diff options
author | d3v1150m471c <d3v11@d3v1150m471c.ano> | 2011-07-10 07:16:47 -0500 |
---|---|---|
committer | d3v1150m471c <d3v11@d3v1150m471c.ano> | 2011-07-10 07:16:47 -0500 |
commit | 6682d93a6ddc22bdc801143521b94790b1a97bd2 (patch) | |
tree | 60c5662741ea1ae8bb1be0a7e269b23acf3083d4 /contrib/peer2anonet | |
parent | 0ac1fe1183e5841d15506a56aa1868033a0db2f7 (diff) | |
download | resdb-6682d93a6ddc22bdc801143521b94790b1a97bd2.tar.gz resdb-6682d93a6ddc22bdc801143521b94790b1a97bd2.zip |
peer2anonet changes made:
* parse quicktun.keypair</dev/random directly to seckey variable.
* removed y/n questions with file tests and automatic
configuration.
* README file updated
* ported for autoconfig file pipes
* some security checks created
Diffstat (limited to 'contrib/peer2anonet')
-rw-r--r-- | contrib/peer2anonet/README | 38 | ||||
-rw-r--r-- | contrib/peer2anonet/peer2anonet | 130 |
2 files changed, 120 insertions, 48 deletions
diff --git a/contrib/peer2anonet/README b/contrib/peer2anonet/README index 3ddecd5..8d4e73d 100644 --- a/contrib/peer2anonet/README +++ b/contrib/peer2anonet/README @@ -7,6 +7,8 @@ SYNOPSIS: peer2anonet + -OR- + peer2anonet < autoconfig DESCRIPTION: @@ -50,6 +52,31 @@ INSTALL AND UNINSTALL: make install-deb +USAGE: + You may execute peer2anonet and answer configuration questions + via interface or pipe a file containing the new peering + session's specifications to the executable. peer2anonet has + some security checks but it is highly recommended you check + a autoconfig file manually before using to prevent malicious + attacks. An autoconfig file should be in the following format: + Plain text file, one block of data per line, no spaces, and + without including the following '<-- comments'. + +================== Not Actual Line on File ============================ +anon <--your peer's alias +1.2.3.0 <--your new anonet network address +1.2.3.1 <--your new anonet router address +1.2.3.2 <--your new anonet ip +1001 <--your new anonet client port +1230 <--you new asn +11.22.33.44 <--your peer's remote ip +3.5.7.9 <--your peer's anonet ip +3571 <--your peer's client port +3570 <--your peer's asn +3c6e0b8a9c15224a8228b9a98ca1531d <--your peer's public key +================== Not Actual Line on File ============================ + + CHANGES: Sat Jul 9 06:48:58 CDT 2011 - d3v1150m471c * quicktun's "EXPORT DEBUG=1" removed on peering script. @@ -63,4 +90,15 @@ CHANGES: * bash added to dependencies * file tests with mkdir changed to `mkdir -p`... . * peering file removed, passes directly to run file now. + + Sun Jul 10 05:47:22 CDT 2011 - d3v1150m471c + * makefile changed to Makefile + * parse quicktun.keypair</dev/random directly to seckey variable. + * removed y/n questions with file tests and automatic + configuration. + * README file updated + * ported for autoconfig file pipes + * some security checks created + + diff --git a/contrib/peer2anonet/peer2anonet b/contrib/peer2anonet/peer2anonet index 9e4d8de..a3a7b4d 100644 --- a/contrib/peer2anonet/peer2anonet +++ b/contrib/peer2anonet/peer2anonet @@ -2,7 +2,7 @@ ######################################################################### # We need to check for root privileges: if [[ $(id -u) != 0 ]]; then - echo "peer2anonet: error: root priviliges required." + echo "peer2anonet: error: root privileges required." exit 1 fi @@ -13,10 +13,16 @@ mkdir -p /services/bird mkdir -p /service ######################################################################### -# See if we need new keys: -read -p "Would you like to generate new keys? [y/n]: " ASK -[[ $ASK == *y* ]] && quicktun.keypair</dev/random && echo -[[ $ASK == *Y* ]] && quicktun.keypair</dev/random && echo +# Generate new keys: +KEYS=`quicktun.keypair</dev/random` +SECKEY=`echo $KEYS | head -1` +YPUBKEY=`echo $KEYS | head -2 | tail -1` +echo " +peer2anonet: your public key is: + +$YPUBKEY + +" ######################################################################### # We need to get info for the new peering and BGP session: @@ -30,10 +36,70 @@ read -p "Enter your peer remote ip: " REMOTEIP read -p "Enter your peer anonet ip: " PEERIP read -p "Enter your peer remote port: " PEERPORT read -p "Enter your peer asn: " PEERASN -read -p "Enter your secret key: " SECKEY read -p "Enter your peer's public key: " PUBKEY ######################################################################### +# Do some security checks on variables: +TEST[0]=$PEERNAME; TEST[1]=$YOURNET; TEST[2]=$YOURROUTE; TEST[3]=$YOURIP +TEST[4]=$YOURPORT; TEST[5]=$YOURASN; TEST[6]=$REMOTEIP; TEST[7]=$PEERIP + TEST[8]=$PEERPORT; TEST[9]=$PEERASN + +SECURE() { + echo "peer2anonet: error: possible malicious code detected" + echo "offending data: $CHECK" + exit 1 + } + + +for CHECK in ${TEST[@]}; do +[[ $CHECK == *'rm '* ]] && SECURE +[[ $CHECK == *'mail '* ]] && SECURE +[[ $CHECK == *'cp '* ]] && SECURE +[[ $CHECK == *'mv '* ]] && SECURE +[[ $CHECK == *'ipconfig'* ]] && SECURE +[[ $CHECK == *'iwconfig'* ]] && SECURE +[[ $CHECK == *'ping '* ]] && SECURE +[[ $CHECK == *'make '* ]] && SECURE +[[ $CHECK == *'install'* ]] && SECURE +[[ $CHECK == *'uninstall'* ]] && SECURE +[[ $CHECK == *'map '* ]] && SECURE +[[ $CHECK == *'su '* ]] && SECURE +[[ $CHECK == *'sudo'* ]] && SECURE +[[ $CHECK == *'$'* ]] && SECURE +[[ $CHECK == *'!'* ]] && SECURE +[[ $CHECK == *'echo'* ]] && SECURE +[[ $CHECK == *'netcat'* ]] && SECURE +[[ $CHECK == *'id '* ]] && SECURE +[[ $CHECK == *'source'* ]] && SECURE +[[ $CHECK == *'alias '* ]] && SECURE +[[ $CHECK == *'passwd'* ]] && SECURE +[[ $CHECK == *'user'* ]] && SECURE +[[ $CHECK == *'bash'* ]] && SECURE +[[ $CHECK == *'ls '* ]] && SECURE +[[ $CHECK == *'ssh'* ]] && SECURE +[[ $CHECK == *'nc '* ]] && SECURE +[[ $CHECK == *'telnet'* ]] && SECURE +[[ $CHECK == *'rdesktop'* ]] && SECURE +[[ $CHECK == *'iptables'* ]] && SECURE +[[ $CHECK == *'}'* ]] && SECURE +[[ $CHECK == *'{'* ]] && SECURE +[[ $CHECK == *'['* ]] && SECURE +[[ $CHECK == *']'* ]] && SECURE +[[ $CHECK == *'('* ]] && SECURE +[[ $CHECK == *')'* ]] && SECURE +[[ $CHECK == *'exec'* ]] && SECURE +[[ $CHECK == *'dash'* ]] && SECURE +[[ $CHECK == *'perl'* ]] && SECURE +[[ $CHECK == *'python'* ]] && SECURE +[[ $CHECK == *'netstat'* ]] && SECURE +[[ $CHECK == *'sockstat'* ]] && SECURE +[[ $CHECK == *'>'* ]] && SECURE +[[ $CHECK == *'<'* ]] && SECURE +[[ $CHECK == *'/'* ]] && SECURE +[[ $CHECK == *'kill'* ]] && SECURE +done + +######################################################################### # We need to check if base files need to be imported to services for bird: NEW_PROTOCOL=" protocol bgp $PEERNAME'_bgp' { table AnoNet_routes; @@ -96,49 +162,18 @@ protocol direct direct_AnoNet_routes { table AnoNet_routes; import filter only_AnoNet; }" -while true; do - read -p "Is this your first peering session?" ASK - if [[ $ASK == *y* ]]; then - echo "$BIRD_CONF" > /services/bird/bird.conf - echo "$BIRD_RUN" > /services/bird/run - chmod +x /services/bird/run - echo "$NEW_PROTOCOL" >> /services/bird/bird.conf - break - elif [[ $ASK == *Y* ]]; then - echo "$BIRD_CONF" > /services/bird/bird.conf - echo "$BIRD_RUN" > /services/bird/run - chmod +x /services/bird/run - echo "$NEW_PROTOCOL" >> /services/bird/bird.conf - break - elif [[ $ASK == *n* ]]; then - break - elif [[ $ASK == *N* ]]; then - break - fi -done + + +test -e /services/bird/bird.conf || echo "$BIRD_CONF" > /services/bird/bird.conf +test -e /services/bird/run || echo "$BIRD_RUN" > /services/bird/run +chmod +x /services/bird/run +echo "$NEW_PROTOCOL" >> /services/bird/bird.conf ######################################################################### # We need to check if this peering session already exists: -if [ -e /services/"$PEERNAME" ]; then - while true; do - read -p "$PEERNAME already exists, would you like to replace it? [y/n]: " ASK - if [[ $ASK == *y* ]]; then - rm -r /services/"$PEERNAME" - mkdir /services/"$PEERNAME" - break - elif [[ $ASK == *Y* ]]; then - rm -r /services/"$PEERNAME" - mkdir /services/"$PEERNAME" - break - elif [[ $ASK == *n* ]]; then - exit 0 - elif [[ $ASK == *N* ]]; then - exit 0 - fi - done -else - mkdir /services/"$PEERNAME" -fi +test -e /services/"$PEERNAME" && rm -r /services/"$PEERNAME" +mkdir -p /services/"$PEERNAME" + ######################################################################### # Create files to configure the new peering session: @@ -146,7 +181,7 @@ echo "#!/bin/sh export REMOTE_ADDRESS=$REMOTEIP export REMOTE_PORT=$PEERPORT export LOCAL_PORT=$YOURPORT -export PRIVATE_KEY=$SECKEY +export PRIVATE_KEY=${SECKEY/'SECRET: /} export PUBLIC_KEY=$PUBKEY export TUN_MODE=1 export INTERFACE=ppp-$PEERNAME @@ -161,7 +196,6 @@ chmod +x /services/"$PEERNAME"/run ######################################################################### # Configure and start our new peering session: ln -s /services/"$PEERNAME" /service/ -echo echo "peer2anonet: New peering session configured " exit 0 |