From a7172106eea697ec0f42223e585edd75baa69243 Mon Sep 17 00:00:00 2001 From: Paul Rock Date: Thu, 1 Feb 2018 14:04:15 +0300 Subject: [PATCH] new envs added, static path added into to vpn scripts, new question on installation stage about path to scripts, tunes for more flexibility of scripts --- .env.example | 1 + configs/server.conf | 4 ++-- scripts/auth-bash/config.sh | 8 -------- scripts/auth-bash/connect.sh | 12 ++++++++---- scripts/auth-bash/disconnect.sh | 12 ++++++++---- scripts/auth-bash/login.sh | 10 +++++++--- scripts/install.sh | 12 ++++++------ scripts/install/00_env.sh | 18 ++++++++++++++++++ scripts/install/02_app.sh | 3 ++- scripts/install/04_openvpn.sh | 24 +++++++++++++++--------- 10 files changed, 67 insertions(+), 37 deletions(-) delete mode 100644 scripts/auth-bash/config.sh diff --git a/.env.example b/.env.example index 9e9c37d..85374c5 100644 --- a/.env.example +++ b/.env.example @@ -1,5 +1,6 @@ # Web-application parameters APP_PATH=/var/www/html +SCRIPTS_PATH=/var/www/html/scripts/auth-bash # Database parameters DB_HOST=172.17.0.1 diff --git a/configs/server.conf b/configs/server.conf index a2c5ee0..c0372b0 100644 --- a/configs/server.conf +++ b/configs/server.conf @@ -48,8 +48,8 @@ reneg-sec 18000 ## SECURITY ## # Downgrade privileges of the daemon -user nobody -group nogroup +user VPN_USER +group VPN_GROUP # Persist keys (because we are nobody, so we couldn't read them again) persist-key diff --git a/scripts/auth-bash/config.sh b/scripts/auth-bash/config.sh deleted file mode 100644 index d2ee840..0000000 --- a/scripts/auth-bash/config.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/bash - -# MySQL credentials -HOST='localhost' -PORT='3306' -USER='' -PASS='' -DB='openvpn-admin' diff --git a/scripts/auth-bash/connect.sh b/scripts/auth-bash/connect.sh index ace884b..1c2c205 100644 --- a/scripts/auth-bash/connect.sh +++ b/scripts/auth-bash/connect.sh @@ -1,6 +1,10 @@ #!/bin/bash -. /etc/openvpn/scripts/config.sh -. /etc/openvpn/scripts/functions.sh + +my_path="$(dirname $0)" +cd "$my_path" + +source ./../../.env +source ./functions.sh common_name=$(echap "$common_name") trusted_ip=$(echap "$trusted_ip") @@ -11,7 +15,7 @@ bytes_received=$(echap "$bytes_received") bytes_sent=$(echap "$bytes_sent") # We insert data in the log table -mysql -h$HOST -P$PORT -u$USER -p$PASS $DB -e "INSERT INTO log (log_id, user_id, log_trusted_ip, log_trusted_port, log_remote_ip, log_remote_port, log_start_time, log_end_time, log_received, log_send) VALUES(NULL, '$common_name','$trusted_ip', '$trusted_port','$ifconfig_pool_remote_ip', '$remote_port_1', now(),NULL, '$bytes_received', '$bytes_sent')" +mysql -h$DB_HOST -P$DB_PORT -u$DBUSER -p$DB_PASS $DB_NAME -e "INSERT INTO log (log_id, user_id, log_trusted_ip, log_trusted_port, log_remote_ip, log_remote_port, log_start_time, log_end_time, log_received, log_send) VALUES(NULL, '$common_name','$trusted_ip', '$trusted_port','$ifconfig_pool_remote_ip', '$remote_port_1', now(),NULL, '$bytes_received', '$bytes_sent')" # We specify that the user is online -mysql -h$HOST -P$PORT -u$USER -p$PASS $DB -e "UPDATE user SET user_online=1 WHERE user_id='$common_name'" +mysql -h$DB_HOST -P$DB_PORT -u$DBUSER -p$DB_PASS $DB_NAME -e "UPDATE user SET user_online=1 WHERE user_id='$common_name'" diff --git a/scripts/auth-bash/disconnect.sh b/scripts/auth-bash/disconnect.sh index 516fb6d..41be5b7 100644 --- a/scripts/auth-bash/disconnect.sh +++ b/scripts/auth-bash/disconnect.sh @@ -1,6 +1,10 @@ #!