Bwi/v2.0.4 (#13)

fixup v2.0.4
2024-10-23 11:21:58 +02:00 · 2024-10-23 11:21:58 +02:00 · c0d6ed2c7f
commit c0d6ed2c7f
parent 2c134435e8
4 changed files with 109 additions and 0 deletions
--- a/PAM/ssh/lib/CMakeLists.txt
+++ b/PAM/ssh/lib/CMakeLists.txt
@ -25,7 +25,16 @@ target_link_libraries(rublon-ssh
        -lcurl
        -lssl
        -lcrypto
+        -lstdc++fs
 )
+if(CMAKE_CXX_COMPILER_VERSION VERSION_LESS_EQUAL 7.5)
+
+    target_link_libraries(rublon-ssh
+        PUBLIC
+            -lstdc++fs
+    )
+
+endif()

 execute_process (
    COMMAND bash -c "awk -F= '/^ID=/{print $2}' /etc/os-release |tr -d '\n' | tr -d '\"'"
--- a/service/helpers/postinst_suse
+++ b/service/helpers/postinst_suse
@ -0,0 +1,26 @@
+#!/bin/bash
+
+SSHD_CONF=/etc/ssh/sshd_config
+SSHD_PAM_CONF=/etc/pam.d/sshd
+RUBLON_CONFIG=/etc/rublon.config
+RUBLON_SSH_CONFIG=/etc/ssh/01-rublon-ssh.conf
+
+if [ ! -f /etc/rublon.config ]
+then
+    cp -a /usr/share/rublon/rublon.config.defaults $RUBLON_CONFIG
+    chown root:root $RUBLON_CONFIG
+    chmod 640 $RUBLON_CONFIG
+fi
+
+if [ ! -f $RUBLON_SSH_CONFIG ]
+then
+    cp -a /usr/share/rublon/01-rublon-ssh.conf.default /etc/ssh/01-rublon-ssh.conf
+    chown root:root $RUBLON_SSH_CONFIG
+    chmod 640 $RUBLON_SSH_CONFIG
+fi
+
+sed -i '1 i\Include /etc/ssh/01-rublon-ssh.conf' $SSHD_CONF
+grep -qe 'auth required pam_rublon.so' $SSHD_PAM_CONF || sed -i '$aauth required pam_rublon.so' $SSHD_PAM_CONF
+grep -qe 'account required pam_rublon.so' $SSHD_PAM_CONF || sed -i '$aaccount required pam_rublon.so' $SSHD_PAM_CONF
+
+systemctl restart sshd
--- a/service/helpers/pubkey_install_deb
+++ b/service/helpers/pubkey_install_deb
@ -0,0 +1,37 @@
+#!/bin/bash
+
+SSHD_CONF=/etc/ssh/sshd_config
+SSHD_PAM_CONF=/etc/pam.d/sshd
+RUBLON_SSH_CONFIG=/etc/ssh/sshd_config.d/01-rublon-ssh.conf
+
+cp -a /usr/share/rublon/01-rublon-ssh_pubkey.conf.default $RUBLON_SSH_CONFIG
+chown root:root $RUBLON_SSH_CONFIG
+chmod 640 $RUBLON_SSH_CONFIG
+
+if [ -f /etc/os-release ]
+then
+    . /etc/os-release
+fi
+sed -i '/auth required pam_rublon.so/d' $SSHD_PAM_CONF
+
+if [[ $ID == "rhel" || $ID=="alma" || $ID=="rocky" || $ID=="Centos" ]]
+then
+grep -qe 'auth required pam_rublon.so' $SSHD_PAM_CONF || sed -i '$aauth required pam_rublon.so' $SSHD_PAM_CONF
+grep -qe '#auth       substack     password-auth' $SSHD_PAM_CONF || sed -i -e 's/auth       substack     password-auth/#auth substack password-auth/g' $SSHD_PAM_CONF
+
+elif [ $ID = "Debian" ]
+then
+grep -qe 'auth requisite pam_rublon.so' $SSHD_PAM_CONF || sed -i '$aauth requisite pam_rublon.so' $SSHD_PAM_CONF
+else 
+   grep -qe 'auth requisite pam_rublon.so' $SSHD_PAM_CONF || sed -i '$aauth requisite pam_rublon.so' $SSHD_PAM_CONF
+   grep -qe 'account required pam_rublon.so' $SSHD_PAM_CONF || sed -i '$aaccount required pam_rublon.so' $SSHD_PAM_CONF
+fi
+
+grep -qe '#@include common-auth' $SSHD_PAM_CONF || sed -i 's/@include common-auth/#@include common-auth/' $SSHD_PAM_CONF
+if [[ $ID == "rhel" || $ID=="alma" || $ID=="rocky" || $ID=="Centos" ]]
+then
+systemctl restart sshd
+else
+deb-systemd-invoke restart ssh.service
+fi
+
--- a/service/pubkey_install_deb
+++ b/service/pubkey_install_deb
@ -0,0 +1,37 @@
+#!/bin/bash
+
+SSHD_CONF=/etc/ssh/sshd_config
+SSHD_PAM_CONF=/etc/pam.d/sshd
+RUBLON_SSH_CONFIG=/etc/ssh/sshd_config.d/01-rublon-ssh.conf
+
+cp -a /usr/share/rublon/01-rublon-ssh_pubkey.conf.default $RUBLON_SSH_CONFIG
+chown root:root $RUBLON_SSH_CONFIG
+chmod 640 $RUBLON_SSH_CONFIG
+
+if [ -f /etc/os-release ]
+then
+    . /etc/os-release
+fi
+sed -i '/auth required pam_rublon.so/d' $SSHD_PAM_CONF
+
+if [[ $ID == "rhel" || $ID=="alma" || $ID=="rocky" || $ID=="Centos" ]]
+then
+grep -qe 'auth required pam_rublon.so' $SSHD_PAM_CONF || sed -i '$aauth required pam_rublon.so' $SSHD_PAM_CONF
+grep -qe '#auth       substack     password-auth' $SSHD_PAM_CONF || sed -i -e 's/auth       substack     password-auth/#auth substack password-auth/g' $SSHD_PAM_CONF
+
+elif [ $ID = "Debian" ]
+then
+grep -qe 'auth requisite pam_rublon.so' $SSHD_PAM_CONF || sed -i '$aauth requisite pam_rublon.so' $SSHD_PAM_CONF
+else 
+   grep -qe 'auth requisite pam_rublon.so' $SSHD_PAM_CONF || sed -i '$aauth requisite pam_rublon.so' $SSHD_PAM_CONF
+   grep -qe 'account required pam_rublon.so' $SSHD_PAM_CONF || sed -i '$aaccount required pam_rublon.so' $SSHD_PAM_CONF
+fi
+
+grep -qe '#@include common-auth' $SSHD_PAM_CONF || sed -i 's/@include common-auth/#@include common-auth/' $SSHD_PAM_CONF
+if [[ $ID == "rhel" || $ID=="alma" || $ID=="rocky" || $ID=="Centos" ]]
+then
+systemctl restart sshd
+else
+deb-systemd-invoke restart ssh.service
+fi
+