Skip to content

GitLab

Commit 85befd04 authored by ThomasKaiser's avatar ThomasKaiser
Browse files

Some security fixes

parent ef163f52
Show whitespace changes
Inline Side-by-side
softy
View file @ 85befd04
...@@ -50,15 +50,19 @@ function choose_webserver ...@@ -50,15 +50,19 @@ function choose_webserver
#------------------------------------------------------------------------------------------------------------------------------------------ #------------------------------------------------------------------------------------------------------------------------------------------
# Target web server selection # Target web server selection
#------------------------------------------------------------------------------------------------------------------------------------------ #------------------------------------------------------------------------------------------------------------------------------------------
dialog --title "Choose a webserver" --backtitle "$backtitle" --yes-label "Apache" --no-label "Nginx" \ if [ -f /etc/default/openmediavault ]; then
--yesno "\nChoose a web server which you are familiar with. They both work almost the same." 8 70 # OMV installed, prevent switching from nginx to apache which would trash OMV installation
response=$? server="nginx"
case $response in else
dialog --title "Choose a webserver" --backtitle "$backtitle" --yes-label "Apache" --no-label "Nginx" \
--yesno "\nChoose a web server which you are familiar with. They both work almost the same." 8 70
response=$?
case $response in
0) server="apache";; 0) server="apache";;
1) server="nginx";; 1) server="nginx";;
255) exit;; 255) exit;;
esac esac
echo $server > /tmp/server fi
} }
...@@ -77,14 +81,14 @@ dialog --title "Server configuration" --separate-widget $'\n' --ok-label "Instal ...@@ -77,14 +81,14 @@ dialog --title "Server configuration" --separate-widget $'\n' --ok-label "Instal
read -r hostnamefqdn read -r hostnamefqdn
read -r mysql_pass read -r mysql_pass
echo $mysql_pass > /tmp/mysql_pass echo $mysql_pass > ${TEMP_DIR}/mysql_pass
echo $hostnamefqdn > /tmp/hostnamefqdn echo $hostnamefqdn > ${TEMP_DIR}/hostnamefqdn
# end # end
} }
exec 3>&- exec 3>&-
# read variables back # read variables back
MYSQL_PASS=`cat /tmp/mysql_pass` read MYSQL_PASS < ${TEMP_DIR}/mysql_pass
HOSTNAMEFQDN=`cat /tmp/hostnamefqdn` read HOSTNAMEFQDN < ${TEMP_DIR}/hostnamefqdn
} }
...@@ -106,10 +110,10 @@ procent=$(echo "scale=2;($j/$skupaj)*100"|bc) ...@@ -106,10 +110,10 @@ procent=$(echo "scale=2;($j/$skupaj)*100"|bc)
--backtitle "$backtitle" \ --backtitle "$backtitle" \
--title "Installing" \ --title "Installing" \
--gauge "\n$2\n\n$x" 10 70 --gauge "\n$2\n\n$x" 10 70
if [ "$(DEBIAN_FRONTEND=noninteractive apt-get -qq -y install $x >/tmp/install.log 2>&1 || echo 'Installation failed' \ if [ "$(DEBIAN_FRONTEND=noninteractive apt-get -qq -y install $x >${TEMP_DIR}/install.log 2>&1 || echo 'Installation failed' \
| grep 'Installation failed')" != "" ]; then | grep 'Installation failed')" != "" ]; then
echo -e "[\e[0;31m error \x1B[0m] Installation failed" echo -e "[\e[0;31m error \x1B[0m] Installation failed"
tail /tmp/install.log tail ${TEMP_DIR}/install.log
exit exit
fi fi
fi fi
...@@ -165,7 +169,7 @@ create_ispconfig_configuration (){ ...@@ -165,7 +169,7 @@ create_ispconfig_configuration (){
#------------------------------------------------------------------------------------------------------------------------------------------ #------------------------------------------------------------------------------------------------------------------------------------------
# ISPConfig autoconfiguration # ISPConfig autoconfiguration
#------------------------------------------------------------------------------------------------------------------------------------------ #------------------------------------------------------------------------------------------------------------------------------------------
