From 847759fde4a54472e126cd174f6b0cd8a178a203 Mon Sep 17 00:00:00 2001 From: cassio Date: Sat, 5 Sep 2015 13:27:22 +0100 Subject: bug fix --- tools/etc/icpc/installboca.sh | 1 + 1 file changed, 1 insertion(+) (limited to 'tools') diff --git a/tools/etc/icpc/installboca.sh b/tools/etc/icpc/installboca.sh index 88c266f..d796c04 100755 --- a/tools/etc/icpc/installboca.sh +++ b/tools/etc/icpc/installboca.sh @@ -217,6 +217,7 @@ echo "==================================================" echo "=================== SERVER SETUP ===============" echo "==================================================" ln -s /etc/php5/mods-available/mcrypt.ini /etc/php5/apache2/conf.d/20-mcrypt.ini 2>/dev/null +ln -s /etc/php5/mods-available/mcrypt.ini /etc/php5/cli/conf.d/20-mcrypt.ini 2>/dev/null OK=n echo "You can run at anytime later the script /etc/icpc/becomeserver.sh to prepare the computer to be the BOCA server" -- cgit v1.2.3 From 3443e44388376b2632daaa056a5d826506ccf208 Mon Sep 17 00:00:00 2001 From: cassio Date: Mon, 7 Sep 2015 08:19:47 +0100 Subject: zenity and lightdm issues --- tools/etc/icpc/setup.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'tools') diff --git a/tools/etc/icpc/setup.sh b/tools/etc/icpc/setup.sh index 5d8838f..62563e1 100755 --- a/tools/etc/icpc/setup.sh +++ b/tools/etc/icpc/setup.sh @@ -4,7 +4,7 @@ if [ ! -x /etc/icpc/bocaserver.sh ]; then OK=1 while [ "$OK" != "0" ]; do IP=`zenity --title="Setting up the BOCA server IP number" --text="Enter the IP address of the server (format x.y.w.z)\n\ -If this is supposed to be the server, then leave it empty\nIf there are multiple servers, separate IPs by a semi-colon ;" --width=500 --height=100 --entry` +If this is supposed to be the server, then leave it empty\nIf there are multiple servers, separate IPs by a semi-colon ;" --entry` [ "$IP" == "" ] && IP=LOCAL zenity --title="IP confirmation" --text="The chosen IP is $IP\nDo you confirm?" --question OK=$? @@ -94,3 +94,5 @@ fi if [ -x /etc/network/if-pre-up.d/boca ]; then . /etc/network/if-pre-up.d/boca fi + +exit 0 -- cgit v1.2.3 From 64143437a294aa4e0e94d60e79ba3ac677c40e5b Mon Sep 17 00:00:00 2001 From: cassio Date: Mon, 7 Sep 2015 17:26:39 +0100 Subject: security fix and staff restrictions --- tools/installv2.sh | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'tools') diff --git a/tools/installv2.sh b/tools/installv2.sh index e75f2e9..db2aa96 100755 --- a/tools/installv2.sh +++ b/tools/installv2.sh @@ -289,6 +289,11 @@ if [ $? != 0 ]; then sed "s/errors=remount-ro/quota,errors=remount-ro/" < /etc/fstab.bkp.$di.1 > /etc/fstab fi +grep -q icpcadmin /etc/ssh/sshd_config +if [ "$?" != "0" ]; then + echo "DenyUsers icpc icpcadmin" >> /etc/ssh/sshd_config +fi + echo "============================================================" echo "===================== SETTING UP USER QUOTA ===============" echo "============================================================" -- cgit v1.2.3 From eab4a88d06b8b845a8983af59da71457aa9f3dd6 Mon Sep 17 00:00:00 2001 From: cassio Date: Thu, 10 Sep 2015 11:30:53 +0100 Subject: improved position of deny ssh, better output autoj, score bkp per user --- tools/installv2.sh | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) (limited to 'tools') diff --git a/tools/installv2.sh b/tools/installv2.sh index db2aa96..5b756da 100755 --- a/tools/installv2.sh +++ b/tools/installv2.sh @@ -181,6 +181,15 @@ if [ "`which gconftool`" != "" ]; then su - icpc -c "gconftool -s -t bool /apps/update-notifier/auto_launch false" fi +grep -q icpcadmin /etc/ssh/sshd_config +if [ "$?" != "0" ]; then + echo "DenyUsers icpc icpcadmin" >> /etc/ssh/sshd_config + ps auxw |grep sshd|grep -vq grep + if [ "$?" == "0" ]; then + service ssh reload + fi +fi + pass=`echo -n icpc | makepasswd --clearfrom - --crypt-md5 | cut -d'$' -f2-` pass=\$`echo $pass` id -u icpc >/dev/null 2>/dev/null @@ -289,11 +298,6 @@ if [ $? != 0 ]; then sed "s/errors=remount-ro/quota,errors=remount-ro/" < /etc/fstab.bkp.$di.1 > /etc/fstab fi -grep -q icpcadmin /etc/ssh/sshd_config -if [ "$?" != "0" ]; then - echo "DenyUsers icpc icpcadmin" >> /etc/ssh/sshd_config -fi - echo "============================================================" echo "===================== SETTING UP USER QUOTA ===============" echo "============================================================" -- cgit v1.2.3 From 40ed6646e902830881fe2c530ce110d73f5a5a0b Mon Sep 17 00:00:00 2001 From: cassio Date: Thu, 10 Sep 2015 12:36:10 +0100 Subject: updated firewall rules --- tools/etc/network/if-up.d/boca | 13 +++++++++++++ 1 file changed, 13 insertions(+) (limited to 'tools') diff --git a/tools/etc/network/if-up.d/boca b/tools/etc/network/if-up.d/boca index 0f31ee0..20ff38f 100644 --- a/tools/etc/network/if-up.d/boca +++ b/tools/etc/network/if-up.d/boca @@ -6,9 +6,22 @@ fi /sbin/iptables -F INPUT /sbin/iptables -A INPUT -i lo -j ACCEPT /sbin/iptables -A INPUT -s 143.107.255.15 -j ACCEPT + +# just to make things easier, let's allow communication to/from BOCA servers +/sbin/iptables -A INPUT -s 45.33.30.235 -j ACCEPT +/sbin/iptables -A INPUT -s 50.116.19.221 -j ACCEPT + if [ "$BOCASERVER" != "" ]; then /sbin/iptables -A INPUT -s $BOCASERVER -j ACCEPT fi +if [ "$BOCASERVERS" != "" ]; then + for i in `echo $BOCASERVERS | tr ';' ' '`; do + /sbin/iptables -A INPUT -s $i -j ACCEPT + done +fi +/sbin/iptables -A INPUT -m udp -p udp -s 0/0 --sport 67:68 --dport 67:68 -j ACCEPT +/sbin/iptables -A INPUT -m udp -p udp -s 0/0 --sport 53 --dport 53 -j ACCEPT +/sbin/iptables -A INPUT -m tcp -p tcp -s 0/0 --sport 53 --dport 53 -j ACCEPT /sbin/iptables -A INPUT -j REJECT else if [ -x /etc/icpc/bocaserver.iptables ]; then -- cgit v1.2.3