Mercurial > hg > anonet-resdb
changeset 537:8e8a01a680b4 draft
peer2anonet changes made:
* parse quicktun.keypair</dev/random directly to seckey variable.
* removed y/n questions with file tests and automatic
configuration.
* README file updated
* ported for autoconfig file pipes
* some security checks created
| author | d3v1150m471c <d3v11@d3v1150m471c.ano> |
|---|---|
| date | Sun, 10 Jul 2011 07:16:47 -0500 |
| parents | 1bfad7d3fb55 |
| children | 3247a742e3f8 |
| files | contrib/peer2anonet/README contrib/peer2anonet/peer2anonet |
| diffstat | 2 files changed, 120 insertions(+), 48 deletions(-) [+] |
line wrap: on
line diff
--- a/contrib/peer2anonet/README Sun Jul 10 04:39:18 2011 -0500 +++ b/contrib/peer2anonet/README Sun Jul 10 07:16:47 2011 -0500 @@ -7,6 +7,8 @@ SYNOPSIS: peer2anonet + -OR- + peer2anonet < autoconfig DESCRIPTION: @@ -50,6 +52,31 @@ make install-deb +USAGE: + You may execute peer2anonet and answer configuration questions + via interface or pipe a file containing the new peering + session's specifications to the executable. peer2anonet has + some security checks but it is highly recommended you check + a autoconfig file manually before using to prevent malicious + attacks. An autoconfig file should be in the following format: + Plain text file, one block of data per line, no spaces, and + without including the following '<-- comments'. + +================== Not Actual Line on File ============================ +anon <--your peer's alias +1.2.3.0 <--your new anonet network address +1.2.3.1 <--your new anonet router address +1.2.3.2 <--your new anonet ip +1001 <--your new anonet client port +1230 <--you new asn +11.22.33.44 <--your peer's remote ip +3.5.7.9 <--your peer's anonet ip +3571 <--your peer's client port +3570 <--your peer's asn +3c6e0b8a9c15224a8228b9a98ca1531d <--your peer's public key +================== Not Actual Line on File ============================ + + CHANGES: Sat Jul 9 06:48:58 CDT 2011 - d3v1150m471c * quicktun's "EXPORT DEBUG=1" removed on peering script. @@ -63,4 +90,15 @@ * bash added to dependencies * file tests with mkdir changed to `mkdir -p`... . * peering file removed, passes directly to run file now. + + Sun Jul 10 05:47:22 CDT 2011 - d3v1150m471c + * makefile changed to Makefile + * parse quicktun.keypair</dev/random directly to seckey variable. + * removed y/n questions with file tests and automatic + configuration. + * README file updated + * ported for autoconfig file pipes + * some security checks created + +
--- a/contrib/peer2anonet/peer2anonet Sun Jul 10 04:39:18 2011 -0500 +++ b/contrib/peer2anonet/peer2anonet Sun Jul 10 07:16:47 2011 -0500 @@ -2,7 +2,7 @@ ######################################################################### # We need to check for root privileges: if [[ $(id -u) != 0 ]]; then - echo "peer2anonet: error: root priviliges required." + echo "peer2anonet: error: root privileges required." exit 1 fi @@ -13,10 +13,16 @@ mkdir -p /service ######################################################################### -# See if we need new keys: -read -p "Would you like to generate new keys? [y/n]: " ASK -[[ $ASK == *y* ]] && quicktun.keypair</dev/random && echo -[[ $ASK == *Y* ]] && quicktun.keypair</dev/random && echo +# Generate new keys: +KEYS=`quicktun.keypair</dev/random` +SECKEY=`echo $KEYS | head -1` +YPUBKEY=`echo $KEYS | head -2 | tail -1` +echo " +peer2anonet: your public key is: + +$YPUBKEY + +" ######################################################################### # We need to get info for the new peering and BGP session: @@ -30,10 +36,70 @@ read -p "Enter your peer anonet ip: " PEERIP read -p "Enter your peer remote port: " PEERPORT read -p "Enter your peer asn: " PEERASN -read -p "Enter your secret key: " SECKEY read -p "Enter your peer's public key: " PUBKEY ######################################################################### +# Do some security checks on variables: +TEST[0]=$PEERNAME; TEST[1]=$YOURNET; TEST[2]=$YOURROUTE; TEST[3]=$YOURIP +TEST[4]=$YOURPORT; TEST[5]=$YOURASN; TEST[6]=$REMOTEIP; TEST[7]=$PEERIP + TEST[8]=$PEERPORT; TEST[9]=$PEERASN + +SECURE() { + echo "peer2anonet: error: possible malicious code detected" + echo "offending data: $CHECK" + exit 1 + } + + +for CHECK in ${TEST[@]}; do +[[ $CHECK == *'rm '* ]] && SECURE +[[ $CHECK == *'mail '* ]] && SECURE +[[ $CHECK == *'cp '* ]] && SECURE +[[ $CHECK == *'mv '* ]] && SECURE +[[ $CHECK == *'ipconfig'* ]] && SECURE +[[ $CHECK == *'iwconfig'* ]] && SECURE +[[ $CHECK == *'ping '* ]] && SECURE +[[ $CHECK == *'make '* ]] && SECURE +[[ $CHECK == *'install'* ]] && SECURE +[[ $CHECK == *'uninstall'* ]] && SECURE +[[ $CHECK == *'map '* ]] && SECURE +[[ $CHECK == *'su '* ]] && SECURE +[[ $CHECK == *'sudo'* ]] && SECURE +[[ $CHECK == *'$'* ]] && SECURE +[[ $CHECK == *'!'* ]] && SECURE +[[ $CHECK == *'echo'* ]] && SECURE +[[ $CHECK == *'netcat'* ]] && SECURE +[[ $CHECK == *'id '* ]] && SECURE +[[ $CHECK == *'source'* ]] && SECURE +[[ $CHECK == *'alias '* ]] && SECURE +[[ $CHECK == *'passwd'* ]] && SECURE +[[ $CHECK == *'user'* ]] && SECURE +[[ $CHECK == *'bash'* ]] && SECURE +[[ $CHECK == *'ls '* ]] && SECURE +[[ $CHECK == *'ssh'* ]] && SECURE +[[ $CHECK == *'nc '* ]] && SECURE +[[ $CHECK == *'telnet'* ]] && SECURE +[[ $CHECK == *'rdesktop'* ]] && SECURE +[[ $CHECK == *'iptables'* ]] && SECURE +[[ $CHECK == *'}'* ]] && SECURE +[[ $CHECK == *'{'* ]] && SECURE +[[ $CHECK == *'['* ]] && SECURE +[[ $CHECK == *']'* ]] && SECURE +[[ $CHECK == *'('* ]] && SECURE +[[ $CHECK == *')'* ]] && SECURE +[[ $CHECK == *'exec'* ]] && SECURE +[[ $CHECK == *'dash'* ]] && SECURE +[[ $CHECK == *'perl'* ]] && SECURE +[[ $CHECK == *'python'* ]] && SECURE +[[ $CHECK == *'netstat'* ]] && SECURE +[[ $CHECK == *'sockstat'* ]] && SECURE +[[ $CHECK == *'>'* ]] && SECURE +[[ $CHECK == *'<'* ]] && SECURE +[[ $CHECK == *'/'* ]] && SECURE +[[ $CHECK == *'kill'* ]] && SECURE +done + +######################################################################### # We need to check if base files need to be imported to services for bird: NEW_PROTOCOL=" protocol bgp $PEERNAME'_bgp' { table AnoNet_routes; @@ -96,49 +162,18 @@ import filter only_AnoNet; }" -while true; do - read -p "Is this your first peering session?" ASK - if [[ $ASK == *y* ]]; then - echo "$BIRD_CONF" > /services/bird/bird.conf - echo "$BIRD_RUN" > /services/bird/run - chmod +x /services/bird/run - echo "$NEW_PROTOCOL" >> /services/bird/bird.conf - break - elif [[ $ASK == *Y* ]]; then - echo "$BIRD_CONF" > /services/bird/bird.conf - echo "$BIRD_RUN" > /services/bird/run - chmod +x /services/bird/run - echo "$NEW_PROTOCOL" >> /services/bird/bird.conf - break - elif [[ $ASK == *n* ]]; then - break - elif [[ $ASK == *N* ]]; then - break - fi -done + + +test -e /services/bird/bird.conf || echo "$BIRD_CONF" > /services/bird/bird.conf +test -e /services/bird/run || echo "$BIRD_RUN" > /services/bird/run +chmod +x /services/bird/run +echo "$NEW_PROTOCOL" >> /services/bird/bird.conf ######################################################################### # We need to check if this peering session already exists: -if [ -e /services/"$PEERNAME" ]; then - while true; do - read -p "$PEERNAME already exists, would you like to replace it? [y/n]: " ASK - if [[ $ASK == *y* ]]; then - rm -r /services/"$PEERNAME" - mkdir /services/"$PEERNAME" - break - elif [[ $ASK == *Y* ]]; then - rm -r /services/"$PEERNAME" - mkdir /services/"$PEERNAME" - break - elif [[ $ASK == *n* ]]; then - exit 0 - elif [[ $ASK == *N* ]]; then - exit 0 - fi - done -else - mkdir /services/"$PEERNAME" -fi +test -e /services/"$PEERNAME" && rm -r /services/"$PEERNAME" +mkdir -p /services/"$PEERNAME" + ######################################################################### # Create files to configure the new peering session: @@ -146,7 +181,7 @@ export REMOTE_ADDRESS=$REMOTEIP export REMOTE_PORT=$PEERPORT export LOCAL_PORT=$YOURPORT -export PRIVATE_KEY=$SECKEY +export PRIVATE_KEY=${SECKEY/'SECRET: /} export PUBLIC_KEY=$PUBKEY export TUN_MODE=1 export INTERFACE=ppp-$PEERNAME @@ -161,7 +196,6 @@ ######################################################################### # Configure and start our new peering session: ln -s /services/"$PEERNAME" /service/ -echo echo "peer2anonet: New peering session configured " exit 0