Source File section
File created: Versuche/SecNFS/README_NFS.htm (Size: 9083, Created: Oct 23 01:14 )
File created: Versuche/SecNFS/FAQ.txt (Size: 5249, Created: Oct 23 02:33 )
File created: Versuche/SecNFS/ssh tunnel for nfs.doc (Size: 28672, Created: Oct 23 01:09 )
Usermanager Section
File created: mylinux-usermanager-0.98/compile-scripts/x
#!/bin/bash
########################################################################
# File: compile-scripts/MAIN-PACKAGE #
# myLinux Server: Copyright (c) 2004 Michael Oberg #
# Version: 0.98 #
# Author: Michael Oberg <michael.oberg@mylinuxproject.de> #
# #
# This program is free software; you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation; either version 2 of the License, or #
# (at your option) any later version. #
# #
# This program is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
# GNU General Public License for more details. #
# #
# You should have received a copy of the GNU Public License along #
# with this package; if not, write to the Free Software Foundation, #
# Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. #
########################################################################
# Warning: You have to make sure that setup/mylinux.conf is correct.
MYLINUXMGR=`dirname $0`
if echo $MYLINUXMGR | grep '^[^/]' > /dev/null
then
# MYLINUXMGR is not an absolute path, but relative to pwd;
# change it into an absolute path
MYLINUXMGR=`pwd`/`dirname $0`
fi
MYLINUXPACKAGE=`echo $MYLINUXMGR | sed 's|/compile-scripts||'`
MYLINUXPACKAGENAME=`echo $MYLINUXPACKAGE | sed 's|.*/\([^/]*\)|\1|'`
echo "Create Package"
chroot $LFS /usr/bin/env -i \
HOME=/root TERM=$TERM PS1='\u:\w\$ ' \
PATH=/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin:/usr/local/sbin:/usr/X11R6/bin:/usr/local/kde/bin:/usr/local/qt/bin \
/bin/bash --login \
-c "/MyLinux-Sources/CREATEPACKAGE ipsec" || exit 1
##############################################################
# Package Asterisk #
##############################################################
echo "Unpacking Asterisk Sources"
mkdir $LFS/Asterisk-Sources
cd $LFS/Asterisk-Sources
$MYLINUXMGR/UNPACK Versuche/Asterisk
echo "Start Package"
chroot $LFS /usr/bin/env -i \
HOME=/root TERM=$TERM PS1='\u:\w\$ ' \
PATH=/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin:/usr/local/sbin:/usr/X11R6/bin:/usr/local/kde/bin:/usr/local/qt/bin \
/bin/bash --login \
-c "/MyLinux-Sources/STARTPACKAGE" || exit 1
echo "Compile Asterisk"
chroot $LFS /usr/bin/env -i \
HOME=/root TERM=$TERM PS1='\u:\w\$ ' \
PATH=/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin:/usr/local/sbin:/usr/X11R6/bin:/usr/local/kde/bin:/usr/local/qt/bin \
/bin/bash --login \
-c /MyLinux-Sources/COMPILE-ASTERISK || exit 1
echo "Create Package"
chroot $LFS /usr/bin/env -i \
HOME=/root TERM=$TERM PS1='\u:\w\$ ' \
PATH=/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin:/usr/local/sbin:/usr/X11R6/bin:/usr/local/kde/bin:/usr/local/qt/bin \
/bin/bash --login \
-c "/MyLinux-Sources/CREATEPACKAGE asterisk" || exit 1
##############################################################
# Package Mozilla #
##############################################################
echo "Unpacking Mozilla Sources"
mkdir $LFS/Mozilla-Sources
cd $LFS/Mozilla-Sources
$MYLINUXMGR/UNPACK Versuche/mozilla
echo "Start Package"
chroot $LFS /usr/bin/env -i \
HOME=/root TERM=$TERM PS1='\u:\w\$ ' \
PATH=/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin:/usr/local/sbin:/usr/X11R6/bin:/usr/local/kde/bin:/usr/local/qt/bin \
/bin/bash --login \
-c "/MyLinux-Sources/STARTPACKAGE" || exit 1
echo "Compile Mozilla"
chroot $LFS /usr/bin/env -i \
HOME=/root TERM=$TERM PS1='\u:\w\$ ' \
