rootfiles

Search…
rootfiles
Description:
root 홈디렉토리에 필요한 기본 파일
Changes on AnNyung:
1.serial console로 접속시 LANG 환경 변수를 en_US.UTF-8로 변경
2.​ISMS 인증 관련 정책 적용
3.root login 정책 제한
1.기본적으로 root로 login을 제한
2.사설 IP에서의 접근의 경우, tty console 만(non-intercative shell) 접속 가능
ssh [email protected] 접속 불가
ssh [email protected] "ls -al" 가능
3./root/.bashrc 에서 사용자 정의 가능 
1
if [ -n "${SSH_CLIENT}" ]; then
2
    NETWORK_A_CLASS="${SSH_CLIENT%%.*}."
3
    # console type
4
    # non-interactive mode         => serial
5
    # interactive mode (login shell) => pty
6
    contype="$(/sbin/consoletype 2> /dev/null)"
7
​
8
    #
9
    # allow with A class
10
    #
11
    if [ -z "${LOGIN_ACCESS}" ]; then
12
        case "${NETWORK_A_CLASS}" in
13
            "10.")
14
                #
15
                # Allow non-interactive shell from private network range
16
                #
17
                # If you want to allow only interactive shell
18
                # [ "${contype}" = "pty" ] && LOGIN_ACCESS="yes"
19
                #
20
                # If you want to allow both interactive and non-interactive shell
21
                # LOGIN_ACCESS="yes"
22
                #
23
                [ "${contype}" != "pty" ] && LOGIN_ACCESS="yes"
24
                ;;
25
        esac
26
    fi
27
​
28
    #
29
    # allow with B Class
30
    #
31
    if [ -z "${LOGIN_ACCESS}" ]; then
32
        # ssh_client format: IP_ADDRESS:CONNECT_PORT
33
        ssh_client=$(echo ${SSH_CLIENT} | /bin/awk '{print $1":"$3'})
34
        NETWORK_B_CLASS=$(echo ${ssh_client} | /bin/sed -e 's/\(\([0-9]\+\.\)\{2\}\).*/\1/g' 2> /dev/null)
35
        NETWORK_C_CLASS=$(echo ${ssh_client} | /bin/sed -e 's/\(\([0-9]\+\.\)\{3\}\).*/\1/g' 2> /dev/null)
36
​
37
        case "${NETWORK_B_CLASS}" in
38
            "172.16."|"192.168.")
39
                #
40
                # Allow non-interactive shell from private network range
41
                #
42
                [ "${contype}" != "pty" ] && LOGIN_ACCESS="yes"
43
                ;;
44
        esac
45
    fi
46
​
47
​
48
    #
49
    # allow with C Class
50
    #
51
    if [ -z "${LOGIN_ACCESS}" ]; then
52
        case "${NETWORK_C_CLASS}" in
53
            #"211.37.6.")
54
            #   [ "${contype}" != "pty" ] && LOGIN_ACCESS="yes"
55
            #   ;;
56
            *)
57
                #
58
                # allow per host
59
                #
60
                case "${ssh_client}" in
61
                    #"1.1.1.1:22")
62
                    #   [ "${contype}" != "pty" ] && LOGIN_ACCESS="yes"
63
                    #   ;;
64
                    #"143.1.1.1:2020")
65
                    #   [ "${contype}" != "pty" ] && LOGIN_ACCESS="yes"
66
                    #   ;;
67
                    *)
68
                        LOGIN_ACCESS=""
69
                esac
70
                ;;
71
        esac
72
    fi
73
​
74
    [ -z "$LOGIN_ACCESS" ] && \
75
        echo -en "* \\033[1;31mNotice:\\033[0;39m" && \
76
        echo " You can't access root privileges with remote access!" && \
77
        exit
78
fi
Copied!
Sub packages:
redhat-rpm-config
rsyslog
Last modified 2yr ago
Copy link
Contents
Description:
Changes on AnNyung:
Sub packages: