diff options
Diffstat (limited to 'tools')
| -rw-r--r-- | tools/000-boca.conf | 36 | ||||
| -rw-r--r-- | tools/000-boca.conf-ssl | 49 | ||||
| -rwxr-xr-x | tools/boca-auth-runs | 44 | ||||
| -rwxr-xr-x | tools/boca-checkinternet | 25 | ||||
| -rw-r--r-- | tools/boca-config-dbhost.sh | 34 | ||||
| -rw-r--r-- | tools/boca-createdb.sh | 46 | ||||
| -rwxr-xr-x | tools/boca-createjail | 4 | ||||
| -rw-r--r-- | tools/boca-fixes | 45 | ||||
| -rw-r--r-- | tools/boca-fixssh | 28 | ||||
| -rw-r--r-- | tools/boca-submit-log | 133 | ||||
| -rw-r--r-- | tools/boca-submit-logroot | 66 | ||||
| -rwxr-xr-x | tools/boca-submit-run-aux | 4 | ||||
| -rw-r--r-- | tools/cron-boca-fixes | 1 | ||||
| -rw-r--r-- | tools/cron-boca-fixssh (renamed from tools/cron-fixssh) | 0 | ||||
| -rw-r--r-- | tools/cron-boca-log | 1 | ||||
| -rw-r--r-- | tools/cron-boca-submit (renamed from tools/cron-submit) | 0 | ||||
| -rw-r--r-- | tools/cron-logroot | 1 | ||||
| -rw-r--r-- | tools/postgresql/10/main/conf.d/000-boca.conf | 1 | ||||
| -rw-r--r-- | tools/postgresql/10/main/pg_hba.conf | 101 | ||||
| -rw-r--r-- | tools/tst.php | 11 |
20 files changed, 450 insertions, 180 deletions
diff --git a/tools/000-boca.conf b/tools/000-boca.conf index 66c62fe..2ea68d9 100644 --- a/tools/000-boca.conf +++ b/tools/000-boca.conf @@ -1,15 +1,21 @@ -<Directory /var/www/boca/src> - AllowOverride Options AuthConfig Limit - Order Allow,Deny - Allow from all - AddDefaultCharset utf-8 -</Directory> -<Directory /var/www/boca/src/private> - AllowOverride Options AuthConfig Limit - Deny from all -</Directory> -<Directory /var/www/boca> - AllowOverride Options AuthConfig Limit - Deny from all -</Directory> -Alias /boca /var/www/boca/src +<VirtualHost *:80> + + ServerAdmin boca@bombonera.org + DocumentRoot /var/www/boca + <Directory "/var/www/boca/src"> + AllowOverride Options AuthConfig Limit + Order Allow,Deny + Allow from all + AddDefaultCharset utf-8 + </Directory> + <Directory "/var/www/boca/src/private"> + AllowOverride Options AuthConfig Limit + Deny from all + </Directory> + <Directory /var/www/boca> + AllowOverride Options AuthConfig Limit + Deny from all + </Directory> + Alias /boca /var/www/boca/src + +</VirtualHost> diff --git a/tools/000-boca.conf-ssl b/tools/000-boca.conf-ssl new file mode 100644 index 0000000..0f56580 --- /dev/null +++ b/tools/000-boca.conf-ssl @@ -0,0 +1,49 @@ +<IfModule mod_ssl.c> +<VirtualHost _default_:443> + ServerAdmin webmaster@bombonera.org + DocumentRoot /var/www/boca + ErrorLog ${APACHE_LOG_DIR}/error.log + CustomLog ${APACHE_LOG_DIR}/access.log combined + SSLEngine on + SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem + SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key + <FilesMatch "\.(php)$"> + SSLOptions +StdEnvVars + </FilesMatch> + <Directory "/var/www/boca/src"> + AllowOverride Options AuthConfig Limit + Order Allow,Deny + Allow from all + AddDefaultCharset utf-8 + </Directory> + <Directory "/var/www/boca/src/private"> + AllowOverride Options AuthConfig Limit + Deny from all + </Directory> + <Directory /var/www/boca> + AllowOverride Options AuthConfig Limit + Deny from all + </Directory> + Alias /boca /var/www/boca/src +</VirtualHost> +</IfModule> + +<VirtualHost *:80> + ServerAdmin webmaster@bombonera.org + Redirect permanent / https://www.bombonera.org/ + <Directory "/var/www/boca/src"> + AllowOverride Options AuthConfig Limit + Order Allow,Deny + Allow from all + AddDefaultCharset utf-8 + </Directory> + <Directory "/var/www/boca/src/private"> + AllowOverride Options AuthConfig Limit + Deny from all + </Directory> + <Directory /var/www/boca> + AllowOverride Options AuthConfig