+++ /dev/null
-#!/bin/sh
-# Filename: /etc/init.d/firewall
-# Purpose: simple [example] configuration script for iptables
-# Authors: grml-team (grml.org), (c) Michael Prokop <mika@grml.org>
-# Bug-Reports: see http://grml.org/bugs/
-# License: This file is licensed under the GPL v2.
-# Latest change: Don Jul 20 09:53:31 CEST 2006 [mika]
-################################################################################
-### BEGIN INIT INFO
-# Provides: firewall
-# Required-Start: $remote_fs $network
-# Required-Stop: $remote_fs $network
-# Default-Start: S 2 3 4 5
-# Default-Stop:
-### END INIT INFO
-
- LANG=C
- LC_ALL=C
- IPTABLES="iptables"
-
- if [ -r /etc/grml/lsb-functions ] ; then
- source /etc/grml/lsb-functions
- else
- alias einfo='echo -n'
- alias eend='echo '
- fi
-
-# IFACE='eth0'
-# IFACE=$(ifconfig -a | awk '/^ppp/ {print $1}')
-# IPADDR=$(ifconfig "$IFACE" | awk -F: /"inet addr"/'{print $2}' | gawk '{print $1}')
-# NETMASK=$(ifconfig "$IFACE" | awk -F: /"Mask"/'{print $4}' | gawk '{print $1}')
-# BROADCAST=$(ifconfig "$IFACE" | awk -F: /"inet"/'{print $3}' | gawk '{print $1}')
-# LOOPBACK='127.0.0.0/8'
-
-###################################################################################
-startup(){
-
-einfo "Starting firewall."
-
-# Remove al chains
- $IPTABLES -F
- $IPTABLES -X
- $IPTABLES -Z
-
-# Set up a default policy for the built-in chains. -> DROP
- $IPTABLES -P INPUT DROP
- $IPTABLES -P OUTPUT DROP
- $IPTABLES -P FORWARD DROP
-
-# allow all already established connections
- $IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-
-# Allow unlimited traffic on the loopback interface.
- $IPTABLES -A INPUT -i lo -j ACCEPT
- $IPTABLES -A OUTPUT -o lo -j ACCEPT
-
-# syn-flooding protection
- $IPTABLES -N syn-flood
- $IPTABLES -A INPUT -p tcp --syn -j syn-flood
- $IPTABLES -A syn-flood -m limit --limit 5/s --limit-burst 10 -j RETURN
- $IPTABLES -A syn-flood -j REJECT
-
-# Make sure, NEW TCP Connections are SYN packets
- $IPTABLES -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
-
-# Refuse broadcast address packets.
-# $IPTABLES -A INPUT -d $BROADCAST -j DROP
- $IPTABLES -A INPUT -s 0.0.0.0 -d 255.255.255.255 -j DROP
-
-# AUTH server: Reject ident probes with a tcp reset.
-# This may be useful for a broken mailhost that won't accept the
-# mails if you just drop its ident probe.
