From 3bb7d5aac845a27101b208f7d3f0705e0e79f013 Mon Sep 17 00:00:00 2001 From: Erwan Le Gall Date: Tue, 25 Jun 2019 15:59:30 +0200 Subject: [PATCH 1/7] Log are in MB not in Mb --- passhportd/passhportd.ini | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/passhportd/passhportd.ini b/passhportd/passhportd.ini index a340ae1f..387c660b 100644 --- a/passhportd/passhportd.ini +++ b/passhportd/passhportd.ini @@ -42,5 +42,5 @@ PYTHON_PATH = /home/passhport/passhport-run-env/bin/python3 OPEN_ACCESS_PATH = /home/passhport/passhwall.sh [MISC] -# Maximum log file size in Mb +# Maximum log file size in MB MAXLOGSIZE = 5 From 529368551025d6df2a04bf0da68f43a6edb37f67 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Berlamont?= Date: Thu, 27 Jun 2019 13:33:20 +0200 Subject: [PATCH 2/7] Changed debian installation from "V8 or v9" to any To include the futur Debian 10 release Buster, we changed the documentation and the installation script name accordingly. --- .../installation-on-debian.rst | 117 ++++---- tools/passhport-install-script-debian.sh | 249 ++++++++++++++++++ 2 files changed, 302 insertions(+), 64 deletions(-) create mode 100644 tools/passhport-install-script-debian.sh diff --git a/docs/installation-and-configuration/installation-on-debian.rst b/docs/installation-and-configuration/installation-on-debian.rst index ac662339..469cd8a2 100644 --- a/docs/installation-and-configuration/installation-on-debian.rst +++ b/docs/installation-and-configuration/installation-on-debian.rst @@ -1,17 +1,17 @@ -Installation on Debian 8 or 9 -============================= +Installation on Debian 8, 9 or 10 +================================= -The followings shows you how to install and run PaSSHport on Debian 8 (Jessie) or 9 (Stretch). We start from a minimal installation of Debian (available `here `__), **with openssh-server and curl** packages installed. +The followings shows you how to install and run PaSSHport on Debian 8 (Jessie), 9 (Stretch) or 10 (Buster). We start from a minimal installation of Debian (available `here `__), **with openssh-server and curl** packages installed. The easy, automated way ----------------------- -You can review the installation script `here `__. +You can review the installation script `here `__. You can run it directly from command line ( please ensure that curl is installed : ``apt install curl`` ): .. code-block:: none - root@debian9:~# bash <(curl -s https://raw.githubusercontent.com/librit/passhport/master/tools/passhport-install-script-debian-8-9.sh) + root@debian:~# bash <(curl -s https://raw.githubusercontent.com/librit/passhport/master/tools/passhport-install-script-debian.sh) Once finished, you can go to the `Getting Started `_ chapter. @@ -25,76 +25,65 @@ First of all, we’ll need to update your repositories : .. code-block:: none - root@debian9:~# apt update + root@debian:~# apt update We will install python3-pip, and other packages that we’ll need later for this tutorial (it will get ~+100MB from the archives, so be patient) : .. code-block:: none - root@debian9:~# apt install python3-pip git openssl + root@debian:~# apt install python3-pip git openssl virtualenv libpython3-dev -Let’s update pip : - -.. code-block:: none - - root@debian9:~# pip3 install -U pip - -Now, install virtual-env using pip : +Next we will need to add a system user called « passhport », and switch to it : .. code-block:: none - root@debian9:~# pip3 install virtualenv + root@debian:~# useradd --home-dir /home/passhport --shell /bin/bash --create-home passhport + root@debian:~# su - passhport + passhport@debian:~$ -Next we will need to add a system user called « passhport », and switch to it : +Let’s get passhport sources from github : .. code-block:: none - root@debian9:~# useradd --home-dir /home/passhport --shell /bin/bash --create-home passhport - root@debian9:~# su - passhport - passhport@debian9:~$ + passhport@debian:~$ git clone http://github.com/LibrIT/passhport.git + Clonage dans 'passhport'... + remote: Counting objects: 2713, done. + remote: Compressing objects: 100% (50/50), done. + remote: Total 2713 (delta 19), reused 0 (delta 0), pack-reused 2661 + Réception d'objets: 100% (2713/2713), 482.76 KiB | 396.00 KiB/s, fait. + Résolution des deltas: 100% (1633/1633), fait. + passhport@debian:~$ We now need to create a virtual-env for passhport user : .. code-block:: none - passhport@debian9:~$ virtualenv -p python3 passhport-run-env + passhport@debian:~$ virtualenv -p python3 passhport-run-env Now that we have our virtual-env, we install the python’s modules we’ll need for PaSSHport : .. code-block:: none - passhport@debian9:~$ /home/passhport/passhport-run-env/bin/pip install sqlalchemy-migrate flask-migrate requests docopt configparser tabulate flask-login ldap3 psutil + passhport@debian:~$ /home/passhport/passhport-run-env/bin/pip install -r /home/passhport/passhport/requirements.txt Now, let’s start the real thing… -Let’s get passhport sources from github : - -.. code-block:: none - - passhport@debian9:~$ git clone http://github.com/LibrIT/passhport.git - Clonage dans 'passhport'... - remote: Counting objects: 2713, done. - remote: Compressing objects: 100% (50/50), done. - remote: Total 2713 (delta 19), reused 0 (delta 0), pack-reused 2661 - Réception d'objets: 100% (2713/2713), 482.76 KiB | 396.00 KiB/s, fait. - Résolution des deltas: 100% (1633/1633), fait. - passhport@debian9:~$ PaSSHport will need to write some logs, so, as root, we’ll create a directory in « /var/log », and give the ownership to the « passhport » user: .. code-block:: none - root@debian9:~# mkdir -p /var/log/passhport/ - root@debian9:~# chown