Update 'k3os-ipconfig.sh'

6 days ago · 9511a3d84c
parent a07fd6c70e
commit 9511a3d84c
1 changed files with 50 additions and 80 deletions
--- a/k3os-ipconfig.sh
+++ b/k3os-ipconfig.sh
@ -1,90 +1,60 @@
 #!/bin/bash
-# Define constants
+# --- k3OS Automated Static IP Configuration Script ---
 SSH_CONFIG_FILE="/etc/ssh/sshd_config"
 AUTH_LINE="PasswordAuthentication"
-# --- Function to check the current state ---
+# Check if the script is run as root
-get_current_state() {
+if [ "$EUID" -ne 0 ]; then
-    # Using -E for extended regular expressions instead of -P for broader compatibility
+  echo "Please run this script with sudo."
-    
+  exit 1
    # 1. Use grep to find the line, including commented lines
    # 2. Use sed to remove leading/trailing whitespace and the setting name
    # 3. Use tr to convert to lowercase for reliable comparison
    CURRENT_STATE=$(grep -iE "^\s*#?\s*${AUTH_LINE}\s+" "$SSH_CONFIG_FILE" 2>/dev/null | \
                    sed -E "s/^\s*#?\s*${AUTH_LINE}\s*//" | \
                    tr '[:upper:]' '[:lower:]' | \
                    head -n 1)
    # If the line is not found, or is commented out/blank, default to 'no' (SSH default security)
    if [[ -z "$CURRENT_STATE" || "$CURRENT_STATE" == "no" ]]; then
        echo "no"
    elif [[ "$CURRENT_STATE" == "yes" ]]; then
        echo "yes"
    else
        # Handle cases where the setting is missing or invalid. Check for an explicit 'no'.
        if grep -qE "^\s*${AUTH_LINE}\s+no" "$SSH_CONFIG_FILE" 2>/dev/null; then
            echo "no"
        else
            echo "no" # Defaulting to the most secure setting if not explicitly 'yes'
        fi
    fi
 }
 # --- Main Toggler Logic ---
 current=$(get_current_state)
 if [ "$current" == "yes" ]; then
    NEW_STATE="no"
    ACTION="DISABLE"
    WARNING="WARNING: This will DISABLE password authentication and only allow SSH keys!"
 elif [ "$current" == "no" ]; then
    NEW_STATE="yes"
    ACTION="ENABLE"
    WARNING="DANGER: This will ENABLE password authentication, increasing brute-force risk!"
 else
    echo "Error: Could not determine current state of $AUTH_LINE."
    exit 1
 fi
-echo "---"
+echo "--- Static IP Configuration for k3OS ---"
 echo "Current state of ${AUTH_LINE} is: **$current**"
 echo "$WARNING"
 read -r -p "Do you want to $ACTION password authentication? (y/N): " response
 if [[ "$response" =~ ^([yY])$ ]]; then
    echo "Applying changes..."
    # Use 'sed' for safe, idempotent change with a backup
    # 1. Substitute any existing line with the new one.
    sudo sed -i.bak -E "s/^\s*#?\s*${AUTH_LINE}\s+(yes|no)/${AUTH_LINE} ${NEW_STATE}/" "$SSH_CONFIG_FILE"
-    # 2. If the line was missing or not matched (a rare edge case), ensure it is added
+# --- 1. Automatically Detect Network Interface ---
-    if ! grep -qE "^\s*${AUTH_LINE}\s+${NEW_STATE}" "$SSH_CONFIG_FILE" 2>/dev/null; then
+# The primary interface is typically the one associated with the default gateway.
-        echo "${AUTH_LINE} ${NEW_STATE}" | sudo tee -a "$SSH_CONFIG_FILE" > /dev/null
+IFACE=$(ip route | grep default | awk '{print $5}' | head -n 1)
    fi
-    # Restart the SSH service
+if [ -z "$IFACE" ]; then
-    echo "Restarting sshd to apply the new configuration..."
+  echo "Error: Could not automatically detect a primary network interface."
-    if command -v systemctl &> /dev/null; then
+  echo "Please identify the correct interface name (e.g., eth0, enp0s3) and run the script again."
-        sudo systemctl restart sshd || sudo systemctl restart ssh
+  exit 1
-    elif [ -f /etc/init.d/sshd ]; then
+fi
        sudo /etc/init.d/sshd restart
    else
        echo "Error: Could not find a command to restart the SSH service. Please restart it manually."
        exit 1
    fi
    # Final verification
    new_current=$(get_current_state)
    echo "Verification: New state of ${AUTH_LINE} is: **$new_current**"
    if [ "$new_current" == "$NEW_STATE" ]; then
        echo "SUCCESS: Configuration changed and service restarted."
    else
        echo "FAILURE: Configuration change failed to verify."
    fi
 echo "Automatically detected primary interface: $IFACE"
 echo ""
 # --- 2. Prompt for IP Details ---
 read -p "Enter the Static IPv4 Address (e.g., 192.168.1.100): " IP_ADDR
 read -p "Enter the Netmask (e.g., 255.255.255.0): " NETMASK
 read -p "Enter the Gateway IP Address (e.g., 192.168.1.1): " GATEWAY
 read -p "Enter the Nameserver (e.g., 1.1.1.1): " NAMESERVERS
 # --- 3. Format ConnMan IPv4 String ---
 # ConnMan's IPv4 format: <IP>/<NETMASK_LONG>/<GATEWAY>
 IPV4_CONFIG="${IP_ADDR}/${NETMASK}/${GATEWAY}"
 # --- 4. Generate and Write Configuration File ---
 CONFIG_FILE="/var/lib/connman/default.config"
 # Create the file content
 CONNMAN_CONFIG="[service_${IFACE}]
 Type=ethernet
 IPv4=${IPV4_CONFIG}
 IPv6=off
 Nameservers=${NAMESERVERS}"
 echo ""
 echo "--- Generated Configuration ---"
 echo "$CONNMAN_CONFIG"
 echo "-------------------------------"
 # Write to the file
 echo "$CONNMAN_CONFIG" | sudo tee "$CONFIG_FILE" > /dev/null
 if [ $? -eq 0 ]; then
  echo "Successfully wrote static IP configuration for **$IFACE** to $CONFIG_FILE"
  echo "You must now **reboot** the system for the changes to take effect."
  echo "   (Run: 'sudo reboot')"
 else
-    echo "Action cancelled by user."
+  echo "Error writing to $CONFIG_FILE. "
 fi