Skip to content

GitLab

Commit 57b3ef92 authored by Paul Cammish's avatar Paul Cammish
Browse files

Updated Sympl CLI

parent 56e582ce
Hide whitespace changes
Inline Side-by-side
core/bin/sympl
View file @ 57b3ef92
......@@ -5,44 +5,563 @@
# Copyright 2019, Paul Cammish <sympl@kelduum.net>
#
# Licenced under GPL3+
#
echo "Theres nothing here yet. Check back soon for a command line parser for common tasks with Sympl."
# sympl web create <hostname>
# enable <hostname>
# disable <hostname>
# destroy <hostname>
# set <https|hsts|stats> <on|off>
# audit [hostname]
# mail create <email>
# enable <email>
# disable <email>
# forward from <from> to <to>
# password <password>
# set default-mailbox <email>
# destroy <email>
# mysql create database <database> (also creates user with same details)
# user <user> password <password>
# destroy database <database>
# destroy user <user>
# dump [database]
# dns create <hostname>
# add <record>
# remove <record>
# audit
# destory <hostname>
# backup list
# now
# prune
# audit
# cron enable <domain>
# disable <domain>
# edit <domain>
# ftp create <hostname|user@hostname>
# enable <hostname>
# disable <hostname>
# destroy <hostname>
# status
# update
#
set -e
I_AM="$(whoami)"
VERBOSE=TRUE
FUNCTION=base
ACTION=none
TARGET=all
##############################################################################
# Output Functions #
##############################################################################
_debug() {
if [ $DEBUG ]; then
echo -e "\033[2mDEBUG: $@\033[0m"
fi
}
_warn() {
echo -e "\033[1m\033[33m WARN: \033[0m $@"
}
_error() {
echo -e "\033[1m\033[31mERROR: \033[0m $@"
exit 1
}
_verbose() {
if [ $DEBUG ]; then
echo " INFO: $@"
elif [ $VERBOSE ]; then
echo "$@"
fi
}
##############################################################################
# Help #
##############################################################################
_help() {
echo 'This is a big set of parser stuff.'
exit 0
}
##############################################################################
# Support Functions #
##############################################################################
_func() {
if [ $FUNCTION == base ]; then
FUNCTION=$1
else
_error "Function '$FUNCTION' already selected, can't set to $1"
fi
}
_action() {
if [ $ACTION == none ]; then
ACTION=$1
if [ "$ACTION" == "set" ] && [ "x$3" != "x" ]; then
OPTION=$2
SETTING=$3
fi
else
_error "Action '$ACTION' already selected, can't set to '$1'"
fi
}
_is_domain() {
if [ "$1" == "all" ]; then _error "Please specify a domain."; fi
_debug "Checking if '$1' is a valid domain..."
if [[ $1 =~ ^[0-9a-z\.-]+$ ]] && [[ $1 == *"."* ]] && [[ $1 != "."* ]] && [[ $1 != *"." ]]; then
_debug " $1 is valid"
else
_error "'$1' is not a valid domain"
fi
}
_is_email() {
_debug "Checking if '$1' is a valid email address..."
}
_is_database() {
if [ "$1" == "all" ]; then _error "Please specify a database."; fi
_debug "Checking if '$1' is a valid database... "
if [[ $1 =~ ^[0-9A-Za-z_]+$ ]] ; then #&& [[ $(expr length $1) -le 32 ]]; then
_debug " $1 is valid"
else
_error "'$1' is not a valid database name"
fi
}
##############################################################################
# Base #
##############################################################################
_base_create() {
_noop
}
_base_enable() {
_noop
}
_base_disable() {
_noop
}
_base_destroy() {
_noop
}
_base_set() {
_noop
}
_base_audit() {
_noop
}
_base_update() {
_noop
}
##############################################################################
# Web #
##############################################################################
_web_create() {
_is_domain $1
_debug "Check for disabled sites"
if [ -d /srv/__disabled__$1/public/htdocs ]; then
_error "The domain $1 is disabled. Use 'sympl enable $1' to enable it."