PATH=/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin:/usr/local/sbin:/usr/X11R6/bin:/usr/local/kde/bin:/usr/local/qt/bin \
/bin/bash --login \
-c /MyLinux-Sources/COMPILE-MOZILLA || exit 1
echo "Create Package"
chroot $LFS /usr/bin/env -i \
HOME=/root TERM=$TERM PS1='\u:\w\$ ' \
PATH=/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin:/usr/local/sbin:/usr/X11R6/bin:/usr/local/kde/bin:/usr/local/qt/bin \
/bin/bash --login \
-c "/MyLinux-Sources/CREATEPACKAGE mozilla" || exit 1
##############################################################
# Package Compiler 340 #
##############################################################
#echo "Start Package"
#chroot $LFS /usr/bin/env -i \
# HOME=/root TERM=$TERM PS1='\u:\w\$ ' \
# PATH=/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin:/usr/local/sbin:/usr/X11R6/bin:/usr/local/kde/bin:/usr/local/qt/bin \
# /bin/bash --login \
# -c "/MyLinux-Sources/STARTPACKAGE" || exit 1
#
#echo "Compile GCC 3.4.0"
#chroot $LFS /usr/bin/env -i \
# HOME=/root TERM=$TERM PS1='\u:\w\$ ' \
# PATH=/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin:/usr/local/sbin:/usr/X11R6/bin:/usr/local/kde/bin:/usr/local/qt/bin \
# /bin/bash --login \
# -c /MyLinux-Sources/COMPILE-COMPILERS340 || exit 1
#
#echo "Create Package"
#chroot $LFS /usr/bin/env -i \
# HOME=/root TERM=$TERM PS1='\u:\w\$ ' \
# PATH=/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin:/usr/local/sbin:/usr/X11R6/bin:/usr/local/kde/bin:/usr/local/qt/bin \
# /bin/bash --login \
# -c "/MyLinux-Sources/CREATEPACKAGE gcc340" || exit 1
##############################################################
# End Installation #
##############################################################
# since .profile sets a PATH, it has to be moved while compiling -
# restoring it now
mv $LFS/root/profile-backup $LFS/root/.profile
# reactivate ldap in nsswitch.conf
mv $LFS/etc/nsswitch.bak $LFS/etc/nsswitch.conf
File created: mylinux-usermanager-0.98/rootfiles/secnfsaccount.pl
#!/usr/bin/perl
########################################################################
# File: rootfiles/secnfsaccount.pl #
# myLinux Server: Copyright (c) 2004 Michael Oberg #
# Version: 0.98 #
# Author: Michael Oberg <michael.oberg@mylinuxproject.de> #
# #
# This program is free software; you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation; either version 2 of the License, or #
# (at your option) any later version. #
# #
# This program is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
# GNU General Public License for more details. #
# #
# You should have received a copy of the GNU Public License along #
# with this package; if not, write to the Free Software Foundation, #
# Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. #
########################################################################
use mylinux::usermanager;
print "This program creates a trust account for Secure NFS.\n";
print "Use it with care. The file /usr/etc/snfs/home/.ssh/id_rsa\n";
print "makes it possible to log in this account on the server\n";
print "without using a password.\n";
print "The file MUST NOT be compromised by anyone!\n\n";
print "Remote machine name or IP address: ";
$MACHINENAME = <STDIN>;
chomp $MACHINENAME;
if (!$MACHINENAME) {
die ("You have to specify the machine name!\n");
}
&usermanager::ssh_trustaccount ("snfs", $MACHINENAME, "snfs");
system ("su snfs -c \"scp $MACHINENAME:/etc/exports /usr/etc/snfs/home/$MACHINENAME.exports\"");
$TMPMID = `cat $env::DATAPATH/mcounter`;
chomp $TMPMID;
$NEWMID = $TMPMID + 1;
$TMPOUT = `echo $NEWMID > $env::DATAPATH/mcounter`;
$NEWPROG = $NEWMID+50000;
if (system ("cat /usr/etc/snfs/home/$MACHINENAME.exports | grep '^[ \\t]*/[ \\t][ \\t]*127\\.0\\.0\\.1' > /dev/null") == 0) {
mkdir "/mnt/$MACHINENAME";
$FSTAB = `grep -v /mnt/$MACHINENAME /etc/fstab`;
$FSTAB .= "$MACHINENAME:/ /mnt/$MACHINENAME nfs user,noauto,hard,intr,rsize=8192,wsize=8192,mountprog=$NEWMID,nfsprog=$NEWPROG 0 0";
open (FT, "> /etc/fstab");
print FT $FSTAB;
close FT;
}
$IMPORTMOUNTPOINTS = `cat /usr/etc/snfs/home/$MACHINENAME.exports | grep '/mnt.*127\\.0\\.0\\.1' | sed 's\@.*/mnt/\\([^ \\t]*\\).*\@\\1\@'`;
foreach $mp (split /\n/, $IMPORTMOUNTPOINTS) {
mkdir "/mnt/$MACHINENAME.$mp";
$FSTAB = `grep -v /mnt/$MACHINENAME.$mp /etc/fstab`;
$FSTAB .= "$MACHINENAME:$mp /mnt/$MACHINENAME.$mp nfs user,noauto,hard,intr,rsize=8192,wsize=8192,mountprog=$NEWMID,nfsprog=$NEWPROG 0 0";
open (FT, "> /etc/fstab");
print FT $FSTAB;
close FT;
}
system ("snfshost $MACHINENAME:$NEWMID");
system ("smkdirall");
File created: mylinux-usermanager-0.98/setup/secnfs.sh
#!/bin/sh
########################################################################
# File: setup/secnfs.sh #
# myLinux Server: Copyright (c) 2004 Michael Oberg #
# Version: 0.98 #
# Author: Michael Oberg <michael.oberg@mylinuxproject.de> #
# #
# This program is free software; you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation; either version 2 of the License, or #
# (at your option) any later version. #
# #
# This program is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
# GNU General Public License for more details. #
# #
# You should have received a copy of the GNU Public License along #
# with this package; if not, write to the Free Software Foundation, #
# Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. #
########################################################################
source ./mylinux.conf
##############################################################
# configure Secure NFS server #
##############################################################
cat << EOF > /etc/exports
# See exports(5) for a description.
# This file contains a list of all directories exported to other
# computers.
# It is used by rpc.nfsd and rpc.mountd.
# Syntax is like:
# / 192.168.0.2(no_root_squash,rw) 192.168.0.1(rw)
# The following exports are made for Secure NFS:
/ 127.0.0.1(rw)
EOF
grep /mnt/ /etc/fstab | grep -v noauto \
| sed 's@.*/mnt/\([^ \t]*\).*@/mnt/\1 127.0.0.1(rw)@' \
>> /etc/exports
if [ $SECNFSSERVER = "yes" ]
then
cat << EOF | chpasswd
snfs:$SECNFSPASSWD
EOF
else
passwd -l snfs
fi
File changed: mylinux-usermanager-0.98/compile-scripts/COMPILE-ASTERISK
59c59
< mkdir /var/lib/asterisk/run
---
> mkdir -p -m 700 /var/lib/asterisk/run /var/lib/asterisk/home
File changed: mylinux-usermanager-0.98/compile-scripts/COMPILE-BLFS
500c500
< useradd -d /dev/null -s /bin/false -g snfs snfs -u 12
---
> useradd -d /usr/etc/snfs/home -s /bin/sh -g snfs snfs -u 12
503,504c503,504
< useradd -d /dev/null -s /bin/sh -g dba oracle -u 15
< useradd -d /dev/null -s /bin/sh -g voip asterisk -u 16
---
> useradd -d /opt/oracle -s /bin/sh -g dba oracle -u 15
> useradd -d /var/lib/asterisk/home -s /bin/sh -g voip asterisk -u 16
509a510,512
> mkdir -p /usr/etc/snfs/home
> chmod 700 /usr/etc/snfs/home
> chown snfs.snfs /usr/etc/snfs/home
File changed: mylinux-usermanager-0.98/compile-scripts/COMPILE-IPSEC
292c292
< ./configure --prefix=/usr
---
> ./configure --prefix=/usr --with-kernel-headers=/lib/modules/2.6.7/build/include/
File changed: mylinux-usermanager-0.98/compile-scripts/COMPILE-MYLINUX
1721a1722,1725
> #useradd -d /usr/etc/snfs/home -s /bin/sh -g snfs snfs -u 12
> #mkdir /usr/etc/snfs/home
> #chmod 700 /usr/etc/snfs/home
> #chown snfs.snfs /usr/etc/snfs/home
File changed: mylinux-usermanager-0.98/compile-scripts/MAIN-PACKAGES
515c515
< echo "Compile FreeS/WAN"
---
> echo "Compile IPSec"
File changed: mylinux-usermanager-0.98/install.pl
81,82c81
< print `echo 1000 > $DATAPATH/counter`;
< print `echo 1003 > $DATAPATH/gcounter`;
---
> print `echo 200000 > $DATAPATH/mounter`;
File changed: mylinux-usermanager-0.98/rootfiles/ssh_trustaccount.pl
3c3
< # File: rootfiles/useradd.pl #
---
> # File: rootfiles/ssh_trustaccount.pl #
26,27c26,28
< print "Use it with care. The file \$HOME/.ssh/id_rsa makes it\n";
< print "possible to log in this account without using a password.\n";
---
> print "Use it with care. The file $HOME/.ssh/id_rsa makes it\n";
> print "possible to log in this account on the remote machine\n";
> print "without using a password.\n";
36a38,44
> print "Login Name on the local machine: ";
> $LOCALUSER = <STDIN>;
> chomp $LOCALUSER;
> if (!$LOCALUSER) {
> die ("You have to specify the local users account name!\n");
> }
>
41c49
< die ("You have to specify the account name!\n");
---
> die ("You have to specify the remote users account name!\n");
44c52
< &usermanager::ssh_trustaccount ($LOGINNAME, $MACHINE);
---
> &usermanager::ssh_trustaccount ($LOGINNAME, $MACHINENAME, $LOCALUSER);
File changed: mylinux-usermanager-0.98/setup/createcontrolscript.sh
46a47,48
> echo "Configure Secure NFS fileserver"
> ./secnfs.sh
File changed: mylinux-usermanager-0.98/setup/mylinux.conf
105c105,106
< # but not a pdc, for authentication another # myLinux server can be used - here the
---
> # but not a pdc, for authentication another
> # myLinux server can be used - here the
111a113,118
> SECNFSSERVER="no" # If set to yes and the NFS service is
> # running, you can use Secure NFS; adding
> # clients is done with secnfsaccount.pl
> # on the myLinux client machines using the
> # password given in SECNFSPASSWD below.
>
197a205,206
> SECNFSPASSWD="mylinux" # this is only valid for user snfs if
> # SECNFSSERVER="yes"
File changed: mylinux-usermanager-0.98/usermanager.pm
148,152c148,152
< $TMPGID = `cat $env::DATAPATH/gcounter`;
< chomp $TMPGID;
< $NEWGID = $TMPGID + 1;
< $TMPOUT = `echo $NEWGID > $env::DATAPATH/gcounter`;
< return $TMPGID;
---
> my $max = 1000;
> foreach my $x (split /\n/, `ldapsearch -b "$env::ldaprootdn" "*" -h $env::ldapserver -ZZ | grep gidNumber | sed 's/gidNumber: //'`) {
> if ($max < $x+0) { $max = $x+0; }
> }
> return $max+1;
156,160c156,160
< $TMPUID = `cat $env::DATAPATH/counter`;
< chomp $TMPUID;
< $NEWUID = $TMPUID + 1;
< $TMPOUT = `echo $NEWUID > $env::DATAPATH/counter`;
< return $TMPUID;
---
> my $max = 1000;
> foreach my $x (split /\n/, `ldapsearch -b "$env::ldaprootdn" "*" -h $env::ldapserver -ZZ | grep uidNumber | sed 's/uidNumber: //'`) {
> if ($max < $x+0) { $max = $x+0; }
> }
> return $max+1;
810c810
< my ($remoteuser, $remote) = @_;
---
> my ($remoteuser, $remote, $localuser) = @_;
811a812,813
> my $LIST = &getpwnam ($localuser);
> my ($UNAME, $CRYPTPW, $UID, $GID, $a, $b, $c, $d, $SHELL, $e, $home) = @$LIST;
820,823c822,823
< my $HOME = `echo \$HOME`;
< $HOME =~ /(.*)/; $HOME = $1;
< if (! -d "$HOME/.ssh") {
< mkdir ("$HOME/.ssh", 0700);
---
> if (! -d "$home/.ssh") {
> mkdir ("$home/.ssh", 0700);
825,826c825,827
< if ((! -e "$HOME/.ssh/id_rsa") || (! -e "$HOME/.ssh/id_rsa.pub")) {
< `ssh-keygen -b 2048 -t rsa -N "" -f \$HOME/.ssh/id_rsa`;
---
> if ((! -e "$home/.ssh/id_rsa") || (! -e "$home/.ssh/id_rsa.pub")) {
> system ("ssh-keygen -b 2048 -t rsa -N \"\" -f $home/.ssh/id_rsa");
> system ("chown -R $localuser $home/.ssh");
828c829
< my $rsauser = `cat \$HOME/.ssh/id_rsa.pub`;
---
> my $rsauser = `cat $home/.ssh/id_rsa.pub`;
835c836
< $pid = open2(*R, *W, "ssh -l $remoteuser $remote" );
---
> $pid = open2(*R, *W, "su $localuser -c \"ssh -l $remoteuser $remote\"");