rootfiles

Description:

root 홈디렉토리에 필요한 기본 파일

Changes on AnNyung:

  1. 1.
    serial console로 접속시 LANG 환경 변수를 en_US.UTF-8로 변경
  2. 2.
    ISMS 인증 관련 정책 적용
  3. 3.
    root login 정책 제한
    1. 1.
      기본적으로 root로 login을 제한
    2. 2.
      사설 IP에서의 접근의 경우, tty console 만(non-intercative shell) 접속 가능
    3. 3.
      /root/.bashrc 에서 사용자 정의 가능
1
if [ -n "${SSH_CLIENT}" ]; then
2
NETWORK_A_CLASS="${SSH_CLIENT%%.*}."
3
# console type
4
# non-interactive mode => serial
5
# interactive mode (login shell) => pty
6
contype="$(/sbin/consoletype 2> /dev/null)"
7
8
#
9
# allow with A class
10
#
11
if [ -z "${LOGIN_ACCESS}" ]; then
12
case "${NETWORK_A_CLASS}" in
13
"10.")
14
#
15
# Allow non-interactive shell from private network range
16
#
17
# If you want to allow only interactive shell
18
# [ "${contype}" = "pty" ] && LOGIN_ACCESS="yes"
19
#
20
# If you want to allow both interactive and non-interactive shell
21
# LOGIN_ACCESS="yes"
22
#
23
[ "${contype}" != "pty" ] && LOGIN_ACCESS="yes"
24
;;
25
esac
26
fi
27
28
#
29
# allow with B Class
30
#
31
if [ -z "${LOGIN_ACCESS}" ]; then
32
# ssh_client format: IP_ADDRESS:CONNECT_PORT
33
ssh_client=$(echo ${SSH_CLIENT} | /bin/awk '{print $1":"$3'})
34
NETWORK_B_CLASS=$(echo ${ssh_client} | /bin/sed -e 's/\(\([0-9]\+\.\)\{2\}\).*/\1/g' 2> /dev/null)
35
NETWORK_C_CLASS=$(echo ${ssh_client} | /bin/sed -e 's/\(\([0-9]\+\.\)\{3\}\).*/\1/g' 2> /dev/null)
36
37
case "${NETWORK_B_CLASS}" in
38
"172.16."|"192.168.")
39
#
40
# Allow non-interactive shell from private network range
41
#
42
[ "${contype}" != "pty" ] && LOGIN_ACCESS="yes"
43
;;
44
esac
45
fi
46
47
48
#
49
# allow with C Class
50
#
51
if [ -z "${LOGIN_ACCESS}" ]; then
52
case "${NETWORK_C_CLASS}" in
53
#"211.37.6.")
54
# [ "${contype}" != "pty" ] && LOGIN_ACCESS="yes"
55
# ;;
56
*)
57
#
58
# allow per host
59
#
60
case "${ssh_client}" in
61
#"1.1.1.1:22")
62
# [ "${contype}" != "pty" ] && LOGIN_ACCESS="yes"
63
# ;;
64
#"143.1.1.1:2020")
65
# [ "${contype}" != "pty" ] && LOGIN_ACCESS="yes"
66
# ;;
67
*)
68
LOGIN_ACCESS=""
69
esac
70
;;
71
esac
72
fi
73
74
[ -z "$LOGIN_ACCESS" ] && \
75
echo -en "* \\033[1;31mNotice:\\033[0;39m" && \
76
echo " You can't access root privileges with remote access!" && \
77
exit
78
fi
Copied!

Sub packages:

Last modified 2yr ago