-
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmultiplexer.sh
executable file
·118 lines (99 loc) · 5.37 KB
/
multiplexer.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
#!/usr/bin/env bash
# ---------------------------------------------------------------------------------------- #
# Description #
# ---------------------------------------------------------------------------------------- #
# Implement a multiplexer to allow multiple TCP Wrappers to be execute in sequence. #
# #
# This will only capture and work with the exit code of the called filter. #
# ---------------------------------------------------------------------------------------- #
# TCP Wrapper config: #
# #
# /etc/hosts.allow #
# sshd: ALL: aclexec /usr/local/sbin/multiplexer %a #
# #
# /etc/hosts.deny #
# sshd: ALL #
# ---------------------------------------------------------------------------------------- #
FILTERS=""
FILTER_PATH="/usr/local/sbin"
# ---------------------------------------------------------------------------------------- #
# In terminal #
# ---------------------------------------------------------------------------------------- #
# A wrapper to check if the script is being run in a terminal or not. #
# ---------------------------------------------------------------------------------------- #
function in_terminal
{
[[ -t 1 ]] && return 0 || return 1;
}
# ---------------------------------------------------------------------------------------- #
# Debug #
# ---------------------------------------------------------------------------------------- #
# Show output only if we are running in a terminal, but always log the message. #
# ---------------------------------------------------------------------------------------- #
function debug()
{
local message="${1:-}"
if [[ -n "${message}" ]]; then
if in_terminal; then
echo "${message}"
fi
logger "${message}"
fi
}
# ---------------------------------------------------------------------------------------- #
# Run Filters #
# ---------------------------------------------------------------------------------------- #
# Run each of the filters in sequence. If the filter 'denies' the connection then bubble #
# that failure up. Ignore 'allows' ($? == 0) as this is the default return from the filter #
# when a 'deny' isn't explicitly found. If no filter 'denies' the connection then return #
# a default of allow, in the same was as the individual filters. #
# ---------------------------------------------------------------------------------------- #
function run_filters()
{
IFS=', ' read -r -a filters <<< "${FILTERS}"
for filter in "${filters[@]}"; do
cmd="${FILTER_PATH}/${filter}"
if [[ -x "${cmd}" ]]; then
if ! output=$( "$cmd" "${IP}" 'MUX' 2>&1 ); then
debug "${output}"
exit 1
fi
fi
done
}
# ---------------------------------------------------------------------------------------- #
# Main() #
# ---------------------------------------------------------------------------------------- #
# The main function where all of the heavy lifting and script config is done. #
# ---------------------------------------------------------------------------------------- #
function main()
{
#
# NO IP given - error and abort
#
if [[ $# -ne 1 ]]; then
debug 'Ip addressed not supplied - Aborting'
exit 0
fi
#
# Set a variable (Could pass it at function call)
#
declare -g IP="${1}"
#
# Run the actual filters
#
run_filters
# Default allow
exit 0
}
# ---------------------------------------------------------------------------------------- #
# Main() #
# ---------------------------------------------------------------------------------------- #
# The actual 'script' and the functions/sub routines are called in order. #
# ---------------------------------------------------------------------------------------- #
main "${@}"
# ---------------------------------------------------------------------------------------- #
# End of Script #
# ---------------------------------------------------------------------------------------- #
# This is the end - nothing more to see here. #
# ---------------------------------------------------------------------------------------- #