"Fossies" - the Fresh Open Source Software Archive

Member "aif-2.1.1/install.sh" (16 Sep 2020, 13679 Bytes) of package /linux/privat/aif-2.1.1.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) Bash source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. See also the latest Fossies "Diffs" side-by-side code changes report for "install.sh": 2.1.0_vs_2.1.1.

    1 #!/bin/bash
    2 
    3 MY_VERSION="1.13c"
    4 
    5 # ------------------------------------------------------------------------------------------
    6 #                         -= Arno's Iptables Firewall(AIF) =-
    7 #              Single- & multi-homed firewall script with DSL/ADSL support
    8 #
    9 #                           ~ In memory of my dear father ~
   10 #
   11 # (C) Copyright 2001-2020 by Arno van Amersfoort
   12 # Homepage              : https://rocky.eld.leidenuniv.nl/
   13 # Email                 : a r n o v a AT r o c k y DOT e l d DOT l e i d e n u n i v DOT n l
   14 #                         (note: you must remove all spaces and substitute the @ and the .
   15 #                         at the proper locations!)
   16 # ------------------------------------------------------------------------------------------
   17 # This program is free software; you can redistribute it and/or
   18 # modify it under the terms of the GNU General Public License
   19 # version 2 as published by the Free Software Foundation.
   20 
   21 # This program is distributed in the hope that it will be useful,
   22 # but WITHOUT ANY WARRANTY; without even the implied warranty of
   23 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   24 # GNU General Public License for more details.
   25 
   26 # You should have received a copy of the GNU General Public License
   27 # along with this program; if not, write to the Free Software
   28 # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
   29 # ------------------------------------------------------------------------------------------
   30 
   31 EOL='
   32 '
   33 
   34 # Check if the environment file exists and if so, load it
   35 #########################################################
   36 if [ -f ./share/arno-iptables-firewall/environment ]; then
   37   . ./share/arno-iptables-firewall/environment
   38 else
   39   printf "\033[40m\033[1;31mERROR: Could not read environment file ./share/arno-iptables-firewall/environment!\033[0m\n" >&2
   40   exit 2
   41 fi
   42 
   43 sanity_check()
   44 {
   45   # root check
   46   if [ "$(id -u)" != "0" ]; then
   47     printf "\033[40m\033[1;31mERROR: Root check FAILED (you MUST be root to use this script)! Quitting...\033[0m\n" >&2
   48     exit 1
   49   fi
   50 
   51   check_command_error iptables
   52   if [ "$IPV6_DETECTED" = "1" ]; then
   53     check_command_error ip6tables
   54   fi
   55   check_command_error awk
   56   check_command_error tr
   57   check_command_error ip
   58   check_command_error cut
   59   check_command_error uname
   60   check_command_error sed
   61   check_command_error cat
   62   check_command_error date
   63   check_command_error modprobe
   64   check_command_error sysctl
   65   check_command_error head
   66   check_command_error tail
   67   check_command_error wc
   68   check_command_error gzip
   69   check_command_error logger
   70   check_command_error chmod
   71   check_command_error chown
   72   check_command_error find
   73   check_command_error cp
   74   check_command_error rm
   75   check_command_error mkdir
   76   check_command_error rmdir
   77   check_command_error ln
   78   check_command_warning dig nslookup
   79 }
   80 
   81 
   82 shell_diff()
   83 {
   84   local FILE1_DATA="$(cat "$1")"
   85   local FILE2_DATA="$(cat "$2")"
   86 
   87   if [ "$FILE1_DATA" != "$FILE2_DATA" ]; then
   88     # If mismatch, check whether it's only the comments that differ
   89     FILE1_DATA="$(echo "$FILE1_DATA" |sed 's/#.*//')"
   90     FILE2_DATA="$(echo "$FILE2_DATA" |sed 's/#.*//')"
   91 
   92     if [ "$FILE1_DATA" = "$FILE2_DATA" ]; then
   93       return 1 # Only comments differ
   94     fi
   95 
   96     return 2 # Full mismatch
   97   fi
   98 
   99   return 0 # Match
  100 }
  101 
  102 
  103 copy_ask_if_exist()
  104 {
  105   local diff_retval=-1
  106   local retval
  107   local default_yn="${3:-'n'}" # Default to n(o)
  108   local fallback_ext="$4"
  109 
  110   if [ -z "$(find "$1" -type f)" ]; then
  111     echo "ERROR: Missing source file(s) \"$1\"" >&2
  112     exit 2
  113   fi
  114 
  115   unset IFS
  116   for source in `find "$1" -type f |grep -v -e '/\.svn/' -e '/\.git/'`; do
  117     if echo "$2" |grep -q '/$'; then
  118       fn="$(echo "$source" |sed "s,^$1,,")"
  119       if [ -z "$fn" ]; then
  120         target="${2}$(basename "$1")"
  121       else
  122         target="${2}${fn}"
  123       fi
  124       target_dir="$2"
  125     else
  126       target="$2"
  127       target_dir="$(dirname "$2")"
  128     fi
  129 
  130     if [ ! -d "$target_dir" ]; then
  131       printf "\033[40m\033[1;31m* WARNING: Target directory $target_dir does not exist. Skipping copy of $source!\033[0m\n" >&2
  132       continue
  133     fi
  134 
  135     if [ -f "$source" -a -f "$target" ]; then
  136       # Ignore files that are the same in the target
  137       shell_diff "$source" "$target"
  138       diff_retval=$? # 0 = full match, 1 = match (excluding comments), 2 = full mismatch (including comments)
  139 
  140       if [ $diff_retval -eq 2 ] && ! get_user_yn "File \"$target\" already exists. Overwrite" "$default_yn"; then
  141         if [ -z "$fallback_ext" ]; then
  142           echo "Skipped..."
  143           continue
  144         else
  145           # Copy as e.g. .dist-file:
  146           target="${target}.${fallback_ext}"
  147           rm -f "$target"
  148         fi
  149       fi
  150     fi
  151 
  152     retval=0
  153     if [ $diff_retval -eq 2 ]; then
  154       # copy file & create backup of old file if exists
  155       cp -bv --preserve=mode,timestamps "$source" "$target"
  156       retval=$?
  157     else
  158       # Only comments mismatch, so no point in keeping a backup file
  159       cp -v --preserve=mode,timestamps "$source" "$target"
  160       retval=$?
  161     fi
  162 
  163     if [ $retval -ne 0 ]; then
  164       echo "ERROR: Copy of \"$source\" to \"$target\" failed!" >&2
  165       exit 3
  166     fi
  167 
  168     chown 0:0 "$target"
  169   done
  170 
  171   return 0
  172 }
  173 
  174 
  175 copy_skip_if_exist()
  176 {
  177   if [ -z "$(find "$1" -type f)" ]; then
  178     echo "ERROR: Missing source file(s) \"$1\"" >&2
  179     exit 2
  180   fi
  181 
  182   unset IFS
  183   for source in `find "$1" -type f |grep -v -e '/\.svn/' -e '/\.git/'`; do
  184     if echo "$2" |grep -q '/$'; then
  185       fn="$(echo "$source" |sed "s,^$1,,")"
  186       if [ -z "$fn" ]; then
  187         target="$2$(basename "$1")"
  188       else
  189         target="$2$fn"
  190       fi
  191       target_dir="$2"
  192     else
  193       target="$2"
  194       target_dir="$(dirname "$2")"
  195     fi
  196 
  197     if [ ! -d "$target_dir" ]; then
  198       printf "\033[40m\033[1;31m* WARNING: Target directory $target_dir does not exist. Skipping copy of $source!\033[0m\n" >&2
  199       continue
  200     fi
  201 
  202     if [ -f "$target" ]; then
  203       if [ -z "$3" ]; then
  204         echo "* File \"$target\" already exists. Skipping copy of $source"
  205         continue
  206       else
  207         # Copy as e.g. .dist-file:
  208         target="${target}.${3}"
  209         rm -f "$target"
  210       fi
  211     fi
  212 
  213     # NOTE: Always copy, even if contents is the same to make sure permissions are updated 
  214     if ! cp -v --preserve=mode,timestamps "$source" "$target"; then
  215       echo "ERROR: Copy of \"$source\" to \"$target!\" failed!" >&2
  216       exit 3
  217     fi
  218 
  219     chown 0:0 "$target"
  220   done
  221 
  222   return 0
  223 }
  224 
  225 
  226 copy_overwrite()
  227 {
  228   if [ -z "$(find "$1" -type f)" ]; then
  229     echo "ERROR: Missing source file(s) \"$1\"" >&2
  230     exit 2
  231   fi
  232 
  233   unset IFS
  234   for source in `find "$1" -type f |grep -v -e '/\.svn/' -e '/\.git/'`; do
  235     if echo "$2" |grep -q '/$'; then
  236       fn="$(echo "$source" |sed "s,^$1,,")"
  237       if [ -z "$fn" ]; then
  238         target="$2$(basename "$1")"
  239       else
  240         target="$2$fn"
  241       fi
  242       target_dir="$2"
  243     else
  244       target="$2"
  245       target_dir="$(dirname "$2")"
  246     fi
  247 
  248     if [ ! -d "$target_dir" ]; then
  249       printf "\033[40m\033[1;31m* WARNING: Target directory $target_dir does not exist. Skipping copy of $source!\033[0m\n" >&2
  250       continue
  251     fi
  252 
  253     # NOTE: Always copy, even if contents is the same to make sure permissions are updated
  254     if ! cp -fv --preserve=mode,timestamps "$source" "$target"; then
  255       echo "ERROR: Copy of \"$source\" to \"$target\" failed!" >&2
  256       exit 3
  257     fi
  258 
  259     chown 0:0 "$target"
  260   done
  261 
  262   return 0
  263 }
  264 
  265 
  266 get_user_yn()