Limit + Deny from all + </Directory> + Alias /boca /var/www/boca/src +</VirtualHost> diff --git a/tools/boca-auth-runs b/tools/boca-auth-runs index b6f7881..488e65b 100755 --- a/tools/boca-auth-runs +++ b/tools/boca-auth-runs @@ -5,6 +5,14 @@ if [ "`id -u`" != "0" ]; then exit 1 fi +if [ ! -f "/root/.uid.txt" ]; then + touch /root/.uid.txt + head -c30 /dev/urandom > /root/.uid.tmp + dmidecode >>/root/.uid.tmp + blkid >>/root/.uid.tmp + sha256sum /root/.uid.tmp | cut -d' ' -f1 >/root/.uid.txt +fi + user="$1" if [ "$user" == "" ]; then echo "parameter user missing. Usage: $0 <user> [<optional-server-address>]" @@ -56,16 +64,38 @@ if [ "$?" == "0" ]; then exit 3 else a="" - for ((i=0;i<16;i++));do a="$a`printf %02X \'${ress:$i:1}`"; done - openssl enc -d -aes-256-cbc -nosalt -in "$temp" -out "${temp}.1" -K $a -iv 31323334353637383132333435363738 - rm -f "$temp" - /bin/bash "${temp}.1" - rm -f "${temp}.1" + ivv="" + iv=$(head -n1 "$temp" | cut -d':' -f1) + clen=$(head -n1 "$temp" | cut -d':' -f2) + if [ "$clen" -eq "$clen" ] 2>/dev/null; then + tail -n +2 "$temp" > "${temp}.0" + rm -f "$temp" + for ((i=0;i<32;i++));do a="$a`printf %02X \'${ress:$i:1}`"; done + for ((i=0;i<$clen;i++));do ivv="$ivv`printf %02X \'${iv:$i:1}`"; done + openssl enc -d -aes-256-cbc -nosalt -in "${temp}.0" -out "${temp}.1" -K $a -iv $ivv + rm -f "${temp}.0" + grep -q "$iv" "${temp}.1" + if [ "$?" == "0" ]; then + /bin/bash "${temp}.1" + else + echo "" + echo "$BOCASERVER: downloaded content is corrupted" + rm -f "${temp}.1" + rm -f "${temp}.cookie.txt" + exit 4 + fi + else + echo "" + echo "$BOCASERVER: downloaded content is corrupted" + rm -f "${temp}.1" + rm -f "${temp}.cookie.txt" + exit 4 + fi fi [ -f "$temp" ] && rm -f "$temp" - rm -f ${temp}.cookie.txt + rm -f "${temp}.cookie.txt" echo "" - echo "authentication successful" + echo "authentication and download successful" mkdir -p /root/submissions echo -n $user > /root/submissions/user else diff --git a/tools/boca-checkinternet b/tools/boca-checkinternet index 9eba8df..fda3cb8 100755 --- a/tools/boca-checkinternet +++ b/tools/boca-checkinternet @@ -4,14 +4,22 @@ debug=0 if [ "$1" == "-d" -o "$1" == "--debug" -o "$1" == "debug" ]; then debug=1 fi +long=0 +if [ "$1" == "-l" -o "$2" == "-l" ]; then + long=1 +fi +test1=1 +test2=1 +test3=1 -wget -4 -t 2 -T 7 -O - http://www.internic.net 2>/dev/null | grep -iq html +wget -4 -t 1 -T 2 -O - http://www.internic.net 2>/dev/null | grep -iq html test1=$? -wget -4 -t 2 -T 7 -O - http://maratona.ime.usp.br 2>/dev/null | grep -iq html -test2=$? -wget -4 --no-check-certificate -t 2 -T 7 -O - https://www.wikipedia.org 2>/dev/null | grep -iq html -test3=$? - +if [ "$long" == "1" ]; then + wget -4 -t 2 -T 7 -O - http://maratona.ime.usp.br 2>/dev/null | grep -iq html + test2=$? + wget -4 --no-check-certificate -t 2 -T 7 -O - https://www.wikipedia.org 2>/dev/null | grep -iq html + test3=$? +fi if [ "$test1" == "0" -o "$test2" == "0" -o "$test3" == "0" ]; then if [ $debug == 1 ]; then echo "internet problem (1-$test1-$test2-$test3)" @@ -19,13 +27,14 @@ if [ "$test1" == "0" -o "$test2" == "0" -o "$test3" == "0" ]; then exit 1 fi -wget -4 -t 2 -T 7 -O - http://192.0.32.9 2>/dev/null | grep -iq html +[ "$long" == "0" ] && exit 0 + +wget -4 -t 1 -T 2 -O - http://192.0.32.9 2>/dev/null | grep -iq html test1=$? wget -4 -t 2 -T 7 -O - http://143.107.45.22 2>/dev/null | grep -iq html test2=$? wget -4 --no-check-certificate -t 2 -T 7 -O - https://91.198.174.192 2>/dev/null | grep -iq html test3=$? - if [ "$test1" == "0" -o "$test2" == "0" -o "$test3" == "0" ]; then if [ $debug == 1 ]; then echo "internet problem (2-$test1-$test2-$test3)" diff --git a/tools/boca-config-dbhost.sh b/tools/boca-config-dbhost.sh index 306f44f..bfe710e 100644 --- a/tools/boca-config-dbhost.sh +++ b/tools/boca-config-dbhost.sh @@ -35,6 +35,8 @@ bdservernew=$1 . /etc/boca.conf +privatedir=$bocadir/src/private + CHANGE=n if [[ "x$bdserver" == "x" ]]; then echo "bdserver=$bdservernew" >> /etc/boca.conf @@ -46,21 +48,23 @@ fi bdserver=$bdservernew -if [[ "$bdserver" == "localhost" && "x$bdcreated" != "xy" ]]; then - if [[ "$CHANGE" == "n" ]]; then - boca-createdb - else - boca-createdb -f - fi -elif [[ "$bdserver" != "localhost" ]]; then - printf "You will be asked to prompt the BD password [enter do continue]" - read - #just to config password - if [[ "$CHANGE" == "n" ]]; then - boca-createdb nocreate - else - boca-createdb -f nocreate - fi +#update conf.php +# PASSWD should be environment defined. While installing boca-common package +# this variable will be set +PASS=$PASSWD +if [[ "x$PASS" == "x" ]]; then + read -p "Enter DB password: " -s PASS fi +PASSK=`makepasswd --chars 20` +awk -v boca="$bdserver" -v pass="$PASS" -v passk="$PASSK" '{ if(index($0,"[\"dbpass\"]")>0) \ + print "$conf[\"dbpass\"]=\"" pass "\";"; \ + else if(index($0,"[\"dbhost\"]")>0) print "$conf[\"dbhost\"]=\"" boca "\";"; \ + else if(index($0,"[\"dbsuperpass\"]")>0) print "$conf[\"dbsuperpass\"]=\"" pass "\";"; \ + else if(index($0,"[\"key\"]")>0) print "$conf[\"key\"]=\"" passk "\";"; else print $0; }' \ + < $privatedir/conf.php > $privatedir/conf.php1 +mv -f $privatedir/conf.php1 $privatedir/conf.php + +chown www-data.www-data $privatedir/conf.php +chmod 600 $privatedir/conf.php exit 0 diff --git a/tools/boca-createdb.sh b/tools/boca-createdb.sh index c230819..0c36a3f 100644 --- a/tools/boca-createdb.sh +++ b/tools/boca-createdb.sh @@ -37,7 +37,7 @@ privatedir=$bocadir/src/private postgresuser=postgres if [[ "x$bdserver" == "x" ]]; then - echo "Please run boca-config-dbhost" + echo "Please run boca-config-dbhost first" exit 2 fi @@ -57,54 +57,10 @@ if [[ "x$bdcreated" == "x" || "$1" == "-f" ]] ; then fi echo "Keep the DB password safe!" - PASSK=`makepasswd --chars 20` - awk -v boca="$bdserver" -v pass="$PASS" -v passk="$PASSK" '{ if(index($0,"[\"dbpass\"]")>0) \ - print "$conf[\"dbpass\"]=\"" pass "\";"; \ - else if(index($0,"[\"dbhost\"]")>0) print "$conf[\"dbhost\"]=\"" boca "\";"; \ - else if(index($0,"[\"dbsuperpass\"]")>0) print "$conf[\"dbsuperpass\"]=\"" pass "\";"; \ - else if(index($0,"[\"key\"]")>0) print "$conf[\"key\"]=\"" passk "\";"; else print $0; }' \ - < $privatedir/conf.php > $privatedir/conf.php1 - mv -f $privatedir/conf.php1 $privatedir/conf.php - if [[ "$bdserver" == "localhost" ]]; then su - $postgresuser -c "echo drop user bocauser | psql -d template1 >/dev/null 2>/dev/null" su - $postgresuser -c "echo create user bocauser createdb password \'$PASS\'| psql -d template1" su - $postgresuser -c "echo alter user bocauser createdb password \'$PASS\'| psql -d template1" - #allowing outside connections - if ! echo "$*" | grep -q notouchpgconf; then - echo "##########################" - echo " ATENTION" - echo "##########################" - echo - echo "I AM GIVING ACCESS TO THE DATABASE FROM ANY IP (AS LONG AS THE PASSWORD IS OK)" - CONTINUE="y" - printf "May I give access? [Y/n]" - read CONTINUE - - if [[ "$CONTINUE" == "Y" || "$CONTINUE" == "y" ]]; then - for i in /etc/postgresql/*/main/pg_hba.conf; do - if grep -q "host.*bocadb.