cat > /tmp/isp.conf.php <<EOF cat > ${TEMP_DIR}/isp.conf.php <<EOF
<?php <?php
\$autoinstall['language'] = 'en'; // de, en (default) \$autoinstall['language'] = 'en'; // de, en (default)
\$autoinstall['install_mode'] = 'standard'; // standard (default), expert \$autoinstall['install_mode'] = 'standard'; // standard (default), expert
...@@ -338,7 +342,7 @@ fi ...@@ -338,7 +342,7 @@ fi
apt-get --allow-unauthenticated install openmediavault-keyring apt-get --allow-unauthenticated install openmediavault-keyring
apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 7AA630A1EDEE7D73 apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 7AA630A1EDEE7D73
debconf-apt-progress -- apt-get -y --allow-unauthenticated --fix-missing --no-install-recommends install openmediavault postfix debconf-apt-progress -- apt-get -y --allow-unauthenticated --fix-missing --no-install-recommends install openmediavault postfix
FILE=`mktemp`; wget "$OMV_EXTRAS_URL" -qO $FILE && dpkg -i $FILE ; rm $FILE FILE="${TEMP_DIR}/omv_extras.deb"; wget "$OMV_EXTRAS_URL" -qO $FILE && dpkg -i $FILE ; rm $FILE
# /usr/sbin/omv-update # /usr/sbin/omv-update
debconf-apt-progress -- apt-get update debconf-apt-progress -- apt-get update
debconf-apt-progress -- apt-get --yes --force-yes --fix-missing --auto-remove --allow-unauthenticated \ debconf-apt-progress -- apt-get --yes --force-yes --fix-missing --auto-remove --allow-unauthenticated \
...@@ -442,27 +446,25 @@ cat > /etc/cron.daily/seed-armbian-torrent <<"EOF" ...@@ -442,27 +446,25 @@ cat > /etc/cron.daily/seed-armbian-torrent <<"EOF"
# armbian torrents auto update # armbian torrents auto update
# #
# download latest torrent pack # download latest torrent pack
TEMP=$(mktemp -d || exit 1) wget -qO- -O ${TEMP_DIR}/armbian-torrents.zip https://dl.armbian.com/torrent/all-torrents.zip
trap "rm -rf \"${TEMP}\" ; exit 0" 0 1 2 3 15
wget -qO- -O $TEMP/tmp.zip https://dl.armbian.com/torrent/all-torrents.zip
# test zip for corruption # test zip for corruption
unzip -t $TEMP/tmp.zip >/dev/null 2>&1 unzip -t ${TEMP_DIR}/armbian-torrents.zip >/dev/null 2>&1
[[ $? -ne 0 ]] && echo "Error in zip" && exit [[ $? -ne 0 ]] && echo "Error in zip" && exit
# extract zip # extract zip
unzip -o $TEMP/tmp.zip -d $TEMP/torrent-tmp >/dev/null 2>&1 unzip -o ${TEMP_DIR}/armbian-torrents.zip -d ${TEMP_DIR}/torrent-tmp >/dev/null 2>&1
# create list of current active torrents # create list of current active torrents
transmission-remote -n 'transmission:transmission' -l | sed '1d; $d' > $TEMP/torrent-tmp/active.torrents transmission-remote -n 'transmission:transmission' -l | sed '1d; $d' > ${TEMP_DIR}/torrent-tmp/active.torrents
# loop and add/update torrent files # loop and add/update torrent files
for f in $TEMP/torrent-tmp/*.torrent; do for f in ${TEMP_DIR}/torrent-tmp/*.torrent; do
transmission-remote -n 'transmission:transmission' -a $f > /dev/null 2>&1 transmission-remote -n 'transmission:transmission' -a $f > /dev/null 2>&1
# remove added from the list # remove added from the list
pattern="${f//.torrent}"; pattern="${pattern##*/}"; pattern="${f//.torrent}"; pattern="${pattern##*/}";
sed -i "/$pattern/d" $TEMP/torrent-tmp/active.torrents sed -i "/$pattern/d" ${TEMP_DIR}/torrent-tmp/active.torrents
done done
# remove old armbian torrents # remove old armbian torrents
while read i; do while read i; do
[[ $i == *Armbian_* ]] && transmission-remote -n 'transmission:transmission' -t $(echo "$i" | awk '{print $1}';) --remove-and-delete [[ $i == *Armbian_* ]] && transmission-remote -n 'transmission:transmission' -t $(echo "$i" | awk '{print $1}';) --remove-and-delete
done < $TEMP/torrent-tmp/active.torrents done < ${TEMP_DIR}/torrent-tmp/active.torrents
# remove temporally files and direcotories # remove temporally files and direcotories
EOF EOF
chmod +x /etc/cron.daily/seed-armbian-torrent chmod +x /etc/cron.daily/seed-armbian-torrent
