Configure sshd_config access control for allowed groups. +comp_help: The SSH user and group access control directives (allow/deny) are processed in the following order: DenyUsers, AllowUsers, DenyGroups, and finally AllowGroups. Multiple groups can be specified as a comma-separated list. + +create: sudo sed -i -e '$ a \ +AllowGroups $VAR(@)' /etc/ssh/sshd_config + +delete: sudo sed -i -e '/^AllowGroups $VAR(@)$/d' /etc/ssh/sshd_config + +update: sudo sed -i -e '/^AllowGroups.*$/c \ +AllowGroups $VAR(@)' /etc/ssh/sshd_config diff --git a/templates/service/ssh/allow-users/node.def b/templates/service/ssh/allow-users/node.def new file mode 100644 index 00000000..2052bf69 --- /dev/null +++ b/templates/service/ssh/allow-users/node.def @@ -0,0 +1,11 @@ +type: txt +help: Configure sshd_config access control for allowed users. +comp_help: The SSH user and group access control directives (allow/deny) are processed in the following order: DenyUsers, AllowUsers, DenyGroups, and finally AllowGroups. Multiple users can be specified as a comma-separated list. + +create: sudo sed -i -e '$ a \ +AllowUsers $VAR(@)' /etc/ssh/sshd_config + +delete: sudo sed -i -e '/^AllowUsers $VAR(@)$/d' /etc/ssh/sshd_config + +update: sudo sed -i -e '/^AllowUsers.*$/c \ +AllowUsers $VAR(@)' /etc/ssh/sshd_config diff --git a/templates/service/ssh/deny-groups/node.def b/templates/service/ssh/deny-groups/node.def new file mode 100644 index 00000000..c2c8dcab --- /dev/null +++ b/templates/service/ssh/deny-groups/node.def @@ -0,0 +1,11 @@ +type: txt +help: Configure sshd_config access control for disallowed groups. +comp_help: The SSH user and group access control directives (allow/deny) are processed in the following order: DenyUsers, AllowUsers, DenyGroups, and finally AllowGroups. Multiple groups can be specified as a comma-separated list. + +create: sudo sed -i -e '$ a \ +DenyGroups $VAR(@)' /etc/ssh/sshd_config + +delete: sudo sed -i -e '/^DenyGroups $VAR(@)$/d' /etc/ssh/sshd_config + +update: sudo sed -i -e '/^DenyGroups.*$/c \ +DenyGroups $VAR(@)' /etc/ssh/sshd_config diff --git a/templates/service/ssh/deny-users/node.def b/templates/service/ssh/deny-users/node.def new file mode 100644 index 00000000..a6426f90 --- /dev/null +++ b/templates/service/ssh/deny-users/node.def @@ -0,0 +1,11 @@ +type: txt +help: Configure sshd_config access control for disallowed users. +comp_help: The SSH user and group access control directives (allow/deny) are processed in the following order: DenyUsers, AllowUsers, DenyGroups, and finally AllowGroups. Multiple users can be specified as a comma-separated list. + +create: sudo sed -i -e '$ a \ +DenyUsers $VAR(@)' /etc/ssh/sshd_config + +delete: sudo sed -i -e '/^DenyUsers $VAR(@)$/d' /etc/ssh/sshd_config + +update: sudo sed -i -e '/^DenyUsers.*$/c \ +DenyUsers $VAR(@)' /etc/ssh/sshd_config diff --git a/templates/service/ssh/sshd-option/node.def b/templates/service/ssh/sshd-option/node.def new file mode 100644 index 00000000..7f6ec7ec --- /dev/null +++ b/templates/service/ssh/sshd-option/node.def @@ -0,0 +1,8 @@ +multi: +type: txt +help: Additional options for sshd_config + +create: sudo sed -i -e '$ a \ +$VAR(@)' /etc/ssh/sshd_config + +delete: sudo sed -i -e '/^$VAR(@)$/d' /etc/ssh/sshd_config -- cgit v1.2.3 From 082dd8fa2190bb4a0df818b827736766a77cf0bc Mon Sep 17 00:00:00 2001 From: Alain Lamar Date: Tue, 2 Jan 2018 19:09:58 +0100 Subject: T122: Add a new node to store access control configurations --- templates/service/ssh/access-control/node.def | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 templates/service/ssh/access-control/node.def (limited to 'templates/service') diff --git a/templates/service/ssh/access-control/node.def b/templates/service/ssh/access-control/node.def new file mode 100644 index 00000000..8f6ca6e7 --- /dev/null +++ b/templates/service/ssh/access-control/node.def @@ -0,0 +1,2 @@ +help: SSH user/group access controls +comp_help: The SSH user and group access control directives (allow/deny) are processed in the following order: DenyUsers, AllowUsers, DenyGroups, and finally AllowGroups. Multiple users can be specified as a comma-separated list. -- cgit v1.2.3 From 7a628be1675cca0218c14794a7a07321545ca057 Mon Sep 17 00:00:00 2001 From: Alain Lamar Date: Tue, 2 Jan 2018 19:11:24 +0100 Subject: T122: Added a config node to implement sshd_config's AllowUsers --- templates/service/ssh/access-control/allow-users/node.def | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 templates/service/ssh/access-control/allow-users/node.def (limited to 'templates/service') diff --git a/templates/service/ssh/access-control/allow-users/node.def b/templates/service/ssh/access-control/allow-users/node.def new file mode 100644 index 00000000..2052bf69 --- /dev/null +++ b/templates/service/ssh/access-control/allow-users/node.def @@ -0,0 +1,11 @@ +type: txt +help: Configure sshd_config access control for allowed users. +comp_help: The SSH user and group access control directives (allow/deny) are processed in the following order: DenyUsers, AllowUsers, DenyGroups, and finally AllowGroups. Multiple users can be specified as a comma-separated list. + +create: sudo sed -i -e '$ a \ +AllowUsers $VAR(@)' /etc/ssh/sshd_config + +delete: sudo sed -i -e '/^AllowUsers $VAR(@)$/d' /etc/ssh/sshd_config + +update: sudo sed -i -e '/^AllowUsers.*$/c \ +AllowUsers $VAR(@)' /etc/ssh/sshd_config -- cgit v1.2.3 From f76f756b8c031226c37a3851074cc26f506ccf2b Mon Sep 17 00:00:00 2001 From: Alain Lamar Date: Tue, 2 Jan 2018 19:12:09 +0100 Subject: T122: Added a config node to implement sshd_config's AllowGroups --- templates/service/ssh/access-control/allow-groups/node.def | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 templates/service/ssh/access-control/allow-groups/node.def (limited to 'templates/service') diff --git a/templates/service/ssh/access-control/allow-groups/node.def b/templates/service/ssh/access-control/allow-groups/node.def new file mode 100644 index 00000000..2d6aa75b --- /dev/null +++ b/templates/service/ssh/access-control/allow-groups/node.def @@ -0,0 +1,11 @@ +type: txt +help: Configure sshd_config access control for allowed groups. +comp_help: The SSH user and group access control directives (allow/deny) are processed in the following order: DenyUsers, AllowUsers, DenyGroups, and finally AllowGroups. Multiple groups can be specified as a comma-separated list. + +create: sudo sed -i -e '$ a \ +AllowGroups $VAR(@)' /etc/ssh/sshd_config + +delete: sudo sed -i -e '/^AllowGroups $VAR(@)$/d' /etc/ssh/sshd_config + +update: sudo sed -i -e '/^AllowGroups.*$/c \ +AllowGroups $VAR(@)' /etc/ssh/sshd_config -- cgit v1.2.3 From f56e7154b9dfb36305cfb0c36998d245c26ad343 Mon Sep 17 00:00:00 2001 From: Alain Lamar Date: Tue, 2 Jan 2018 19:12:27 +0100 Subject: T122: Added a config node to implement sshd_config's DenyUsers --- templates/service/ssh/access-control/deny-users/node.def | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 templates/service/ssh/access-control/deny-users/node.def (limited to 'templates/service') diff --git a/templates/service/ssh/access-control/deny-users/node.def b/templates/service/ssh/access-control/deny-users/node.def new file mode 100644 index 00000000..a6426f90 --- /dev/null +++ b/templates/service/ssh/access-control/deny-users/node.def @@ -0,0 +1,11 @@ +type: txt +help: Configure sshd_config access control for disallowed users. +comp_help: The SSH user and group access control directives (allow/deny) are processed in the following order: DenyUsers, AllowUsers, DenyGroups, and finally AllowGroups. Multiple users can be specified as a comma-separated list. + +create: sudo sed -i -e '$ a \ +DenyUsers $VAR(@)' /etc/ssh/sshd_config + +delete: sudo sed -i -e '/^DenyUsers $VAR(@)$/d' /etc/ssh/sshd_config + +update: sudo sed -i -e '/^DenyUsers.*$/c \ +DenyUsers $VAR(@)' /etc/ssh/sshd_config -- cgit v1.2.3 From ccbfc90fdb6239d30613fb28b76144c03c2d9809 Mon Sep 17 00:00:00 2001 From: Alain Lamar Date: Tue, 2 Jan 2018 19:12:43 +0100 Subject: T122: Added a config node to implement sshd_config's DenyGroups --- templates/service/ssh/access-control/deny-groups/node.def | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 templates/service/ssh/access-control/deny-groups/node.def (limited to 'templates/service') diff --git a/templates/service/ssh/access-control/deny-groups/node.def b/templates/service/ssh/access-control/deny-groups/node.def new file mode 100644 index 00000000..c2c8dcab --- /dev/null +++ b/templates/service/ssh/access-control/deny-groups/node.def @@ -0,0 +1,11 @@ +type: txt +help: Configure sshd_config access control for disallowed groups. +comp_help: The SSH user and group access control directives (allow/deny) are processed in the following order: DenyUsers, AllowUsers, DenyGroups, and finally AllowGroups. Multiple groups can be specified as a comma-separated list. + +create: sudo sed -i -e '$ a \ +DenyGroups $VAR(@)' /etc/ssh/sshd_config + +delete: sudo sed -i -e '/^DenyGroups $VAR(@)$/d' /etc/ssh/sshd_config + +update: sudo sed -i -e '/^DenyGroups.