passhport:passhport /var/log/passhport/ + root@debian:~# mkdir -p /var/log/passhport/ + root@debian:~# chown passhport:passhport /var/log/passhport/ We’ll also create the config directory, and copy the differents config file : .. code-block:: none - root@debian9:~# mkdir /etc/passhport - root@debian9:~# cp /home/passhport/passhport/passhport/passhport.ini /etc/passhport/. - root@debian9:~# cp /home/passhport/passhport/passhport-admin/passhport-admin.ini /etc/passhport/. - root@debian9:~# cp /home/passhport/passhport/passhportd/passhportd.ini /etc/passhport/. + root@debian:~# mkdir /etc/passhport + root@debian:~# cp /home/passhport/passhport/passhport/passhport.ini /etc/passhport/. + root@debian:~# cp /home/passhport/passhport/passhport-admin/passhport-admin.ini /etc/passhport/. + root@debian:~# cp /home/passhport/passhport/passhportd/passhportd.ini /etc/passhport/. We’ll also need to make some modifications in those config file, if you run passhportd on a distant server. Here we’ll change the default listening address (localhost) to the real IP of our server. @@ -102,7 +91,7 @@ First, passhportd : .. code-block:: none - root@debian9:~# vim /etc/passhport/passhportd.ini + root@debian:~# vim /etc/passhport/passhportd.ini Change the « LISTENING_IP » parameter, to the IP address of your server : @@ -137,17 +126,17 @@ Change the following parameter in /etc/passhport/passhport.ini and /etc/passhpor ``PASSHPORTD_HOSTNAME = 192.168.122.56`` -We’ll need ssh publickey, so we generate an 4096 bits RSA key: +We’ll need ssh publickey, so we generate a 4096 bits RSA key (keys lengh can be longer): .. code-block:: none - root@debian9:~# su - passhport - passhport@debian9:~$ ssh-keygen -t rsa -b 4096 -N "" -f "/home/passhport/.ssh/id_rsa" + root@debian:~# su - passhport + passhport@debian:~$ ssh-keygen -t rsa -b 4096 -N "" -f "/home/passhport/.ssh/id_rsa" Generating public/private rsa key pair. Your identification has been saved in /home/passhport/.ssh/id_rsa. Your public key has been saved in /home/passhport/.ssh/id_rsa.pub. The key fingerprint is: - SHA256:0o6jkepqr2Phz0AKmLGRZh6PeVexP2gf5CGNPd+ksQ passhport@debian9 + SHA256:0o6jkepqr2Phz0AKmLGRZh6PeVexP2gf5CGNPd+ksQ passhport@debian The key's randomart image is: +---[RSA 4096]----+ | . .... | @@ -160,20 +149,20 @@ We’ll need ssh publickey, so we generate an 4096 bits RSA key: | =o. o . | |++B+. | +----[SHA256]-----+ - passhport@debian9:~$ + passhport@debian:~$ This will be the key that’ll be use by PaSSHport to connect to your hosts. You can also generate a ECDSA key if you wish : .. code-block:: none - passhport@debian9:~$ ssh-keygen -t ecdsa -b 521 -N "" -f "/home/passhport/.ssh/id_ecdsa" + passhport@debian:~$ ssh-keygen -t ecdsa -b 521 -N "" -f "/home/passhport/.ssh/id_ecdsa" Again as root, let’s make the directory that’ll contains the database (because we use SQLite for this tutorial) : .. code-block:: none - root@debian9:~# mkdir -p /var/lib/passhport - root@debian9:~# chown -R passhport:passhport /var/lib/passhport/ + root@debian:~# mkdir -p /var/lib/passhport + root@debian:~# chown -R passhport:passhport /var/lib/passhport/ … then we’ll have to change 3 paramaters in the passhportd config file (as root, edit «/etc/passhport/passhportd.ini») : @@ -187,22 +176,22 @@ Now we can create the database and check that it has correcly been created: .. code-block:: none - root@debian9:~# su - passhport - passhport@debian9:~$ /home/passhport/passhport-run-env/bin/python /home/passhport/passhport/passhportd/db_create.py - passhport@debian9:~$ ls -la /var/lib/passhport/ + root@debian:~# su - passhport + passhport@debian:~$ /home/passhport/passhport-run-env/bin/python /home/passhport/passhport/passhportd/db_create.py + passhport@debian:~$ ls -la /var/lib/passhport/ total 172 drwxr-xr-x 3 passhport passhport 4096 févr. 28 16:10 . drwxr-xr-x 25 root root 4096 févr. 28 15:37 .. -rw-r--r-- 1 passhport passhport 159744 févr. 28 16:10 app.db drwxr-xr-x 4 passhport passhport 4096 févr. 28 16:10 db_repository - passhport@debian9:~$ + passhport@debian:~$ We’ll now need to create the certificate to secure the API. First, create the directory in which will be key and the cert, and make the directory rwx for passport only : .. code-block:: none - passhport@debian9:~$ mkdir /home/passhport/certs - passhport@debian9:~$ chmod 700 /home/passhport/certs + passhport@debian:~$ mkdir /home/passhport/certs + passhport@debian:~$ chmod 700 /home/passhport/certs Create the RSA key : @@ -253,41 +242,41 @@ Once executed, you’ll have a cert file next to the key file : .. code-block:: none - passhport@debian9:~$ ls -la /home/passhport/certs/ + passhport@debian:~$ ls -la /home/passhport/certs/ total 16 drwx------ 2 passhport passhport 4096 févr. 28 18:00 . drwxr-xr-x 8 passhport passhport 4096 févr. 28 17:46 .. -rw-r--r-- 1 passhport passhport 2171 févr. 28 18:00 cert.pem -rw------- 1 passhport passhport 3243 févr. 28 16:11 key.pem - passhport@debian9:~$ + passhport@debian:~$ As root, create some symlink to the two main *binaries*, passhportd and passhport-admin, so you can access it without typing full path : .. code-block:: none - root@debian9:~# ln -s /home/passhport/passhport/tools/passhportd.sh /usr/bin/passhportd - root@debian9:~# ln -s /home/passhport/passhport/tools/passhport-admin.sh /usr/bin/passhport-admin + root@debian:~# ln -s /home/passhport/passhport/tools/passhportd.sh /usr/bin/passhportd + root@debian:~# ln -s /home/passhport/passhport/tools/passhport-admin.sh /usr/bin/passhport-admin We now create the systemd service, and enables *passhportd* on startup : .. code-block:: none - root@debian9:~# cp /home/passhport/passhport/tools/passhportd.service /etc/systemd/system/passhportd.service - root@debian9:~# systemctl daemon-reload - root@debian9:~# systemctl enable passhportd + root@debian:~# cp /home/passhport/passhport/tools/passhportd.service /etc/systemd/system/passhportd.service + root@debian:~# systemctl daemon-reload + root@debian:~# systemctl enable passhportd And now, we’re ready to go, just launch passhportd daemon : .. code-block:: none - root@debian9:~# systemctl start passhportd + root@debian:~# systemctl start passhportd You can check that passhportd is running, by curling the IP you previously configured in */etc/passhport/passhportd.ini*, on port 5000 : .. code-block:: none - root@debian9:~# curl -s --insecure https://192.168.122.56:5000 + root@debian:~# curl -s --insecure https://192.168.122.56:5000 passhportd is running, gratz! - root@debian9:~# + root@debian:~# Bravo ! You successfully installed PaSSHport. You may now go to the `Getting Started `_ chapter. diff --git a/tools/passhport-install-script-debian.sh b/tools/passhport-install-script-debian.sh new file mode 100644 index 00000000..51665d97 --- /dev/null +++ b/tools/passhport-install-script-debian.sh @@ -0,0 +1,249 @@ +#!/bin/bash -e +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + + +# Should we run as interactive mode ? (-s non interactive mode) +INTERACTIVE=1 +while getopts ":s" OPTION +do + case ${OPTION} in + s) INTERACTIVE=0;; + *) echo "Unknown option, exiting..."; exit 1;; # DEFAULT + esac +done + + +echo 'Hi there ! Please read carefully the following (not long)'. +echo 'This script will attempt to install PaSSHport on this system.' +echo 'This script works on Debian 8 (Jessy), Debian 9 (Stretch),' +echo 'and Debian 10 (Buster).' +echo "It may also work on Debian 7, but it hasn't been tested." +echo '' +echo 'What this script will do to your existing system:' +echo '- install "python3-pip", "git" and "openssl" packages.' +echo '- update PIP via pip3 script, installed previously' +echo '- install virtualenv via pip3 script' +echo '- add a "passhport" system user' +echo '- create an "/etc/passhport" directory' +echo '- create a "/var/lib/passhport" directory' +echo '- create a "/var/log/passhport" directory' +echo '' +echo 'The remaining process will only create and/or modify files and' +echo 'directories WITHIN the directories mentionned above, so which includes:' +echo '- /home/passhport' +echo '- /etc/passhport' +echo '- /var/lib/passhport' +echo '- /var/log/passhport' +echo '' +echo 'If you want to remove passhportd from this system, run the following,' +echo 'as root:' +echo 'userdel passhport' +echo 'rm -rf /home/passhport' +echo 'rm -rf /etc/passhport' +echo 'rm -rf /var/lib/passhport' +echo 'rm -rf /var/log/passhport' +echo 'rm /usr/bin/passhport-admin' +echo 'rm /usr/sbin/passhportd' +echo 'rm /etc/bash_completion.d/passhport-admin' +echo '' +echo 'Remove the systemd service :' +echo '# systemctl disable passhportd' +echo '# rm /etc/systemd/system/passhportd.service' +echo '# systemctl daemon-reload' +echo '' +echo "Finally you may also purge the following packages if you don't need them" +echo 'anymore:' +echo 'python3-pip, git, openssl, virtualenv, libpython3-dev (# apt purge python3-pip git openssl virtualenv libpython3-dev)' +echo '' + +if [ ${INTERACTIVE} -eq 1 ] +then + echo 'Once you read and understood the above lines, you may proceed by typing' + echo '"yes", or exit by the famous "CTRL+C" :' + read ANSWER; +else + ANSWER='yes' +fi + +while [ "${ANSWER}" != 'yes' ] +do + echo 'Please type excatly "yes" or exit by pressing "CTRL+C".' + read ANSWER +done + +echo '##############################################################' +echo '# Updating repos…' +echo '##############################################################' +apt update +echo '##############################################################' +echo '# Installing git, openssl, virtualenv and libpython3-dev package…' +echo '##############################################################' +apt install -y python3-pip git openssl virtualenv libpython3-dev +echo '##############################################################' +echo '# Creating "passhport" system user' +echo '##############################################################' +useradd --home-dir /home/passhport --shell /bin/bash --create-home passhport +echo '##############################################################' +echo '# Creating the virtual-env for passhport…' +echo '##############################################################' +su - passhport -c "virtualenv -p python3 passhport-run-env" +echo '##############################################################' +echo '# Cloning passhport git from github' +echo '##############################################################' +su - passhport -c "git clone https://github.com/LibrIT/passhport.git" +echo '##############################################################' +echo '# Installing mandatory packages in the virtual environment…' +echo '##############################################################' +su - passhport -c "/home/passhport/passhport-run-env/bin/pip install -r /home/passhport/passhport/requirements.txt" +echo '##############################################################' +echo '# Creating "/var/log/passhport" log directory' +echo '##############################################################' +mkdir -p /var/log/passhport/ +chown passhport:passhport /var/log/passhport/ +echo '##############################################################' +echo '# Creating "/etc/passhport" conf directory ' +echo '##############################################################' +mkdir /etc/passhport +cp /home/passhport/passhport/passhportd/passhportd.ini /etc/passhport/. +cp /home/passhport/passhport/passhport/passhport.ini /etc/passhport/. +cp /home/passhport/passhport/passhport-admin/passhport-admin.ini /etc/passhport/. +cp /home/passhport/passhport/passhportd/passhportd.ini /etc/passhport/. +echo '##############################################################' +echo '# Generating PaSSHport RSA (4096b) and ecdsa (521b) keys…' +echo '##############################################################' +su - passhport -c '/usr/bin/ssh-keygen -t rsa -b 4096 -N "" -f "/home/passhport/.ssh/id_rsa"' +su - passhport -c '/usr/bin/ssh-keygen -t ecdsa -b 521 -N "" -f "/home/passhport/.ssh/id_ecdsa"' +echo '##############################################################' +echo '# Creating PaSSHport database directory…' +echo '##############################################################' +mkdir -p /var/lib/passhport +chown -R passhport:passhport /var/lib/passhport/ +echo '##############################################################' +echo '# Editing PaSSHport conf files…' +echo '##############################################################' +sed -i -e 's#SQLALCHEMY_DATABASE_DIR\s*=.*#SQLALCHEMY_DATABASE_DIR = /var/lib/passhport/#' /etc/passhport/passhportd.ini +sed -i -e 's#LISTENING_IP\s*=.*#LISTENING_IP = 0.0.0.0#' /etc/passhport/passhportd.ini +sed -i -e 's#SQLALCHEMY_MIGRATE_REPO\s*=.*#SQLALCHEMY_MIGRATE_REPO = /var/lib/passhport/db_repository#' /etc/passhport/passhportd.ini +sed -i -e 's#SQLALCHEMY_DATABASE_URI\s*=.*#SQLALCHEMY_DATABASE_URI = sqlite:////var/lib/passhport/app.db#' /etc/passhport/passhportd.ini +sed -i -e "s#PASSHPORTD_HOSTNAME\s*=.*#PASSHPORTD_HOSTNAME = localhost#" /etc/passhport/passhport-admin.ini +sed -i -e "s#PASSHPORTD_HOSTNAME\s*=.*#PASSHPORTD_HOSTNAME = localhost#" /etc/passhport/passhport.ini +echo '##############################################################' +echo '# Creating database for PaSSHport (SQLite)…' +echo '##############################################################' +su - passhport -c "/home/passhport/passhport-run-env/bin/python /home/passhport/passhport/passhportd/db_create.py" +echo '##############################################################' +echo '# Creating bash_completion file for passhport-admin script…' +echo '##############################################################' +if [ ! -d "/etc/bash_completion.d/" ] +then + mkdir "/etc/bash_completion.d/" +fi +cp /home/passhport/passhport/tools/passhport-admin.bash_completion /etc/bash_completion.d/passhport-admin +. /etc/bash_completion.d/passhport-admin +echo '##############################################################' +echo '# Creating symbolink links to binaries…' +echo '##############################################################' +ln -s /home/passhport/passhport/tools/passhport-admin.sh /usr/bin/passhport-admin +ln -s /home/passhport/passhport/tools/passhportd.sh /usr/sbin/passhportd +echo '##############################################################' +echo '# Creating Web-API cert directory…' +echo '##############################################################' +su - passhport -c "mkdir /home/passhport/certs" +su - passhport -c "chmod 700 /home/passhport/certs" +echo '##############################################################' +echo '# Generating Web-API RSA key (4096b)' +echo '##############################################################' +su - passhport -c "openssl genrsa -out "/home/passhport/certs/key.pem" 4096" +echo '##############################################################' +echo '# Adding choosen IP to the certificate…' +echo '##############################################################' +sed -i -e "s#^\(DNS.*\s*=\s*\)TO_CHANGE#\1`hostname -f`#g" /home/passhport/passhport/tools/openssl-for-passhportd.cnf +echo '##############################################################' +echo '# Generating Web-API certificate…' +echo '##############################################################' +openssl req -new -key "/home/passhport/certs/key.pem" \ + -config "/home/passhport/passhport/tools/openssl-for-passhportd.cnf" \ + -out "/home/passhport/certs/cert.pem" \ + -subj "/C=FR/ST=Ile De France/L=Ivry sur Seine/O=LibrIT/OU=DSI/CN=passhport.librit.fr" \ + -x509 \ + -days 365 \ + -sha256 \ + -extensions v3_req +# We try to detect if we run on a systemd OS. +if (stat /proc/1/exe | head -n 1 | grep systemd &>/dev/null) +then + echo '##############################################################' + echo '# Importing passhportd service in systemd…' + echo '##############################################################' + cp /home/passhport/passhport/tools/passhportd.service /etc/systemd/system/passhportd.service + systemctl daemon-reload + systemctl enable passhportd + echo "passhportd has been enabled at startup." + systemctl start passhportd + echo "passhportd has been started." + echo 'Please use systemctl to start/stop service.' +fi +echo '##############################################################' +echo '# Adding root@localhost target…' +echo '##############################################################' +# Sleep 2 seconds so passhportd has enough time to start +sleep 2 +[ ! -d "/root/.ssh" ] && mkdir "/root/.ssh" && chmod 700 "/root/.ssh" +cat "/home/passhport/.ssh/id_ecdsa.pub" >> "/root/.ssh/authorized_keys" +su - passhport -c 'passhport-admin target create root@localhost 127.0.0.1 --comment="Localhost target added during the PaSSHport installation process."' +if [ ${INTERACTIVE} -eq 1 ] +then + echo 'Do you want to add your first user now ? Y/n' + read