diff options
Diffstat (limited to 'op-mode-definitions')
| -rw-r--r-- | op-mode-definitions/date.xml.in | 2 | ||||
| -rw-r--r-- | op-mode-definitions/execute-ssh.xml.in | 34 | ||||
| -rwxr-xr-x[-rw-r--r--] | op-mode-definitions/firewall.xml.in | 220 | ||||
| -rw-r--r-- | op-mode-definitions/install-mok.xml.in | 13 | ||||
| -rwxr-xr-x[-rw-r--r--] | op-mode-definitions/show-log.xml.in | 125 | ||||
| -rw-r--r-- | op-mode-definitions/show-secure-boot.xml.in | 21 |
6 files changed, 414 insertions, 1 deletions
diff --git a/op-mode-definitions/date.xml.in b/op-mode-definitions/date.xml.in index 6d8586025..4e62a8335 100644 --- a/op-mode-definitions/date.xml.in +++ b/op-mode-definitions/date.xml.in @@ -35,7 +35,7 @@ <list><MMDDhhmm> <MMDDhhmmYY> <MMDDhhmmCCYY> <MMDDhhmmCCYY.ss></list> </completionHelp> </properties> - <command>/bin/date "$3"</command> + <command>sudo bash -c "/bin/date '$3' && hwclock --systohc --localtime"</command> </tagNode> </children> </node> diff --git a/op-mode-definitions/execute-ssh.xml.in b/op-mode-definitions/execute-ssh.xml.in new file mode 100644 index 000000000..7fa656f5e --- /dev/null +++ b/op-mode-definitions/execute-ssh.xml.in @@ -0,0 +1,34 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="execute"> + <children> + <node name="ssh"> + <properties> + <help>SSH to a node</help> + </properties> + <children> + <tagNode name="host"> + <properties> + <help>Hostname or IP address</help> + <completionHelp> + <list><hostname> <x.x.x.x> <h:h:h:h:h:h:h:h></list> + </completionHelp> + </properties> + <command>/usr/bin/ssh $4</command> + <children> + <tagNode name="user"> + <properties> + <help>Remote server username</help> + <completionHelp> + <list><username></list> + </completionHelp> + </properties> + <command>/usr/bin/ssh $6@$4</command> + </tagNode> + </children> + </tagNode> + </children> + </node> + </children> + </node> +</interfaceDefinition> diff --git a/op-mode-definitions/firewall.xml.in b/op-mode-definitions/firewall.xml.in index b6ce5bae2..82e6c8668 100644..100755 --- a/op-mode-definitions/firewall.xml.in +++ b/op-mode-definitions/firewall.xml.in @@ -98,6 +98,138 @@ </node> </children> </node> + <node name="input"> + <properties> + <help>Show bridge input firewall ruleset</help> + </properties> + <children> + <node name="filter"> + <properties> + <help>Show bridge input filter firewall ruleset</help> + </properties> + <children> + <leafNode name="detail"> + <properties> + <help>Show list view of bridge input filter firewall rules</help> + <completionHelp> + <path>firewall bridge input filter detail</path> + </completionHelp> + </properties> + <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --detail $6</command> + </leafNode> + <tagNode name="rule"> + <properties> + <help>Show summary of bridge input filter firewall rules</help> + <completionHelp> + <path>firewall bridge input filter rule</path> + </completionHelp> + </properties> + <children> + <leafNode name="detail"> + <properties> + <help>Show list view of specific bridge input filter firewall rule</help> + <completionHelp> + <path>firewall bridge input filter detail</path> + </completionHelp> + </properties> + <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --rule $7 --detail $8</command> + </leafNode> + </children> + <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --rule $7</command> + </tagNode> + </children> + <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5</command> + </node> + </children> + </node> + <node name="output"> + <properties> + <help>Show bridge output firewall ruleset</help> + </properties> + <children> + <node name="filter"> + <properties> + <help>Show bridge output filter firewall ruleset</help> + </properties> + <children> + <leafNode name="detail"> + <properties> + <help>Show list view of bridge output filter firewall rules</help> + <completionHelp> + <path>firewall bridge output filter detail</path> + </completionHelp> + </properties> + <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --detail $6</command> + </leafNode> + <tagNode name="rule"> + <properties> + <help>Show summary of bridge output filter firewall rules</help> + <completionHelp> + <path>firewall bridge output filter rule</path> + </completionHelp> + </properties> + <children> + <leafNode name="detail"> + <properties> + <help>Show list view of specific bridge output filter firewall rule</help> + <completionHelp> + <path>firewall bridge output filter detail</path> + </completionHelp> + </properties> + <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --rule $7 --detail $8</command> + </leafNode> + </children> + <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --rule $7</command> + </tagNode> + </children> + <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5</command> + </node> + </children> + </node> + <node name="prerouting"> + <properties> + <help>Show bridge prerouting firewall ruleset</help> + </properties> + <children> + <node name="filter"> + <properties> + <help>Show bridge prerouting filter firewall ruleset</help> + </properties> + <children> + <leafNode name="detail"> + <properties> + <help>Show list view of bridge prerouting filter firewall rules</help> + <completionHelp> + <path>firewall bridge prerouting filter detail</path> + </completionHelp> + </properties> + <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --detail $6</command> + </leafNode> + <tagNode name="rule"> + <properties> + <help>Show summary of bridge prerouting filter firewall rules</help> + <completionHelp> + <path>firewall bridge prerouting filter rule</path> + </completionHelp> + </properties> + <children> + <leafNode name="detail"> + <properties> + <help>Show list view of specific bridge prerouting filter firewall rule</help> + <completionHelp> + <path>firewall bridge prerouting filter detail</path> + </completionHelp> + </properties> + <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --rule $7 --detail $8</command> + </leafNode> + </children> + <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --rule $7</command> + </tagNode> + </children> + <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5</command> + </node> + </children> + </node> <tagNode name="name"> <properties> <help>Show bridge custom firewall chains</help> @@ -278,6 +410,50 @@ </node> </children> </node> + <node name="prerouting"> + <properties> + <help>Show IPv6 prerouting firewall ruleset</help> + </properties> + <children> + <node name="raw"> + <properties> + <help>Show IPv6 prerouting raw firewall ruleset</help> + </properties> + <children> + <leafNode name="detail"> + <properties> + <help>Show list view of IPv6 prerouting raw firewall ruleset</help> + <completionHelp> + <path>firewall ipv6 prerouting raw detail</path> + </completionHelp> + </properties> + <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --detail $6</command> + </leafNode> + <tagNode name="rule"> + <properties> + <help>Show summary of IPv6 prerouting raw firewall rules</help> + <completionHelp> + <path>firewall ipv6 prerouting raw rule</path> + </completionHelp> + </properties> + <children> + <leafNode name="detail"> + <properties> + <help>Show list view of IPv6 prerouting raw firewall rules</help> + <completionHelp> + <path>firewall ipv6 prerouting raw rule detail</path> + </completionHelp> + </properties> + <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --rule $7 --detail $8</command> + </leafNode> + </children> + <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --rule $7</command> + </tagNode> + </children> + <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5</command> + </node> + </children> + </node> <tagNode name="name"> <properties> <help>Show IPv6 custom firewall chains</help> @@ -458,6 +634,50 @@ </node> </children> </node> + <node name="prerouting"> + <properties> + <help>Show IPv4 prerouting firewall ruleset</help> + </properties> + <children> + <node name="raw"> + <properties> + <help>Show IPv4 prerouting raw firewall ruleset</help> + </properties> + <children> + <leafNode name="detail"> + <properties> + <help>Show list view of IPv4 prerouting raw firewall ruleset</help> + <completionHelp> + <path>firewall ipv4 prerouting raw detail</path> + </completionHelp> + </properties> + <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --detail $6</command> + </leafNode> + <tagNode name="rule"> + <properties> + <help>Show summary of IPv4 prerouting raw firewall rules</help> + <completionHelp> + <path>firewall ipv4 prerouting raw rule</path> + </completionHelp> + </properties> + <children> + <leafNode name="detail"> + <properties> + <help>Show list view of IPv4 prerouting raw firewall rules</help> + <completionHelp> + <path>firewall ipv4 prerouting raw rule detail</path> + </completionHelp> + </properties> + <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --rule $7 --detail $8</command> + </leafNode> + </children> + <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --rule $7</command> + </tagNode> + </children> + <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5</command> + </node> + </children> + </node> <tagNode name="name"> <properties> <help>Show IPv4 custom firewall chains</help> diff --git a/op-mode-definitions/install-mok.xml.in b/op-mode-definitions/install-mok.xml.in new file mode 100644 index 000000000..18526a354 --- /dev/null +++ b/op-mode-definitions/install-mok.xml.in @@ -0,0 +1,13 @@ +<?xml version="1.0" encoding="UTF-8"?