...@@ -495,7 +497,7 @@ install_vpn_server (){ ...@@ -495,7 +497,7 @@ install_vpn_server (){
#------------------------------------------------------------------------------------------------------------------------------------------ #------------------------------------------------------------------------------------------------------------------------------------------
# Script downloads latest stable # Script downloads latest stable
#------------------------------------------------------------------------------------------------------------------------------------------ #------------------------------------------------------------------------------------------------------------------------------------------
cd /tmp cd ${TEMP_DIR}
PREFIX="http://www.softether-download.com/files/softether/" PREFIX="http://www.softether-download.com/files/softether/"
install_packet "debconf-utils unzip build-essential html2text apt-transport-https" "Downloading basic packages" install_packet "debconf-utils unzip build-essential html2text apt-transport-https" "Downloading basic packages"
URL=$(wget -q $PREFIX -O - | html2text | grep rtm | awk ' { print $(NF) }' | tail -1) URL=$(wget -q $PREFIX -O - | html2text | grep rtm | awk ' { print $(NF) }' | tail -1)
...@@ -886,11 +888,11 @@ install_ISPConfig (){ ...@@ -886,11 +888,11 @@ install_ISPConfig (){
#------------------------------------------------------------------------------------------------------------------------------------------ #------------------------------------------------------------------------------------------------------------------------------------------
# Install ISPConfig 3 # Install ISPConfig 3
#------------------------------------------------------------------------------------------------------------------------------------------ #------------------------------------------------------------------------------------------------------------------------------------------
cd /tmp cd ${TEMP_DIR}
wget -q http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz -O - | tar -xz wget -q http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz -O - | tar -xz
cd /tmp/ispconfig3_install/install/ cd ${TEMP_DIR}/ispconfig3_install/install/
#apt-get -y install php5-cli php5-mysql #apt-get -y install php5-cli php5-mysql
php -q install.php --autoinstall=/tmp/isp.conf.php php -q install.php --autoinstall=${TEMP_DIR}/isp.conf.php
echo "Admin panel: https://$serverIP:8080" echo "Admin panel: https://$serverIP:8080"
echo "PHPmyadmin: http://$serverIP:8081/phpmyadmin" echo "PHPmyadmin: http://$serverIP:8081/phpmyadmin"
} }
...@@ -909,9 +911,13 @@ if [[ $EUID != 0 ]]; then ...@@ -909,9 +911,13 @@ if [[ $EUID != 0 ]]; then
exit exit
fi fi
# Create a safe temporary directory
TEMP_DIR=$(mktemp -d || exit 1)
chmod 700 ${TEMP_DIR}
trap "rm -rf \"${TEMP_DIR}\" ; exit 0" 0 1 2 3 15
# Install basic stuff # Install basic stuff
# #
#export LANG=C
echo -e "\nChecking dependencies. This might take a while." echo -e "\nChecking dependencies. This might take a while."
apt-get -qq -y --no-install-recommends install debconf-utils unzip build-essential html2text apt-transport-https dialog whiptail \ apt-get -qq -y --no-install-recommends install debconf-utils unzip build-essential html2text apt-transport-https dialog whiptail \
lsb-release bc expect html2text > /dev/null lsb-release bc expect html2text > /dev/null
...@@ -1009,7 +1015,7 @@ while true; do ...@@ -1009,7 +1015,7 @@ while true; do
fi fi
if [[ "$selection" == *hole* && "$PI_HOLE_STATUS" != "on" ]]; then if [[ "$selection" == *hole* && "$PI_HOLE_STATUS" != "on" ]]; then
curl -L install.pi-hole.net | bash curl -L "https://install.pi-hole.net" | bash
read -n 1 -s -p "Press any key to continue" read -n 1 -s -p "Press any key to continue"
fi fi
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment