From 004e4c371ab86d809d0ab39c1153db444becf8bd Mon Sep 17 00:00:00 2001 From: Michael Prokop Date: Fri, 4 Jun 2021 11:39:12 +0200 Subject: [PATCH] Drop deprecated init scripts Those are crude hacks and no longer relevant nor supported as such, so drop them: * /etc/init.d/firewall * /etc/init.d/grml-home * /etc/init.d/grml-misc * /etc/init.d/grml-reboot * /etc/init.d/ssh --- etc/init.d/firewall | 219 --------------------------------------------- etc/init.d/grml-home | 27 ------ etc/init.d/grml-misc | 27 ------ etc/init.d/grml-reboot | 237 ------------------------------------------------- etc/init.d/ssh | 211 ------------------------------------------- 5 files changed, 721 deletions(-) delete mode 100755 etc/init.d/firewall delete mode 100755 etc/init.d/grml-home delete mode 100755 etc/init.d/grml-misc delete mode 100755 etc/init.d/grml-reboot delete mode 100755 etc/init.d/ssh diff --git a/etc/init.d/firewall b/etc/init.d/firewall deleted file mode 100755 index 6e7fc85..0000000 --- a/etc/init.d/firewall +++ /dev/null @@ -1,219 +0,0 @@ -#!/bin/sh -# Filename: /etc/init.d/firewall -# Purpose: simple [example] configuration script for iptables -# Authors: grml-team (grml.org), (c) Michael Prokop -# Bug-Reports: see http://grml.org/bugs/ -# License: This file is licensed under the GPL v2. -# Latest change: Don Jul 20 09:53:31 CEST 2006 [mika] -################################################################################ -### BEGIN INIT INFO -# Provides: firewall -# Required-Start: $remote_fs $network -# Required-Stop: $remote_fs $network -# Default-Start: S 2 3 4 5 -# Default-Stop: -### END INIT INFO - - LANG=C - LC_ALL=C - IPTABLES="iptables" - - if [ -r /etc/grml/lsb-functions ] ; then - source /etc/grml/lsb-functions - else - alias einfo='echo -n' - alias eend='echo ' - fi - -# IFACE='eth0' -# IFACE=$(ifconfig -a | awk '/^ppp/ {print $1}') -# IPADDR=$(ifconfig "$IFACE" | awk -F: /"inet addr"/'{print $2}' | gawk '{print $1}') -# NETMASK=$(ifconfig "$IFACE" | awk -F: /"Mask"/'{print $4}' | gawk '{print $1}') -# BROADCAST=$(ifconfig "$IFACE" | awk -F: /"inet"/'{print $3}' | gawk '{print $1}') -# LOOPBACK='127.0.0.0/8' - -################################################################################### -startup(){ - -einfo "Starting firewall." - -# Remove al chains - $IPTABLES -F - $IPTABLES -X - $IPTABLES -Z - -# Set up a default policy for the built-in chains. -> DROP - $IPTABLES -P INPUT DROP - $IPTABLES -P OUTPUT DROP - $IPTABLES -P FORWARD DROP - -# allow all already established connections - $IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT - -# Allow unlimited traffic on the loopback interface. - $IPTABLES -A INPUT -i lo -j ACCEPT - $IPTABLES -A OUTPUT -o lo -j ACCEPT - -# syn-flooding protection - $IPTABLES -N syn-flood - $IPTABLES -A INPUT -p tcp --syn -j syn-flood - $IPTABLES -A syn-flood -m limit --limit 5/s --limit-burst 10 -j RETURN - $IPTABLES -A syn-flood -j REJECT - -# Make sure, NEW TCP Connections are SYN packets - $IPTABLES -A INPUT -p tcp ! --syn -m state --state NEW -j DROP - -# Refuse broadcast address packets. -# $IPTABLES -A INPUT -d $BROADCAST -j DROP - $IPTABLES -A INPUT -s 0.0.0.0 -d 255.255.255.255 -j DROP - -# AUTH server: Reject ident probes with a tcp reset. -# This may be useful for a broken mailhost that won't accept the -# mails if you just drop its ident probe. -# $IPTABLES -A INPUT -i $IFACE -p tcp --dport 113 -j REJECT --reject-with tcp-reset - -# allow *all* output - simplifies life and keeps load low ;-) - $IPTABLES -A OUTPUT -j ACCEPT - -# example for NAT/MASQUERADE (eth0: lan; eth1: to ppp0; ppp0: external): -# -# echo 1 > /proc/sys/net/ipv4/ip_forward -# or -# put 'ip_forward=yes' to /etc/network/options -# -# $IPTABLES -A INPUT -i eth1 -s 192.168.0.2 -d 192.168.0.1 -j ACCEPT -# $IPTABLES -A INPUT -i eth1 -s 192.168.0.150 -d 192.168.0.1 -j ACCEPT -# $IPTABLES -t nat -A POSTROUTING -s 192.168.0.0/24 -o ppp0 -j MASQUERADE -# $IPTABLES -A FORWARD -i eth1 -o ppp0 -s 192.168.0.0/24 -d $IP_OF_ETH1 -j ACCEPT -# $IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT -# $IPTABLES -A FORWARD -i ppp0 -o eth1 -d $IP_OF_PPP0 -j ACCEPT -# $IPTABLES -A FORWARD -j LOG --log-prefix "$LOGID ERROR in FORWARD: " -# $IPTABLES -A FORWARD -j DROP - -# example for Source Network Address Translation (SNAT): -# the strict way: -# $IPTABLES -t nat -A POSTROUTING -o ppp0 -j SNAT --to $PPPIP -# the liberal way: -# $IPTABLES -t nat -A POSTROUTING -o ppp0 -j MASQUERADE - -# example for DNAT: -# $IPTABLES -t nat -A PREROUTING -d 10.0.0.1 -j DNAT --to-destination 192.168.0.1 -# $IPTABLES -t nat -A PREROUTING -d 10.0.0.2 -j DNAT --to-destination 192.168.0.2 - -# allow ssh incoming - $IPTABLES -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT - -# create new chains - $IPTABLES -N INPUTLOG - $IPTABLES -N OUTPUTLOG - $IPTABLES -A INPUT -m limit --limit 1/second --limit-burst 5 -j INPUTLOG - $IPTABLES -A INPUT -m limit --limit 1/second --limit-burst 5 -j OUTPUTLOG - -# Any udp not already allowed is logged and then dropped. - $IPTABLES -A INPUTLOG -p udp -j LOG --log-prefix "IPTABLES UDP-IN: " - $IPTABLES -A INPUTLOG -p udp -j REJECT - $IPTABLES -A OUTPUTLOG -p udp -j LOG --log-prefix "IPTABLES UDP-OUT: " - $IPTABLES -A OUTPUTLOG -p udp -j REJECT -# Any icmp not already allowed is logged and then dropped. - $IPTABLES -A INPUTLOG -p icmp -j LOG --log-prefix "IPTABLES ICMP-IN: " - $IPTABLES -A INPUTLOG -p icmp -j REJECT - $IPTABLES -A OUTPUTLOG -p icmp -j LOG --log-prefix "IPTABLES ICMP-OUT: " - $IPTABLES -A OUTPUTLOG -p icmp -j REJECT -# Any tcp not already allowed is logged and then dropped. - $IPTABLES -A INPUTLOG -p tcp -j LOG --log-prefix "IPTABLES TCP-IN: " - $IPTABLES -A INPUTLOG -p tcp -j REJECT - $IPTABLES -A OUTPUTLOG -p tcp -j LOG --log-prefix "IPTABLES TCP-OUT: " - $IPTABLES -A OUTPUTLOG -p tcp -j REJECT -# Anything else not already allowed is logged and then dropped. -# It will be dropped by the default policy anyway... but let's be paranoid. - $IPTABLES -A INPUTLOG -j LOG --log-prefix "IPTABLES PROTOCOL-X-IN: " - $IPTABLES -A INPUTLOG -j REJECT - $IPTABLES -A OUTPUTLOG -j LOG --log-prefix "IPTABLES PROTOCOL-X-OUT: " - $IPTABLES -A OUTPUTLOG -j REJECT - -# end of script - eend $? -} -################################################################################### - -case "$1" in - stop) - einfo "Shutting down Firewall." - $IPTABLES -F - $IPTABLES -t nat -F - $IPTABLES -t mangle -F - $IPTABLES -t filter -F - $IPTABLES -P INPUT ACCEPT - $IPTABLES -P OUTPUT ACCEPT - $IPTABLES -P FORWARD ACCEPT - $IPTABLES -X - eend $? - ;; - - panic) - einfo "Setting Firewall to