« L'hyperviseur Xen sous Debian Wheezy » : différence entre les versions

Aller à la navigation Aller à la recherche

L'hyperviseur Xen sous Debian Wheezy (voir la source)

Version du 21 août 2011 à 15:07

1 844 octets ajoutés ,  21 août 2011
→‎Création d'un rôle personnalisé pour les VMs
Ligne 528 : Ligne 528 :
#
#
#
#
#installDebianPackage ${prefix} locales #already installed in debian-squeeze domU
installDebianPackage ${prefix} locales #already installed in debian-squeeze domU
installDebianPackage ${prefix} ntp
installDebianPackage ${prefix} ntp
installDebianPackage ${prefix} console-data
installDebianPackage ${prefix} console-data
installDebianPackage ${prefix} console-common
installDebianPackage ${prefix} console-common
installDebianPackage ${prefix} dnsutils
installDebianPackage ${prefix} dnsutils
installDebianPackage ${prefix} sshguard
installDebianPackage ${prefix} psmisc


#
#
Ligne 572 : Ligne 574 :
trusted=`echo $dom0 | sed 's/^,*//;s/,*$//'`
trusted=`echo $dom0 | sed 's/^,*//;s/,*$//'`


dom0=`cat /etc/hostname`
if [ -f /etc/xen-tools/ssh-keys/domU-backup-rsa.pub ]; then
if [ -f /etc/xen-tools/ssh-keys/domU-backup-rsa.pub ]; then
         echo from=\"$trusted\" `cat /etc/xen-tools/ssh-keys/domU-backup-rsa.pub` >> ${prefix}/root/.ssh/authorized_keys
         echo from=\"$trusted\" `cat /etc/xen-tools/ssh-keys/domU-backup-rsa.pub` >> ${prefix}/root/.ssh/authorized_keys
Ligne 592 : Ligne 593 :
#
#


gw=`cat /etc/xen-tools/xen-tools.conf | grep gateway | cut -f 2 -d "="`
gw=`cat /etc/xen-tools/xen-tools.conf | grep gateway`
echo up route add -host $gw dev eth0 >> ${prefix}/etc/network/interfaces
if [ ! ${gw:0:1} = "#" ]; then
echo up route add default gw $gw >> ${prefix}/etc/network/interfaces
        gateway=`echo $gw | cut -f 2 -d "="`
        echo up route add -host $gateway dev eth0 >> ${prefix}/etc/network/interfaces
        echo up route add default gw $gateway >> ${prefix}/etc/network/interfaces
fi
 
#
# sshguard
#
LogMessage Script $0 Configuring sshguard
#
#
echo '
#! /bin/sh
 
### BEGIN INIT INFO
# Provides:            sshguard
# Required-Start:      $remote_fs $syslog
# Required-Stop:        $remote_fs $syslog
# Default-Start:        2 3 4 5
# Default-Stop:       
# Short-Description:    sshguard
### END INIT INFO
 
case "$1" in
        start)
                iptables -N sshguard
                ip6tables -N sshguard
                iptables -A INPUT -m multiport -p tcp --destination-ports 21,22,110,143,80,443 -j sshguard
                ip6tables -A INPUT -m multiport -p tcp --destination-ports 21,22,110,143,80,443 -j sshguard
                tail -n0 -F /var/log/auth.log | /usr/sbin/sshguard -a 2 -p 1800 -w /etc/sshguard_whitelist &
        ;;
        stop)
                killall /usr/sbin/sshguard
                iptables -D INPUT -m multiport -p tcp --destination-ports 21,22,110,143,80,443 -j sshguard
                ip6tables -D INPUT -m multiport -p tcp --destination-ports 21,22,110,143,80,443 -j sshguard
                iptables -X sshguard
                ip6tables -X sshguard
        ;;
        *)
                echo "Usage: $0 {start|stop}"
                exit 1
        ;;
esac' > ${prefix}/etc/init.d/sshguard
chmod +x ${prefix}/etc/init.d/sshguard
 
for ip in `ifconfig | grep "inet addr" | cut -d ":" -f 2 | cut -d " " -f 1`; do
        if [ ! $ip = "127.0.0.1" ]; then
                echo $ip >> ${prefix}/etc/sshguard_whitelist
        fi
done
for ip in `ifconfig | grep -E "inet6 addr.*Global" | sed 's/^[ \t]*//;s/[ \t]*$//' | cut -d " " -f 3 | cut -d "/" -f 1`; do
        echo $ip >> ${prefix}/etc/sshguard_whitelist
done


chroot ${prefix} /sbin/insserv
#
#
#  Log our finish
#  Log our finish
Pfoo
Bureaucrates, Administrateurs
4 203

modifications

Récupérée de « https://wiki.unscdf.org/index.php?title=Spécial:MobileDiff/935 »

Menu de navigation