#!/bin/sh # rebuild-hosts.allow.sh # Rebuild /etc/hosts.allow From Standard And User-Requested Entries # Part Of The 'tperimeter' Package # # Copyright (c) 2006 TundraWare Inc., Des Plaines, IL USA # All Rights Reserved RCSID='$Id: rebuild-hosts.allow.sh,v 1.105 2006/07/14 15:09:40 tundra Exp $' BASE="/usr/local/etc/tperimeter" EPILOGUE=${BASE}/epilogue PROLOGUE=${BASE}/prologue STDALLOW=${BASE}/allow STDDENY=${BASE}/deny USERREQUESTS="/www/cgi-bin/tperimeter/requests" ##### # Function To Scan A Directory Structure To Build # "Allow" Entries In Proper /etc/hosts.allow Format ##### BuildEntries() { if [ -d $1 ] # Only attempt this if the allow/deny directory exists then cd $1 for x in * do if [ $x != '*' ] # Only if there are services specified therein then cd $x list="" for y in * do if [ $y != '*' ] # Only create list if actual addresses are present then list=${list}${y}" " fi done if [ "$list" ] # Output complete rule for all non-empty address lists then echo "$x: $list :$2" fi cd .. fi done fi } # End Of 'BuildEntries()' ##### # Rebuild /etc/hosts-allow ##### # Timestamp it echo "# Built By: ${RCSID}" echo "# Built On: `date`" echo "" # First, add any user-requested temporary additions # This puts 'tperimeter' requests *before* the check for # Forward/Reverse IP agreement in the prologue section. # This avoids problems with mobile access locations that # have improperly configured DNS. echo "# Access Requested Via The 'tperimeter' Interface" echo "" BuildEntries ${USERREQUESTS} "ALLOW" # Now, the standard prologue cat ${PROLOGUE} # Delete the user requests rm -rf ${USERREQUESTS} # Now include the standard set of access definitions echo "" echo "# Standard 'Deny' Entries" echo "" BuildEntries ${STDDENY} "DENY" echo "" echo "# Standard 'Allow' Entries" echo "" BuildEntries ${STDALLOW} "ALLOW" echo "" echo "" # Finally, add the epilogue cat ${EPILOGUE}