  267 {
  268   if [ "$2" = "y" ]; then
  269     printf "$1 (Y/n)? "
  270   else
  271     printf "$1 (y/N)? "
  272   fi
  273 
  274   read answer_with_case
  275 
  276   ANSWER=`echo "$answer_with_case" |tr A-Z a-z`
  277 
  278   if [ "$ANSWER" = "y" -o "$ANSWER" = "yes" ]; then
  279     return 0
  280   fi
  281 
  282   if [ "$ANSWER" = "n" -o "$ANSWER" = "no" ]; then
  283     return 1
  284   fi
  285 
  286   # Fallback to default
  287   if [ "$2" = "y" ]; then
  288     return 0
  289   else
  290     return 1
  291   fi
  292 }
  293 
  294 
  295 check_18_version()
  296 {
  297   if grep -q "^MY_VERSION=" "/etc/init.d/arno-iptables-firewall" 2>/dev/null; then
  298     if get_user_yn "WARNING: An old version is still installed. Removing it first is *STRONGLY* recommended. Remove" "y"; then
  299       rm -fv /etc/init.d/arno-iptables-firewall
  300       mv -fv /etc/arno-iptables-firewall/custom-rules /etc/arno-iptables-firewall/custom-rules.old
  301       mv -fv /etc/arno-iptables-firewall/firewall.conf /etc/arno-iptables-firewall/firewall.conf.old
  302       rm -fv /etc/arno-iptables-firewall/plugins/*.plugin
  303       rm -fv /etc/rc*.d/*arno-iptables-firewall
  304     fi
  305   fi
  306 }
  307 
  308 
  309 check_dist_version()
  310 {
  311   if [ -f /usr/sbin/arno-iptables-firewall ]; then
  312     if ! get_user_yn "WARNING: It seems a distribution version is already installed. It's *STRONGLY* recommended to remove it first. Continue anyway" "y"; then
  313       return 1
  314     fi
  315   fi
  316 
  317   return 0
  318 }
  319 
  320 
  321 # Check plugins for (old) versions with different priority
  322 check_plugins()
  323 {
  324   if [ -d /usr/local/share/arno-iptables-firewall/plugins ] && ls /usr/local/share/arno-iptables-firewall/plugins/*.plugin >/dev/null 2>&1; then
  325     unset IFS
  326     for PLUGIN_FILE in ./share/arno-iptables-firewall/plugins/*.plugin; do
  327       PLUGIN_NAME="$(basename "$PLUGIN_FILE" |sed 's/^[0-9]*//')"
  328 
  329       ls /usr/local/share/arno-iptables-firewall/plugins/*.plugin 2>/dev/null |grep "/[0-9]*${PLUGIN_NAME}$" |grep -v "/$(basename "$PLUGIN_FILE")$" |while IFS=$EOL read PLUGIN_OLD; do
  330         echo "* Removing old plugin: $PLUGIN_OLD"
  331         rm -fv "$PLUGIN_OLD"
  332       done
  333     done
  334   fi
  335 }
  336 
  337 
  338 # main line:
  339 AIF_VERSION="$(grep "MY_VERSION=" ./bin/arno-iptables-firewall |sed -e "s/^MY_VERSION=\"//" -e "s/\"$//")"
  340 
  341 printf "\033[40m\033[1;32mArno's Iptables Firewall Script(AIF) v$AIF_VERSION\033[0m\n"
  342 printf "Install Script v$MY_VERSION\n"
  343 echo "-------------------------------------------------------------------------------"
  344 
  345 sanity_check
  346 
  347 # We want to run in the dir the install script is in
  348 cd "$(dirname $0)"
  349 
  350 if ! get_user_yn "Continue install" "n"; then
  351   echo "*Install aborted"
  352   exit 1
  353 fi
  354 
  355 # Make sure an old version is not still installed
  356 check_18_version
  357 
  358 # Make sure a dist version is not already installed
  359 if ! check_dist_version; then
  360   echo "*Install aborted"
  361   exit 1
  362 fi
  363 
  364 copy_overwrite ./bin/arno-iptables-firewall /usr/local/sbin/
  365 copy_overwrite ./bin/arno-fwfilter /usr/local/bin/
  366 
  367 # Remove old version:
  368 rm -f /usr/local/sbin/arno-fwfilter
  369 
  370 mkdir -pv /usr/local/share/arno-iptables-firewall/plugins || exit 1
  371 copy_overwrite ./share/arno-iptables-firewall/ /usr/local/share/arno-iptables-firewall/
  372 
  373 if [ ! -f /usr/local/sbin/traffic-accounting-show ]; then 