modus panic." - $IPTABLES -F - $IPTABLES -t nat -F - $IPTABLES -t mangle -F - $IPTABLES -t filter -F - $IPTABLES -P INPUT DROP - $IPTABLES -P OUTPUT DROP - $IPTABLES -P FORWARD DROP - $IPTABLES -X - eend $? - ;; - - status) - $IPTABLES -L -n -v - ;; - - restart) - $0 stop - $0 start - ;; - - analyse) - echo "------------------------------------------------------------------------------------" - echo "Program: $0 $(date)" - echo "PID: $$ grml-team [mika] (c) 2004++" - echo "$(iptables --version)" - echo "Identity: whoami: $(whoami)" - echo " id: $(id)" - echo " groups: $(groups)" - echo "Uptime: $(uptime)" - echo "------------------------------------------------------------------------------------" - echo "$(vmstat)" - echo "------------------------------------------------------------------------------------" - echo "# ifconfig -a" - ifconfig -a - echo "------------------------------------------------------------------------------------" - echo "# route -n" - route -n - echo "------------------------------------------------------------------------------------" - echo "# ip a s" - ip a s - echo "------------------------------------------------------------------------------------" - echo "# $IPTABLES -L -n -v" - $IPTABLES -L -n -v - echo "------------------------------------------------------------------------------------" - echo 'for i in /proc/sys/net/*/*; do echo -n "$i: " ; cat $i; done 2>/dev/null' - for i in /proc/sys/net/*/*; do - echo -n "$i: " - cat $i; - done 2>/dev/null - echo "------------------------------------------------------------------------------------" - echo "# lsmod | grep '^ip'" - lsmod | grep '^ip' - ;; - - start) - startup - ;; - - *) - echo "Usage: $0 [start|stop|restart|panic|status|analyse]"; - exit 1; - ;; -esac - -## END OF FILE ################################################################# diff --git a/etc/init.d/grml-home b/etc/init.d/grml-home deleted file mode 100755 index 36568cb..0000000 --- a/etc/init.d/grml-home +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/sh -# Filename: grml-home -# Purpose: copy skeleton files if not already present -# Authors: grml-team (grml.org), (c) Michael Prokop -# Bug-Reports: see http://grml.org/bugs/ -# License: This file is licensed under the GPL v2. -# Latest change: Don Sep 28 16:36:03 CEST 2006 [mika] -################################################################################ -### BEGIN INIT INFO -# Provides: grml-home -# Required-Start: $all -# Required-Stop: -# Default-Start: S 2 3 4 5 -# Default-Stop: -### END INIT INFO - -# user with UID 1000 -fstabuser=$(getent passwd 1000 | cut -d: -f1) - -if [ -r /etc/grml_cd ] ; then # run only in live modus - chown "${fstabuser}": /home/"$fstabuser" # this is important for the home=/dev/ice bootparam - su -s /bin/sh "$fstabuser" -c "rsync -Ha --ignore-existing /etc/skel/ /home/${fstabuser}/" - # ^^^^^^^^^^ - # this is important to prevent startup of the zsh/newuser module -fi - -## END OF FILE ################################################################# diff --git a/etc/init.d/grml-misc b/etc/init.d/grml-misc deleted file mode 100755 index 0f4d7b2..0000000 --- a/etc/init.d/grml-misc +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/sh -# Filename: grml-misc -# Purpose: initialize misc stuff on grml system -# Authors: grml-team (grml.org), (c) Michael Prokop -# Bug-Reports: see http://grml.org/bugs/ -# License: This file is licensed under the GPL v2. -# Latest change: Sam Mai 27 14:43:56 CEST 2006 [mika] -################################################################################ -### BEGIN INIT INFO -# Provides: grml-misc -# Required-Start: $all -# Required-Stop: -# Default-Start: S 2 3 4 5 -# Default-Stop: -### END INIT INFO - -if grep -q nocolor /proc/cmdline ; then - RC_NOCOLOR=yes - . /etc/grml/lsb-functions -else - . /etc/grml/lsb-functions -fi - -# finished booting -einfo "Finished execution of main grml startup." ; eend 0 - -## END OF FILE ################################################################# diff --git a/etc/init.d/grml-reboot b/etc/init.d/grml-reboot deleted file mode 100755 index 7e2bf0e..0000000 --- a/etc/init.d/grml-reboot +++ /dev/null @@ -1,237 +0,0 @@ -#!/bin/bash -# Filename: grml-reboot -# Purpose: reboot grml system -# Authors: grml-team (grml.org) -# Bug-Reports: see http://grml.org/bugs/ -# License: This file is licensed under the GPL v2. -################################################################################ -### BEGIN INIT INFO -# Provides: grml-reboot -# Required-Start: -# Required-Stop: -# Default-Start: -# Default-Stop: -### END INIT INFO - -export PATH=/sbin:/bin:/usr/bin:/usr/sbin - -. /etc/grml_colors -. /etc/grml/lsb-functions - -cd / - -# Clean input/output -CONSOLE=/dev/console -[ -c "$CONSOLE" ] && exec >"$CONSOLE" 2>&1 <"$CONSOLE" - -# default variables -INSTALLED=false -REMOVABLE=false -USB_DEVICE=false -NOPROMPT=${NOPROMPT:-false} -NOEJECT=${NOEJECT:-false} -CMDLINE="$(cat /proc/cmdline 2>/dev/null)" - -# Check if we are running from a GRML-CD or HD -[ -e /etc/grml_cd ] || INSTALLED=true - -# Assume that we don't want the eject+prompt stuff when running in one -# of the special modes: -grep -qe 'toram' -qe '2ram' -qe 'usb' -qe 'serial' \ - -qe 'fromhd' -qe 'isofrom' -qe 'fromiso' -qe 'findiso' \ - /proc/cmdline && INSTALLED=true - -# detect cdrom device -if ! $INSTALLED ; then - if [ -d /run/live/medium ] ; then # live-boot layout since Dec 2018 - CDROM="$(awk '/ \/run\/live\/medium /{print $1;exit 0;}' /proc/mounts)" - MOUNTPATH="/run/live/medium" - elif [ -d /lib/live/mount/medium ] ; then # live-boot layout between 2012 and Dec 2018 - CDROM="$(awk '/ \/lib\/live\/mount\/medium /{print $1;exit 0;}' /proc/mounts)" - MOUNTPATH="/lib/live/mount/medium" - fi - - # try to remove only removable devices - DEVICE="" - if [ -n "$CDROM" ] ; then - DEVICE="${CDROM##/dev/}" - [ -d /sys/block/${DEVICE} ] || DEVICE="${DEVICE%%[0-9]*}" - - if [ -n "$DEVICE" ] ; then - # is it a removable device? - [ "$(cat /sys/block/${DEVICE}/removable 2>/dev/null)" = "1" ] && REMOVABLE=true - # is it a usb device? - readlink /sys/block/${DEVICE} 2>/dev/null | grep -q '/usb' && USB_DEVICE=true - $USB_DEVICE && USB_INFO=" ($(cat /sys/block/${DEVICE}/device/model 2>/dev/null))" - fi - fi -fi - -case "$0" in - *halt) - level=0 - message="grml system will be halted..." - command="halt" - ;; - *reboot) - level=6 - message="Preparing for reboot..." - command="reboot" - ;; - *) - echo "Usage: call this script as \"halt\" or \"reboot\" please.">&2 - exit 1 - ;; -esac - -mysleep() { - for i in $(seq 1 30) ; do - sleep 0.1 - echo -n "$1.${NORMAL}" - done - echo "" -} - -# Disable kernel messages -echo "0" > /proc/sys/kernel/printk - -# make sure halt/reboot commands are available even if -# someone is using shutdown command or nfsroot is used: -cat /sbin/halt /sbin/reboot /etc/init.d/$command /etc/init.d/ups-monitor \ - /etc/apcupsd/powerfail >/dev/null 2>&1 - -# We may kill our network connection here before unmounting NFS. Bad luck. -if [ -d /sys/bus/pcmcia -a -x /sbin/pccardctl ] ; then - # make sure we don't lose any data, see issue219 for details - log_begin_msg "Syncing devices..." - sync ; log_end_msg $? - log_begin_msg "Shutting down PCMCIA devices..." - pccardctl eject >/dev/null 2>&1 - log_end_msg $? -fi - -if $INSTALLED ; then - log_begin_msg_nn "Running /etc/init.d/rc ${level}: " - /etc/init.d/rc $level 1>/dev/null 2>&1 & - mysleep "$GREEN" - log_end_msg 0 -fi - -# Remove all truecrypt mappings... -if [ -x /usr/sbin/truecrypt ] ; then - if grep -q truecrypt /proc/modules ; then - log_begin_msg "Unmapping truecrypt volumes." - MSG=$(truecrypt -d 2>1) - echo $MSG | grep "No volumes mapped" && eend 0 - [ -z "$MSG" ] && eend 0 || eend 1 - fi -fi - -# Now kill them all -killall5 -15 -sleep 1 -log_begin_msg_nn "Sending all processes the TERM signal: " -mysleep "$BLUE" ; log_end_msg $? - -killall5 -9 -sleep 1 -log_begin_msg_nn "Sending all processes the KILL signal: " -mysleep "$RED" ; log_end_msg $? - -# Turn off swap, then unmount file systems. -log_begin_msg "Turning off swap." -swapoff -a >/dev/null 2>&1 ; log_end_msg $? - -# Udev -log_begin_msg "Deactivating udev:" -echo -n " ${GREEN}-${NORMAL} " -/etc/init.d/udev stop ; log_end_msg $? - -# noprompt and noeject handling -case "$CMDLINE" in - *noprompt*) NOPROMPT=true ; ;; - *noeject*) NOEJECT=true ; ;; -esac -[ -r /etc/noprompt ] && NOPROMPT=true -[ -r /etc/noeject ] && NOPROMPT=true && NOEJECT=true - -VIRT_WHAT=$(/usr/sbin/virt-what 2>/dev/null) -if [ -n "$VIRT_WHAT" ] ; then - log_begin_msg "System seems to be a virtual machine, assuming noprompt as default." - NOPROMPT=true - log_end_msg 0 -fi - -# Turn on autoeject of CD-ROMs -if $NOEJECT ; then - for dev in /proc/sys/dev/cdrom*/lock; do [ -f "$dev" ] && echo 0 > "$dev"; done - for dev in /proc/sys/dev/cdrom*/autoeject; do [ -f "$dev" ] && echo 1 > "$dev"; done -fi - -# Umount file systems -log_begin_msg "Syncing local filesystems..." -sync && sleep 1 ; log_end_msg $? - -log_begin_msg "Unmounting file systems." - -# Be safe in case someone messed with /etc/mtab -if ! $INSTALLED ; then - rm -f /etc/mtab - ln -snf /proc/mounts /etc/mtab -fi - -# Free loopback devices if necessary, so we can unmount the host media -for i in /dev/loop*; do losetup -d $i 2>/dev/null; done - -umount -t notmpfs,nosysfs,noproc,nousbfs -adrvf 1>/dev/null 2>&1 - -log_end_msg 0 - -# Network stuff -log_begin_msg "Unmounting network filesystems" -umount -t nfs,nfs4,smbfs -alvf 2>/dev/null ; log_end_msg $? - -NETDEVICES="$(/sbin/ifconfig | awk '/^[^ ]+/ {print $1}' | grep -v '^lo$')" -if [ -n "$NETDEVICES" ]; then - pidof pump >/dev/null 2>&1 && { pump -k ; sleep 2; } - killall dhclient dhclient3 2>/dev/null - log_begin_msg "Shutting down network device..." - for n in $NETDEVICES; do - echo "${SUBMSG} ${WHITE}$n${NORMAL}" - ifdown $n 1>/dev/null 2>&1 - ifconfig $n down - done ; log_end_msg $? -fi - -# For a harddisk installation: mount / ro -$INSTALLED && mount -n -o remount,ro / 2>/dev/null - -# Prompt for removal of live system device -if ! $INSTALLED && ! $NOPROMPT ; then - # do not prompt for removal when running in grml2ram mode: - if ! mount | grep -qe 'on /run/live/medium' -qe 'on /lib/live/mount/medium' ; then - echo "Live System not mounted, nothing to eject therefore." - else - [ -d "$MOUNTPATH" ] && umount -l "$MOUNTPATH" - if ! $NOEJECT && [ -n "$CDROM" ] ; then - $REMOVABLE && eject -p "$CDROM" 2>/dev/null - fi - echo - if $USB_DEVICE ; then - # if we do not have any information about the usb model then fallback to the device name instead - [ -n "$USB_INFO" ] || USB_INFO=" (${CDROM})" - read -s -p "${GREEN}Please remove the USB device${USB_INFO} and press ENTER to continue [auto 2 minutes].${NORMAL}" -t 120 a - else - [ -n "$CDROM" ] && CDROM=" (${CDROM})" - read -s -p "${GREEN}Please remove the live system${CDROM}, close the tray (if any) and press ENTER to continue [auto 2 minutes].${NORMAL}" -t 120 a - fi - fi -fi - -echo -echo "$message" >/dev/console - -# Finally halt or reboot -/etc/init.d/$command stop - -## END OF FILE ################################################################# diff --git a/etc/init.d/ssh b/etc/init.d/ssh deleted file mode 100755 index 8554fc4..0000000 --- a/etc/init.d/ssh +++ /dev/null @@ -1,211 +0,0 @@ -#! /bin/sh - -### BEGIN INIT INFO -# Provides: sshd -# Required-Start: $remote_fs $syslog -# Required-Stop: $remote_fs $syslog -# Default-Start: 2 3 4 5 -# Default-Stop: -# Short-Description: OpenBSD Secure Shell server -### END INIT INFO - -# Notice: this file has been slightly adjusted by the -# Grml team so the script supports key-generation - -# Configurable options: -KEYGEN=/usr/bin/ssh-keygen -RSA_KEY=/etc/ssh/ssh_host_rsa_key -DSA_KEY=/etc/ssh/ssh_host_dsa_key -ECDSA_KEY=/etc/ssh/ssh_host_ecdsa_key -ED25519_KEY=/etc/ssh/ssh_host_ed25519_key - -set -e - -# /etc/init.d/ssh: start and stop the OpenBSD "secure shell(tm)" daemon - -test -x /usr/sbin/sshd || exit 0 -( /usr/sbin/sshd -\? 2>&1 | grep -q OpenSSH ) 2>/dev/null || exit 0 - -umask 022 - -if test -f /etc/default/ssh; then - . /etc/default/ssh -fi - -. /lib/lsb/init-functions - -if [ -n "$2" ]; then - SSHD_OPTS="$SSHD_OPTS $2" -fi - -# Are we running from init? -run_by_init() { - ([ "$previous" ] && [ "$runlevel" ]) || [ "$runlevel" = S ] -} - -check_for_upstart() { - if init_is_upstart; then - exit $1 - fi -} - -check_for_no_start() { - # forget it if we're trying to start, and /etc/ssh/sshd_not_to_be_run exists - if [ -e /etc/ssh/sshd_not_to_be_run ]; then - if [ "$1" = log_end_msg ]; then - log_end_msg 0 || true - fi - if ! run_by_init; then - log_action_msg "OpenBSD Secure Shell server not in use (/etc/ssh/sshd_not_to_be_run)" || true - fi - exit 0 - fi -} - -check_dev_null() { - if [ ! -c /dev/null ]; then - if [ "$1" = log_end_msg ]; then - log_end_msg 1 || true - fi - if ! run_by_init; then - log_action_msg "/dev/null is not a character device!" || true - fi - exit 1 - fi -} - -check_privsep_dir() { - # Create the PrivSep empty dir if necessary - if [ ! -d /var/run/sshd ]; then - mkdir /var/run/sshd - chmod 0755 /var/run/sshd - fi -} - -check_config() { - if [ ! -e /etc/ssh/sshd_not_to_be_run ]; then - /usr/sbin/sshd $SSHD_OPTS -t || exit 1 - fi -} - - -generate_ssh_keys() { - if ! test -f $RSA_KEY ; then - log_action_msg "Generating SSH2 RSA host key..." - $KEYGEN -t rsa -f $RSA_KEY -C '' -N '' || exit 1 - fi - - if ! test -f $DSA_KEY ; then - log_action_msg "Generating SSH2 DSA host key..." - $KEYGEN -t dsa -f $DSA_KEY -C '' -N '' || exit 1 - fi - - if ! test -f "$ECDSA_KEY" && grep -q "$ECDSA_KEY" /etc/ssh/sshd_config ; then - log_action_msg "Generating SSH2 ECDSA host key..." - $KEYGEN -t ecdsa -f "$ECDSA_KEY" -C '' -N '' || exit 1 - fi - - if ! test -f "$ED25519_KEY" && grep -q "$ED25519_KEY" /etc/ssh/sshd_config ; then - log_action_msg "Generating SSH2 ED25519 host key..." - $KEYGEN -t ed25519 -f "$ED25519_KEY" -C '' -N '' || exit 1 - fi -} - -export PATH="${PATH:+$PATH:}/usr/sbin:/sbin" - -case "$1" in - start) - check_for_upstart 1 - check_privsep_dir - check_for_no_start - check_dev_null - generate_ssh_keys - log_daemon_msg "Starting OpenBSD Secure Shell server" "sshd" || true - if start-stop-daemon --start --quiet --oknodo --pidfile /var/run/sshd.pid --exec /usr/sbin/sshd -- $SSHD_OPTS; then - log_end_msg 0 || true - else - log_end_msg 1 || true - fi - ;; - stop) - check_for_upstart 0 - log_daemon_msg "Stopping OpenBSD Secure Shell server" "sshd" || true - if start-stop-daemon --stop --quiet --oknodo --pidfile /var/run/sshd.pid; then - log_end_msg 0 || true - else - log_end_msg 1 || true - fi - ;; - - reload|force-reload) - check_for_upstart 1 - check_for_no_start - check_config - generate_ssh_keys - log_daemon_msg "Reloading OpenBSD Secure Shell server's configuration" "sshd" || true - if start-stop-daemon --stop --signal 1 --quiet --oknodo --pidfile /var/run/sshd.pid --exec /usr/sbin/sshd; then - log_end_msg 0 || true - else - log_end_msg 1 || true - fi - ;; - - restart) - check_for_upstart 1 - check_privsep_dir - check_config - generate_ssh_keys - log_daemon_msg "Restarting OpenBSD Secure Shell server" "sshd" || true - start-stop-daemon --stop --quiet --oknodo --retry 30 --pidfile /var/run/sshd.pid - check_for_no_start log_end_msg - check_dev_null log_end_msg - if start-stop-daemon --start --quiet --oknodo --pidfile /var/run/sshd.pid --exec /usr/sbin/sshd -- $SSHD_OPTS; then - log_end_msg 0 || true - else - log_end_msg 1 || true - fi - ;; - - try-restart) - check_for_upstart 1 - check_privsep_dir - check_config - generate_ssh_keys - log_daemon_msg "Restarting OpenBSD Secure Shell server" "sshd" || true - RET=0 - start-stop-daemon --stop --quiet --retry 30 --pidfile /var/run/sshd.pid || RET="$?" - case $RET in - 0) - # old daemon stopped - check_for_no_start log_end_msg - check_dev_null log_end_msg - if start-stop-daemon --start --quiet --oknodo --pidfile /var/run/sshd.pid --exec /usr/sbin/sshd -- $SSHD_OPTS; then - log_end_msg 0 || true - else - log_end_msg 1 || true - fi - ;; - 1) - # daemon not running - log_progress_msg "(not running)" || true - log_end_msg 0 || true - ;; - *) - # failed to stop - log_progress_msg "(failed to stop)" || true - log_end_msg 1 || true - ;; - esac - ;; - - status) - check_for_upstart 1 - status_of_proc -p /var/run/sshd.pid /usr/sbin/sshd sshd && exit 0 || exit $? - ;; - - *) - log_action_msg "Usage: /etc/init.d/ssh {start|stop|reload|force-reload|restart|try-restart|status}" || true - exit 1 -esac - -exit 0 -- 2.1.4