wok annotate dropbear/stuff/init.d/dropbear @ rev 25052
ruby-ncurses: typo
| author | Pascal Bellard <pascal.bellard@slitaz.org> |
|---|---|
| date | Sun Jun 05 11:43:47 2022 +0000 (2022-06-05) |
| parents | 13813512f1db |
| children |
| rev | line source |
|---|---|
| pankso@126 | 1 #!/bin/sh |
| al@19159 | 2 # /etc/init.d/dropbear : Start, stop and restart SSH server on SliTaz, at |
| pankso@126 | 3 # boot time or with the command line. |
| pankso@126 | 4 # |
| pankso@126 | 5 # To start SSH server at boot time, just put dropbear in the $RUN_DAEMONS |
| pankso@126 | 6 # variable of /etc/rcS.conf and configure options with /etc/daemons.conf |
| pankso@126 | 7 # |
| pankso@126 | 8 . /etc/init.d/rc.functions |
| pankso@126 | 9 . /etc/daemons.conf |
| pankso@126 | 10 |
| pankso@126 | 11 NAME=Dropbear |
| al@19159 | 12 DESC="$(_ '%s server' SSH)" |
| pankso@126 | 13 DAEMON=/usr/sbin/dropbear |
| pankso@126 | 14 OPTIONS=$DROPBEAR_OPTIONS |
| pankso@126 | 15 PIDFILE=/var/run/dropbear.pid |
| pankso@126 | 16 |
| pankso@126 | 17 case "$1" in |
| pankso@126 | 18 start) |
| pankso@126 | 19 # We need rsa and dss host key file to start dropbear. |
| pascal@23868 | 20 for type in rsa dss ecdsa ed25519 ; do |
| pascal@20154 | 21 [ -s /etc/dropbear/dropbear_${type}_host_key ] && continue |
| pascal@20061 | 22 action 'Generating Dropbear %s key... ' $type |
| pascal@20061 | 23 # Need to delete key before creating it. |
| pascal@20061 | 24 rm -f /etc/dropbear/dropbear_${type}_host_key |
| pascal@20106 | 25 dropbearkey -t $type -f /etc/dropbear/dropbear_${type}_host_key >/dev/null 2>&1 |
| pascal@20061 | 26 status |
| pascal@20061 | 27 done |
| pascal@2395 | 28 if active_pidfile $PIDFILE dropbear ; then |
| al@19159 | 29 _ '%s is already running.' $NAME |
| pankso@126 | 30 exit 1 |
| pankso@126 | 31 fi |
| pascal@20061 | 32 if [ -n "$(which iptables)" ] && ! iptables -L | grep 'tcp dpt:ssh ' ; then |
| pascal@20061 | 33 tcp22new='iptables -A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -m recent' |
| pascal@20061 | 34 $tcp22new --set --name DEFAULT --rsource |
| pascal@20061 | 35 limit='--seconds 300 --hitcount 5 --name DEFAULT --rsource' |
| pascal@20061 | 36 $tcp22new --update $limit -j LOG --log-prefix "SSH-Bruteforce : " |
| pascal@20061 | 37 $tcp22new --update $limit -j DROP |
| pascal@20061 | 38 fi |
| al@19159 | 39 action 'Starting %s: %s...' "$DESC" $NAME |
| pankso@126 | 40 $DAEMON $OPTIONS |
| pankso@126 | 41 status |
| pankso@126 | 42 ;; |
| pankso@126 | 43 stop) |
| pascal@2395 | 44 if ! active_pidfile $PIDFILE dropbear ; then |
| al@19159 | 45 _ '%s is not running.' $NAME |
| pankso@126 | 46 exit 1 |
| pankso@126 | 47 fi |
| al@19159 | 48 action 'Stopping %s: %s...' "$DESC" $NAME |
| al@19159 | 49 kill $(cat $PIDFILE) |
| pankso@126 | 50 status |
| pankso@126 | 51 ;; |
| pankso@126 | 52 restart) |
| pascal@2395 | 53 if ! active_pidfile $PIDFILE dropbear ; then |
| al@19159 | 54 _ '%s is not running.' $NAME |
| pankso@126 | 55 exit 1 |
| pankso@126 | 56 fi |
| al@19159 | 57 action 'Restarting %s: %s...' "$DESC" $NAME |
| al@19159 | 58 kill $(cat $PIDFILE) |
| pankso@126 | 59 sleep 2 |
| pankso@126 | 60 $DAEMON $OPTIONS |
| pankso@126 | 61 status |
| pankso@126 | 62 ;; |
| pankso@126 | 63 *) |
| al@19159 | 64 emsg "<n><b>$(_ 'Usage:')</b> $0 [start|stop|restart]" |
| al@19159 | 65 newline |
| pankso@126 | 66 exit 1 |
| pankso@126 | 67 ;; |
| pankso@126 | 68 esac |
| pankso@126 | 69 |
| pankso@126 | 70 exit 0 |