DO_CREATE_USER +else + DO_CREATE_USER='n' +fi +while [ "${DO_CREATE_USER,,}" != "y" ] && [ ! -z "${DO_CREATE_USER}" ] && [ "${DO_CREATE_USER,,}" != "n" ] +do + echo 'Do you want to add your first user now ? Y/n' + read DO_CREATE_USER +done +if [ "${DO_CREATE_USER,,}" == "y" ] || [ -z "${DO_CREATE_USER}" ] +then + echo 'Remember : no space in the user name!' + su - passhport -c "passhport-admin user create" + echo 'Do you want to link this user to the target root@localhost ? Y/n' + read DO_LINK_USER + while [ "${DO_LINK_USER,,}" != "y" ] && [ ! -z "${DO_LINK_USER}" ] && [ "${DO_LINK_USER,,}" != "n" ] + do + echo 'Do you want to link this user to the target root@localhost ? Y/n' + read DO_LINK_USER + done + if [ "${DO_LINK_USER,,}" == "y" ] || [ -z "${DO_LINK_USER}" ] + then + FIRST_USER=`su - passhport -c "passhport-admin user list"` + su - passhport -c "passhport-admin target adduser ${FIRST_USER} root@localhost" + fi +fi + +echo "PaSSHport is now installed on your system." + +echo '##############################################################' +echo '# You can test that passhportd is running by running :' +echo '# curl -s --insecure https://localhost:5000' +echo '# if it displays : ' +echo '# "passhportd is running, gratz!"' +echo '# you successfuly installed PaSSHport. Well done !' + +if [ ${INTERACTIVE} -eq 1 ] +then + echo '# If you created your first user, you can connect to PaSSHport' + echo '# using "ssh -i the_key_you_used passhport@PASSHPORT_HOST"' +fi +echo '##############################################################' From b0bd55bf21409828ecf9264468cde9065f705ce9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Berlamont?= Date: Thu, 27 Jun 2019 13:35:40 +0200 Subject: [PATCH 3/7] Renamed old debian installation script --- tools/passhport-install-script-debian-8-9.sh | 248 ------------------- 1 file changed, 248 deletions(-) delete mode 100644 tools/passhport-install-script-debian-8-9.sh diff --git a/tools/passhport-install-script-debian-8-9.sh b/tools/passhport-install-script-debian-8-9.sh deleted file mode 100644 index 8774c62e..00000000 --- a/tools/passhport-install-script-debian-8-9.sh +++ /dev/null @@ -1,248 +0,0 @@ -#!/bin/bash -e -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - - -# Should we run as interactive mode ? (-s non interactive mode) -INTERACTIVE=1 -while getopts ":s" OPTION -do - case ${OPTION} in - s) INTERACTIVE=0;; - *) echo "Unknown option, exiting..."; exit 1;; # DEFAULT - esac -done - - -echo 'Hi there ! Please read carefully the following (not long)'. -echo 'This script will attempt to install PaSSHport on this system.' -echo 'This script works on Debian 8 (Jessy) and Debian 9 (Stretch).' -echo "It may also work on Debian 7, but it hasn't been tested." -echo '' -echo 'What this script will do to your existing system:' -echo '- install "python3-pip", "git" and "openssl" packages.' -echo '- update PIP via pip3 script, installed previously' -echo '- install virtualenv via pip3 script' -echo '- add a "passhport" system user' -echo '- create an "/etc/passhport" directory' -echo '- create a "/var/lib/passhport" directory' -echo '- create a "/var/log/passhport" directory' -echo '' -echo 'The remaining process will only create and/or modify files and' -echo 'directories WITHIN the directories mentionned above, so which includes:' -echo '- /home/passhport' -echo '- /etc/passhport' -echo '- /var/lib/passhport' -echo '- /var/log/passhport' -echo '' -echo 'If you want to remove passhportd from this system, run the following,' -echo 'as root:' -echo 'userdel passhport' -echo 'rm -rf /home/passhport' -echo 'rm -rf /etc/passhport' -echo 'rm -rf /var/lib/passhport' -echo 'rm -rf /var/log/passhport' -echo 'rm /usr/bin/passhport-admin' -echo 'rm /usr/sbin/passhportd' -echo 'rm /etc/bash_completion.d/passhport-admin' -echo '' -echo 'Remove the systemd service :' -echo '# systemctl disable passhportd' -echo '# rm /etc/systemd/system/passhportd.service' -echo '# systemctl daemon-reload' -echo '' -echo "Finally you may also purge the following packages if you don't need them" -echo 'anymore:' -echo 'python3-pip, git, openssl, virtualenv, libpython3-dev (# apt purge python3-pip git openssl virtualenv libpython3-dev)' -echo '' - -if [ ${INTERACTIVE} -eq 1 ] -then - echo 'Once you read and understood the above lines, you may proceed by typing' - echo '"yes", or exit by the famous "CTRL+C" :' - read ANSWER; -else - ANSWER='yes' -fi - -while [ "${ANSWER}" != 'yes' ] -do - echo 'Please type excatly "yes" or exit by pressing "CTRL+C".' - read ANSWER -done - -echo '##############################################################' -echo '# Updating repos…' -echo '##############################################################' -apt update -echo '##############################################################' -echo '# Installing git, openssl, virtualenv and libpython3-dev package…' -echo '##############################################################' -apt install -y python3-pip git openssl virtualenv libpython3-dev -echo '##############################################################' -echo '# Creating "passhport" system user' -echo '##############################################################' -useradd --home-dir /home/passhport --shell /bin/bash --create-home passhport -echo '##############################################################' -echo '# Creating the virtual-env for passhport…' -echo '##############################################################' -su - passhport -c "virtualenv -p python3 passhport-run-env" -echo '##############################################################' -echo '# Cloning