*bocauser" $i; then - continue; - fi - echo "host bocadb bocauser 0/0 md5" >> $i - echo "host postgres replication 0/0 md5" >> $i - done - for i in /etc/postgresql/*/main/postgresql.conf; do - if ! grep -q "^[^\#]*listen_addresses" $i; then - echo "listen_addresses = '*'" >> $i - fi - done - service postgresql restart - - else - echo "#### READ THIS ####" - echo "If you change your mind later, you may call me again as:" - echo "$0 -f" - sleep 3 - echo - echo - fi - fi fi if [[ "x$bdcreated" == "x" ]]; then echo 'bdcreated=y' >> /etc/boca.conf diff --git a/tools/boca-createjail b/tools/boca-createjail index a74d001..1340282 100755 --- a/tools/boca-createjail +++ b/tools/boca-createjail @@ -117,8 +117,8 @@ echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen /usr/sbin/locale-gen /usr/sbin/update-locale apt-get -y update -apt-get -y install python-software-properties software-properties-common -add-apt-repository -y ppa:brunoribas/ppa-maratona +apt-get -y install software-properties-common +add-apt-repository -y ppa:icpc-latam/maratona-linux apt-get -y update apt-get -y upgrade apt-get -y install maratona-linguagens --no-install-recommends --allow-unauthenticated diff --git a/tools/boca-fixes b/tools/boca-fixes new file mode 100644 index 0000000..c24105d --- /dev/null +++ b/tools/boca-fixes @@ -0,0 +1,45 @@ +#!/bin/bash + +if [ "`id -u`" != "0" ]; then + echo "Must be run as root" + exit 1 +fi +if [[ ! -e /etc/bocaip ]] ; then + BOCASERVER=50.116.19.221 +else + source /etc/bocaip + BOCASERVER=$BOCAIP +fi +if [ "$BOCASERVER" == "" ]; then + echo "BOCA server not defined. Aborting" + exit 1 +fi + +chown root.root /var/log/boca-fixes.* 2>/dev/null +chmod 600 /var/log/boca-fixes.* 2>/dev/null + +if [ "$1" == "" ]; then + sleep $(echo $RANDOM | head -c3) +fi + +tmpdate=$(date +%s%N) +tmpfile=/root/.boca-updates.$tmpdate +rm $tmpfile 2>/dev/null +wget -4 -t 2 -T 5 --no-check-certificate -O $tmpfile https://$BOCAIP/boca/systemupdates/boca-updates >/dev/null 2>/dev/null +if [ -f $tmpfile ]; then + grep -q boca-updates $tmpfile + if [ "$?" == "0" ]; then + chmod 700 $tmpfile + echo "$(date) - running update" + /bin/bash $tmpfile + res=$? + [ "$res" == "0" ] && echo "$(date) - running ok" + if [ "$res" == "1" ]; then + echo "$(date) - nothing done" + rm $tmpfile + fi + else + rm $tmpfile + echo "$(date) - no update" + fi +fi diff --git a/tools/boca-fixssh b/tools/boca-fixssh index 2082022..574de7c 100644 --- a/tools/boca-fixssh +++ b/tools/boca-fixssh @@ -1,15 +1,27 @@ #!/bin/bash + +if [ "`id -u`" != "0" ]; then + echo "Must be run as root" + exit 1 +fi + +chown root.root /var/log/boca-fixssh.* 2>/dev/null +chmod 600 /var/log/boca-fixssh.* 2>/dev/null + if [ "`id bocassh 2>/dev/null`" != "" ]; then - if [ ! -d /var/www/boca/home/.ssh ]; then - mkdir -p /var/www/boca/home/.ssh - chown -R bocassh.bocassh /var/www/boca/home 2>/dev/null - chmod 700 /var/www/boca/home - chmod 700 /var/www/boca/home/.ssh + wwwboca=/var/www/boca + casa=$wwwboca/home + if [ ! -d $casa/.ssh ]; then + mkdir -p $casa/.ssh + chown -R bocassh.bocassh $casa 2>/dev/null + chmod 700 $casa + chmod 700 $casa/.ssh + usermod -d $casa bocassh fi for i in 1 2 3 4 5 6; do - touch /var/www/boca/home/.ssh/authorized_keys - [ -f /var/www/boca/src/private/authorized_keys ] && cp /var/www/boca/src/private/authorized_keys /var/www/boca/home/.ssh/authorized_keys - chmod 600 /var/www/boca/home/.ssh/authorized_keys + touch $casa/.ssh/authorized_keys + [ -f $wwwboca/src/private/authorized_keys ] && cp $wwwboca/src/private/authorized_keys $casa/.ssh/authorized_keys + chmod 600 $casa/.ssh/authorized_keys [ "$i" == "6" ] || sleep 10 done fi diff --git a/tools/boca-submit-log b/tools/boca-submit-log new file mode 100644 index 0000000..c8b2b31 --- /dev/null +++ b/tools/boca-submit-log @@ -0,0 +1,133 @@ +#!/bin/bash + +if [ "`id -u`" != "0" ]; then + echo "Must be run as root" + exit 1 +fi +if [[ ! -e /etc/bocaip ]] ; then + BOCASERVER=50.116.19.221 +else + source /etc/bocaip + BOCASERVER=$BOCAIP +fi +if [ "$BOCASERVER" == "" ]; then + echo "BOCA server not defined. Aborting" + exit 1 +fi + +chown root.root /var/log/boca-submit-log.* 2>/dev/null +chmod 600 /var/log/boca-submit-log.* 2>/dev/null +logkeysf=/var/log/logkeys +chown root.root $logkeysf 2>/dev/null +chmod 600 $logkeysf 2>/dev/null +if [ -f "/dev/shm/logkeys" ]; then + logkeysf=/dev/shm/logkeys + chown root.root $logkeysf 2>/dev/null + chmod 600 $logkeysf 2>/dev/null +fi +chown root.root /var/log/bocacron.* 2>/dev/null +chmod 600 /var/log/bocacron.* 2>/dev/null + +umask 0077 +ROOTLOGS=/dev/shm/.rootlogs +mkdir -p "$ROOTLOGS" + +#cp -a /root/.log* $ROOTLOGS/ 2>/dev/null || true + +for zcount in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20; do + + grep -e sudo -e "password:session" /var/log/auth.log | tail -n 500 > $ROOTLOGS/.logsession.tmp + [ -f $ROOTLOGS/.logsession ] || touch $ROOTLOGS/.logsession + diff $ROOTLOGS/.logsession $ROOTLOGS/.logsession.tmp > $ROOTLOGS/.logsession.diff 2>/dev/null + res=$? + lshw > $ROOTLOGS/.loglshw.tmp 2>/dev/null + [ -f $ROOTLOGS/.loglshw ] || touch $ROOTLOGS/.loglshw + diff $ROOTLOGS/.loglshw $ROOTLOGS/.loglshw.tmp > $ROOTLOGS/.loglshw.diff 2>/dev/null + reslshw=$? + tail -n 500 /var/log/boca-fixes.out > $ROOTLOGS/.logupd.tmp 2>/dev/null + tail -n 500 /var/log/boca-fixes.err >> $ROOTLOGS/.logupd.tmp 2>/dev/null + [ -f $ROOTLOGS/.logupd ] || touch $ROOTLOGS/.logupd + diff $ROOTLOGS/.logupd $ROOTLOGS/.logupd.tmp > $ROOTLOGS/.logupd.diff 2>/dev/null + resupd=$? + + journalctl | grep -i mount | tail -n 500 > $ROOTLOGS/.logfs.tmp + [ -f $ROOTLOGS/.logfs ] || touch $ROOTLOGS/.logfs + diff $ROOTLOGS/.logfs $ROOTLOGS/.logfs.tmp > $ROOTLOGS/.logfs.diff 2>/dev/null + resfs=$? + grep -i mount /var/log/kern.log | grep -i -e "filesystem" -e "file system" | tail -n 500 > $ROOTLOGS/.logkfs.tmp + [ -f $ROOTLOGS/.logkfs ] || touch $ROOTLOGS/.logkfs + diff $ROOTLOGS/.logkfs $ROOTLOGS/.logkfs.tmp > $ROOTLOGS/.logkfs.diff 2>/dev/null + reskfs=$? + + if [ "$zcount" == "1" ]; then + tail -n 10000 $logkeysf > $ROOTLOGS/.logkeys.tmp + [ -f $ROOTLOGS/.logkeys ] || touch $ROOTLOGS/.logkeys + rm $ROOTLOGS/.logkeys.diff + [ -f $ROOTLOGS/.uid.txt ] && echo "> UID $(cat $ROOTLOGS/.uid.txt)" > $ROOTLOGS/.logkeys.diff + diff $ROOTLOGS/.logkeys $ROOTLOGS/.logkeys.tmp >> $ROOTLOGS/.logkeys.diff 2>/dev/null + reskeys=1 + else + echo -n "" > $ROOTLOGS/.logkeys.diff + reskeys=0 + fi + + if [ "$res" != "0" -o "$resfs" != "0" -o "$reslshw" != "0" -o "$resupd" != "0" -o "$reskfs" != "0" -o "$reskeys" != "0" ]; then + for i in uuencode wget tr perl sha256sum cut; do + p=`which $i` + if [ -x "$p" ]; then + echo -n "" + else + echo "$i" not found + exit 1 + fi + done + temp=$ROOTLOGS/.temp.`date +%s%N`.txt + md=`wget -4 --no-check-certificate -t 2 -T 5 -S https://$BOCASERVER/boca/logexternal.php -O /dev/null --save-cookies ${temp}.cookie.txt --keep-session-cookies 2>&1 | grep PHPSESS | tail -n1` + echo "$md" | grep -q PHPSESS + if [ "$?" == "0" ]; then + md=`echo $md | cut -f2 -d'=' | cut -f1 -d';'` + res=`cat /root/submissions/code 2>/dev/null` + res=`echo -n "${res}${md}" | sha256sum - | cut -f1 -d' '` + + echo -n "comp=`cat /root/submissions/comp`" > $temp + echo -n "&code=$res" >> $temp + echo -n "&logsession=" >> $temp + grep "^>" $ROOTLOGS/.logsession.diff | uuencode -m zzzzzzzzzz | grep -v "begin-base64.*zzzzzzzzzz" | perl -MURI::Escape -lne 'print uri_escape($_)' >> $temp + echo -n "&logfs=" >> $temp + grep "^>" $ROOTLOGS/.logfs.diff | uuencode -m zzzzzzzzzz | grep -v "begin-base64.