  374   ln -sv /usr/local/share/arno-iptables-firewall/plugins/traffic-accounting-show /usr/local/sbin/traffic-accounting-show
  375 fi
  376 
  377 mkdir -pv /usr/local/share/man/man1 || exit 1
  378 mkdir -pv /usr/local/share/man/man8 || exit 1
  379 gzip -c -v ./share/man/man8/arno-iptables-firewall.8 >/usr/local/share/man/man8/arno-iptables-firewall.8.gz
  380 gzip -c -v ./share/man/man1/arno-fwfilter.1 >/usr/local/share/man/man8/arno-fwfilter.1.gz
  381 
  382 mkdir -pv /usr/local/share/doc/arno-iptables-firewall || exit 1
  383 copy_overwrite ./README /usr/local/share/doc/arno-iptables-firewall/
  384 
  385 # Install init.d script, but only if init.d folder exists
  386 if [ -d "/etc/init.d" ]; then
  387   copy_overwrite ./etc/init.d/arno-iptables-firewall /etc/init.d/
  388 fi
  389 
  390 # Make sure only one service file exists in /lib/.. or /usr/lib/ where we prefer /lib/
  391 rm -f /usr/lib/systemd/system/arno-iptables-firewall.service
  392 
  393 # Install service file if systemd directory is available, use fallbacks to support different systems
  394 if [ -d "/lib/systemd/system" ]; then
  395   copy_overwrite ./lib/systemd/system/arno-iptables-firewall.service /lib/systemd/system/
  396 elif [ -d "/usr/lib/systemd/system" ]; then
  397   copy_overwrite ./lib/systemd/system/arno-iptables-firewall.service /usr/lib/systemd/system/
  398 elif [ -d "/etc/systemd/system" ]; then
  399   copy_ask_if_exist ./lib/systemd/system/arno-iptables-firewall.service /etc/systemd/system/ "y"
  400 else
  401   echo "NOTE: Could not find any systemd/system directory, skipping systemd configuration" >&2
  402 fi
  403 
  404 # Install rsyslog config file (if rsyslog is available)
  405 if [ -d "/etc/rsyslog.d" ]; then
  406   copy_ask_if_exist ./etc/rsyslog.d/arno-iptables-firewall.conf /etc/rsyslog.d/ "y"
  407 fi
  408 
  409 copy_ask_if_exist ./etc/logrotate.d/arno-iptables-firewall /etc/logrotate.d/ "y"
  410 
  411 mkdir -pv /etc/arno-iptables-firewall || exit 1
  412 
  413 copy_overwrite ./etc/arno-iptables-firewall/firewall.conf /etc/arno-iptables-firewall/firewall.conf.dist
  414 copy_ask_if_exist ./etc/arno-iptables-firewall/firewall.conf /etc/arno-iptables-firewall/
  415 
  416 copy_skip_if_exist ./etc/arno-iptables-firewall/custom-rules /etc/arno-iptables-firewall/
  417 
  418 mkdir -pv /etc/arno-iptables-firewall/plugins || exit 1
  419 copy_ask_if_exist ./etc/arno-iptables-firewall/plugins/ /etc/arno-iptables-firewall/plugins/ "n" "dist"
  420 
  421 mkdir -pv /etc/arno-iptables-firewall/conf.d || exit 1
  422 echo "Files with a .conf extension in this directory will be sourced by the environment file" >/etc/arno-iptables-firewall/conf.d/README
  423 
  424 check_plugins
  425 
  426 echo ""
  427 echo "** Install done **"
  428 echo ""
  429 
  430 if get_user_yn "Do you want to run the configuration script"; then
  431   ./configure.sh
  432 fi
  433 
  434 echo ""
  435 echo "-------------------------------------------------------------------------------"
  436 echo "** NOTE: You can now (manually) start the firewall by executing              **"
  437 echo "**       \"/usr/local/sbin/arno-iptables-firewall start\"                      **"
  438 echo "**       It is recommended however to first review the settings in           **"
  439 echo "**       /etc/arno-iptables-firewall/firewall.conf!                          **"
  440 echo "-------------------------------------------------------------------------------"
  441 echo ""
  442 
  443 if get_user_yn "(Re)start firewall"; then
  444   /usr/local/sbin/arno-iptables-firewall restart
  445 fi
  446 
  447 exit 0