passhport git from github' -echo '##############################################################' -su - passhport -c "git clone https://github.com/LibrIT/passhport.git" -echo '##############################################################' -echo '# Installing mandatory packages in the virtual environment…' -echo '##############################################################' -su - passhport -c "/home/passhport/passhport-run-env/bin/pip install -r /home/passhport/passhport/requirements.txt" -echo '##############################################################' -echo '# Creating "/var/log/passhport" log directory' -echo '##############################################################' -mkdir -p /var/log/passhport/ -chown passhport:passhport /var/log/passhport/ -echo '##############################################################' -echo '# Creating "/etc/passhport" conf directory ' -echo '##############################################################' -mkdir /etc/passhport -cp /home/passhport/passhport/passhportd/passhportd.ini /etc/passhport/. -cp /home/passhport/passhport/passhport/passhport.ini /etc/passhport/. -cp /home/passhport/passhport/passhport-admin/passhport-admin.ini /etc/passhport/. -cp /home/passhport/passhport/passhportd/passhportd.ini /etc/passhport/. -echo '##############################################################' -echo '# Generating PaSSHport RSA (4096b) and ecdsa (521b) keys…' -echo '##############################################################' -su - passhport -c '/usr/bin/ssh-keygen -t rsa -b 4096 -N "" -f "/home/passhport/.ssh/id_rsa"' -su - passhport -c '/usr/bin/ssh-keygen -t ecdsa -b 521 -N "" -f "/home/passhport/.ssh/id_ecdsa"' -echo '##############################################################' -echo '# Creating PaSSHport database directory…' -echo '##############################################################' -mkdir -p /var/lib/passhport -chown -R passhport:passhport /var/lib/passhport/ -echo '##############################################################' -echo '# Editing PaSSHport conf files…' -echo '##############################################################' -sed -i -e 's#SQLALCHEMY_DATABASE_DIR\s*=.*#SQLALCHEMY_DATABASE_DIR = /var/lib/passhport/#' /etc/passhport/passhportd.ini -sed -i -e 's#LISTENING_IP\s*=.*#LISTENING_IP = 0.0.0.0#' /etc/passhport/passhportd.ini -sed -i -e 's#SQLALCHEMY_MIGRATE_REPO\s*=.*#SQLALCHEMY_MIGRATE_REPO = /var/lib/passhport/db_repository#' /etc/passhport/passhportd.ini -sed -i -e 's#SQLALCHEMY_DATABASE_URI\s*=.*#SQLALCHEMY_DATABASE_URI = sqlite:////var/lib/passhport/app.db#' /etc/passhport/passhportd.ini -sed -i -e "s#PASSHPORTD_HOSTNAME\s*=.*#PASSHPORTD_HOSTNAME = localhost#" /etc/passhport/passhport-admin.ini -sed -i -e "s#PASSHPORTD_HOSTNAME\s*=.*#PASSHPORTD_HOSTNAME = localhost#" /etc/passhport/passhport.ini -echo '##############################################################' -echo '# Creating database for PaSSHport (SQLite)…' -echo '##############################################################' -su - passhport -c "/home/passhport/passhport-run-env/bin/python /home/passhport/passhport/passhportd/db_create.py" -echo '##############################################################' -echo '# Creating bash_completion file for passhport-admin script…' -echo '##############################################################' -if [ ! -d "/etc/bash_completion.d/" ] -then - mkdir "/etc/bash_completion.d/" -fi -cp /home/passhport/passhport/tools/passhport-admin.bash_completion /etc/bash_completion.d/passhport-admin -. /etc/bash_completion.d/passhport-admin -echo '##############################################################' -echo '# Creating symbolink links to binaries…' -echo '##############################################################' -ln -s /home/passhport/passhport/tools/passhport-admin.sh /usr/bin/passhport-admin -ln -s /home/passhport/passhport/tools/passhportd.sh /usr/sbin/passhportd -echo '##############################################################' -echo '# Creating Web-API cert directory…' -echo '##############################################################' -su - passhport -c "mkdir /home/passhport/certs" -su - passhport -c "chmod 700 /home/passhport/certs" -echo '##############################################################' -echo '# Generating Web-API RSA key (4096b)' -echo '##############################################################' -su - passhport -c "openssl genrsa -out "/home/passhport/certs/key.pem" 4096" -echo '##############################################################' -echo '# Adding choosen IP to the certificate…' -echo '##############################################################' -sed -i -e "s#^\(DNS.*\s*=\s*\)TO_CHANGE#\1`hostname -f`#g" /home/passhport/passhport/tools/openssl-for-passhportd.cnf -echo '##############################################################' -echo '# Generating Web-API certificate…' -echo '##############################################################' -openssl req -new -key "/home/passhport/certs/key.pem" \ - -config "/home/passhport/passhport/tools/openssl-for-passhportd.cnf" \ - -out "/home/passhport/certs/cert.pem" \ - -subj "/C=FR/ST=Ile De France/L=Ivry sur Seine/O=LibrIT/OU=DSI/CN=passhport.librit.fr" \ - -x509 \ - -days 365 \ - -sha256 \ - -extensions v3_req -# We try to detect if we run on a systemd OS. -if (stat /proc/1/exe | head -n 1 | grep systemd &>/dev/null) -then - echo '##############################################################' - echo '# Importing passhportd service in systemd…' - echo '##############################################################' - cp /home/passhport/passhport/tools/passhportd.service /etc/systemd/system/passhportd.service - systemctl daemon-reload - systemctl enable passhportd - echo "passhportd has been enabled at startup." - systemctl start passhportd - echo "passhportd has been started." - echo 'Please use systemctl to start/stop service.' -fi -echo '##############################################################' -echo '# Adding root@localhost target…' -echo '##############################################################' -# Sleep 2 seconds so passhportd has enough time to start -sleep 2 -[ ! -d "/root/.ssh" ] && mkdir "/root/.ssh" && chmod 700 "/root/.ssh" -cat "/home/passhport/.ssh/id_ecdsa.pub" >> "/root/.ssh/authorized_keys" -su - passhport -c 'passhport-admin target create root@localhost 127.0.0.1 --comment="Localhost target added during the PaSSHport installation process."' -if [ ${INTERACTIVE} -eq 1 ] -then - echo 'Do you want to add your first user now ? Y/n' - read DO_CREATE_USER -else - DO_CREATE_USER='n' -fi -while [ "${DO_CREATE_USER,,}" != "y" ] && [ ! -z "${DO_CREATE_USER}" ] && [ "${DO_CREATE_USER,,}" != "n" ] -do - echo 'Do you want to add your first user now ? Y/n' - read DO_CREATE_USER -done -if [ "${DO_CREATE_USER,,}" == "y" ] || [ -z "${DO_CREATE_USER}" ] -then - echo 'Remember : no space in the user name!' - su - passhport -c "passhport-admin user create" - echo 'Do you want to link this user to the target root@localhost ? Y/n' - read DO_LINK_USER - while [ "${DO_LINK_USER,,}" != "y" ] && [ ! -z "${DO_LINK_USER}" ] && [ "${DO_LINK_USER,,}" != "n" ] - do - echo 'Do you want to link this user to the target root@localhost ? Y/n' - read DO_LINK_USER - done - if [ "${DO_LINK_USER,,}" == "y" ] || [ -z "${DO_LINK_USER}" ] - then - FIRST_USER=`su - passhport -c "passhport-admin user list"` - su - passhport -c "passhport-admin target adduser ${FIRST_USER} root@localhost" - fi -fi - -echo "PaSSHport is now installed on your system." - -echo '##############################################################' -echo '# You can test that passhportd is running by running :' -echo '# curl -s --insecure https://localhost:5000' -echo '# if it displays : ' -echo '# "passhportd is running, gratz!"' -echo '# you successfuly installed PaSSHport. Well done !' - -if [ ${INTERACTIVE} -eq 1 ] -then - echo '# If you created your first user, you can connect to PaSSHport' - echo '# using "ssh -i the_key_you_used passhport@PASSHPORT_HOST"' -fi -echo '##############################################################' From 53b453bbbebbdcddf551f2e29c36d687ef0edf41 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Berlamont?= Date: Thu, 27 Jun 2019 13:38:15 +0200 Subject: [PATCH 4/7] Some minore documentation re-organization --- tools/passhport-install-script-debian.sh | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/tools/passhport-install-script-debian.sh b/tools/passhport-install-script-debian.sh index 51665d97..02bacdee 100644 --- a/tools/passhport-install-script-debian.sh +++ b/tools/passhport-install-script-debian.sh @@ -120,6 +120,15 @@ cp /home/passhport/passhport/passhport/passhport.ini /etc/passhport/. cp /home/passhport/passhport/passhport-admin/passhport-admin.ini /etc/passhport/. cp /home/passhport/passhport/passhportd/passhportd.ini /etc/passhport/. echo '##############################################################' +echo '# Editing PaSSHport conf files…' +echo '##############################################################' +sed -i -e 's#SQLALCHEMY_DATABASE_DIR\s*=.*#SQLALCHEMY_DATABASE_DIR = /var/lib/passhport/#' /etc/passhport/passhportd.ini +sed -i -e 's#LISTENING_IP\s*=.*#LISTENING_IP = 0.0.0.0#' /etc/passhport/passhportd.ini +sed -i -e 's#SQLALCHEMY_MIGRATE_REPO\s*=.*#SQLALCHEMY_MIGRATE_REPO = /var/lib/passhport/db_repository#' /etc/passhport/passhportd.ini +sed -i -e 's#SQLALCHEMY_DATABASE_URI\s*=.*#SQLALCHEMY_DATABASE_URI = sqlite:////var/lib/passhport/app.db#' /etc/passhport/passhportd.ini +sed -i -e "s#PASSHPORTD_HOSTNAME\s*=.*#PASSHPORTD_HOSTNAME = localhost#" /etc/passhport/passhport-admin.ini +sed -i -e "s#PASSHPORTD_HOSTNAME\s*=.*#PASSHPORTD_HOSTNAME = localhost#" /etc/passhport/passhport.ini +echo '##############################################################' echo '# Generating PaSSHport RSA (4096b) and ecdsa (521b) keys…' echo '##############################################################' su - passhport -c '/usr/bin/ssh-keygen -t rsa -b 4096 -N "" -f "/home/passhport/.ssh/id_rsa"' @@ -130,15 +139,6 @@ echo '##############################################################' mkdir -p /var/lib/passhport chown -R passhport:passhport /var/lib/passhport/ echo '##############################################################' -echo '# Editing PaSSHport conf files…' -echo '##############################################################' -sed -i -e 's#SQLALCHEMY_DATABASE_DIR\s*=.*#SQLALCHEMY_DATABASE_DIR = /var/lib/passhport/#' /etc/passhport/passhportd.ini -sed -i -e 's#LISTENING_IP\s*=.*#LISTENING_IP = 0.0.0.0#' /etc/passhport/passhportd.ini -sed -i -e 's#SQLALCHEMY_MIGRATE_REPO\s*=.*#SQLALCHEMY_MIGRATE_REPO = /var/lib/passhport/db_repository#' /etc/passhport/passhportd.ini -sed -i -e 's#SQLALCHEMY_DATABASE_URI\s*=.*#SQLALCHEMY_DATABASE_URI = sqlite:////var/lib/passhport/app.db#' /etc/passhport/passhportd.ini -sed -i -e "s#PASSHPORTD_HOSTNAME\s*=.*#PASSHPORTD_HOSTNAME = localhost#" /etc/passhport/passhport-admin.ini -sed -i -e "s#PASSHPORTD_HOSTNAME\s*=.