project:authfilter
Table of Contents
authfilter
installation
@ dns
KEYUSER=wiki.fischglas.de TMPDIR=$( mktemp -d /tmp/dnssec-keygen-XXXXXXXXXX ) KEY=$( cd $TMPDIR KN=$( dnssec-keygen -a HMAC-SHA512 -b 512 -n USER $KEYUSER-ddns ) awk '/^Key: / { print $2}' $KN.private rm $KN.private $KN.key ) rmdir $TMPDIR cat << EOF > /etc/bind/k.ssh-rbl.$KEYUSER key "k.ssh-rbl.$KEYUSER" { algorithm hmac-sha512; secret "$KEY"; }; EOF vo -o /etc/bind/named.conf sed -i '/^acl "update-ssh-rbl"/,/^};/{ /^}/i\\tkey k.ssh-rbl.'"$KEYUSER"'; }' /etc/bind/named.conf rcsdiff -u /etc/bind/named.conf vo -i /etc/bind/named.conf tail -n0 -f /var/log/daemon.log & TAILPID=$! rndc reconfig sleep 10 kill $TAILPID cat << EOF # on '$KEYUSER' run: echo "k.ssh-rbl.$KEYUSER $KEY" > /etc/authfilter.key chmod 600 /etc/authfilter.key EOF
@ client
import the k.ssh-rbl.* key to /etc/authfilter.key as shown above
# UNIX::Syslog.pm apt-get install libunix-syslog-perl ; apt-get clean wget http://www.fischglas.de/software -O /usr/local/bin/authfilter chmod 755 /usr/local/bin/authfilter mknod -m 640 /dev/authfilter p if [ -d /etc/rsyslog.d ]; then touch /etc/rsyslog.d/authfilter.conf mkdir -p /etc/rsyslog.d/RCS vo -o /etc/rsyslog.d/authfilter.conf echo -e "auth,authpriv.*\t|/dev/authfilter" >> /etc/rsyslog.d/authfilter.conf vo -i /etc/rsyslog.d/authfilter.conf /etc/init.d/rsyslog restart fi mkdir -p /etc/RCS vo -o /etc/inittab echo "AF:23:respawn:/usr/local/bin/authfilter /dev/authfilter" >> /etc/inittab vo -i /etc/inittab #kill -1 1 telinit q
project/authfilter.txt · Last modified: 2016/10/01 14:06 by 37.209.107.175