Update 'k3os-ipconfig.sh'
parent
7fcf5d4883
commit
a07fd6c70e
@ -1,60 +1,90 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
# --- k3OS Automated Static IP Configuration Script ---
|
# Define constants
|
||||||
|
SSH_CONFIG_FILE="/etc/ssh/sshd_config"
|
||||||
|
AUTH_LINE="PasswordAuthentication"
|
||||||
|
|
||||||
# Check if the script is run as root
|
# --- Function to check the current state ---
|
||||||
if [ "$EUID" -ne 0 ]; then
|
get_current_state() {
|
||||||
echo "Please run this script with sudo."
|
# Using -E for extended regular expressions instead of -P for broader compatibility
|
||||||
exit 1
|
|
||||||
fi
|
# 1. Use grep to find the line, including commented lines
|
||||||
|
# 2. Use sed to remove leading/trailing whitespace and the setting name
|
||||||
|
# 3. Use tr to convert to lowercase for reliable comparison
|
||||||
|
CURRENT_STATE=$(grep -iE "^\s*#?\s*${AUTH_LINE}\s+" "$SSH_CONFIG_FILE" 2>/dev/null | \
|
||||||
|
sed -E "s/^\s*#?\s*${AUTH_LINE}\s*//" | \
|
||||||
|
tr '[:upper:]' '[:lower:]' | \
|
||||||
|
head -n 1)
|
||||||
|
|
||||||
|
# If the line is not found, or is commented out/blank, default to 'no' (SSH default security)
|
||||||
|
if [[ -z "$CURRENT_STATE" || "$CURRENT_STATE" == "no" ]]; then
|
||||||
|
echo "no"
|
||||||
|
elif [[ "$CURRENT_STATE" == "yes" ]]; then
|
||||||
|
echo "yes"
|
||||||
|
else
|
||||||
|
# Handle cases where the setting is missing or invalid. Check for an explicit 'no'.
|
||||||
|
if grep -qE "^\s*${AUTH_LINE}\s+no" "$SSH_CONFIG_FILE" 2>/dev/null; then
|
||||||
|
echo "no"
|
||||||
|
else
|
||||||
|
echo "no" # Defaulting to the most secure setting if not explicitly 'yes'
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
echo "--- Static IP Configuration for k3OS ---"
|
# --- Main Toggler Logic ---
|
||||||
|
|
||||||
# --- 1. Automatically Detect Network Interface ---
|
current=$(get_current_state)
|
||||||
# The primary interface is typically the one associated with the default gateway.
|
|
||||||
IFACE=$(ip route | grep default | awk '{print $5}' | head -n 1)
|
|
||||||
|
|
||||||
if [ -z "$IFACE" ]; then
|
if [ "$current" == "yes" ]; then
|
||||||
echo "Error: Could not automatically detect a primary network interface."
|
NEW_STATE="no"
|
||||||
echo "Please identify the correct interface name (e.g., eth0, enp0s3) and run the script again."
|
ACTION="DISABLE"
|
||||||
exit 1
|
WARNING="WARNING: This will DISABLE password authentication and only allow SSH keys!"
|
||||||
|
elif [ "$current" == "no" ]; then
|
||||||
|
NEW_STATE="yes"
|
||||||
|
ACTION="ENABLE"
|
||||||
|
WARNING="DANGER: This will ENABLE password authentication, increasing brute-force risk!"
|
||||||
|
else
|
||||||
|
echo "Error: Could not determine current state of $AUTH_LINE."
|
||||||
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
echo "Automatically detected primary interface: $IFACE"
|
echo "---"
|
||||||
echo ""
|
echo "Current state of ${AUTH_LINE} is: **$current**"
|
||||||
|
echo "$WARNING"
|
||||||
# --- 2. Prompt for IP Details ---
|
read -r -p "Do you want to $ACTION password authentication? (y/N): " response
|
||||||
read -p "Enter the Static IPv4 Address (e.g., 192.168.1.100): " IP_ADDR
|
|
||||||
read -p "Enter the Netmask (e.g., 255.255.255.0): " NETMASK
|
if [[ "$response" =~ ^([yY])$ ]]; then
|
||||||
read -p "Enter the Gateway IP Address (e.g., 192.168.1.1): " GATEWAY
|
echo "Applying changes..."
|
||||||
read -p "Enter the Nameserver (e.g., 1.1.1.1 8.8.8.8): " NAMESERVERS
|
|
||||||
|
# Use 'sed' for safe, idempotent change with a backup
|
||||||
# --- 3. Format ConnMan IPv4 String ---
|
# 1. Substitute any existing line with the new one.
|
||||||
# ConnMan's IPv4 format: <IP>/<NETMASK_LONG>/<GATEWAY>
|
sudo sed -i.bak -E "s/^\s*#?\s*${AUTH_LINE}\s+(yes|no)/${AUTH_LINE} ${NEW_STATE}/" "$SSH_CONFIG_FILE"
|
||||||
IPV4_CONFIG="${IP_ADDR}/${NETMASK}/${GATEWAY}"
|
|
||||||
|
# 2. If the line was missing or not matched (a rare edge case), ensure it is added
|
||||||
# --- 4. Generate and Write Configuration File ---
|
if ! grep -qE "^\s*${AUTH_LINE}\s+${NEW_STATE}" "$SSH_CONFIG_FILE" 2>/dev/null; then
|
||||||
CONFIG_FILE="/var/lib/connman/default.config"
|
echo "${AUTH_LINE} ${NEW_STATE}" | sudo tee -a "$SSH_CONFIG_FILE" > /dev/null
|
||||||
|
fi
|
||||||
# Create the file content
|
|
||||||
CONNMAN_CONFIG="[service_${IFACE}]
|
# Restart the SSH service
|
||||||
Type=ethernet
|
echo "Restarting sshd to apply the new configuration..."
|
||||||
IPv4=${IPV4_CONFIG}
|
if command -v systemctl &> /dev/null; then
|
||||||
IPv6=off
|
sudo systemctl restart sshd || sudo systemctl restart ssh
|
||||||
Nameservers=${NAMESERVERS}"
|
elif [ -f /etc/init.d/sshd ]; then
|
||||||
|
sudo /etc/init.d/sshd restart
|
||||||
echo ""
|
else
|
||||||
echo "--- Generated Configuration ---"
|
echo "Error: Could not find a command to restart the SSH service. Please restart it manually."
|
||||||
echo "$CONNMAN_CONFIG"
|
exit 1
|
||||||
echo "-------------------------------"
|
fi
|
||||||
|
|
||||||
# Write to the file
|
# Final verification
|
||||||
echo "$CONNMAN_CONFIG" | sudo tee "$CONFIG_FILE" > /dev/null
|
new_current=$(get_current_state)
|
||||||
|
echo "Verification: New state of ${AUTH_LINE} is: **$new_current**"
|
||||||
if [ $? -eq 0 ]; then
|
if [ "$new_current" == "$NEW_STATE" ]; then
|
||||||
echo "Successfully wrote static IP configuration for **$IFACE** to $CONFIG_FILE"
|
echo "SUCCESS: Configuration changed and service restarted."
|
||||||
echo "You must now **reboot** the system for the changes to take effect."
|
else
|
||||||
echo " (Run: 'sudo reboot')"
|
echo "FAILURE: Configuration change failed to verify."
|
||||||
|
fi
|
||||||
|
|
||||||
else
|
else
|
||||||
echo "Error writing to $CONFIG_FILE."
|
echo "Action cancelled by user."
|
||||||
fi
|
fi
|
||||||
Loading…
Reference in New Issue