elif [ -d /srv/$1/public/__disabled__htdocs ] ; then
_error "The website $1 is disabled. Use 'sympl web enable $1' to enable it."
fi
_debug "Check to see if $1 already exists"
if [ -d /srv/$1/public/htdocs ]; then
_error "$1 Already exists."
fi
_verbose "Creating Website for $1 at /srv/$1/public/htdocs..."
mkdir -p "/srv/$1/public/htdocs"
chmod -R 2775 "/srv/$1/public" 2&>1 /dev/null
chown -R www-data:www-data "/srv/$1/public" 2&>1 /dev/null
}
_web_enable() {
_is_domain $1
_debug "Checking $1 is disabled and exists"
if [ -d /srv/$1/public/htdocs ] || [ ! -d /srv/$1/public/__disabled__htdocs ]; then
_error "The website $1 is already enabled."
elif [ ! -d /srv/$1 ]; then
_error "The domain $1 does not exist."
fi
_verbose "Enabling Website $1"
mv /srv/$1/public/__disabled__htdocs /srv/$1/public/htdocs
}
_web_disable() {
_is_domain $1
_debug "Checking $1 is enabled and exists"
if [ -d /srv/$1/public/__disabled__htdocs ]; then
_error "The website $1 is already disabled."
elif [ ! -d /srv/$1/public/htdocs ]; then
_error "The website $1 does not exist."i
fi
_verbose "Disabling Website $1"
mv /srv/$1/public/htdocs /srv/$1/public/__disabled__htdocs
}
_web_destroy() {
_is_domain $1
_debug "Confirm '$1' is disabled and exists"
if [ -d /srv/$1/public/htdocs ]; then
_error "The website '$1' is enabled. It must be disabled before it can be destroyed."
elif [ ! -d /srv/$1/public/__disabled__htdocs ]; then
_error "The website '$1' does not exist."
elif [ ! -d /srv/$1 ]; then
_error "The domain '$1' does not exist."
fi
_verbose "Destroying /srv/$1/public/__disabled__htdocs..."
rm -r /srv/$1/public/__disabled__htdocs/
}
_web_audit() {
# TODO: List details of specific site, otherwise list all sites and any aliasses.
if [ "$1" != "all" ]; then _is_domain $1 ; fi
find /srv/*/public/ -type d -name '*htdocs' > /dev/shm/sympl_web_audit
_verbose "Enabled sites:"
grep -v __disabled__ /dev/shm/sympl_web_audit | cut -d '/' -f 3 | sort
_verbose "Disabled sites:"
grep __disabled__ /dev/shm/sympl_web_audit | cut -d '/' -f 3 | sort
}
_web_set() {
_noop
}
##############################################################################
# Mysql/MariaDB #
##############################################################################
_mysql_create() {
_is_database $1
_debug "Check if $1 already exists"
if [ $( mysql -NBe 'show databases;' | grep -c "^$1$" ) -eq 0 ]; then
if [ $( mysql -NBe "use mysql; select User from user;" | grep -c "^$1$" ) -eq 0 ]; then
_verbose "Creating database '$1'..."
password="$( openssl rand -base64 32 | cut -c 1-32 )"
_debug "Password '$password', creating DB -- CREATE DATABASE $1;"
mysql -e "CREATE DATABASE $1;"
_debug 'Creating user -- GRANT ALL PRIVILEGES ON $1.* TO '$1'@'localhost' IDENTIFIED BY '$password';'
mysql -e "GRANT ALL PRIVILEGES ON $1.* TO '$1'@'localhost' IDENTIFIED BY '$password';"
_debug 'Outputting password'
echo "$password" >> /home/sympl/mysql_$1_password
_debug 'Securing file'
chmod 600 /home/sympl/mysql_$1_password
chown sympl:sympl /home/sympl/mysql_$1_password
_verbose "Database '$1' created with user '$1' and password '$password'"
_verbose " saved to /home/sympl/mysql_$1_password"
else
_error "User '$1' already exists."
fi
else
_error "Database '$1' already exists."