*$/c \ +DenyGroups $VAR(@)' /etc/ssh/sshd_config -- cgit v1.2.3 From c4b7a6a89d8309ffef66c7ddf9a74e03eef6c83f Mon Sep 17 00:00:00 2001 From: Alain Lamar Date: Tue, 2 Jan 2018 19:17:20 +0100 Subject: T122: Undo the multiple-features-in-one-commit commit --- templates/service/ssh/allow-groups/node.def | 11 ----------- templates/service/ssh/allow-users/node.def | 11 ----------- templates/service/ssh/deny-groups/node.def | 11 ----------- templates/service/ssh/deny-users/node.def | 11 ----------- templates/service/ssh/sshd-option/node.def | 8 -------- 5 files changed, 52 deletions(-) delete mode 100644 templates/service/ssh/allow-groups/node.def delete mode 100644 templates/service/ssh/allow-users/node.def delete mode 100644 templates/service/ssh/deny-groups/node.def delete mode 100644 templates/service/ssh/deny-users/node.def delete mode 100644 templates/service/ssh/sshd-option/node.def (limited to 'templates/service') diff --git a/templates/service/ssh/allow-groups/node.def b/templates/service/ssh/allow-groups/node.def deleted file mode 100644 index 2d6aa75b..00000000 --- a/templates/service/ssh/allow-groups/node.def +++ /dev/null @@ -1,11 +0,0 @@ -type: txt -help: Configure sshd_config access control for allowed groups. -comp_help: The SSH user and group access control directives (allow/deny) are processed in the following order: DenyUsers, AllowUsers, DenyGroups, and finally AllowGroups. Multiple groups can be specified as a comma-separated list. - -create: sudo sed -i -e '$ a \ -AllowGroups $VAR(@)' /etc/ssh/sshd_config - -delete: sudo sed -i -e '/^AllowGroups $VAR(@)$/d' /etc/ssh/sshd_config - -update: sudo sed -i -e '/^AllowGroups.*$/c \ -AllowGroups $VAR(@)' /etc/ssh/sshd_config diff --git a/templates/service/ssh/allow-users/node.def b/templates/service/ssh/allow-users/node.def deleted file mode 100644 index 2052bf69..00000000 --- a/templates/service/ssh/allow-users/node.def +++ /dev/null @@ -1,11 +0,0 @@ -type: txt -help: Configure sshd_config access control for allowed users. -comp_help: The SSH user and group access control directives (allow/deny) are processed in the following order: DenyUsers, AllowUsers, DenyGroups, and finally AllowGroups. Multiple users can be specified as a comma-separated list. - -create: sudo sed -i -e '$ a \ -AllowUsers $VAR(@)' /etc/ssh/sshd_config - -delete: sudo sed -i -e '/^AllowUsers $VAR(@)$/d' /etc/ssh/sshd_config - -update: sudo sed -i -e '/^AllowUsers.*$/c \ -AllowUsers $VAR(@)' /etc/ssh/sshd_config diff --git a/templates/service/ssh/deny-groups/node.def b/templates/service/ssh/deny-groups/node.def deleted file mode 100644 index c2c8dcab..00000000 --- a/templates/service/ssh/deny-groups/node.def +++ /dev/null @@ -1,11 +0,0 @@ -type: txt -help: Configure sshd_config access control for disallowed groups. -comp_help: The SSH user and group access control directives (allow/deny) are processed in the following order: DenyUsers, AllowUsers, DenyGroups, and finally AllowGroups. Multiple groups can be specified as a comma-separated list. - -create: sudo sed -i -e '$ a \ -DenyGroups $VAR(@)' /etc/ssh/sshd_config - -delete: sudo sed -i -e '/^DenyGroups $VAR(@)$/d' /etc/ssh/sshd_config - -update: sudo sed -i -e '/^DenyGroups.*$/c \ -DenyGroups $VAR(@)' /etc/ssh/sshd_config diff --git a/templates/service/ssh/deny-users/node.def b/templates/service/ssh/deny-users/node.def deleted file mode 100644 index a6426f90..00000000 --- a/templates/service/ssh/deny-users/node.def +++ /dev/null @@ -1,11 +0,0 @@ -type: txt -help: Configure sshd_config access control for disallowed users. -comp_help: The SSH user and group access control directives (allow/deny) are processed in the following order: DenyUsers, AllowUsers, DenyGroups, and finally AllowGroups. Multiple users can be specified as a comma-separated list. - -create: sudo sed -i -e '$ a \ -DenyUsers $VAR(@)' /etc/ssh/sshd_config - -delete: sudo sed -i -e '/^DenyUsers $VAR(@)$/d' /etc/ssh/sshd_config - -update: sudo sed -i -e '/^DenyUsers.*$/c \ -DenyUsers $VAR(@)' /etc/ssh/sshd_config diff --git a/templates/service/ssh/sshd-option/node.def b/templates/service/ssh/sshd-option/node.def deleted file mode 100644 index 7f6ec7ec..00000000 --- a/templates/service/ssh/sshd-option/node.def +++ /dev/null @@ -1,8 +0,0 @@ -multi: -type: txt -help: Additional options for sshd_config - -create: sudo sed -i -e '$ a \ -$VAR(@)' /etc/ssh/sshd_config - -delete: sudo sed -i -e '/^$VAR(@)$/d' /etc/ssh/sshd_config -- cgit v1.2.3 From d0af07c4b5f56b8faf2340c97676c2ff1b6a0933 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Wed, 21 Feb 2018 11:28:30 +0100 Subject: T546: Add support for IPv6 address in 'service dns forwarding domain' --- templates/service/dns/forwarding/domain/node.tag/server/node.def | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'templates/service') diff --git a/templates/service/dns/forwarding/domain/node.tag/server/node.def b/templates/service/dns/forwarding/domain/node.tag/server/node.def index 8f40a299..e616c0aa 100644 --- a/templates/service/dns/forwarding/domain/node.tag/server/node.def +++ b/templates/service/dns/forwarding/domain/node.tag/server/node.def @@ -1,3 +1,5 @@ multi: -type: ipv4 -help: DNS server to forward queries +type: ipv4,ipv6 +help: Domain Name Server (DNS) to forward queries +val_help: ipv4; Domain Name Server (DNS) address +val_help: ipv6; Domain Name Server (DNS) address -- cgit v1.2.3 From d8dd509656e24d0050050ed067021e4b45e07d59 Mon Sep 17 00:00:00 2001 From: Daniil Baturin Date: Wed, 28 Feb 2018 13:32:24 +0100 Subject: T507: add autocompletion or SSH key exchange algorithms --- templates/service/ssh/key-exchange/node.def | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'templates/service') diff --git a/templates/service/ssh/key-exchange/node.def b/templates/service/ssh/key-exchange/node.def index a3c91b0b..00df581a 100644 --- a/templates/service/ssh/key-exchange/node.def +++ b/templates/service/ssh/key-exchange/node.def @@ -1,6 +1,7 @@ type: txt -help: Allowed key exchange algorithms -comp_help: Specifies the available KEX (key exchange) algorithms. The KEX algorithm is used in protocol version 2 for key negotiation upon session creation. Multiple algorithms must be comma-separated. See 'ssh -Q kex' for supported KEX algorithms. +help: Key exchange algorithms + +allowed: ssh -Q kex | perl -ne '$_=~s/\n/ /;print' create: sudo sed -i -e '$ a \ KexAlgorithms $VAR(@)' /etc/ssh/sshd_config -- cgit v1.2.3 From df78ae1e4411c15f27f5f29b172b71504c444637 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Fri, 16 Mar 2018 20:09:27 +0100 Subject: Remove dns forwarding templates in favor of vyos-1x --- templates/service/dns/forwarding/cache-size/node.def | 5 ----- templates/service/dns/forwarding/dhcp/node.def | 8 -------- templates/service/dns/forwarding/domain/node.def | 4 ---- .../service/dns/forwarding/domain/node.tag/server/node.def | 5 ----- templates/service/dns/forwarding/ignore-hosts-file/node.def | 1 - templates/service/dns/forwarding/listen-on/node.def | 5 ----- templates/service/dns/forwarding/name-server/node.def | 5 ----- templates/service/dns/forwarding/node.def | 10 ---------- templates/service/dns/forwarding/query-all-servers/node.def | 1 - templates/service/dns/forwarding/system/node.def | 2 -- 10 files changed, 46 deletions(-) delete mode 100644 templates/service/dns/forwarding/cache-size/node.def delete mode 100644 templates/service/dns/forwarding/dhcp/node.def delete mode 100644 templates/service/dns/forwarding/domain/node.def delete mode 100644 templates/service/dns/forwarding/domain/node.tag/server/node.def delete mode 100644 templates/service/dns/forwarding/ignore-hosts-file/node.def delete mode 100644 templates/service/dns/forwarding/listen-on/node.def delete mode 100644 templates/service/dns/forwarding/name-server/node.def delete mode 100644 templates/service/dns/forwarding/node.def delete mode 100644 templates/service/dns/forwarding/query-all-servers/node.def delete mode 100644 templates/service/dns/forwarding/system/node.def (limited to 'templates/service') diff --git a/templates/service/dns/forwarding/cache-size/node.def b/templates/service/dns/forwarding/cache-size/node.def deleted file mode 100644 index 9285dbbd..00000000 --- a/templates/service/dns/forwarding/cache-size/node.def +++ /dev/null @@ -1,5 +0,0 @@ -type: u32 -default:150 -help: DNS forwarding cache size -syntax:expression: ($VAR(@) >=0 && $VAR(@) < 10001) ; "Cache size must be between 0 and 10000" -val_help: u32:0-10000; DNS forwarding cache size diff --git a/templates/service/dns/forwarding/dhcp/node.def b/templates/service/dns/forwarding/dhcp/node.def deleted file mode 100644 index f19b000e..00000000 --- a/templates/service/dns/forwarding/dhcp/node.def +++ /dev/null @@ -1,8 +0,0 @@ -multi: -type: txt -help: Use nameservers received from DHCP server for specified interface -commit:expression: exec "/opt/vyatta/sbin/vyatta-dns-forwarding.pl --dhcp-interface $VAR(@)" -allowed: - local -a array ; - array=( /var/lib/dhcp/eth* /var/lib/dhcp/br* ) ; - echo -n ${array[@]##*/} diff --git a/templates/service/dns/forwarding/domain/node.def b/templates/service/dns/forwarding/domain/node.def deleted file mode 100644 index bdd82752..00000000 --- a/templates/service/dns/forwarding/domain/node.def +++ /dev/null @@ -1,4 +0,0 @@ -tag: -type: txt -help: DNS domain to forward to a local server -commit:expression: $VAR(./server/) != ""; "Error: No server configured for the domain $VAR(@)" diff --git a/templates/service/dns/forwarding/domain/node.tag/server/node.def b/templates/service/dns/forwarding/domain/node.tag/server/node.def deleted file mode 100644 index e616c0aa..00000000 --- a/templates/service/dns/forwarding/domain/node.tag/server/node.def +++ /dev/null @@ -1,5 +0,0 @@ -multi: -type: ipv4,ipv6 -help: Domain Name Server (DNS) to forward queries -val_help: ipv4; Domain Name Server (DNS) address -val_help: ipv6; Domain Name Server (DNS) address diff --git a/templates/service/dns/forwarding/ignore-hosts-file/node.def b/templates/service/dns/forwarding/ignore-hosts-file/node.def deleted file mode 100644 index 08a89ca8..00000000 --- a/templates/service/dns/forwarding/ignore-hosts-file/node.def +++ /dev/null @@ -1 +0,0 @@ -help: Do not use local /etc/hosts file in name resolution diff --git a/templates/service/dns/forwarding/listen-on/node.def b/templates/service/dns/forwarding/listen-on/node.def deleted file mode 100644 index 3d1c748f..00000000 --- a/templates/service/dns/forwarding/listen-on/node.def +++ /dev/null @@ -1,5 +0,0 @@ -multi: -type: txt -help: Interface to listen for DNS queries [REQUIRED] -allowed: /opt/vyatta/sbin/vyatta-interfaces.pl --show=all -commit:expression: exec "/opt/vyatta/sbin/vyatta-interfaces.pl --dev=$VAR(@) --warn" diff --git a/templates/service/dns/forwarding/name-server/node.def b/templates/service/dns/forwarding/name-server/node.def deleted file mode 100644 index ac7e45b6..00000000 --- a/templates/service/dns/forwarding/name-server/node.def +++ /dev/null @@ -1,5 +0,0 @@ -multi: -type: ipv4,ipv6 -help: Domain Name Server (DNS) -val_help: ipv4; Domain Name Server (DNS) address -val_help: ipv6; Domain Name Server (DNS) address diff --git a/templates/service/dns/forwarding/node.def b/templates/service/dns/forwarding/node.def deleted file mode 100644 index ae7a9d3c..00000000 --- a/templates/service/dns/forwarding/node.def +++ /dev/null @@ -1,10 +0,0 @@ -priority: 918 -help: DNS forwarding -commit:expression: $VAR(./listen-on) != ""; "At least one interface must be configured for DNS forwarding parameter 'listen-on'" -delete:expression: "touch /tmp/dnsmasq.$PPID" -end:expression: "if [ -f \"/tmp/dnsmasq.$PPID\" ]; then \ - sudo /opt/vyatta/sbin/vyatta-dns-forwarding.pl --stop-dnsforwarding \ - rm /tmp/dnsmasq.$PPID; \ - else \ - sudo /opt/vyatta/sbin/vyatta-dns-forwarding.pl --update-dnsforwarding; \ - fi; " diff --git a/templates/service/dns/forwarding/query-all-servers/node.def b/templates/service/dns/forwarding/query-all-servers/node.def deleted file mode 100644 index 90e8e7ec..00000000 --- a/templates/service/dns/forwarding/query-all-servers/node.def +++ /dev/null @@ -1 +0,0 @@ -help: Query all DNS servers, respond and cache fastest result diff --git a/templates/service/dns/forwarding/system/node.def b/templates/service/dns/forwarding/system/node.def deleted file mode 100644 index a37676de..00000000 --- a/templates/service/dns/forwarding/system/node.def +++ /dev/null @@ -1,2 +0,0 @@ -help: DNS forwarding to system nameservers -commit:expression: exec "/opt/vyatta/sbin/vyatta-dns-forwarding.pl --system-nameserver" -- cgit v1.2.3 From 58bcf1639e1656643e3470e25fbbea0a707355a9 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Sun, 13 May 2018 14:17:44 +0200 Subject: T631: Rewrite SSH configuration as XML interface definition --- .../ssh/access-control/allow-groups/node.def | 11 ------- .../ssh/access-control/allow-users/node.def | 11 ------- .../ssh/access-control/deny-groups/node.def | 11 ------- .../service/ssh/access-control/deny-users/node.def | 11 ------- templates/service/ssh/access-control/node.def | 2 -- templates/service/ssh/allow-root/node.def | 5 ---- templates/service/ssh/ciphers/node.def | 34 ---------------------- .../service/ssh/disable-host-validation/node.def | 6 ---- .../ssh/disable-password-authentication/node.def | 5 ---- templates/service/ssh/key-exchange/node.def | 12 -------- templates/service/ssh/listen-address/node.def | 10 ------- templates/service/ssh/loglevel/node.def | 19 ------------ templates/service/ssh/macs/node.def | 11 ------- templates/service/ssh/node.def | 8 ----- templates/service/ssh/port/node.def | 7 ----- 15 files changed, 163 deletions(-) delete mode 100644 templates/service/ssh/access-control/allow-groups/node.def delete mode 100644 templates/service/ssh/access-control/allow-users/node.def delete mode 100644 templates/service/ssh/access-control/deny-groups/node.def delete mode 100644 templates/service/ssh/access-control/deny-users/node.def delete mode 100644 templates/service/ssh/access-control/node.def delete mode 100644 templates/service/ssh/allow-root/node.def delete mode 100644 templates/service/ssh/ciphers/node.def delete mode 100644 templates/service/ssh/disable-host-validation/node.def delete mode 100644 templates/service/ssh/disable-password-authentication/node.def delete mode 100644 templates/service/ssh/key-exchange/node.def delete mode 100644 templates/service/ssh/listen-address/node.def delete mode 100644 templates/service/ssh/loglevel/node.def delete mode 100644 templates/service/ssh/macs/node.def delete mode 100644 templates/service/ssh/node.def delete mode 100644 templates/service/ssh/port/node.def (limited to 'templates/service') diff --git a/templates/service/ssh/access-control/allow-groups/node.def b/templates/service/ssh/access-control/allow-groups/node.def deleted file mode 100644 index 2d6aa75b..00000000 --- a/templates/service/ssh/access-control/allow-groups/node.def +++ /dev/null @@ -1,11 +0,0 @@ -type: txt -help: Configure sshd_config access control for allowed groups. -comp_help: The SSH user and group access control directives (allow/deny) are processed in the following order: DenyUsers, AllowUsers, DenyGroups, and finally AllowGroups. Multiple groups can be specified as a comma-separated list. - -create: sudo sed -i -e '$ a \ -AllowGroups $VAR(@)' /etc/ssh/sshd_config - -delete: sudo sed -i -e '/^AllowGroups $VAR(@)$/d' /etc/ssh/sshd_config - -update: sudo sed -i -e '/^AllowGroups.*$/c \ -AllowGroups $VAR(@)' /etc/ssh/sshd_config diff --git a/templates/service/ssh/access-control/allow-users/node.def b/templates/service/ssh/access-control/allow-users/node.def deleted file mode 100644 index 2052bf69..00000000 --- a/templates/service/ssh/access-control/allow-users/node.def +++ /dev/null @@ -1,11 +0,0 @@ -type: txt -help: Configure sshd_config access control for allowed users. -comp_help: The SSH user and group access control directives (allow/deny) are processed in the following order: DenyUsers, AllowUsers, DenyGroups, and finally AllowGroups. Multiple users can be specified as a comma-separated list. - -create: sudo sed -i -e '$ a \ -AllowUsers $VAR(@)' /etc/ssh/sshd_config - -delete: sudo sed -i -e '/^AllowUsers $VAR(@)$/d' /etc/ssh/sshd_config - -update: sudo sed -i -e '/^AllowUsers.*$/c \ -AllowUsers $VAR(@)' /etc/ssh/sshd_config diff --git a/templates/service/ssh/access-control/deny-groups/node.def b/templates/service/ssh/access-control/deny-groups/node.def deleted file mode 100644 index c2c8dcab..00000000 --- a/templates/service/ssh/access-control/deny-groups/node.def +++ /dev/null @@ -1,11 +0,0 @@ -type: txt -help: Configure sshd_config access control for disallowed groups. -comp_help: The SSH user and group access control directives (allow/deny) are processed in the following order: DenyUsers, AllowUsers, DenyGroups, and finally AllowGroups. Multiple groups can be specified as a comma-separated list. - -create: sudo sed -i -e '$ a \ -DenyGroups $VAR(@)' /etc/ssh/sshd_config - -delete: sudo sed -i -e '/^DenyGroups $VAR(@)$/d' /etc/ssh/sshd_config - -update: sudo sed -i -e '/^DenyGroups.