/bin/bash -. /etc/openvpn/scripts/config.sh -. /etc/openvpn/scripts/functions.sh + +my_path="$(dirname $0)" +cd "$my_path" + +source ./../../.env +source ./functions.sh common_name=$(echap "$common_name") bytes_received=$(echap "$bytes_received") @@ -9,7 +13,7 @@ trusted_ip=$(echap "$trusted_ip") trusted_port=$(echap "$trusted_port") # We specify the user is offline -mysql -h$HOST -P$PORT -u$USER -p$PASS $DB -e "UPDATE user SET user_online=0 WHERE user_id='$common_name'" +mysql -h$DB_HOST -P$DB_PORT -u$DBUSER -p$DB_PASS $DB_NAME -e "UPDATE user SET user_online=0 WHERE user_id='$common_name'" # We insert the deconnection datetime -mysql -h$HOST -P$PORT -u$USER -p$PASS $DB -e "UPDATE log SET log_end_time=now(), log_received='$bytes_received', log_send='$bytes_sent' WHERE log_trusted_ip='$trusted_ip' AND log_trusted_port='$trusted_port' AND user_id='$common_name' AND log_end_time IS NULL" +mysql -h$DB_HOST -P$DB_PORT -u$DBUSER -p$DB_PASS $DB_NAME -e "UPDATE log SET log_end_time=now(), log_received='$bytes_received', log_send='$bytes_sent' WHERE log_trusted_ip='$trusted_ip' AND log_trusted_port='$trusted_port' AND user_id='$common_name' AND log_end_time IS NULL" diff --git a/scripts/auth-bash/login.sh b/scripts/auth-bash/login.sh index baa18c4..548ab69 100644 --- a/scripts/auth-bash/login.sh +++ b/scripts/auth-bash/login.sh @@ -1,12 +1,16 @@ #!/bin/bash -. /etc/openvpn/scripts/config.sh -. /etc/openvpn/scripts/functions.sh + +my_path="$(dirname $0)" +cd "$my_path" + +source ./../../.env +source ./functions.sh username=$(echap "$username") password=$(echap "$password") # Authentication -user_pass=$(mysql -h$HOST -P$PORT -u$USER -p$PASS $DB -sN -e "SELECT user_pass FROM user WHERE user_id = '$username' AND user_enable=1 AND (TO_DAYS(now()) >= TO_DAYS(user_start_date) OR user_start_date IS NULL) AND (TO_DAYS(now()) <= TO_DAYS(user_end_date) OR user_end_date IS NULL)") +user_pass=$(mysql -h$DB_HOST -P$DB_PORT -u$DBUSER -p$DB_PASS $DB_NAME -sN -e "SELECT user_pass FROM user WHERE user_id = '$username' AND user_enable=1 AND (TO_DAYS(now()) >= TO_DAYS(user_start_date) OR user_start_date IS NULL) AND (TO_DAYS(now()) <= TO_DAYS(user_end_date) OR user_end_date IS NULL)") # Check the user if [ "$user_pass" == '' ]; then diff --git a/scripts/install.sh b/scripts/install.sh index 8f9df87..468434e 100755 --- a/scripts/install.sh +++ b/scripts/install.sh @@ -1,10 +1,11 @@ #!/bin/bash print_help () { - echo -e "./install.sh www_basedir user group" - echo -e "\tbase_dir: The place where the web application will be put in" - echo -e "\tuser: User of the web application" - echo -e "\tgroup: Group of the web application" + echo -e "./install.sh www_basedir user group (eg /var/www/openvpn-admin)" + echo -e "\tbase_dir: The place where the web application will be put in" + echo -e "\tuser: User of the web application" + echo -e "\tgroup: Group of the web application" + exit } print_error() { @@ -20,7 +21,6 @@ fi # Ensure there are enought arguments if [ "$#" -ne 3 ]; then print_help - exit fi # Ensure there are the prerequisites @@ -35,7 +35,7 @@ www=$1 user=$2 group=$3 -openvpn_admin="$www/openvpn-admin" +openvpn_admin="$www" # Check the validity of the arguments if [ ! -d "$www" ] || ! grep -q "$user" "/etc/passwd" || ! grep -q "$group" "/etc/group" ; then diff --git a/scripts/install/00_env.sh b/scripts/install/00_env.sh index 480c451..0673edd 100644 --- a/scripts/install/00_env.sh +++ b/scripts/install/00_env.sh @@ -38,6 +38,24 @@ printf "\n################## Server informations ##################\n" [ -z "$VPN_NET" ] && read -p "OpenVPN clients subnet [10.8.0.0/24]: " VPN_NET [ -z "$VPN_NET" ] && VPN_NET="10.8.0.0/24" +printf "\n################## Application informations ##################\n" + +[ ! -z "$APP_PATH" ] && echo "APP_PATH=$APP_PATH" +[ -z "$APP_PATH" ] && read -p "Web application root folder [/var/www/html]: " APP_PATH +[ -z "$APP_PATH" ] && APP_PATH="/var/www/html" + +[ ! -z "$SCRIPTS_PATH" ] && echo "SCRIPTS_PATH=$SCRIPTS_PATH" +[ -z "$SCRIPTS_PATH" ] && read -p "Folder with scripts for OpenVPN [$APP_PATH/scripts/auth-bash]: " SCRIPTS_PATH +[ -z "$SCRIPTS_PATH" ] && SCRIPTS_PATH="$APP_PATH/scripts/auth-bash" + +SCRIPTS_LOGIN="$SCRIPTS_PATH/login.sh" +[ ! -z "$SCRIPTS_LOGIN" ] && echo "SCRIPTS_LOGIN=$SCRIPTS_LOGIN" + +SCRIPTS_CONNECT="$SCRIPTS_PATH/connect.sh" +[ ! -z "$SCRIPTS_CONNECT" ] && echo "SCRIPTS_CONNECT=$SCRIPTS_CONNECT" + +SCRIPTS_DISCONNECT="$SCRIPTS_PATH/disconnect.sh" +[ ! -z "$SCRIPTS_DISCONNECT" ] && echo "SCRIPTS_DISCONNECT=$SCRIPTS_DISCONNECT" printf "\n################## Certificates informations ##################\n" diff --git a/scripts/install/02_app.sh b/scripts/install/02_app.sh index d6f9c68..f3256ad 100644 --- a/scripts/install/02_app.sh +++ b/scripts/install/02_app.sh @@ -3,10 +3,11 @@ printf "\n################## Setup web application ##################\n" # Install third parties +composer install npm install # Create the directory of the web application mkdir -p "$openvpn_admin" -cp -r "$base_path/"{app/,public/,vendor/,.env} "$openvpn_admin" +cp -r "$base_path/"{scripts/,app/,public/,vendor/,.env} "$openvpn_admin" chown -R "$user:$group" "$openvpn_admin" diff --git a/scripts/install/04_openvpn.sh b/scripts/install/04_openvpn.sh index 026338a..4be36a0 100644 --- a/scripts/install/04_openvpn.sh +++ b/scripts/install/04_openvpn.sh @@ -3,13 +3,19 @@ printf "\n################## Setup OpenVPN ##################\n" # Copy certificates and the server configuration in the openvpn directory -cp /etc/openvpn/easy-rsa/pki/{ca.crt,ta.key,issued/server.crt,private/server.key,dh.pem} "/etc/openvpn/" -chmod +r /etc/openvpn/{ca.crt,ta.key} -cp "$base_path/../configs/server.conf" "/etc/openvpn/" -mkdir -p "/etc/openvpn/ccd" -sed -i " +cp "$VPN_CONF/easy-rsa/pki/"{ca.crt,ta.key,issued/server.crt,private/server.key,dh.pem} "$VPN_CONF/" +chmod +r $VPN_CONF/{ca.crt,ta.key} +cp "$base_path/../configs/server.conf" "$VPN_CONF/" +mkdir -p "$VPN_CONF/ccd" + +sed " s/VPN_SERVER/$VPN_SERVER/; -s/VPN_PORT/$VPN_PORT/; -s/VPN_INIF/$VPN_INIF/; -s/VPN_PROTO/$VPN_PROTO/; -s/VPN_GROUP/$VPN_GROUP/" "/etc/openvpn/server.conf" +s/VPN_PORT/$VPN_PORT/ +s/VPN_INIF/$VPN_INIF/ +s/VPN_PROTO/$VPN_PROTO/ +s/VPN_GROUP/$VPN_GROUP/ +s/VPN_USER/$VPN_USER/ +s|SCRIPTS_LOGIN|$SCRIPTS_LOGIN| +s|SCRIPTS_CONNECT|$SCRIPTS_CONNECT| +s|SCRIPTS_DISCONNECT|$SCRIPTS_DISCONNECT| +" -i "$VPN_CONF/server.conf"