fi
}
_mysql_enable() {
_is_database $1
_debug "Check if $1 exists and is disabled"
if [ $( mysql -NBe 'show databases;' | grep -c "^$1$" ) -eq 1 ]; then
if [ $( mysql -NBe "use mysql; select User from user;" | grep -c "^$1$" ) -eq 1 ]; then
if [ $( mysql -NBe "SHOW GRANTS for '$1'@'localhost'" 2> /dev/null | grep -c "^GRANT ALL PRIVILEGES ON \`$1\`.* TO '$1'@'localhost'$" ) -eq 0 ]; then
_verbose "Enabling user '$1' for database '$1'"
mysql -e "GRANT ALL PRIVILEGES ON $1.* TO '$1'@'localhost'"
else
_error "User '$1' is already enabled for database '$1'."
fi
else
_error "User '$1'@'localhost' does not exist, although the database does."
fi
else
_error "Database '$1' does not exist."
fi
}
_mysql_disable() {
_is_database $1
_debug "Check if $1 exists and is enabled"
if [ $( mysql -NBe 'show databases;' | grep -c "^$1$" ) -eq 1 ]; then
if [ $( mysql -NBe "use mysql; select User from user;" | grep -c "^$1$" ) -eq 1 ]; then
if [ $( mysql -NBe "SHOW GRANTS for '$1'@'localhost'" 2> /dev/null | grep -c "^GRANT ALL PRIVILEGES ON \`$1\`.* TO '$1'@'localhost'$" ) -eq 1 ]; then
_verbose "Disabling user '$1' for database '$1'"
mysql -e "REVOKE ALL PRIVILEGES, GRANT OPTION FROM '$1'@'localhost';"
else
_error "Database '$1' is already disabled for database '$1'."
fi
else
_error "User '$1'@'localhost' does not exist, although the database does."
fi
else
_error "Database '$1' does not exist."
fi
}
_mysql_destroy() {
_is_database $1
_debug "Check if $1 exists and is disabled"
if [ $( mysql -NBe 'show databases;' | grep -c "^$1$" ) -eq 1 ]; then
if [ $( mysql -NBe "use mysql; select User from user;" | grep -c "^$1$" ) -eq 1 ]; then
if [ $( mysql -NBe "SHOW GRANTS for '$1'@'localhost'" 2> /dev/null | grep -c "^GRANT ALL PRIVILEGES ON \`$1\`.* TO '$1'@'localhost'$" ) -eq 0 ]; then
_verbose "Destroying database and user '$1'"
mysql -e "REVOKE ALL PRIVILEGES, GRANT OPTION FROM '$1'@'localhost';"
mysql -e "DROP USER '$1'@'localhost';"
mysql -e "DROP DATABASE $1;"
else
_error "Database '$1' is not disabled. Please disable it with 'sympl mysql disable $1'"
fi
else
_error "User '$1' does not exist, but the database does."
fi
else
_error "Database '$1' does not exist."
fi
}
_mysql_audit() {
mysql -e 'show databases;'
mysql -e 'use mysql; select User from user;'
}
##############################################################################
# FTP #
##############################################################################
_ftp_create() {
_noop
}
_ftp_enable() {
_noop
}
_ftp_disable() {
_noop
}
_ftp_destroy() {
_noop
}
_ftp_set() {
_noop
}
_ftp_audit() {
_noop
}
##############################################################################
# Mail #
##############################################################################
_mail_create() {
_noop
}
_mail_enable() {
_noop
}
_mail_disable() {
_noop
}
_mail_destroy() {
_noop
}
_mail_set() {
_noop
}
_mail_audit() {
_noop
}
##############################################################################
# FTP #
##############################################################################
_ftp_create() {
_noop
}
_ftp_enable() {
_noop
}
_ftp_disable() {
_noop
}
_ftp_destroy() {
_noop
}
_ftp_set() {
_noop
}
_ftp_audit() {
_noop
}
##############################################################################
# Backup #
##############################################################################
_backup_create() {
_verbose "Taking backup..."