-# $IPTABLES -A INPUT -i $IFACE -p tcp --dport 113 -j REJECT --reject-with tcp-reset
-
-# allow *all* output - simplifies life and keeps load low ;-)
- $IPTABLES -A OUTPUT -j ACCEPT
-
-# example for NAT/MASQUERADE (eth0: lan; eth1: to ppp0; ppp0: external):
-#
-# echo 1 > /proc/sys/net/ipv4/ip_forward
-# or
-# put 'ip_forward=yes' to /etc/network/options
-#
-# $IPTABLES -A INPUT -i eth1 -s 192.168.0.2 -d 192.168.0.1 -j ACCEPT
-# $IPTABLES -A INPUT -i eth1 -s 192.168.0.150 -d 192.168.0.1 -j ACCEPT
-# $IPTABLES -t nat -A POSTROUTING -s 192.168.0.0/24 -o ppp0 -j MASQUERADE
-# $IPTABLES -A FORWARD -i eth1 -o ppp0 -s 192.168.0.0/24 -d $IP_OF_ETH1 -j ACCEPT
-# $IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
-# $IPTABLES -A FORWARD -i ppp0 -o eth1 -d $IP_OF_PPP0 -j ACCEPT
-# $IPTABLES -A FORWARD -j LOG --log-prefix "$LOGID ERROR in FORWARD: "
-# $IPTABLES -A FORWARD -j DROP
-
-# example for Source Network Address Translation (SNAT):
-# the strict way:
-# $IPTABLES -t nat -A POSTROUTING -o ppp0 -j SNAT --to $PPPIP
-# the liberal way:
-# $IPTABLES -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
-
-# example for DNAT:
-# $IPTABLES -t nat -A PREROUTING -d 10.0.0.1 -j DNAT --to-destination 192.168.0.1
-# $IPTABLES -t nat -A PREROUTING -d 10.0.0.2 -j DNAT --to-destination 192.168.0.2
-
-# allow ssh incoming
- $IPTABLES -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT
-
-# create new chains
- $IPTABLES -N INPUTLOG
- $IPTABLES -N OUTPUTLOG
- $IPTABLES -A INPUT -m limit --limit 1/second --limit-burst 5 -j INPUTLOG
- $IPTABLES -A INPUT -m limit --limit 1/second --limit-burst 5 -j OUTPUTLOG
-
-# Any udp not already allowed is logged and then dropped.
- $IPTABLES -A INPUTLOG -p udp -j LOG --log-prefix "IPTABLES UDP-IN: "
- $IPTABLES -A INPUTLOG -p udp -j REJECT
- $IPTABLES -A OUTPUTLOG -p udp -j LOG --log-prefix "IPTABLES UDP-OUT: "
- $IPTABLES -A OUTPUTLOG -p udp -j REJECT
-# Any icmp not already allowed is logged and then dropped.
- $IPTABLES -A INPUTLOG -p icmp -j LOG --log-prefix "IPTABLES ICMP-IN: "
- $IPTABLES -A INPUTLOG -p icmp -j REJECT
- $IPTABLES -A OUTPUTLOG -p icmp -j LOG --log-prefix "IPTABLES ICMP-OUT: "
- $IPTABLES -A OUTPUTLOG -p icmp -j REJECT
-# Any tcp not already allowed is logged and then dropped.
- $IPTABLES -A INPUTLOG -p tcp -j LOG --log-prefix "IPTABLES TCP-IN: "
- $IPTABLES -A INPUTLOG -p tcp -j REJECT
- $IPTABLES -A OUTPUTLOG -p tcp -j LOG --log-prefix "IPTABLES TCP-OUT: "
- $IPTABLES -A OUTPUTLOG -p tcp -j REJECT
-# Anything else not already allowed is logged and then dropped.
-# It will be dropped by the default policy anyway... but let's be paranoid.
- $IPTABLES -A INPUTLOG -j LOG --log-prefix "IPTABLES PROTOCOL-X-IN: "
- $IPTABLES -A INPUTLOG -j REJECT
- $IPTABLES -A OUTPUTLOG -j LOG --log-prefix "IPTABLES PROTOCOL-X-OUT: "
- $IPTABLES -A OUTPUTLOG -j REJECT
-
-# end of script
- eend $?
-}
-###################################################################################
-
-case "$1" in
- stop)
- einfo "Shutting down Firewall."
- $IPTABLES -F
- $IPTABLES -t nat -F
- $IPTABLES -t mangle -F
- $IPTABLES -t filter -F
- $IPTABLES -P INPUT ACCEPT
- $IPTABLES -P OUTPUT ACCEPT
- $IPTABLES -P FORWARD ACCEPT
- $IPTABLES -X
- eend $?
- ;;
-
- panic)
- einfo "Setting Firewall to modus panic."
- $IPTABLES -F
- $IPTABLES -t nat -F
- $IPTABLES -t mangle -F
- $IPTABLES -t filter -F
- $IPTABLES -P INPUT DROP
- $IPTABLES -P OUTPUT DROP
- $IPTABLES -P FORWARD DROP
- $IPTABLES -X
- eend $?