*#PASSHPORTD_HOSTNAME = localhost#" /etc/passhport/passhport.ini -echo '##############################################################' echo '# Creating database for PaSSHport (SQLite)…' echo '##############################################################' su - passhport -c "/home/passhport/passhport-run-env/bin/python /home/passhport/passhport/passhportd/db_create.py" From 3e604e9d6881eff83d939ce8eb7e7d73ec9fb15c Mon Sep 17 00:00:00 2001 From: Aguay-val Date: Thu, 27 Jun 2019 16:22:05 +0200 Subject: [PATCH 5/7] fix(models_mod/user.py): Fix simplejson def --- passhportd/app/models_mod/user.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/passhportd/app/models_mod/user.py b/passhportd/app/models_mod/user.py index 179e9c74..38e74818 100644 --- a/passhportd/app/models_mod/user.py +++ b/passhportd/app/models_mod/user.py @@ -66,7 +66,7 @@ def simplejson(self): format(self.show_sshkeyhash()) + "\",\n" output = output + "\"logfilesize\": \"" + \ format(self.show_logfilesize()) + "\",\n" - output = output + "\"comment\": \"" + format(self.comment) + "\",\n" + output = output + "\"comment\": \"" + format(self.comment) + "\"\n" output = output + "}" return output From ec32b6b52931fd819dd5a7fd104f641eaff5552c Mon Sep 17 00:00:00 2001 From: Aguay-val Date: Thu, 27 Jun 2019 16:41:14 +0200 Subject: [PATCH 6/7] fix(models_mod/usergroup.py): Fix simplejson def --- passhportd/app/models_mod/usergroup.py | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/passhportd/app/models_mod/usergroup.py b/passhportd/app/models_mod/usergroup.py index 22a58c62..220a4f51 100644 --- a/passhportd/app/models_mod/usergroup.py +++ b/passhportd/app/models_mod/usergroup.py @@ -71,7 +71,7 @@ def simplejson(self): output = output + "\"Name\": \"" + format(self.name) + "\",\n" output = output + "\"Comment\": \"" + format(self.comment) + "\",\n" output = output + "\"Directsize\": \"" + format(str(directsize)) + "\",\n" - output = output + "\"Totalsize\": \"" + format(str(totalsize)) + "\",\n" + output = output + "\"Totalsize\": \"" + format(str(totalsize)) + "\"\n" output = output + "}" return output @@ -80,7 +80,7 @@ def simplejson(self): def show_name(self): """Return a string containing the usergroup's name""" return self.name - + def show_comment(self): """Return a string containing the usergroup's comment""" @@ -189,7 +189,7 @@ def all_username_list(self, parsed_usergroups = []): """ usernames = self.username_list() - # Recursive on groups: + # Recursive on groups: # we list all usernames but we never parse a group twice # to avoid cirular issues. for usergroup in self.gmembers: @@ -217,7 +217,7 @@ def memberof(self, obj): members.append(usergroup) else: return "Error in object type" - + ret = "[" for m in members: ret = ret + m.name + "," @@ -278,7 +278,7 @@ def all_usergroupname_list(self, parsed_usergroups = []): in the usergroup """ usergroupnames = self.usergroupname_list() # ["G1","G2"] - + # Recursive on usergroups: # we list all usergroups but we never parse a group twice # to avoid cirular issues. @@ -356,7 +356,7 @@ def accessible_target_list(self, checked_usergroups = [], mode="string"): checked_usergroups.append(usergroup) for target in usergroup.accessible_target_list(checked_usergroups): if target not in self.targets: - if mode == "string": + if mode == "string": accessible_targets.append(target.name) else: accessible_targets.append(target) @@ -377,7 +377,7 @@ def show_targets(self, indentation): """Return all targets the group gives access First the targets with this group attached Then targets from targetgroups with this group attached - Then targets from groups with this group attached + Then targets from groups with this group attached Finally We relaunch this on the groups with this groups attached """ listing = [] From 427da23a318b4c0ad024ddac28d4a53765f8dab6 Mon Sep 17 00:00:00 2001 From: Aguay-val Date: Thu, 27 Jun 2019 16:41:32 +0200 Subject: [PATCH 7/7] fix(models_mod/targetgroup.py): Fix simplejson def --- passhportd/app/models_mod/targetgroup.py | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/passhportd/app/models_mod/targetgroup.py b/passhportd/app/models_mod/targetgroup.py index 2a34cd86..429af200 100644 --- a/passhportd/app/models_mod/targetgroup.py +++ b/passhportd/app/models_mod/targetgroup.py @@ -79,7 +79,7 @@ def simplejson(self): output = "{\n" output = output + "\"Name\": \"" + format(self.name) + "\",\n" - output = output + "\"Comment\": \"" + format(self.comment) + "\",\n" + output = output + "\"Comment\": \"" + format(self.comment) + "\"\n" output = output + "}" return output @@ -109,7 +109,7 @@ def prepare_delete(self): self.tgadmins.pop() return self - + # User management def is_members(self, user): @@ -288,7 +288,7 @@ def accessible_target_list(self, parsed_targetgroups = None, style="object"): style = "object"): if target not in targets: targets.append(target) - # Return target objects or names depending of the style + # Return target objects or names depending of the style if style == "names": targetnames = [] for target in targets: @@ -386,7 +386,7 @@ def addtargetgroup(self, targetgroup): """Add a targetgroup to the relaton table""" if not self.is_tgmembers(targetgroup) and not self == targetgroup: self.tgmembers.append(targetgroup) - else: + else: return False return self @@ -410,7 +410,7 @@ def memberof(self, obj): members.append(targetgroup) else: return "Error in object type" - + ret = "[" for m in members: ret = ret + m.name + "," @@ -456,11 +456,11 @@ def all_targetgroupname_list(self, parsed_targetgroups = None): return targetgroupnames def show_targets(self, indentation): - """Return a formated list of the targets that the targetgroup + """Return a formated list of the targets that the targetgroup provides """ listing = [] - + indent = "" for i in range(indentation): indent = indent + " "