> +<interfaceDefinition> + <node name="install"> + <children> + <leafNode name="mok"> + <properties> + <help>Install Secure Boot MOK (Machine Owner Key)</help> + </properties> + <command>if test -f /var/lib/shim-signed/mok/MOK.der; then sudo mokutil --ignore-keyring --import /var/lib/shim-signed/mok/MOK.der; else echo "Secure Boot Machine Owner Key not found"; fi</command> + </leafNode> + </children> + </node> +</interfaceDefinition> diff --git a/op-mode-definitions/show-log.xml.in b/op-mode-definitions/show-log.xml.in index f0fad63d2..c2504686d 100644..100755 --- a/op-mode-definitions/show-log.xml.in +++ b/op-mode-definitions/show-log.xml.in @@ -172,6 +172,81 @@ </node> </children> </node> + <node name="input"> + <properties> + <help>Show Bridge input firewall log</help> + </properties> + <command>journalctl --no-hostname --boot -k | grep bri-INP</command> + <children> + <node name="filter"> + <properties> + <help>Show Bridge firewall input filter</help> + </properties> + <command>journalctl --no-hostname --boot -k | grep bri-INP-filter</command> + <children> + <tagNode name="rule"> + <properties> + <help>Show log for a rule in the specified firewall</help> + <completionHelp> + <path>firewall bridge input filter rule</path> + </completionHelp> + </properties> + <command>journalctl --no-hostname --boot -k | egrep "\[bri-INP-filter-$8-[ADRJC]\]"</command> + </tagNode> + </children> + </node> + </children> + </node> + <node name="output"> + <properties> + <help>Show Bridge output firewall log</help> + </properties> + <command>journalctl --no-hostname --boot -k | grep bri-OUT</command> + <children> + <node name="filter"> + <properties> + <help>Show Bridge firewall output filter</help> + </properties> + <command>journalctl --no-hostname --boot -k | grep bri-OUT-filter</command> + <children> + <tagNode name="rule"> + <properties> + <help>Show log for a rule in the specified firewall</help> + <completionHelp> + <path>firewall bridge output filter rule</path> + </completionHelp> + </properties> + <command>journalctl --no-hostname --boot -k | egrep "\[bri-OUT-filter-$8-[ADRJC]\]"</command> + </tagNode> + </children> + </node> + </children> + </node> + <node name="prerouting"> + <properties> + <help>Show Bridge prerouting firewall log</help> + </properties> + <command>journalctl --no-hostname --boot -k | grep bri-PRE</command> + <children> + <node name="filter"> + <properties> + <help>Show Bridge firewall prerouting filter</help> + </properties> + <command>journalctl --no-hostname --boot -k | grep bri-PRE-filter</command> + <children> + <tagNode name="rule"> + <properties> + <help>Show log for a rule in the specified firewall</help> + <completionHelp> + <path>firewall bridge prerouting filter rule</path> + </completionHelp> + </properties> + <command>journalctl --no-hostname --boot -k | egrep "\[bri-PRE-filter-$8-[ADRJC]\]"</command> + </tagNode> + </children> + </node> + </children> + </node> <tagNode name="name"> <properties> <help>Show custom Bridge firewall log</help> @@ -295,6 +370,31 @@ </node> </children> </node> + <node name="prerouting"> + <properties> + <help>Show firewall IPv4 prerouting log</help> + </properties> + <command>journalctl --no-hostname --boot -k | grep ipv4-PRE</command> + <children> + <node name="raw"> + <properties> + <help>Show firewall IPv4 prerouting raw log</help> + </properties> + <command>journalctl --no-hostname --boot -k | grep ipv4-PRE-raw</command> + <children> + <tagNode name="rule"> + <properties> + <help>Show log for a rule in the specified firewall</help> + <completionHelp> + <path>firewall ipv4 prerouting raw rule</path> + </completionHelp> + </properties> + <command>journalctl --no-hostname --boot -k | egrep "\[ipv4-PRE-raw-$8-[ADRJC]\]"</command> + </tagNode> + </children> + </node> + </children> + </node> </children> </node> <node name="ipv6"> @@ -398,6 +498,31 @@ </node> </children> </node> + <node name="prerouting"> + <properties> + <help>Show firewall IPv6 prerouting log</help> + </properties> + <command>journalctl --no-hostname --boot -k | grep ipv6-PRE</command> + <children> + <node name="raw"> + <properties> + <help>Show firewall IPv6 prerouting raw log</help> + </properties> + <command>journalctl --no-hostname --boot -k | grep ipv6-PRE-raw</command> + <children> + <tagNode name="rule"> + <properties> + <help>Show log for a rule in the specified firewall</help> + <completionHelp> + <path>firewall ipv6 prerouting raw rule</path> + </completionHelp> + </properties> + <command>journalctl --no-hostname --boot -k | egrep "\[ipv6-PRE-raw-$8-[ADRJC]\]"</command> + </tagNode> + </children> + </node> + </children> + </node> </children> </node> </children> diff --git a/op-mode-definitions/show-secure-boot.xml.in b/op-mode-definitions/show-secure-boot.xml.in new file mode 100644 index 000000000..ff731bac9 --- /dev/null +++ b/op-mode-definitions/show-secure-boot.xml.in @@ -0,0 +1,21 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="show"> + <children> + <node name="secure-boot"> + <properties> + <help>Show Secure Boot state</help> + </properties> + <command>${vyos_op_scripts_dir}/secure_boot.py show</command> + <children> + <leafNode name="keys"> + <properties> + <help>Show enrolled certificates</help> + </properties> + <command>mokutil --list-enrolled</command> + </leafNode> + </children> + </node> + </children> + </node> +</interfaceDefinition> |