#!/bin/sh ############################################################################# # # This DShield installation script has been developed # by Jesper Knudsen at http://sme.swerts-knudsen.dk # # Revision History: # # Jan 4, 2004: Initial revision history. # April 15, 2004: Added support for 5.5 server upgraded. # July 6, 2004: Added support for download of RPMs from mirror site # sme.swerts-knudsen.com if primary site is not # responding ############################################################################# IS_SME55=`rpm -qa | grep SMEServer-5.5 | wc -l` IS_SME56=`rpm -qa | grep SMEServer-5.6 | wc -l` IS_SME60=`rpm -qa | grep SMEServer-6.0 | wc -l` IS_SME65=`rpm -qa | grep SMEServer-6.5 | wc -l` cd /root mkdir dshield cd dshield PRIMARY=http://sme.swerts-knudsen.com SECONDARY=http://sme.swerts-knudsen.dk # determine download server.... mkdir downloadtest cd downloadtest wget -q --timeout=4 $PRIMARY/index.html if [ -f index.html ] then # download from primary site OK SITE=$PRIMARY else wget -q --timeout=4 $SECONDARY/index.html if [ -f index.html ] then # download from mirror site SITE=$SECONDARY fi fi echo "Downloading RPMs and files from $SITE" cd .. rm -rf downloadtest TYPE=0 if [ $IS_SME56 -ne 0 ] then echo "Installing DSHIELD on SME 5.6....." wget $SITE/downloads/Dshield/iptables.tar.gz TYPE=iptables else if [ $IS_SME60 -eq 1 ] then echo "Installing DSHIELD on SME 6.0....." wget $SITE/downloads/Dshield/iptables.tar.gz TYPE=iptables else if [ $IS_SME55 -eq 1 ] then echo "Installing DSHIELD on SME 5.5....." wget $SITE/downloads/Dshield/ipchains.tar.gz TYPE=ipchains else if [ $IS_SME65 -eq 1 ] then echo "Installing DSHIELD on SME 6.5....." wget $SITE/downloads/Dshield/iptables.tar.gz TYPE=iptables else echo "Not supported SME Version (5.5, 5.6, 6.0 and 6.5 supported) - Exiting" exit fi fi fi fi # Make a directory for dshield mkdir /home/dshield/ mv $TYPE.tar.gz /home/dshield # Move to the new directory and untar client cd /home/dshield tar -xzf $TYPE.tar.gz rm -f $TYPE.tar.gz # Copy config file to /etc cd /home/dshield/$TYPE cp dshield.cnf /etc/ # Copy list files to /etc cp dshield-source*.lst /etc/ cp dshield-target*.lst /etc/ if [ $IS_SME55 -eq 1 ] then sed -e "s/# line_filter=input DENY/line_filter=denylog DENY/" /etc/dshield.cnf.new >/etc/dshield.cnf.new else cp /etc/dshield.cnf /etc/dshield.cnf.new fi #Now edit the /etc/dshield.cnf file sed -e "s/# tmpfile/tmpfile/" /etc/dshield.cnf.new >/etc/dshield.cnf.new.new mv -f /etc/dshield.cnf.new.new /etc/dshield.cnf # Now create a cron job to run script every day mkdir -p /etc/e-smith/templates-custom/etc/crontab echo "0 0 * * * root cd /home/dshield/$TYPE; /home/dshield/$TYPE/$TYPE.pl" > /etc/e-smith/templates-custom/etc/crontab/dshield echo "Expanding the new template" /sbin/e-smith/expand-template /etc/crontab echo "Turn deny packet logging on" /sbin/e-smith/db configuration setprop masq Logging all echo "Updating remote access options" /sbin/e-smith/signal-event remoteaccess-update cd /root rm -rf dshield # Now notify Swerts-Knudsen that you have installed - only so that I can enhance # the scripts that are most in use ERR=`wget -q -t 1 -T 2 --delete-after http://sme.swerts-knudsen.dk/cgi-bin/egometer?Dshield_Script` #rpm -qa | grep SMEServer | mail install@swerts-knudsen.dk -s "DShield Installed (SITE=$SITE)" echo "Installation of DSHIELD complete."