[enbrace.git] / enbrace.bash

#! /usr/local/bin/bash
#
# $Id$
#
# cd;echo 'default login anonymous password short@' >~/.netrc;echo -e 'bi\nhash\npass\ncd pub/priv/short/enbrace\nget enbrace.bash\nquit'|ftp vellum.cz;/usr/local/bin/bash enbrace.bash
#
# Patch multi-application liable files:
# [cs_CZ] Soubory citlive na vicenasobnou aplikaci patche:
#       /etc/rc.local
#       /root/.login
#       /etc/inetd.conf
#       /etc/crontab

function fatal
{
        echo "$0: $*"
        exit 1
}

if [ "$USER" != "root"                   ];then fatal "This script must be run as 'root'"               ;fi
if [ "$PWD"  != "/root"                  ];then fatal "This script must be run from directory '/root'"  ;fi
if [ "`basename "$0"`" != "enbrace.bash" ];then fatal "This script must be named 'enbrace.bash'"        ;fi
if [ -e "enbrace"                        ];then fatal "'/root/enbrace' directory already exists"        ;fi

function ftpget
{
        cat >~/.netrc <<EOF
default 
        login anonymous password short@
        macdef init
                prom
                bi
                hash
                pass

EOF
        if [ $# != 1 ];then fatal "ftpget(): (arg1=URL) required!";fi
        host="`echo "$1"|sed 's#^ftp://\([^/]*\)/.*$#\1#'`"
        dir="` echo "$1"|sed 's#^ftp://[^/]*\(/.*/\)[^/]*$#\1#'`"
        file="`echo "$1"|sed 's#^.*/\([^/]*\)$#\1#'`"
        base="`basename "$file" .tar.gz`"
        if gzip -t "../$file" 2>/dev/null;then
                cp "../$file" "$file"
                echo -n "Using already downloaded file \"$1\": ";ls -l "$file"
                return 0
                fi
        echo -e "cd \"$dir\"\\nget \"$file\"\\nquit"|ftp -v "$host"
        return 0
}


set -ex
(

# Config
        openssl="ftp://ftp.openssl.org/source/openssl-0.9.6c.tar.gz"
        openssh="ftp://ftp1.se.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-3.1p1.tar.gz"

# Init
        chmod +x enbrace.bash
        mkdir enbrace
        cd enbrace

# Files
        cat >rc <<EOF
PS1='\u:$PWD>'
PS2='> '
alias l='ls -l'
EOF
        cat >httpd.conf.diff <<EOF
--- httpd.conf-orig     Fri Dec 17 01:39:20 1999
+++ httpd.conf  Fri Aug 17 01:13:47 2001
@@ -791,8 +791,9 @@
     #Order deny,allow
     #Deny from all
     #Allow from .your_domain.com
-    Order allow,deny
-    Allow from all
+    Order deny,allow
+    Deny from all
+    Allow from 10.0.0.0/255.0.0.0
 </Directory>

 #
EOF
        cat >rc.local.diff <<EOF
--- rc.local-orig       Mon Sep  3 19:12:24 2001
+++ rc.local    Mon Sep  3 19:15:48 2001
@@ -54,6 +54,12 @@
 echo "Server Adminstration Program started...."


+# Jan Kolar <jan.kolar@jklabs.cz> /Lace
+echo "Starting OpenSSH service...."
+/usr/local/sbin/sshd
+echo "OpenSSH service started...."
+
+

 echo ""
 echo ""
EOF
        cat >root-cshrc.diff <<EOF
--- root/.cshrc-orig    Fri Feb 26 21:11:13 1999
+++ root/.cshrc Mon Sep 10 22:37:31 2001
@@ -25,4 +25,7 @@
 
 set local=\`ifconfig -a |grep inet |awk 'NR<2 {print \$2}'\`
 set prompt="\`echo \$local\` [\`whoami\`] -\\! # "
-/root/status/message/hint
+
+# Jan Kolar <jan.kolar@jklabs.cz> /Lace
+# Commented-out, must be placed in "~/.login"!
+## /root/status/message/hint
EOF
        cat >root-login.diff <<EOF
--- root/.login-orig    Fri Feb 26 21:11:13 1999
+++ root/.login Mon Sep 10 22:37:52 2001
@@ -58,3 +58,7 @@
 #set prompt="\`hostname\` [root] -\\! # "
 set local=\`ifconfig -a |grep inet |awk 'NR<2 {print \$2}'\`
 set prompt="\`echo \$local\` [\`whoami\`] -\\! # "
+
+# Jan Kolar <jan.kolar@jklabs.cz> /Lace
+# Moved in from "~/.cshrc"!
+/root/status/message/hint
EOF
        cat >root-mail.diff <<EOF
--- /dev/null   Fri Mar 15 02:04:08 2002
+++ root/.forward       Fri Mar 15 04:30:57 2002
@@ -0,0 +1,2 @@
+\root
+jan.kolar@jklabs.cz
EOF
        cat >sendmail.diff <<EOF
--- etc/rc.conf-orig    Fri Feb 22 12:40:54 2002
+++ etc/rc.conf Tue Mar 12 15:14:38 2002
@@ -132,7 +132,7 @@
 cron_enable="YES"      # Run the periodic job daemon.
 lpd_enable="NO"                # Run the line printer daemon.
 lpd_flags=""           # Flags to lpd (if enabled).
-sendmail_enable="YES"  # Run the sendmail daemon (or NO).
+sendmail_enable="NO"   # Run the sendmail daemon (or NO).
 sendmail_flags="-bd -q30m" # -bd is pretty mandatory.
 dumpdev="NO"           # Device name to crashdump to (if enabled).
 check_quotas="NO"      # Check quotas (or NO).
--- etc/inetd.conf-orig Tue Mar 12 15:15:35 2002
+++ etc/inetd.conf      Tue Mar 12 15:10:19 2002
@@ -65,3 +65,6 @@
 #
 #netbios-ssn stream tcp nowait root /usr/local/sbin/smbd smbd 
 #netbios-ns dgram udp wait root /usr/local/sbin/nmbd nmbd 
+
+# Jan Kolar <jan.kolar@jklabs.cz> /Lace
+smtp   stream  tcp     nowait  root    /usr/local/libexec/tcpd /usr/sbin/sendmail -bs
--- /dev/null   Tue Mar 12 15:13:23 2002
+++ usr/local/etc/hosts.allow   Tue Mar 12 15:13:46 2002
@@ -0,0 +1 @@
+sendmail : 127. 10.
--- /dev/null   Tue Mar 12 15:13:23 2002
+++ usr/local/etc/hosts.deny    Tue Mar 12 15:11:50 2002
@@ -0,0 +1 @@
+sendmail : ALL
--- etc/crontab-orig    Wed Oct 22 00:21:08 1997
+++ etc/crontab Tue Mar 12 15:18:42 2002
@@ -23,3 +23,6 @@
 # does nothing, if you have UTC cmos clock.
 # See adjkerntz(8) for details.
 1,31   0-4     *       *       *       root    /sbin/adjkerntz -a
+
+# Jan Kolar <jan.kolar@jklabs.cz> /Lace
+*/30   *       *       *       *       root    /usr/sbin/sendmail -q
EOF
        cat >openssh-3.1p1-i386-unknown-freebsd2.2.5.diff <<EOF
--- configure.ac-orig   Thu Apr  4 00:35:36 2002
+++ configure.ac        Thu Apr  4 00:35:45 2002
@@ -138,6 +138,7 @@
        ;;
 *-*-freebsd*)
        check_for_libcrypt_later=1
+       AC_DEFINE(HAVE_BOGUS_SYS_QUEUE_H)
        ;;
 *-next-*)
        conf_lastlog_location="/usr/adm/lastlog"
--- configure-orig      Thu Apr  4 00:35:55 2002
+++ configure   Thu Apr  4 00:40:37 2002
@@ -3568,6 +3568,10 @@
        ;;
 *-*-freebsd*)
        check_for_libcrypt_later=1
+       cat >>confdefs.h <<\_ACEOF
+#define HAVE_BOGUS_SYS_QUEUE_H 1
+_ACEOF
+
        ;;
 *-next-*)
        conf_lastlog_location="/usr/adm/lastlog"
--- defines.h-orig      Wed Feb 27 03:40:49 2002
+++ defines.h   Thu Apr  4 01:00:56 2002
@@ -146,7 +146,7 @@
 including rpc/rpc.h breaks Solaris 6
 */
 #ifndef INADDR_LOOPBACK
-#define INADDR_LOOPBACK ((ulong)0x7f000001)
+#define INADDR_LOOPBACK ((unsigned long)0x7f000001)
 #endif
 
 /* Types */
EOF

# Sendmail
        (cd /
                patch -sENp0 </root/enbrace/sendmail.diff
                )
        set +e;killall sendmail;set -e

# OpenSSL
        ftpget "$openssl"
        rm -rf /usr/local/openssl*
        tar xzf "$file"
        (cd "$base"
                ./config --prefix=/usr/local --openssldir=/usr/local/"$base" 2>&1|tee errs1
                make 2>&1|tee errs2
                make test 2>&1|tee errs2a
                make install 2>&1|tee errs3
                )
        ln -s "$base" /usr/local/openssl

# OpenSSH
        ftpget "$openssh"
        tar xzf "$file"
        (cd "$base"
                patch -sENp0 <../openssh-3.1p1-i386-unknown-freebsd2.2.5.diff
                #make clean
                ./configure --with-ipv4-default \
                                --with-default-path="/usr/local/bin:/usr/local/sbin:/usr/bin:/bin:/usr/sbin:/sbin" \
                                2>&1|tee errs1
                make 2>&1|tee errs2
                make install 2>&1|tee errs3
                )
        patch -N /etc/rc.local <rc.local.diff
        /usr/local/sbin/sshd

# Apache
        patch -N /usr/local/etc/httpd/conf/httpd.conf <httpd.conf.diff
        # We need to temporarily disable error checking as killall(1) MAY fail (why?)
        set +e;killall -HUP httpd;set -e

# Root rcs
        patch -N /root/.cshrc <root-cshrc.diff
        patch -N /root/.login <root-login.diff
        patch -N /root/.forward <root-mail.diff

# Sendmail-post
        set +e;killall -HUP inetd;set -e

# OpenSSH-post
        for i in /usr/local/etc/*_key;do
                echo -n "$i: ";/usr/local/bin/ssh-keygen -l -f $i
                done

# Finalization
        echo "$0: success."
) 2>&1|tee enbrace.`date '+%Y-%m-%d-%H:%M:%S'`.log