*$/c \ -DenyGroups $VAR(@)' /etc/ssh/sshd_config diff --git a/templates/service/ssh/access-control/deny-users/node.def b/templates/service/ssh/access-control/deny-users/node.def deleted file mode 100644 index a6426f90..00000000 --- a/templates/service/ssh/access-control/deny-users/node.def +++ /dev/null @@ -1,11 +0,0 @@ -type: txt -help: Configure sshd_config access control for disallowed users. -comp_help: The SSH user and group access control directives (allow/deny) are processed in the following order: DenyUsers, AllowUsers, DenyGroups, and finally AllowGroups. Multiple users can be specified as a comma-separated list. - -create: sudo sed -i -e '$ a \ -DenyUsers $VAR(@)' /etc/ssh/sshd_config - -delete: sudo sed -i -e '/^DenyUsers $VAR(@)$/d' /etc/ssh/sshd_config - -update: sudo sed -i -e '/^DenyUsers.*$/c \ -DenyUsers $VAR(@)' /etc/ssh/sshd_config diff --git a/templates/service/ssh/access-control/node.def b/templates/service/ssh/access-control/node.def deleted file mode 100644 index 8f6ca6e7..00000000 --- a/templates/service/ssh/access-control/node.def +++ /dev/null @@ -1,2 +0,0 @@ -help: SSH user/group access controls -comp_help: The SSH user and group access control directives (allow/deny) are processed in the following order: DenyUsers, AllowUsers, DenyGroups, and finally AllowGroups. Multiple users can be specified as a comma-separated list. diff --git a/templates/service/ssh/allow-root/node.def b/templates/service/ssh/allow-root/node.def deleted file mode 100644 index 2f8e4354..00000000 --- a/templates/service/ssh/allow-root/node.def +++ /dev/null @@ -1,5 +0,0 @@ -help: Enable root login over ssh - -create: sudo sed -i -e '/^PermitRootLogin/s/no\|without-password\|yes/yes/' /etc/ssh/sshd_config - -delete: sudo sed -i -e '/^PermitRootLogin/s/no\|without-password\|yes/no/' /etc/ssh/sshd_config diff --git a/templates/service/ssh/ciphers/node.def b/templates/service/ssh/ciphers/node.def deleted file mode 100644 index b5e5af68..00000000 --- a/templates/service/ssh/ciphers/node.def +++ /dev/null @@ -1,34 +0,0 @@ -type: txt -help: Allowed ciphers -val_help: txt; Cipher string -val_help: aes128-gcm@openssh.com; AES 128 GCM -val_help: aes256-gcm@openssh.com; AES 256 GCM -val_help: chacha20-poly1305@openssh.com; ChaCha20 Poly1305 -val_help: 3des-cbc; 3DES CBC (weak) -val_help: aes128-cbc; AES 128 CBC -val_help: aes192-cbc; AES 192 CBC -val_help: aes256-cbc; AES 256 CBC -val_help: aes128-ctr; AES 128 CTR -val_help: aes192-ctr; AES 192 CTR -val_help: aes256-ctr; AES 256 CTR -val_help: arcfour128; AC4 128 (broken) -val_help: arcfour256; AC4 256 (broken) -val_help: arcfour; AC4 (broken) -val_help: blowfish-cbc; Blowfish CBC -val_help: cast128-cbc; CAST 128 CBC -comp_help: Multiple ciphers can be specified as a comma-separated list. - -syntax:expression: pattern $VAR(@) "^((aes128-gcm@openssh.com|\ -aes256-gcm@openssh.com|chacha20-poly1305@openssh.com|\ -3des-cbc|aes128-cbc|aes192-cbc|aes256-cbc|aes128-ctr|aes192-ctr|\ -aes256-ctr|arcfour128|arcfour256|arcfour|\ -blowfish-cbc|cast128-cbc)(,|$))+$"; \ -"$VAR(@) is not a valid cipher list" - -create: sudo sed -i -e '$ a \ -Ciphers $VAR(@)' /etc/ssh/sshd_config - -delete: sudo sed -i -e '/^Ciphers $VAR(@)$/d' /etc/ssh/sshd_config - -update: sudo sed -i -e '/^Ciphers.*$/c \ -Ciphers $VAR(@)' /etc/ssh/sshd_config diff --git a/templates/service/ssh/disable-host-validation/node.def b/templates/service/ssh/disable-host-validation/node.def deleted file mode 100644 index fff28dbd..00000000 --- a/templates/service/ssh/disable-host-validation/node.def +++ /dev/null @@ -1,6 +0,0 @@ -help: Don't validate the remote host name with DNS - -update: sudo sed -i -e '/^UseDNS/s/yes/no/' /etc/ssh/sshd_config - -delete: sudo sed -i -e '/^UseDNS/s/no/yes/' /etc/ssh/sshd_config - diff --git a/templates/service/ssh/disable-password-authentication/node.def b/templates/service/ssh/disable-password-authentication/node.def deleted file mode 100644 index 59abacfc..00000000 --- a/templates/service/ssh/disable-password-authentication/node.def +++ /dev/null @@ -1,5 +0,0 @@ -help: Don't allow unknown user to login with password - -update: sudo sed -i -e '/^PasswordAuthentication/s/yes/no/' /etc/ssh/sshd_config - -delete: sudo sed -i -e '/^PasswordAuthentication/s/no/yes/' /etc/ssh/sshd_config diff --git a/templates/service/ssh/key-exchange/node.def b/templates/service/ssh/key-exchange/node.def deleted file mode 100644 index 00df581a..00000000 --- a/templates/service/ssh/key-exchange/node.def +++ /dev/null @@ -1,12 +0,0 @@ -type: txt -help: Key exchange algorithms - -allowed: ssh -Q kex | perl -ne '$_=~s/\n/ /;print' - -create: sudo sed -i -e '$ a \ -KexAlgorithms $VAR(@)' /etc/ssh/sshd_config - -delete: sudo sed -i -e '/^KexAlgorithms $VAR(@)$/d' /etc/ssh/sshd_config - -update: sudo sed -i -e '/^KexAlgorithms.*$/c \ -KexAlgorithms $VAR(@)' /etc/ssh/sshd_config diff --git a/templates/service/ssh/listen-address/node.def b/templates/service/ssh/listen-address/node.def deleted file mode 100644 index aeff03f2..00000000 --- a/templates/service/ssh/listen-address/node.def +++ /dev/null @@ -1,10 +0,0 @@ -multi: -type: ipv4,ipv6 -help: Local addresses SSH service should listen on -val_help: ipv4: IP address to listen for incoming connections -val_help: ipv6: IPv6 address to listen for incoming connections - -create: sudo sed -i -e '/^Port/a \ -ListenAddress $VAR(@)' /etc/ssh/sshd_config - -delete: sudo sed -i -e '/^ListenAddress $VAR(@)$/d' /etc/ssh/sshd_config diff --git a/templates/service/ssh/loglevel/node.def b/templates/service/ssh/loglevel/node.def deleted file mode 100644 index f66ec068..00000000 --- a/templates/service/ssh/loglevel/node.def +++ /dev/null @@ -1,19 +0,0 @@ -type: txt -help: Log Level -val_help: QUIET; stay silent -val_help: FATAL; log fatals only -val_help: ERROR; log errors and fatals only -val_help: INFO; default log level -val_help: VERBOSE; enable logging of failed login attempts -comp_help: Gives the verbosity level that is used when logging messages from sshd(8). The default is INFO. - -syntax:expression: pattern $VAR(@) "^((QUIET|FATAL|ERROR|INFO|VERBOSE)(,|$))+$"; \ -"$VAR(@) is not a valid log level" - -create: sudo sed -i -e '/^LogLevel.*$/c \ -LogLevel $VAR(@)' /etc/ssh/sshd_config - -delete: sudo sed -i -e '/^LogLevel $VAR(@)$/d' /etc/ssh/sshd_config - -update: sudo sed -i -e '/^LogLevel.*$/c \ -LogLevel $VAR(@)' /etc/ssh/sshd_config diff --git a/templates/service/ssh/macs/node.def b/templates/service/ssh/macs/node.def deleted file mode 100644 index f9bf4176..00000000 --- a/templates/service/ssh/macs/node.def +++ /dev/null @@ -1,11 +0,0 @@ -type: txt -help: Allowed message authentication algorithms -comp_help: Specifies the available MAC (message authentication code) algorithms. The MAC algorithm is used in protocol version 2 for data integrity protection. Multiple algorithms must be comma-separated. See 'ssh -Q mac' for supported MACs. - -create: sudo sed -i -e '$ a \ -MACs $VAR(@)' /etc/ssh/sshd_config - -delete: sudo sed -i -e '/^MACs $VAR(@)$/d' /etc/ssh/sshd_config - -update: sudo sed -i -e '/^MACs.*$/c \ -MACs $VAR(@)' /etc/ssh/sshd_config diff --git a/templates/service/ssh/node.def b/templates/service/ssh/node.def deleted file mode 100644 index 7117a2fd..00000000 --- a/templates/service/ssh/node.def +++ /dev/null @@ -1,8 +0,0 @@ -priority: 500 # After syslog and logins -help: Secure SHell (SSH) protocol -delete:sudo /usr/sbin/invoke-rc.d ssh stop - sudo sh -c "echo 'SSHD_OPTS=' > /etc/default/ssh" -end: if [ -z "$VAR(port/@)" ]; then exit 0; fi - STR="SSHD_OPTS=\"-p $VAR(port/@)\"" - sudo sh -c "echo '$STR' > /etc/default/ssh" - sudo /usr/sbin/invoke-rc.d ssh restart diff --git a/templates/service/ssh/port/node.def b/templates/service/ssh/port/node.def deleted file mode 100644 index d4f53378..00000000 --- a/templates/service/ssh/port/node.def +++ /dev/null @@ -1,7 +0,0 @@ -type: u32 -default: 22 -help: Port for SSH service -val_help: u32:1-65535; Numeric IP port - -syntax:expression: $VAR(@) > 0 && $VAR(@) <= 65535 ; \ - "Port number must be in range 1 to 65535" -- cgit v1.2.3 From c7f0ea5d37da2c7e555e6f0aae1390c84a682c0e Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Mon, 4 Jun 2018 20:23:37 +0200 Subject: T652: Rewrite service snmp in new style XML interface definition Perl scripts will be removed when op mode commands are implemented. --- templates/service/snmp/community/node.def | 5 ---- .../snmp/community/node.tag/authorization/node.def | 8 ------ .../snmp/community/node.tag/client/node.def | 3 --- .../snmp/community/node.tag/network/node.def | 4 --- templates/service/snmp/contact/node.def | 6 ----- templates/service/snmp/description/node.def | 6 ----- templates/service/snmp/listen-address/node.def | 3 --- .../snmp/listen-address/node.tag/port/node.def | 7 ----- templates/service/snmp/location/node.def | 6 ----- templates/service/snmp/node.def | 27 ------------------- templates/service/snmp/smux-peer/node.def | 4 --- templates/service/snmp/trap-source/node.def | 2 -- templates/service/snmp/trap-target/node.def | 3 --- .../snmp/trap-target/node.tag/community/node.def | 2 -- .../snmp/trap-target/node.tag/port/node.def | 6 ----- templates/service/snmp/v3/engineid/node.def | 3 --- templates/service/snmp/v3/group/node.def | 8 ------ .../service/snmp/v3/group/node.tag/mode/node.def | 8 ------ .../snmp/v3/group/node.tag/seclevel/node.def | 7 ----- .../service/snmp/v3/group/node.tag/view/node.def | 11 -------- templates/service/snmp/v3/node.def | 30 ---------------------- templates/service/snmp/v3/trap-target/node.def | 14 ---------- .../node.tag/auth/encrypted-key/node.def | 3 --- .../snmp/v3/trap-target/node.tag/auth/node.def | 4 --- .../node.tag/auth/plaintext-key/node.def | 3 --- .../v3/trap-target/node.tag/auth/type/node.def | 8 ------ .../snmp/v3/trap-target/node.tag/engineid/node.def | 3 --- .../snmp/v3/trap-target/node.tag/port/node.def | 7 ----- .../node.tag/privacy/encrypted-key/node.def | 3 --- .../snmp/v3/trap-target/node.tag/privacy/node.def | 4 --- .../node.tag/privacy/plaintext-key/node.def | 3 --- .../v3/trap-target/node.tag/privacy/type/node.def | 8 ------ .../snmp/v3/trap-target/node.tag/protocol/node.def | 8 ------ .../snmp/v3/trap-target/node.tag/type/node.def | 8 ------ .../snmp/v3/trap-target/node.tag/user/node.def | 4 --- templates/service/snmp/v3/tsm/local-key/node.def | 14 ---------- templates/service/snmp/v3/tsm/node.def | 3 --- templates/service/snmp/v3/tsm/port/node.def | 7 ----- templates/service/snmp/v3/user/node.def | 7 ----- .../v3/user/node.tag/auth/encrypted-key/node.def | 2 -- .../service/snmp/v3/user/node.tag/auth/node.def | 3 --- .../v3/user/node.tag/auth/plaintext-key/node.def | 6 ----- .../snmp/v3/user/node.tag/auth/type/node.def | 8 ------ .../snmp/v3/user/node.tag/engineid/node.def | 3 --- .../service/snmp/v3/user/node.tag/group/node.def | 11 -------- .../service/snmp/v3/user/node.tag/mode/node.def | 8 ------ .../user/node.tag/privacy/encrypted-key/node.def | 2 -- .../service/snmp/v3/user/node.tag/privacy/node.def | 3 --- .../user/node.tag/privacy/plaintext-key/node.def | 6 ----- .../snmp/v3/user/node.tag/privacy/type/node.def | 8 ------ .../service/snmp/v3/user/node.tag/tsm-key/node.def | 14 ---------- templates/service/snmp/v3/view/node.def | 6 ----- .../service/snmp/v3/view/node.tag/oid/node.def | 4 --- .../v3/view/node.tag/oid/node.tag/exclude/node.def | 1 - .../v3/view/node.tag/oid/node.tag/mask/node.def | 4 --- 55 files changed, 359 deletions(-) delete mode 100644 templates/service/snmp/community/node.def delete mode 100644 templates/service/snmp/community/node.tag/authorization/node.def delete mode 100644 templates/service/snmp/community/node.tag/client/node.def delete mode 100644 templates/service/snmp/community/node.tag/network/node.def delete mode 100644 templates/service/snmp/contact/node.def delete mode 100644 templates/service/snmp/description/node.def delete mode 100644 templates/service/snmp/listen-address/node.def delete mode 100644 templates/service/snmp/listen-address/node.tag/port/node.def delete mode 100644 templates/service/snmp/location/node.def delete mode 100644 templates/service/snmp/node.def delete mode 100644 templates/service/snmp/smux-peer/node.def delete mode 100644 templates/service/snmp/trap-source/node.def delete mode 100644 templates/service/snmp/trap-target/node.def delete mode 100644 templates/service/snmp/trap-target/node.tag/community/node.def delete mode 100644 templates/service/snmp/trap-target/node.tag/port/node.def delete mode 100644 templates/service/snmp/v3/engineid/node.def delete mode 100644 templates/service/snmp/v3/group/node.def delete mode 100644 templates/service/snmp/v3/group/node.tag/mode/node.def delete mode 100644 templates/service/snmp/v3/group/node.tag/seclevel/node.def delete mode 100644 templates/service/snmp/v3/group/node.tag/view/node.def delete mode 100644 templates/service/snmp/v3/node.def delete mode 100644 templates/service/snmp/v3/trap-target/node.def delete mode 100644 templates/service/snmp/v3/trap-target/node.tag/auth/encrypted-key/node.def delete mode 100644 templates/service/snmp/v3/trap-target/node.tag/auth/node.def delete mode 100644 templates/service/snmp/v3/trap-target/node.tag/auth/plaintext-key/node.def delete mode 100644 templates/service/snmp/v3/trap-target/node.tag/auth/type/node.def delete mode 100644 templates/service/snmp/v3/trap-target/node.tag/engineid/node.def delete mode 100644 templates/service/snmp/v3/trap-target/node.tag/port/node.def delete mode 100644 templates/service/snmp/v3/trap-target/node.tag/privacy/encrypted-key/node.def delete mode 100644 templates/service/snmp/v3/trap-target/node.tag/privacy/node.def delete mode 100644 templates/service/snmp/v3/trap-target/node.tag/privacy/plaintext-key/node.def delete mode 100644 templates/service/snmp/v3/trap-target/node.tag/privacy/type/node.def delete mode 100644 templates/service/snmp/v3/trap-target/node.tag/protocol/node.def delete mode 100644 templates/service/snmp/v3/trap-target/node.tag/type/node.def delete mode 100644 templates/service/snmp/v3/trap-target/node.tag/user/node.def delete mode 100644 templates/service/snmp/v3/tsm/local-key/node.def delete mode 100644 templates/service/snmp/v3/tsm/node.def delete mode 100644 templates/service/snmp/v3/tsm/port/node.def delete mode 100644 templates/service/snmp/v3/user/node.def delete mode 100644 templates/service/snmp/v3/user/node.tag/auth/encrypted-key/node.def delete mode 100644 templates/service/snmp/v3/user/node.tag/auth/node.def delete mode 100644 templates/service/snmp/v3/user/node.tag/auth/plaintext-key/node.def delete mode 100644 templates/service/snmp/v3/user/node.tag/auth/type/node.def delete mode 100644 templates/service/snmp/v3/user/node.tag/engineid/node.def delete mode 100644 templates/service/snmp/v3/user/node.tag/group/node.def delete mode 100644 templates/service/snmp/v3/user/node.tag/mode/node.def delete mode 100644 templates/service/snmp/v3/user/node.tag/privacy/encrypted-key/node.def delete mode 100644 templates/service/snmp/v3/user/node.tag/privacy/node.def delete mode 100644 templates/service/snmp/v3/user/node.tag/privacy/plaintext-key/node.def delete mode 100644 templates/service/snmp/v3/user/node.tag/privacy/type/node.def delete mode 100644 templates/service/snmp/v3/user/node.tag/tsm-key/node.def delete mode 100644 templates/service/snmp/v3/view/node.def delete mode 100644 templates/service/snmp/v3/view/node.tag/oid/node.def delete mode 100644 templates/service/snmp/v3/view/node.tag/oid/node.tag/exclude/node.def delete mode 100644 templates/service/snmp/v3/view/node.tag/oid/node.tag/mask/node.def (limited to 'templates/service') diff --git a/templates/service/snmp/community/node.def b/templates/service/snmp/community/node.def deleted file mode 100644 index d7e3ade7..00000000 --- a/templates/service/snmp/community/node.def +++ /dev/null @@ -1,5 +0,0 @@ -tag: -type: txt -help: Community name [REQUIRED] -syntax:expression: pattern $VAR(@) "^[^%]+$" ; \ - "Community string may not contain %" diff --git a/templates/service/snmp/community/node.tag/authorization/node.def b/templates/service/snmp/community/node.tag/authorization/node.def deleted file mode 100644 index 3d306d59..00000000 --- a/templates/service/snmp/community/node.tag/authorization/node.def +++ /dev/null @@ -1,8 +0,0 @@ -type: txt -default: "ro" -allowed: echo ro rw -help: Authorization type (rw or ro) (default: ro) -syntax:expression: $VAR(@) in "ro", "rw"; "Authorization type must be either rw or ro" - - - diff --git a/templates/service/snmp/community/node.tag/client/node.def b/templates/service/snmp/community/node.tag/client/node.def deleted file mode 100644 index 37493268..00000000 --- a/templates/service/snmp/community/node.tag/client/node.def +++ /dev/null @@ -1,3 +0,0 @@ -multi: -type: ipv4,ipv6 -help: IP address of SNMP client allowed to contact system diff --git a/templates/service/snmp/community/node.tag/network/node.def b/templates/service/snmp/community/node.tag/network/node.def deleted file mode 100644 index d9afa4e5..00000000 --- a/templates/service/snmp/community/node.tag/network/node.def +++ /dev/null @@ -1,4 +0,0 @@ -multi: -type: ipv4net,ipv6net -help: Subnet of SNMP client(s) allowed to contact system -syntax:expression: exec "/opt/vyatta/sbin/vyatta_quagga_utils.pl --check-prefix-boundry $VAR(@)" diff --git a/templates/service/snmp/contact/node.def b/templates/service/snmp/contact/node.def deleted file mode 100644 index 63a368cc..00000000 --- a/templates/service/snmp/contact/node.def +++ /dev/null @@ -1,6 +0,0 @@ -type: txt -help: Contact information - -syntax:expression: pattern $VAR(@) "^[[:print:]]{1,255}$" ; \ - "Contact information is limited to 255 characters or less" - diff --git a/templates/service/snmp/description/node.def b/templates/service/snmp/description/node.def deleted file mode 100644 index cd88099a..00000000 --- a/templates/service/snmp/description/node.def +++ /dev/null @@ -1,6 +0,0 @@ -type: txt -help: Description information - -syntax:expression: pattern $VAR(@) "^[[:print:]]{1,255}$" ; \ - "Description is limited to 255 characters or less" - diff --git a/templates/service/snmp/listen-address/node.def b/templates/service/snmp/listen-address/node.def deleted file mode 100644 index 9a9c591f..00000000 --- a/templates/service/snmp/listen-address/node.def +++ /dev/null @@ -1,3 +0,0 @@ -tag: -type: ipv4,ipv6 -help: IP address to listen for incoming SNMP requests diff --git a/templates/service/snmp/listen-address/node.tag/port/node.def b/templates/service/snmp/listen-address/node.tag/port/node.def deleted file mode 100644 index b37939bd..00000000 --- a/templates/service/snmp/listen-address/node.tag/port/node.def +++ /dev/null @@ -1,7 +0,0 @@ -type: u32 -default: 161 -help: Port for SNMP service - -val_help: u32:1-65535; Numeric IP port -syntax:expression: $VAR(@) > 0 && $VAR(@) <= 65535 ; \ - "Port number must be in range 1 to 65535" diff --git a/templates/service/snmp/location/node.def b/templates/service/snmp/location/node.def deleted file mode 100644 index 903b405f..00000000 --- a/templates/service/snmp/location/node.def +++ /dev/null @@ -1,6 +0,0 @@ -type: txt -help: Location information - -syntax:expression: pattern $VAR(@) "^[[:print:]]{1,255}$" ; \ - "Location is limited to 255 characters or less" - diff --git a/templates/service/snmp/node.def b/templates/service/snmp/node.def deleted file mode 100644 index 7c8c372b..00000000 --- a/templates/service/snmp/node.def +++ /dev/null @@ -1,27 +0,0 @@ -priority: 980 -help: Simple Network Management Protocol (SNMP) -commit:expression: $VAR(community/) != "" || $VAR(community6/) != "" || $VAR(v3/) != "" \ - ; "must configure a community or community6 or v3" - -create: if [ ! -d "/config/snmp" ]; then sudo mkdir /config/snmp ; fi -delete: touch /tmp/snmp.$PPID -end:if [ -f "/tmp/snmp.$PPID" ] - then - sudo /opt/vyatta/sbin/vyatta-snmp.pl --stop-snmp; - rm /tmp/snmp.$PPID; - sudo rm -f /etc/snmp/snmpd.conf; - else - if [ -n "$VAR(v3/)" ]; then - sudo /opt/vyatta/sbin/vyatta-snmp-v3.pl --check-config; - if [ $? != 0 ]; then - exit 1; - fi - fi - sudo /opt/vyatta/sbin/vyatta-snmp.pl --update-snmp; - if [ -n "$VAR(v3/)" ] - then - sudo /opt/vyatta/sbin/vyatta-snmp-v3.pl --update-snmp; - else - sudo systemctl start snmpd.service > /dev/null 2>&1; - fi - fi diff --git a/templates/service/snmp/smux-peer/node.def b/templates/service/snmp/smux-peer/node.def deleted file mode 100644 index 638e9367..00000000 --- a/templates/service/snmp/smux-peer/node.def +++ /dev/null @@ -1,4 +0,0 @@ -multi: -type: txt -help: Register a subtree for SMUX-based processing -val_help: oid; Object Identifier diff --git a/templates/service/snmp/trap-source/node.def b/templates/service/snmp/trap-source/node.def deleted file mode 100644 index a4b2617f..00000000 --- a/templates/service/snmp/trap-source/node.def +++ /dev/null @@ -1,2 +0,0 @@ -type: ipv4,ipv6 -help: SNMP trap source address diff --git a/templates/service/snmp/trap-target/node.def b/templates/service/snmp/trap-target/node.def deleted file mode 100644 index cf0c963c..00000000 --- a/templates/service/snmp/trap-target/node.def +++ /dev/null @@ -1,3 +0,0 @@ -tag: -type: ipv4,ipv6 -help: Address of trap target diff --git a/templates/service/snmp/trap-target/node.tag/community/node.def b/templates/service/snmp/trap-target/node.tag/community/node.def deleted file mode 100644 index 3b4068a8..00000000 --- a/templates/service/snmp/trap-target/node.tag/community/node.def +++ /dev/null @@ -1,2 +0,0 @@ -type: txt -help: Community used when sending trap information diff --git a/templates/service/snmp/trap-target/node.tag/port/node.def b/templates/service/snmp/trap-target/node.tag/port/node.def deleted file mode 100644 index d5ee579a..00000000 --- a/templates/service/snmp/trap-target/node.tag/port/node.def +++ /dev/null @@ -1,6 +0,0 @@ -type: u32 -help: Destination port used for trap notification - -val_help: u32:1-65535; Numeric IP port -syntax:expression: $VAR(@) > 0 && $VAR(@) <= 65535 ; \ - "Port number must be in range 1 to 65535" diff --git a/templates/service/snmp/v3/engineid/node.def b/templates/service/snmp/v3/engineid/node.def deleted file mode 100644 index f8de80cc..00000000 --- a/templates/service/snmp/v3/engineid/node.def +++ /dev/null @@ -1,3 +0,0 @@ -type: txt -help: Specifies the EngineID as a hex value (e.g., 0xff42) -syntax:expression: pattern $VAR(@) "^(0x){0,1}([0-9a-f][0-9a-f]){1,18}$" ; "id must contain an even number (from 2 to 36) of hex digits" diff --git a/templates/service/snmp/v3/group/node.def b/templates/service/snmp/v3/group/node.def deleted file mode 100644 index 95d0413c..00000000 --- a/templates/service/snmp/v3/group/node.def +++ /dev/null @@ -1,8 +0,0 @@ -tag: -type: txt -help: Specifies the group with name groupname -syntax:expression: pattern $VAR(@) "^[^\(\)\|\&-]+$" ; "illegal characters in name" -syntax:expression: exec "/opt/vyatta/sbin/vyatta_check_snmp_name.pl $VAR(@)" -commit:expression: $VAR(view/) != "" ; "must specify view" -commit:expression: $VAR(mode/) != "" ; "must specify mode" -commit:expression: $VAR(seclevel/) != "" ; "must specify security level" diff --git a/templates/service/snmp/v3/group/node.tag/mode/node.def b/templates/service/snmp/v3/group/node.tag/mode/node.def deleted file mode 100644 index a6d36de5..00000000 --- a/templates/service/snmp/v3/group/node.tag/mode/node.def +++ /dev/null @@ -1,8 +0,0 @@ -type: txt -default: "ro" -help: Defines the read/write access -syntax:expression: $VAR(@) in "ro", "rw" -allowed: echo ro rw - -val_help: ro; -val_help: rw; diff --git a/templates/service/snmp/v3/group/node.tag/seclevel/node.def b/templates/service/snmp/v3/group/node.tag/seclevel/node.def deleted file mode 100644 index 2b0aa67b..00000000 --- a/templates/service/snmp/v3/group/node.tag/seclevel/node.def +++ /dev/null @@ -1,7 +0,0 @@ -type: txt -help: Defines security level -syntax:expression: $VAR(@) in "auth", "priv" -allowed: echo auth priv - -val_help: priv; -val_help: auth; diff --git a/templates/service/snmp/v3/group/node.tag/view/node.def b/templates/service/snmp/v3/group/node.tag/view/node.def deleted file mode 100644 index af7d33c9..00000000 --- a/templates/service/snmp/v3/group/node.tag/view/node.def +++ /dev/null @@ -1,11 +0,0 @@ -type: txt -help: Defines the name of view -allowed: list=`cli-shell-api listNodes service snmp v3 view` - echo $list -syntax:expression:exec "regex=\"(^| )$VAR(@)( |$)\"; \ - if [[ \"$VAR(/service/snmp/v3/view/@@)\" =~ $regex ]] ; \ - then \ - exit 0; \ - else \ - exit 1; \ - fi" ; "You must create \"$VAR(@)\" view first" diff --git a/templates/service/snmp/v3/node.def b/templates/service/snmp/v3/node.def deleted file mode 100644 index f89d2328..00000000 --- a/templates/service/snmp/v3/node.def +++ /dev/null @@ -1,30 +0,0 @@ -help: Simple Network Management Protocol (SNMP) v3 - -create: if [ ! -d "/config/snmp/tls" ]; then - sudo mkdir /config/snmp/tls ; - if [ -d "/etc/snmp/tls" ] ; then - sudo mv /etc/snmp/tls/* /config/snmp/tls > /dev/null 2>&1; - sudo chmod -R 600 /config/snmp/tls; - sudo rmdir /etc/snmp/tls > /dev/null 2>&1; - sudo rm /etc/snmp/tls > /dev/null 2>&1; - fi - sudo ln -s /config/snmp/tls /etc/snmp/tls; - fi - lnk=`readlink /etc/snmp/tls` - if [ "$lnk" != "/config/snmp/tls" ]; then - sudo rm -f /etc/snmp/tls; - sudo ln -s /config/snmp/tls /etc/snmp/tls; - fi - -begin: if [ -d "/config/snmp/tls" ]; then - sudo chown -R snmp /config/snmp/tls; - sudo chmod -R 600 /config/snmp/tls; - fi - -delete: touch /tmp/snmp-v3.$PPID - -end:if [ -f "/tmp/snmp-v3.$PPID" ] - then - sudo /opt/vyatta/sbin/vyatta-snmp-v3.pl --delete-snmp - rm /tmp/snmp-v3.$PPID - fi \ No newline at end of file diff --git a/templates/service/snmp/v3/trap-target/node.def b/templates/service/snmp/v3/trap-target/node.def deleted file mode 100644 index 6c2717a8..00000000 --- a/templates/service/snmp/v3/trap-target/node.def +++ /dev/null @@ -1,14 +0,0 @@ -tag: -type: txt -help: Defines SNMP target for inform or traps for IP -syntax:expression: exec "/opt/vyatta/sbin/valid_address $VAR(@)/20" -commit:expression: $VAR(type/) != ""; "must specify type" -commit:expression: $VAR(auth/) != ""; "must specify auth" -commit:expression: $VAR(protocol/) != ""; "must specify protocol" -commit:expression: $VAR(user/) != ""; "must specify user" -commit:expression: $VAR(port/) != ""; "must specify port" -commit:expression: $VAR(type/@) == "inform" || ( $VAR(type/@) == "trap" && $VAR(engineid/) != "" ); \ - "must specify engineid if type is 'trap'" - -val_help: ; IP address of trap target -val_help: ; IPv6 address of trap target \ No newline at end of file diff --git a/templates/service/snmp/v3/trap-target/node.tag/auth/encrypted-key/node.def b/templates/service/snmp/v3/trap-target/node.tag/auth/encrypted-key/node.def deleted file mode 100644 index 2365b055..00000000 --- a/templates/service/snmp/v3/trap-target/node.tag/auth/encrypted-key/node.def +++ /dev/null @@ -1,3 +0,0 @@ -type: txt -help: Defines the encrypted password for authentication -syntax:expression: pattern $VAR(@) "^0x[0-9a-f]*$" ; "key must start from '0x' and contain hex digits" \ No newline at end of file diff --git a/templates/service/snmp/v3/trap-target/node.tag/auth/node.def b/templates/service/snmp/v3/trap-target/node.tag/auth/node.def deleted file mode 100644 index 5c7df0ef..00000000 --- a/templates/service/snmp/v3/trap-target/node.tag/auth/node.def +++ /dev/null @@ -1,4 +0,0 @@ -help: Defines the authentication -commit:expression: $VAR(type/) != "" ; "must specify type" -commit:expression: $VAR(encrypted-key/) != "" || $VAR(plaintext-key/) != "" ; "must specify encrypted-key or plaintext-key" -commit:expression: !($VAR(encrypted-key/) != "" && $VAR(plaintext-key/) != "") ; "must specify only one of encrypted-key and plaintext-key" \ No newline at end of file diff --git a/templates/service/snmp/v3/trap-target/node.tag/auth/plaintext-key/node.def b/templates/service/snmp/v3/trap-target/node.tag/auth/plaintext-key/node.def deleted file mode 100644 index 34563e73..00000000 --- a/templates/service/snmp/v3/trap-target/node.tag/auth/plaintext-key/node.def +++ /dev/null @@ -1,3 +0,0 @@ -type: txt -help: Defines the clear text password for authentication -syntax:expression: pattern $VAR(@) "^.{8,}$" ; "key must contain 8 or more characters" diff --git a/templates/service/snmp/v3/trap-target/node.tag/auth/type/node.def b/templates/service/snmp/v3/trap-target/node.tag/auth/type/node.def deleted file mode 100644 index 5a2ffc52..00000000 --- a/templates/service/snmp/v3/trap-target/node.tag/auth/type/node.def +++ /dev/null @@ -1,8 +0,0 @@ -type: txt -default: "md5" -help: Defines the protocol using for authentication -syntax:expression: $VAR(@) in "md5", "sha" -allowed: echo md5 sha - -val_help: md5; Message Digest 5 -val_help: sha; Secure Hash Algorithm \ No newline at end of file diff --git a/templates/service/snmp/v3/trap-target/node.tag/engineid/node.def b/templates/service/snmp/v3/trap-target/node.tag/engineid/node.def deleted file mode 100644 index 45d522ea..00000000 --- a/templates/service/snmp/v3/trap-target/node.tag/engineid/node.def +++ /dev/null @@ -1,3 +0,0 @@ -type: txt -help: Defines the engineID. (needs for trap) -syntax:expression: pattern $VAR(@) "^(0x){0,1}([0-9a-f][0-9a-f]){1,18}$" ; "id must contain from 2 to 36 hex digits" \ No newline at end of file diff --git a/templates/service/snmp/v3/trap-target/node.tag/port/node.def b/templates/service/snmp/v3/trap-target/node.tag/port/node.def deleted file mode 100644 index b38cd1e5..00000000 --- a/templates/service/snmp/v3/trap-target/node.tag/port/node.def +++ /dev/null @@ -1,7 +0,0 @@ -type: u32 -default: 162 -help: Specifies the TCP/UDP port of a destination for SNMP traps/informs. - -val_help: u32:1-65535; Numeric IP port -syntax:expression: $VAR(@) > 0 && $VAR(@) <= 65535 ; \ - "Port number must be in range 1 to 65535" diff --git a/templates/service/snmp/v3/trap-target/node.tag/privacy/encrypted-key/node.def b/templates/service/snmp/v3/trap-target/node.tag/privacy/encrypted-key/node.def deleted file mode 100644 index 4e762b9f..00000000 --- a/templates/service/snmp/v3/trap-target/node.tag/privacy/encrypted-key/node.def +++ /dev/null @@ -1,3 +0,0 @@ -type: txt -help: Defines the encrypted key for privacy protocol -syntax:expression: pattern $VAR(@) "^0x[0-9a-f]*$" ; "key must start from '0x' and contain hex digits" \ No newline at end of file diff --git a/templates/service/snmp/v3/trap-target/node.tag/privacy/node.def b/templates/service/snmp/v3/trap-target/node.tag/privacy/node.def deleted file mode 100644 index 900cfc9d..00000000 --- a/templates/service/snmp/v3/trap-target/node.tag/privacy/node.def +++ /dev/null @@ -1,4 +0,0 @@ -help: Defines the privacy -commit:expression: $VAR(type/) != "" ; "must specify type" -commit:expression: $VAR(encrypted-key/) != "" || $VAR(plaintext-key/) != "" ; "must specify encrypted-key or plaintext-key" -commit:expression: !($VAR(encrypted-key/) != "" && $VAR(plaintext-key/) != "") ; "must specify only one of encrypted-key and plaintext-key" diff --git a/templates/service/snmp/v3/trap-target/node.tag/privacy/plaintext-key/node.def b/templates/service/snmp/v3/trap-target/node.tag/privacy/plaintext-key/node.def deleted file mode 100644 index a2442637..00000000 --- a/templates/service/snmp/v3/trap-target/node.tag/privacy/plaintext-key/node.def +++ /dev/null @@ -1,3 +0,0 @@ -type: txt -help: Defines the clear text key for privacy protocol -syntax:expression: pattern $VAR(@) "^.{8,}$" ; "key must contain 8 or more characters" diff --git a/templates/service/snmp/v3/trap-target/node.tag/privacy/type/node.def b/templates/service/snmp/v3/trap-target/node.tag/privacy/type/node.def deleted file mode 100644 index bbfd5331..00000000 --- a/templates/service/snmp/v3/trap-target/node.tag/privacy/type/node.def +++ /dev/null @@ -1,8 +0,0 @@ -type: txt -default: "des" -help: Defines the protocol for privacy -syntax:expression: $VAR(@) in "des", "aes" -allowed: echo des aes - -val_help: des; Data Encryption Standard -val_help: aes; Advanced Encryption Standard \ No newline at end of file diff --git a/templates/service/snmp/v3/trap-target/node.tag/protocol/node.def b/templates/service/snmp/v3/trap-target/node.tag/protocol/node.def deleted file mode 100644 index ce96ca38..00000000 --- a/templates/service/snmp/v3/trap-target/node.tag/protocol/node.def +++ /dev/null @@ -1,8 +0,0 @@ -type: txt -default: "udp" -help: Defines protocol for notification between TCP and UDP -syntax:expression: $VAR(@) in "tcp", "udp" -allowed: echo tcp udp - -val_help: tcp; -val_help: udp; \ No newline at end of file diff --git a/templates/service/snmp/v3/trap-target/node.tag/type/node.def b/templates/service/snmp/v3/trap-target/node.tag/type/node.def deleted file mode 100644 index f678ae69..00000000 --- a/templates/service/snmp/v3/trap-target/node.tag/type/node.def +++ /dev/null @@ -1,8 +0,0 @@ -type: txt -default: "inform" -help: Specifies the type of notification between inform and trap -syntax:expression: $VAR(@) in "inform", "trap" -allowed: echo inform trap - -val_help: inform; -val_help: trap; \ No newline at end of file diff --git a/templates/service/snmp/v3/trap-target/node.tag/user/node.def b/templates/service/snmp/v3/trap-target/node.tag/user/node.def deleted file mode 100644 index a0ed8cbf..00000000 --- a/templates/service/snmp/v3/trap-target/node.tag/user/node.def +++ /dev/null @@ -1,4 +0,0 @@ -type: txt -help: Defines username for authentication -allowed: list=`cli-shell-api listNodes service snmp v3 user` - echo $list diff --git a/templates/service/snmp/v3/tsm/local-key/node.def b/templates/service/snmp/v3/tsm/local-key/node.def deleted file mode 100644 index a630dff8..00000000 --- a/templates/service/snmp/v3/tsm/local-key/node.def +++ /dev/null @@ -1,14 +0,0 @@ -type: txt -help: Defines the server certificate fingerprint or key-file name. -allowed: if sudo [ -d /etc/snmp/tls/certs ]; then - sudo ls /etc/snmp/tls/certs 2> /dev/null - else - sudo ls /config/snmp/tls/certs 2> /dev/null - fi -syntax:expression: pattern $VAR(@) "^[0-9A-F]{2}(:[0-9A-F]{2}){19}$" || - exec "if sudo [ -f /etc/snmp/tls/certs/$VAR(@) -o -f /config/snmp/tls/certs/$VAR(@) ]; \ - then \ - exit 0; \ - else \ - exit 1; \ - fi" ; "value can be finger print key or filename in /config/snmp/tls/certs/ folder" \ No newline at end of file diff --git a/templates/service/snmp/v3/tsm/node.def b/templates/service/snmp/v3/tsm/node.def deleted file mode 100644 index 3d12f21d..00000000 --- a/templates/service/snmp/v3/tsm/node.def +++ /dev/null @@ -1,3 +0,0 @@ -help: Specifies that the snmpd uses encryption. -commit:expression: $VAR(port/) != "" ; "must specify port" -commit:expression: $VAR(local-key/) != "" ; "must specify local-key" \ No newline at end of file diff --git a/templates/service/snmp/v3/tsm/port/node.def b/templates/service/snmp/v3/tsm/port/node.def deleted file mode 100644 index 86fd6cca..00000000 --- a/templates/service/snmp/v3/tsm/port/node.def +++ /dev/null @@ -1,7 +0,0 @@ -type: u32 -default: 10161 -help: Defines the port for tsm. - -val_help: u32:1-65535; Numeric IP port -syntax:expression: $VAR(@) > 0 && $VAR(@) <= 65535 ; \ - "Port number must be in range 1 to 65535" diff --git a/templates/service/snmp/v3/user/node.def b/templates/service/snmp/v3/user/node.def deleted file mode 100644 index 32e0f61f..00000000 --- a/templates/service/snmp/v3/user/node.def +++ /dev/null @@ -1,7 +0,0 @@ -tag: -type: txt -help: Specifies the user with name username -syntax:expression: pattern $VAR(@) "^[^\(\)\|\&-]+$" ; "illegal characters in name" -syntax:expression: exec "/opt/vyatta/sbin/vyatta_check_snmp_name.pl $VAR(@)" -commit:expression: $VAR(auth/) != "" || $VAR(tsm-key/) != ""; "must specify auth or tsm-key" -commit:expression: $VAR(mode/) != ""; "must specify mode" diff --git a/templates/service/snmp/v3/user/node.tag/auth/encrypted-key/node.def b/templates/service/snmp/v3/user/node.tag/auth/encrypted-key/node.def deleted file mode 100644 index 3cf6bd31..00000000 --- a/templates/service/snmp/v3/user/node.tag/auth/encrypted-key/node.def +++ /dev/null @@ -1,2 +0,0 @@ -type: txt -help: Defines the encrypted key for authentication protocol diff --git a/templates/service/snmp/v3/user/node.tag/auth/node.def b/templates/service/snmp/v3/user/node.tag/auth/node.def deleted file mode 100644 index 68959a8e..00000000 --- a/templates/service/snmp/v3/user/node.tag/auth/node.def +++ /dev/null @@ -1,3 +0,0 @@ -help: Specifies the auth -commit:expression: $VAR(type/) != "" ; "must specify type" -commit:expression: $VAR(plaintext-key/) != "" || $VAR(encrypted-key/) != "" ; "must specify plaintext-key or encrypted-key" \ No newline at end of file diff --git a/templates/service/snmp/v3/user/node.tag/auth/plaintext-key/node.def b/templates/service/snmp/v3/user/node.tag/auth/plaintext-key/node.def deleted file mode 100644 index 7be1bc65..00000000 --- a/templates/service/snmp/v3/user/node.tag/auth/plaintext-key/node.def +++ /dev/null @@ -1,6 +0,0 @@ -type: txt -help: Defines the key in the clear text for authentication protocol -syntax:expression: pattern $VAR(@) "^.{8,}$" ; "key must contain 8 or more characters" - -update:expression: $VAR(../encrypted-key/@) = "" && $VAR(../../engineid/@) = "" -update:expression: $VAR(../../../engineid/@) != "" || $VAR(../../../engineid/@) = "" diff --git a/templates/service/snmp/v3/user/node.tag/auth/type/node.def b/templates/service/snmp/v3/user/node.tag/auth/type/node.def deleted file mode 100644 index 5a2ffc52..00000000 --- a/templates/service/snmp/v3/user/node.tag/auth/type/node.def +++ /dev/null @@ -1,8 +0,0 @@ -type: txt -default: "md5" -help: Defines the protocol using for authentication -syntax:expression: $VAR(@) in "md5", "sha" -allowed: echo md5 sha - -val_help: md5; Message Digest 5 -val_help: sha; Secure Hash Algorithm \ No newline at end of file diff --git a/templates/service/snmp/v3/user/node.tag/engineid/node.def b/templates/service/snmp/v3/user/node.tag/engineid/node.def deleted file mode 100644 index 84cf1443..00000000 --- a/templates/service/snmp/v3/user/node.tag/engineid/node.def +++ /dev/null @@ -1,3 +0,0 @@ -type: txt -help: Specifies the EngineID -syntax:expression: pattern $VAR(@) "^(0x){0,1}([0-9a-f][0-9a-f]){1,18}$" ; "id must contain from 2 to 36 hex digits" diff --git a/templates/service/snmp/v3/user/node.tag/group/node.def b/templates/service/snmp/v3/user/node.tag/group/node.def deleted file mode 100644 index 66543579..00000000 --- a/templates/service/snmp/v3/user/node.tag/group/node.def +++ /dev/null @@ -1,11 +0,0 @@ -type: txt -help: Specifies group for user name -allowed: list=`cli-shell-api listNodes service snmp v3 group` - echo $list -syntax:expression:exec "regex=\"(^| )$VAR(@)( |$)\"; \ - if [[ \"$VAR(/service/snmp/v3/group/@@)\" =~ $regex ]] ; \ - then \ - exit 0; \ - else \ - exit 1; \ - fi" ; "You must create \"$VAR(@)\" group first" diff --git a/templates/service/snmp/v3/user/node.tag/mode/node.def b/templates/service/snmp/v3/user/node.tag/mode/node.def deleted file mode 100644 index 9855f5fb..00000000 --- a/templates/service/snmp/v3/user/node.tag/mode/node.def +++ /dev/null @@ -1,8 +0,0 @@ -type: txt -default: "ro" -help: Specifies the mode for access rights of user, read only or write -syntax:expression: $VAR(@) in "ro", "rw" -allowed: echo ro rw - -val_help: ro; -val_help: rw; diff --git a/templates/service/snmp/v3/user/node.tag/privacy/encrypted-key/node.def b/templates/service/snmp/v3/user/node.tag/privacy/encrypted-key/node.def deleted file mode 100644 index 8feef111..00000000 --- a/templates/service/snmp/v3/user/node.tag/privacy/encrypted-key/node.def +++ /dev/null @@ -1,2 +0,0 @@ -type: txt -help: Defines the encrypted key for privacy protocol diff --git a/templates/service/snmp/v3/user/node.tag/privacy/node.def b/templates/service/snmp/v3/user/node.tag/privacy/node.def deleted file mode 100644 index 94bf850c..00000000 --- a/templates/service/snmp/v3/user/node.tag/privacy/node.def +++ /dev/null @@ -1,3 +0,0 @@ -help: Specifies the privacy -commit:expression: $VAR(type/) != "" ; "must specify type" -commit:expression: $VAR(plaintext-key/) != "" || $VAR(encrypted-key/) != "" ; "must specify plaintext-key or encrypted-key" \ No newline at end of file diff --git a/templates/service/snmp/v3/user/node.tag/privacy/plaintext-key/node.def b/templates/service/snmp/v3/user/node.tag/privacy/plaintext-key/node.def deleted file mode 100644 index a9543530..00000000 --- a/templates/service/snmp/v3/user/node.tag/privacy/plaintext-key/node.def +++ /dev/null @@ -1,6 +0,0 @@ -type: txt -help: Defines the key in the clear text for protocol for privacy -syntax:expression: pattern $VAR(@) "^.{8,}$" ; "key must contain 8 or more characters" - -update:expression: $VAR(../encrypted-key/@) = "" && $VAR(../../engineid/@) = "" -update:expression: $VAR(../../../engineid/@) != "" || $VAR(../../../engineid/@) = "" \ No newline at end of file diff --git a/templates/service/snmp/v3/user/node.tag/privacy/type/node.def b/templates/service/snmp/v3/user/node.tag/privacy/type/node.def deleted file mode 100644 index bbfd5331..00000000 --- a/templates/service/snmp/v3/user/node.tag/privacy/type/node.def +++ /dev/null @@ -1,8 +0,0 @@ -type: txt -default: "des" -help: Defines the protocol for privacy -syntax:expression: $VAR(@) in "des", "aes" -allowed: echo des aes - -val_help: des; Data Encryption Standard -val_help: aes; Advanced Encryption Standard \ No newline at end of file diff --git a/templates/service/snmp/v3/user/node.tag/tsm-key/node.def b/templates/service/snmp/v3/user/node.tag/tsm-key/node.def deleted file mode 100644 index b41be079..00000000 --- a/templates/service/snmp/v3/user/node.tag/tsm-key/node.def +++ /dev/null @@ -1,14 +0,0 @@ -type: txt -help: Specifies finger print or file name of TSM certificate. -allowed: if sudo [ -d /etc/snmp/tls/certs ]; then - sudo ls /etc/snmp/tls/certs 2> /dev/null - else - sudo ls /config/snmp/tls/certs 2> /dev/null - fi -syntax:expression: pattern $VAR(@) "^[0-9A-F]{2}(:[0-9A-F]{2}){19}$" || - exec "if sudo [ -f /etc/snmp/tls/certs/$VAR(@) -o -f /config/snmp/tls/certs/$VAR(@) ]; \ - then \ - exit 0; \ - else \ - exit 1; \ - fi" ; "value can be finger print key or filename in /etc/snmp/tls/certs folder" \ No newline at end of file diff --git a/templates/service/snmp/v3/view/node.def b/templates/service/snmp/v3/view/node.def deleted file mode 100644 index 1fa589ae..00000000 --- a/templates/service/snmp/v3/view/node.def +++ /dev/null @@ -1,6 +0,0 @@ -tag: -type: txt -help: Specifies the view with name viewname -syntax:expression: pattern $VAR(@) "^[^\(\)\|\&-]+$" ; "illegal characters in name" -syntax:expression: exec "/opt/vyatta/sbin/vyatta_check_snmp_name.pl $VAR(@)" -commit:expression: $VAR(oid/) != ""; "must configure an oid" diff --git a/templates/service/snmp/v3/view/node.tag/oid/node.def b/templates/service/snmp/v3/view/node.tag/oid/node.def deleted file mode 100644 index ca2a5c5d..00000000 --- a/templates/service/snmp/v3/view/node.tag/oid/node.def +++ /dev/null @@ -1,4 +0,0 @@ -tag: -type: txt -help: Specifies the oid -syntax:expression: pattern $VAR(@) "^[0-9]+(\\.[0-9]+)*$" ; "oid must start from a number" diff --git a/templates/service/snmp/v3/view/node.tag/oid/node.tag/exclude/node.def b/templates/service/snmp/v3/view/node.tag/oid/node.tag/exclude/node.def deleted file mode 100644 index df3611cb..00000000 --- a/templates/service/snmp/v3/view/node.tag/oid/node.tag/exclude/node.def +++ /dev/null @@ -1 +0,0 @@ -help: Exclude is optional argument. diff --git a/templates/service/snmp/v3/view/node.tag/oid/node.tag/mask/node.def b/templates/service/snmp/v3/view/node.tag/oid/node.tag/mask/node.def deleted file mode 100644 index bc500afe..00000000 --- a/templates/service/snmp/v3/view/node.tag/oid/node.tag/mask/node.def +++ /dev/null @@ -1,4 +0,0 @@ -type: txt -help: Defines a bit-mask that is indicating which subidentifiers of the associated subtree OID should be regarded as significant. -syntax:expression: pattern $VAR(@) "^[0-9a-f]{2}([\\.:][0-9a-f]{2})*$" ; \ - "MASK is a list of hex octets, separated by '.' or ':'" \ No newline at end of file -- cgit v1.2.3