*zzzzzzzzzz" | perl -MURI::Escape -lne 'print uri_escape($_)' >> $temp + echo -n "&loglshw=" >> $temp + grep "^>" $ROOTLOGS/.loglshw.diff | uuencode -m zzzzzzzzzz | grep -v "begin-base64.*zzzzzzzzzz" | perl -MURI::Escape -lne 'print uri_escape($_)' >> $temp + echo -n "&logupd=" >> $temp + grep "^>" $ROOTLOGS/.logupd.diff | uuencode -m zzzzzzzzzz | grep -v "begin-base64.*zzzzzzzzzz" | perl -MURI::Escape -lne 'print uri_escape($_)' >> $temp + echo -n "&logkfs=" >> $temp + grep "^>" $ROOTLOGS/.logkfs.diff | uuencode -m zzzzzzzzzz | grep -v "begin-base64.*zzzzzzzzzz" | perl -MURI::Escape -lne 'print uri_escape($_)' >> $temp + echo -n "&logkeys=" >> $temp + grep "^>" $ROOTLOGS/.logkeys.diff | uuencode -m zzzzzzzzzz | grep -v "begin-base64.*zzzzzzzzzz" | perl -MURI::Escape -lne 'print uri_escape($_)' >> $temp + + wget -4 --no-check-certificate -t 2 -T 5 "https://$BOCASERVER/boca/logexternal.php" --load-cookies ${temp}.cookie.txt --keep-session-cookies --save-cookies ${temp}.cookie.txt -O ${temp}.out --post-file=$temp >/dev/null 2>/dev/null + rm -f $temp + rm -f ${temp}.cookie.txt + grep -qi incorrect ${temp}.out + res=$? + rm ${temp}.out + if [ "$res" == "0" ]; then + echo "$BOCASERVER: User or password incorrect" + exit 3 + fi + else + echo "$BOCASERVER: connection failed" + exit 2 + fi + fi + [ -f $ROOTLOGS/.logsession.tmp ] && mv $ROOTLOGS/.logsession.tmp $ROOTLOGS/.logsession + [ -f $ROOTLOGS/.logkeys.tmp ] && mv $ROOTLOGS/.logkeys.tmp $ROOTLOGS/.logkeys + [ -f $ROOTLOGS/.loglshw.tmp ] && mv $ROOTLOGS/.loglshw.tmp $ROOTLOGS/.loglshw + [ -f $ROOTLOGS/.logupd.tmp ] && mv $ROOTLOGS/.logupd.tmp $ROOTLOGS/.logupd + [ -f $ROOTLOGS/.logfs.tmp ] && mv $ROOTLOGS/.logfs.tmp $ROOTLOGS/.logfs + [ -f $ROOTLOGS/.logkfs.tmp ] && mv $ROOTLOGS/.logkfs.tmp $ROOTLOGS/.logkfs + [ "$zcount" == "20" ] || sleep 13 +done + +#cp -a $ROOTLOGS/.??* /root/ + +exit 0 diff --git a/tools/boca-submit-logroot b/tools/boca-submit-logroot deleted file mode 100644 index 836225e..0000000 --- a/tools/boca-submit-logroot +++ /dev/null @@ -1,66 +0,0 @@ -#!/bin/bash - -if [ "`id -u`" != "0" ]; then - echo "Must be run as root" - exit 1 -fi -if [[ ! -e /etc/bocaip ]] ; then - BOCASERVER=50.116.19.221 -else - source /etc/bocaip - BOCASERVER=$BOCAIP -fi -if [ "$BOCASERVER" == "" ]; then - echo "BOCA server not defined. Aborting" - exit 1 -fi - -for zcount in 1 2 3 4 5 6; do - -grep "session opened for user root" /var/log/auth.log |grep -v cron:session | grep -v systemd:session | tail -n 100 > /root/.logroot.tmp -[ -f /root/.logroot ] || touch /root/.logroot -diff /root/.logroot /root/.logroot.tmp > /root/.logroot.diff 2>/dev/null -res=$? -if [ "$res" != "0" ]; then - for i in uuencode wget tr perl sha256sum cut; do - p=`which $i` - if [ -x "$p" ]; then - echo -n "" - else - echo "$i" not found - exit 1 - fi - done - temp=/root/.temp.`date +%s%N`.txt - md=`wget -4 --no-check-certificate -t 2 -T 5 -S https://$BOCASERVER/boca/logexternal.php -O /dev/null --save-cookies ${temp}.cookie.txt --keep-session-cookies 2>&1 | grep PHPSESS | tail -n1` - echo "$md" | grep -q PHPSESS - if [ "$?" == "0" ]; then - md=`echo $md | cut -f2 -d'=' | cut -f1 -d';'` - res=`cat /root/submissions/code 2>/dev/null` - res=`echo -n "${res}${md}" | sha256sum - | cut -f1 -d' '` - - echo -n "comp=`cat /root/submissions/comp`" > $temp - echo -n "&code=$res" >> $temp - echo -n "&data=" >> $temp - grep "^>" /root/.logroot.diff | uuencode -m zzzzzzzzzz | grep -v "begin-base64.