sudo backup2l -b
}
_backup_enable() {
if [ ! -x /etc/cron.daily/zz-backup2l ]; then
_verbose "Enabling backups."
sudo chmod +x /etc/cron.daily/zz-backup2l
else
_error "Backups are already enabled."
fi
}
_backup_disable() {
_verbose "Disabling backups."
if [ -x /etc/cron.daily/zz-backup2l ]; then
_verbose "Disabling backups."
sudo chmod -x /etc/cron.daily/zz-backup2l
else
_error "Backups are already disabled."
fi
}
_backup_destroy() {
if [ $( backup2l -s | grep -c '^all.2 ' ) -ge 1 ]; then
_verbose "Removing oldest backup set."
sudo backup2l -p 1 > /dev/null
else
_error "Not removing only backup set."
fi
}
_backup_set() {
_error "Backup has no settings."
}
_backup_audit() {
_verbose "Backup status:"
backup2l -s
}
##############################################################################
# Cron #
##############################################################################
_cron_create() {
_noop
}
_cron_enable() {
_noop
}
_cron_disable() {
_noop
}
_cron_destroy() {
_noop
}
_cron_set() {
_noop
}
_cron_audit() {
_noop
}
##############################################################################
# NoOp Stub #
##############################################################################
_noop() {
_warn "This doesn't do anything yet."
exit 0
}
##############################################################################
# Handle Command Line #
##############################################################################
_main() {
_debug "Command line parameters: $@"
UNHANDLED=()
while [ $# -gt 0 ]; do
case $1 in
--debug) DEBUG=TRUE ; shift ;;
--quiet|-q) VERBOSE=FALSE ; shift ;;
web|http|website) _func web ; shift ;;
mail|email) _func mail ; shift ;;
mysql|database|mariadb) _func mysql ; shift ;;
dns|domain) _func dns ; shift ;;
backup) _func backup ; shift ;;
cron) _func cron ; shift ;;
ftp) _func ftp ; shift ;;
create) _action 'create' ; shift ;;
destroy) _action 'destroy' ; shift ;;
enable) _action 'enable' ; shift ;;
disable) _action 'disable' ; shift ;;
audit|list) _action 'audit' ; shift ;;
set) _action 'set' "$2" "$3" ; shift ; shift ; shift ;;
*) # unhandled parameter
if [ $TARGET = all ]; then
TARGET="$1"
else
UNHANDLED+=("$1")
fi
shift # past argument
;;
esac
done
_debug "Runtime variables:
Unhanded | $UNHANDLED
FUNCTION | $FUNCTION
ACTION | $ACTION
TARGET | $TARGET
OPTION | $OPTION
SETTING | $SETTING"
if [ "x$UNHANDLED" != "x" ]; then
_help
fi
_${FUNCTION}_${ACTION} $TARGET $OPTION $SETTING
}
_main $@
exit 0
core/debian/changelog
View file @ 57b3ef92
sympl-core (10.0.190625.0) stable; urgency=medium
* First update for sympl command line
* Fixed edge case in sympl-filesystem-security
sympl-core (10.0.190624.0) stable; urgency=medium
* Adjusted MOTD Banner
......
core/sbin/sympl-filesystem-security
View file @ 57b3ef92
......@@ -84,8 +84,8 @@ function secure_domain_dir()
# By default this is left unprotected, and includes IP addresses which are classified
# under GDPR as personally identifiable
if [ ! -f "${domain}/public/htdocs/stats/.htaccess" ]; then
if [ -d "${domain}/public/htdocs/stats/" ] && [ $( grep -c 'webalizer' "${domain}/public/htdocs/stats/index.html" ) != 0 ]; then
if [ ! -f "${domain}/public/htdocs/stats/.htaccess" ] && [ -f "${domain}/public/htdocs/stats/index.html" ]; then
if [ $( grep -c 'webalizer' "${domain}/public/htdocs/stats/index.html" ) != 0 ]; then
echo "# Prevent unauthorized access to stats and enforce HTTPS
RewriteEngine On
RewriteCond %{HTTPS} off
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment