Fork: 0
tundra / tperimeter
Transfer to URL with SHA Find file
Newer
Older
tperimeter / rebuild-hosts.allow.sh
@tundra tundra on 9 Jun 2012 2 KB Updated copyright.
Raw Blame History 
#!/bin/sh
# rebuild-hosts.allow.sh
# Rebuild /etc/hosts.allow From Standard And User-Requested Entries
# Part Of The 'tperimeter' Package
#
# Copyright (c) 2006-2012 TundraWare Inc., Des Plaines, IL USA
# All Rights Reserved

RCSID='$Id: rebuild-hosts.allow.sh,v 1.108 2012/06/09 20:36:22 tundra Exp $'

# How long should access remain open?
# This must be in the format used by the 'find -ctime' option

DURATION=10m    

# File locations

BASE="/usr/local/etc/tperimeter"
EPILOGUE=${BASE}/epilogue
PROLOGUE=${BASE}/prologue
STDALLOW=${BASE}/allow
STDDENY=${BASE}/deny
USERREQUESTS="/www/cgi-bin/tperimeter/requests"

#####
# Function To Scan A Directory Structure To Build
# "Allow" Entries In Proper /etc/hosts.allow Format
#####

BuildEntries()
{
  if [ -d $1 ]          # Only attempt this if the allow/deny directory exists
  then
    cd $1
    for x in *
      do
        if [ $x != '*' ]  # Only if there are services specified therein
        then
          cd $x
          list=""
          for y in *
          do
            if [ $y != '*' ]    # Only create list if actual addresses are present
            then
              list=${list}${y}" "
            fi
          done
          if [ "$list" ]       # Output complete rule for all non-empty address lists
          then
            echo "$x: $list :$2"
          fi
          cd ..
        fi
      done
  fi
}

# End Of 'BuildEntries()'


#####
# Rebuild /etc/hosts-allow
#####

# Before we do this, delete the user requests older than $DURATAION

find ${USERREQUESTS} -type f -ctime +${DURATION} -exec rm {} \;

# Timestamp it

echo "# Built By:  ${RCSID}"
echo "# Built On:  `date`"
echo ""

# First, add any user-requested temporary additions
# This puts 'tperimeter' requests *before* the check for
# Forward/Reverse IP agreement in the prologue section.
# This avoids problems with mobile access locations that
# have improperly configured DNS.

echo "# Access Requested Via The 'tperimeter' Interface"
echo ""

BuildEntries ${USERREQUESTS} "ALLOW"


# Now, the standard prologue

cat ${PROLOGUE}

# Now include the standard set of access definitions

echo ""
echo "# Standard 'Deny' Entries"
echo ""

BuildEntries ${STDDENY}  "DENY"

echo ""
echo "# Standard 'Allow' Entries"
echo ""

BuildEntries ${STDALLOW} "ALLOW"
echo ""
echo ""

# Finally, add the epilogue

cat ${EPILOGUE}