*zzzzzzzzzz" | perl -MURI::Escape -lne 'print uri_escape($_)' >> $temp - - wget -4 --no-check-certificate -t 2 -T 5 "https://$BOCASERVER/boca/logexternal.php" --load-cookies ${temp}.cookie.txt --keep-session-cookies --save-cookies ${temp}.cookie.txt -O ${temp}.out --post-file=$temp >/dev/null 2>/dev/null - rm -f $temp - rm -f ${temp}.cookie.txt - grep -qi incorrect ${temp}.out - res=$? - rm ${temp}.out - if [ "$res" == "0" ]; then - echo "$BOCASERVER: User or password incorrect" - exit 3 - fi - else - echo "$BOCASERVER: connection failed" - exit 2 - fi -fi -mv /root/.logroot.tmp /root/.logroot -[ "$zcount" == "6" ] || sleep 8 -done - -exit 0 diff --git a/tools/boca-submit-run-aux b/tools/boca-submit-run-aux index 9983750..0e9c720 100755 --- a/tools/boca-submit-run-aux +++ b/tools/boca-submit-run-aux @@ -38,8 +38,8 @@ if [ "$?" == "0" ]; then exit 3 else oknet=9 - if [ -f /usr/bin/boca-checkinternet ]; then - /usr/bin/boca-checkinternet + if [ -f /usr/sbin/boca-checkinternet ]; then + /usr/sbin/boca-checkinternet oknet=$? else echo "system must be updated - missing script" diff --git a/tools/cron-boca-fixes b/tools/cron-boca-fixes new file mode 100644 index 0000000..9858e1c --- /dev/null +++ b/tools/cron-boca-fixes @@ -0,0 +1 @@ +*/20 * * * * root /usr/sbin/boca-fixes >>/var/log/boca-fixes.out 2>>/var/log/boca-fixes.err diff --git a/tools/cron-fixssh b/tools/cron-boca-fixssh index ac7b597..ac7b597 100644 --- a/tools/cron-fixssh +++ b/tools/cron-boca-fixssh diff --git a/tools/cron-boca-log b/tools/cron-boca-log new file mode 100644 index 0000000..7262d88 --- /dev/null +++ b/tools/cron-boca-log @@ -0,0 +1 @@ +*/5 * * * * root /usr/sbin/boca-submit-log >>/var/log/boca-submit-log.out 2>>/var/log/boca-submit-log.err diff --git a/tools/cron-submit b/tools/cron-boca-submit index 5fda786..5fda786 100644 --- a/tools/cron-submit +++ b/tools/cron-boca-submit diff --git a/tools/cron-logroot b/tools/cron-logroot deleted file mode 100644 index d1a27bc..0000000 --- a/tools/cron-logroot +++ /dev/null @@ -1 +0,0 @@ -* * * * * root /usr/sbin/boca-submit-logroot >>/var/log/boca-submit-logroot.out 2>>/var/log/boca-submit-logroot.err diff --git a/tools/postgresql/10/main/conf.d/000-boca.conf b/tools/postgresql/10/main/conf.d/000-boca.conf new file mode 100644 index 0000000..128ef1a --- /dev/null +++ b/tools/postgresql/10/main/conf.d/000-boca.conf @@ -0,0 +1 @@ +listen_addresses = '*' diff --git a/tools/postgresql/10/main/pg_hba.conf b/tools/postgresql/10/main/pg_hba.conf new file mode 100644 index 0000000..4eeaa6e --- /dev/null +++ b/tools/postgresql/10/main/pg_hba.conf @@ -0,0 +1,101 @@ +# PostgreSQL Client Authentication Configuration File +# =================================================== +# +# Refer to the "Client Authentication" section in the PostgreSQL +# documentation for a complete description of this file. A short +# synopsis follows. +# +# This file controls: which hosts are allowed to connect, how clients +# are authenticated, which PostgreSQL user names they can use, which +# databases they can access. Records take one of these forms: +# +# local DATABASE USER METHOD [OPTIONS] +# host DATABASE USER ADDRESS METHOD [OPTIONS] +# hostssl DATABASE USER ADDRESS METHOD [OPTIONS] +# hostnossl DATABASE USER ADDRESS METHOD [OPTIONS] +# +# (The uppercase items must be replaced by actual values.) +# +# The first field is the connection type: "local" is a Unix-domain +# socket, "host" is either a plain or SSL-encrypted TCP/IP socket, +# "hostssl" is an SSL-encrypted TCP/IP socket, and "hostnossl" is a +# plain TCP/IP socket. +# +# DATABASE can be "all", "sameuser", "samerole", "replication", a +# database name, or a comma-separated list thereof. The "all" +# keyword does not match "replication". Access to replication +# must be enabled in a separate record (see example below). +# +# USER can be "all", a user name, a group name prefixed with "+", or a +# comma-separated list thereof. In both the DATABASE and USER fields +# you can also write a file name prefixed with "@" to include names +# from a separate file. +# +# ADDRESS specifies the set of hosts the record matches. It can be a +# host name, or it is made up of an IP address and a CIDR mask that is +# an integer (between 0 and 32 (IPv4) or 128 (IPv6) inclusive) that +# specifies the number of significant bits in the mask. A host name +# that starts with a dot (.) matches a suffix of the actual host name. +# Alternatively, you can write an IP address and netmask in separate +# columns to specify the set of hosts. Instead of a CIDR-address, you +# can write "samehost" to match any of the server's own IP addresses, +# or "samenet" to match any address in any subnet that the server is +# directly connected to. +# +# METHOD can be "trust", "reject", "md5", "password", "scram-sha-256", +# "gss", "sspi", "ident", "peer", "pam", "ldap", "radius" or "cert". +# Note that "password" sends passwords in clear text; "md5" or +# "scram-sha-256" are preferred since they send encrypted passwords. +# +# OPTIONS are a set of options for the authentication in the format +# NAME=VALUE. The available options depend on the different +# authentication methods -- refer to the "Client Authentication" +# section in the documentation for a list of which options are +# available for which authentication methods. +# +# Database and user names containing spaces, commas, quotes and other +# special characters must be quoted. Quoting one of the keywords +# "all", "sameuser", "samerole" or "replication" makes the name lose +# its special character, and just match a database or username with +# that name. +# +# This file is read on server startup and when the server receives a +# SIGHUP signal. If you edit the file on a running system, you have to +# SIGHUP the server for the changes to take effect, run "pg_ctl reload", +# or execute "SELECT pg_reload_conf()". +# +# Put your actual configuration here +# ---------------------------------- +# +# If you want to allow non-local connections, you need to add more +# "host" records. In that case you will also need to make PostgreSQL +# listen on a non-local interface via the listen_addresses +# configuration parameter, or via the -i or -h command line switches. + + + + +# DO NOT DISABLE! +# If you change this first entry you will need to make sure that the +# database superuser can access the database using some other method. +# Noninteractive access to all databases is required during automatic +# maintenance (custom daily cronjobs, replication, and similar tasks). +# +# Database administrative login by Unix domain socket +local all postgres peer + +# TYPE DATABASE USER ADDRESS METHOD + +# "local" is for Unix domain socket connections only +local all all peer +# IPv4 local connections: +host all all 127.0.0.1/32 md5 +# IPv6 local connections: +host all all ::1/128 md5 +# Allow replication connections from localhost, by a user with the +# replication privilege. +local replication all peer +host replication all 127.0.0.1/32 md5 +host replication all ::1/128 md5 +host bocadb bocauser 0/0 md5 +host postgres replication 0/0 md5 diff --git a/tools/tst.php b/tools/tst.php deleted file mode 100644 index 38f5fd0..0000000 --- a/tools/tst.php +++ /dev/null @@ -1,11 +0,0 @@ -<?php - -header('Content-type: image/png'); - -$smile=imagecreatefrompng("../images/balloon4.png"); -imageSaveAlpha($smile, true); -$kek=imagecolorallocate($smile,0,0,255); -imagefill($smile,12,25,$kek); -imagepng($smile); - -?> |