- ;;
-
- status)
- $IPTABLES -L -n -v
- ;;
-
- restart)
- $0 stop
- $0 start
- ;;
-
- analyse)
- echo "------------------------------------------------------------------------------------"
- echo "Program: $0 $(date)"
- echo "PID: $$ grml-team [mika] (c) 2004++"
- echo "$(iptables --version)"
- echo "Identity: whoami: $(whoami)"
- echo " id: $(id)"
- echo " groups: $(groups)"
- echo "Uptime: $(uptime)"
- echo "------------------------------------------------------------------------------------"
- echo "$(vmstat)"
- echo "------------------------------------------------------------------------------------"
- echo "# ifconfig -a"
- ifconfig -a
- echo "------------------------------------------------------------------------------------"
- echo "# route -n"
- route -n
- echo "------------------------------------------------------------------------------------"
- echo "# ip a s"
- ip a s
- echo "------------------------------------------------------------------------------------"
- echo "# $IPTABLES -L -n -v"
- $IPTABLES -L -n -v
- echo "------------------------------------------------------------------------------------"
- echo 'for i in /proc/sys/net/*/*; do echo -n "$i: " ; cat $i; done 2>/dev/null'
- for i in /proc/sys/net/*/*; do
- echo -n "$i: "
- cat $i;
- done 2>/dev/null
- echo "------------------------------------------------------------------------------------"
- echo "# lsmod | grep '^ip'"
- lsmod | grep '^ip'
- ;;
-
- start)
- startup
- ;;
-
- *)
- echo "Usage: $0 [start|stop|restart|panic|status|analyse]";
- exit 1;
- ;;
-esac
-
-## END OF FILE #################################################################
+++ /dev/null
-#!/bin/sh
-# Filename: grml-home
-# Purpose: copy skeleton files if not already present
-# Authors: grml-team (grml.org), (c) Michael Prokop <mika@grml.org>
-# Bug-Reports: see http://grml.org/bugs/
-# License: This file is licensed under the GPL v2.
-# Latest change: Don Sep 28 16:36:03 CEST 2006 [mika]
-################################################################################
-### BEGIN INIT INFO
-# Provides: grml-home
-# Required-Start: $all
-# Required-Stop:
-# Default-Start: S 2 3 4 5
-# Default-Stop:
-### END INIT INFO
-
-# user with UID 1000
-fstabuser=$(getent passwd 1000 | cut -d: -f1)
-
-if [ -r /etc/grml_cd ] ; then # run only in live modus
- chown "${fstabuser}": /home/"$fstabuser" # this is important for the home=/dev/ice bootparam
- su -s /bin/sh "$fstabuser" -c "rsync -Ha --ignore-existing /etc/skel/ /home/${fstabuser}/"
- # ^^^^^^^^^^
- # this is important to prevent startup of the zsh/newuser module
-fi
-
-## END OF FILE #################################################################
+++ /dev/null
-#!/bin/sh
-# Filename: grml-misc
-# Purpose: initialize misc stuff on grml system
-# Authors: grml-team (grml.org), (c) Michael Prokop <mika@grml.org>
-# Bug-Reports: see http://grml.org/bugs/
-# License: This file is licensed under the GPL v2.
-# Latest change: Sam Mai 27 14:43:56 CEST 2006 [mika]
-################################################################################
-### BEGIN INIT INFO
-# Provides: grml-misc
-# Required-Start: $all
-# Required-Stop:
-# Default-Start: S 2 3 4 5
-# Default-Stop:
-### END INIT INFO
-
-if grep -q nocolor /proc/cmdline ; then
- RC_NOCOLOR=yes
- . /etc/grml/lsb-functions
-else
- . /etc/grml/lsb-functions
-fi
-
-# finished booting
-einfo "Finished execution of main grml startup." ; eend 0
-
-## END OF FILE #################################################################
+++ /dev/null
-#!/bin/bash
-# Filename: grml-reboot
-# Purpose: reboot grml system
-# Authors: grml-team (grml.org)
-# Bug-Reports: see http://grml.org/bugs/
-# License: This file is licensed under the GPL v2.
-################################################################################
-### BEGIN INIT INFO
-# Provides: grml-reboot
-# Required-Start:
-# Required-Stop:
-# Default-Start:
-# Default-Stop:
-### END INIT INFO
-
-export PATH=/sbin:/bin:/usr/bin:/usr/sbin
-
-. /etc/grml_colors
-. /etc/grml/lsb-functions
-
-cd /
-
-# Clean input/output
-CONSOLE=/dev/console
-[ -c "$CONSOLE" ] && exec >"$CONSOLE" 2>&1 <"$CONSOLE"
-
-# default variables
-INSTALLED=false
-REMOVABLE=false
-USB_DEVICE=false
-NOPROMPT=${NOPROMPT:-false}
-NOEJECT=${NOEJECT:-false}
-CMDLINE="$(cat /proc/cmdline 2>/dev/null)"
-
-# Check if we are running from a GRML-CD or HD
-[ -e /etc/grml_cd ] || INSTALLED=true
-
-# Assume that we don't want the eject+prompt stuff when running in one
-# of the special modes:
-grep -qe 'toram' -qe '2ram' -qe 'usb' -qe 'serial' \
- -qe 'fromhd' -qe 'isofrom' -qe 'fromiso' -qe 'findiso' \
- /proc/cmdline && INSTALLED=true
-
-# detect cdrom device
-if ! $INSTALLED ; then
- if [ -d /run/live/medium ] ; then # live-boot layout since Dec 2018
- CDROM="$(awk '/ \/run\/live\/medium /{print $1;exit 0;}' /proc/mounts)"
- MOUNTPATH="/run/live/medium"
- elif [ -d /lib/live/mount/medium ] ; then # live-boot layout between 2012 and Dec 2018
- CDROM="$(awk '/ \/lib\/live\/mount\/medium /{print $1;exit 0;}' /proc/mounts)"
- MOUNTPATH="/lib/live/mount/medium"
- fi
-
- # try to remove only removable devices
- DEVICE=""
- if [ -n "$CDROM" ] ; then
- DEVICE="${CDROM##/dev/}"
- [ -d /sys/block/${DEVICE} ] || DEVICE="${DEVICE%%[0-9]*}"
-
- if [ -n "$DEVICE" ] ; then
- # is it a removable device?
- [ "$(cat /sys/block/${DEVICE}/removable 2>/dev/null)" = "1" ] && REMOVABLE=true
- # is it a usb device?
- readlink /sys/block/${DEVICE} 2>/dev/null | grep -q '/usb' && USB_DEVICE=true
- $USB_DEVICE && USB_INFO=" ($(cat /sys/block/${DEVICE}/device/model 2>/dev/null))"
- fi
- fi
-fi
-
-case "$0" in
- *halt)
- level=0
- message="grml system will be halted..."
- command="halt"
- ;;
- *reboot)
- level=6
- message="Preparing for reboot..."
- command="reboot"
- ;;
- *)
- echo "Usage: call this script as \"halt\" or \"reboot\" please.">&2
- exit 1
- ;;
-esac
-
-mysleep() {
- for i in $(seq 1 30) ; do
- sleep 0.1
- echo -n "$1.${NORMAL}"
- done
- echo ""
-}
-
-# Disable kernel messages
-echo "0" > /proc/sys/kernel/printk
-
-# make sure halt/reboot commands are available even if
-# someone is using shutdown command or nfsroot is used:
-cat /sbin/halt /sbin/reboot /etc/init.d/$command /etc/init.d/ups-monitor \
- /etc/apcupsd/powerfail >/dev/null 2>&1
-
-# We may kill our network connection here before unmounting NFS. Bad luck.
-if [ -d /sys/bus/pcmcia -a -x /sbin/pccardctl ] ; then
- # make sure we don't lose any data, see issue219 for details
- log_begin_msg "Syncing devices..."
- sync ; log_end_msg $?
- log_begin_msg "Shutting down PCMCIA devices..."
- pccardctl eject >/dev/null 2>&1
- log_end_msg $?
-fi
-
-if $INSTALLED ; then
- log_begin_msg_nn "Running /etc/init.d/rc ${level}: "
- /etc/init.d/rc $level 1>/dev/null 2>&1 &
- mysleep "$GREEN"
- log_end_msg 0
-fi
-
-# Remove all truecrypt mappings...
-if [ -x /usr/sbin/truecrypt ] ; then
- if grep -q truecrypt /proc/modules ; then
- log_begin_msg "Unmapping truecrypt volumes."
- MSG=$(truecrypt -d 2>1)
- echo $MSG | grep "No volumes mapped" && eend 0
- [ -z "$MSG" ] && eend 0 || eend 1
- fi
-fi
-
-# Now kill them all
-killall5 -15
-sleep 1
-log_begin_msg_nn "Sending all processes the TERM signal: "
-mysleep "$BLUE" ; log_end_msg $?
-
-killall5 -9
-sleep 1
-log_begin_msg_nn "Sending all processes the KILL signal: "
-mysleep "$RED" ; log_end_msg $?
-
-# Turn off swap, then unmount file systems.
-log_begin_msg "Turning off swap."
-swapoff -a >/dev/null 2>&1 ; log_end_msg $?
-
-# Udev
-log_begin_msg "Deactivating udev:"
-echo -n " ${GREEN}-${NORMAL} "
-/etc/init.d/udev stop ; log_end_msg $?
-
-# noprompt and noeject handling
-case "$CMDLINE" in
- *noprompt*) NOPROMPT=true ; ;;
- *noeject*) NOEJECT=true ; ;;
-esac
-[ -r /etc/noprompt ] && NOPROMPT=true
-[ -r /etc/noeject ] && NOPROMPT=true && NOEJECT=true
-
-VIRT_WHAT=$(/usr/sbin/virt-what 2>/dev/null)
-if [ -n "$VIRT_WHAT" ] ; then
- log_begin_msg "System seems to be a virtual machine, assuming noprompt as default."
- NOPROMPT=true
- log_end_msg 0
-fi
-
-# Turn on autoeject of CD-ROMs
-if $NOEJECT ; then
- for dev in /proc/sys/dev/cdrom*/lock; do [ -f "$dev" ] && echo 0 > "$dev"; done
- for dev in /proc/sys/dev/cdrom*/autoeject; do [ -f "$dev" ] && echo 1 > "$dev"; done
-fi
-
-# Umount file systems
-log_begin_msg "Syncing local filesystems..."
-sync && sleep 1 ; log_end_msg $?
-
-log_begin_msg "Unmounting file systems."
-
-# Be safe in case someone messed with /etc/mtab
-if ! $INSTALLED ; then
- rm -f /etc/mtab
- ln -snf /proc/mounts /etc/mtab
-fi
-
-# Free loopback devices if necessary, so we can unmount the host media
-for i in /dev/loop*; do losetup -d $i 2>/dev/null; done
-
-umount -t notmpfs,nosysfs,noproc,nousbfs -adrvf 1>/dev/null 2>&1
-
-log_end_msg 0
-
-# Network stuff
-log_begin_msg "Unmounting network filesystems"
-umount -t nfs,nfs4,smbfs -alvf 2>/dev/null ; log_end_msg $?
-
-NETDEVICES="$(/sbin/ifconfig | awk '/^[^ ]+/ {print $1}' | grep -v '^lo$')"
-if [ -n "$NETDEVICES" ]; then
- pidof pump >/dev/null 2>&1 && { pump -k ; sleep 2; }
- killall dhclient dhclient3 2>/dev/null
- log_begin_msg "Shutting down network device..."
- for n in $NETDEVICES; do
- echo "${SUBMSG} ${WHITE}$n${NORMAL}"
- ifdown $n 1>/dev/null 2>&1
- ifconfig $n down
- done ; log_end_msg $?
-fi
-
-# For a harddisk installation: mount / ro
-$INSTALLED && mount -n -o remount,ro / 2>/dev/null
-
-# Prompt for removal of live system device
-if ! $INSTALLED && ! $NOPROMPT ; then
- # do not prompt for removal when running in grml2ram mode:
- if ! mount | grep -qe 'on /run/live/medium' -qe 'on /lib/live/mount/medium' ; then
- echo "Live System not mounted, nothing to eject therefore."
- else
- [ -d "$MOUNTPATH" ] && umount -l "$MOUNTPATH"
- if ! $NOEJECT && [ -n "$CDROM" ] ; then
- $REMOVABLE && eject -p "$CDROM" 2>/dev/null
- fi
- echo
- if $USB_DEVICE ; then
- # if we do not have any information about the usb model then fallback to the device name instead
- [ -n "$USB_INFO" ] || USB_INFO=" (${CDROM})"
- read -s -p "${GREEN}Please remove the USB device${USB_INFO} and press ENTER to continue [auto 2 minutes].${NORMAL}" -t 120 a
- else
- [ -n "$CDROM" ] && CDROM=" (${CDROM})"
- read -s -p "${GREEN}Please remove the live system${CDROM}, close the tray (if any) and press ENTER to continue [auto 2 minutes].${NORMAL}" -t 120 a
- fi
- fi
-fi
-
-echo
-echo "$message" >/dev/console
-
-# Finally halt or reboot
-/etc/init.d/$command stop
-
-## END OF FILE #################################################################
+++ /dev/null
-#! /bin/sh
-
-### BEGIN INIT INFO
-# Provides: sshd
-# Required-Start: $remote_fs $syslog
-# Required-Stop: $remote_fs $syslog
-# Default-Start: 2 3 4 5
-# Default-Stop:
-# Short-Description: OpenBSD Secure Shell server
-### END INIT INFO
-
-# Notice: this file has been slightly adjusted by the
-# Grml team so the script supports key-generation
-
-# Configurable options:
-KEYGEN=/usr/bin/ssh-keygen
-RSA_KEY=/etc/ssh/ssh_host_rsa_key
-DSA_KEY=/etc/ssh/ssh_host_dsa_key
-ECDSA_KEY=/etc/ssh/ssh_host_ecdsa_key
-ED25519_KEY=/etc/ssh/ssh_host_ed25519_key
-
-set -e
-
-# /etc/init.d/ssh: start and stop the OpenBSD "secure shell(tm)" daemon
-
-test -x /usr/sbin/sshd || exit 0
-( /usr/sbin/sshd -\? 2>&1 | grep -q OpenSSH ) 2>/dev/null || exit 0
-
-umask 022
-
-if test -f /etc/default/ssh; then
- . /etc/default/ssh
-fi
-
-. /lib/lsb/init-functions
-
-if [ -n "$2" ]; then
- SSHD_OPTS="$SSHD_OPTS $2"
-fi
-
-# Are we running from init?
-run_by_init() {
- ([ "$previous" ] && [ "$runlevel" ]) || [ "$runlevel" = S ]
-}
-
-check_for_upstart() {
- if init_is_upstart; then
- exit $1
- fi
-}
-
-check_for_no_start() {
- # forget it if we're trying to start, and /etc/ssh/sshd_not_to_be_run exists
- if [ -e /etc/ssh/sshd_not_to_be_run ]; then
- if [ "$1" = log_end_msg ]; then
- log_end_msg 0 || true
- fi
- if ! run_by_init; then
- log_action_msg "OpenBSD Secure Shell server not in use (/etc/ssh/sshd_not_to_be_run)" || true
- fi
- exit 0
- fi
-}
-
-check_dev_null() {
- if [ ! -c /dev/null ]; then
- if [ "$1" = log_end_msg ]; then
- log_end_msg 1 || true
- fi
- if ! run_by_init; then
- log_action_msg "/dev/null is not a character device!" || true
- fi
- exit 1
- fi
-}
-
-check_privsep_dir() {
- # Create the PrivSep empty dir if necessary
- if [ ! -d /var/run/sshd ]; then
- mkdir /var/run/sshd
- chmod 0755 /var/run/sshd
- fi
-}
-
-check_config() {
- if [ ! -e /etc/ssh/sshd_not_to_be_run ]; then
- /usr/sbin/sshd $SSHD_OPTS -t || exit 1
- fi
-}
-
-
-generate_ssh_keys() {
- if ! test -f $RSA_KEY ; then
- log_action_msg "Generating SSH2 RSA host key..."
- $KEYGEN -t rsa -f $RSA_KEY -C '' -N '' || exit 1
- fi
-
- if ! test -f $DSA_KEY ; then
- log_action_msg "Generating SSH2 DSA host key..."
- $KEYGEN -t dsa -f $DSA_KEY -C '' -N '' || exit 1
- fi
-
- if ! test -f "$ECDSA_KEY" && grep -q "$ECDSA_KEY" /etc/ssh/sshd_config ; then
- log_action_msg "Generating SSH2 ECDSA host key..."
- $KEYGEN -t ecdsa -f "$ECDSA_KEY" -C '' -N '' || exit 1
- fi
-
- if ! test -f "$ED25519_KEY" && grep -q "$ED25519_KEY" /etc/ssh/sshd_config ; then
- log_action_msg "Generating SSH2 ED25519 host key..."
- $KEYGEN -t ed25519 -f "$ED25519_KEY" -C '' -N '' || exit 1
- fi
-}
-
-export PATH="${PATH:+$PATH:}/usr/sbin:/sbin"
-
-case "$1" in
- start)
- check_for_upstart 1
- check_privsep_dir
- check_for_no_start
- check_dev_null
- generate_ssh_keys
- log_daemon_msg "Starting OpenBSD Secure Shell server" "sshd" || true
- if start-stop-daemon --start --quiet --oknodo --pidfile /var/run/sshd.pid --exec /usr/sbin/sshd -- $SSHD_OPTS; then
- log_end_msg 0 || true
- else
- log_end_msg 1 || true
- fi
- ;;
- stop)
- check_for_upstart 0
- log_daemon_msg "Stopping OpenBSD Secure Shell server" "sshd" || true
- if start-stop-daemon --stop --quiet --oknodo --pidfile /var/run/sshd.pid; then
- log_end_msg 0 || true
- else
- log_end_msg 1 || true
- fi
- ;;
-
- reload|force-reload)
- check_for_upstart 1
- check_for_no_start
- check_config
- generate_ssh_keys
- log_daemon_msg "Reloading OpenBSD Secure Shell server's configuration" "sshd" || true
- if start-stop-daemon --stop --signal 1 --quiet --oknodo --pidfile /var/run/sshd.pid --exec /usr/sbin/sshd; then
- log_end_msg 0 || true
- else
- log_end_msg 1 || true
- fi
- ;;
-
- restart)
- check_for_upstart 1
- check_privsep_dir
- check_config
- generate_ssh_keys
- log_daemon_msg "Restarting OpenBSD Secure Shell server" "sshd" || true
- start-stop-daemon --stop --quiet --oknodo --retry 30 --pidfile /var/run/sshd.pid
- check_for_no_start log_end_msg
- check_dev_null log_end_msg
- if start-stop-daemon --start --quiet --oknodo --pidfile /var/run/sshd.pid --exec /usr/sbin/sshd -- $SSHD_OPTS; then
- log_end_msg 0 || true
- else
- log_end_msg 1 || true
- fi
- ;;
-
- try-restart)
- check_for_upstart 1
- check_privsep_dir
- check_config
- generate_ssh_keys
- log_daemon_msg "Restarting OpenBSD Secure Shell server" "sshd" || true
- RET=0
- start-stop-daemon --stop --quiet --retry 30 --pidfile /var/run/sshd.pid || RET="$?"
- case $RET in
- 0)
- # old daemon stopped
- check_for_no_start log_end_msg
- check_dev_null log_end_msg
- if start-stop-daemon --start --quiet --oknodo --pidfile /var/run/sshd.pid --exec /usr/sbin/sshd -- $SSHD_OPTS; then
- log_end_msg 0 || true
- else
- log_end_msg 1 || true
- fi
- ;;
- 1)
- # daemon not running
- log_progress_msg "(not running)" || true
- log_end_msg 0 || true
- ;;
- *)
- # failed to stop
- log_progress_msg "(failed to stop)" || true
- log_end_msg 1 || true
- ;;
- esac
- ;;
-
- status)
- check_for_upstart 1
- status_of_proc -p /var/run/sshd.pid /usr/sbin/sshd sshd && exit 0 || exit $?
- ;;
-
- *)
- log_action_msg "Usage: /etc/init.d/ssh {start|stop|reload|force-reload|restart|try-restart|status}" || true
- exit 1
-esac
-
-exit 0