From 385df5e32f12839bf8977ee5936548c4cb48dd4e Mon Sep 17 00:00:00 2001 From: Dimitry Ishenko Date: Fri, 13 Dec 2024 21:17:37 -0500 Subject: [PATCH 1/3] Add wrapper for service manipulation --- tools/modules/functions/service.sh | 111 +++++++++++++++++++++++++++++ 1 file changed, 111 insertions(+) create mode 100644 tools/modules/functions/service.sh diff --git a/tools/modules/functions/service.sh b/tools/modules/functions/service.sh new file mode 100644 index 00000000..9a6924b4 --- /dev/null +++ b/tools/modules/functions/service.sh @@ -0,0 +1,111 @@ +# service.sh + +# internal function +_srv_inside_jail() { systemd-detect-virt -qc; } + +declare -A module_options +module_options+=( + ["srv_disable,author"]="@dimitry-ishenko" + ["srv_disable,desc"]="Disable service" + ["srv_disable,example"]="srv_disable ssh.service" + ["srv_disable,feature"]="srv_disable" + ["srv_disable,status"]="Interface" +) + +srv_disable() { systemctl disable "$@"; } + +module_options+=( + ["srv_enable,author"]="@dimitry-ishenko" + ["srv_enable,desc"]="Enable service" + ["srv_enable,example"]="srv_enable ssh.service" + ["srv_enable,feature"]="srv_enable" + ["srv_enable,status"]="Interface" +) + +srv_enable() { systemctl enable "$@"; } + +module_options+=( + ["srv_enabled,author"]="@dimitry-ishenko" + ["srv_enabled,desc"]="Check if service is enabled" + ["srv_enabled,example"]="srv_enabled ssh.service" + ["srv_enabled,feature"]="srv_enabled" + ["srv_enabled,status"]="Interface" +) + +srv_enabled() { systemctl is-enabled "$@"; } + +module_options+=( + ["srv_mask,author"]="@dimitry-ishenko" + ["srv_mask,desc"]="Mask service" + ["srv_mask,example"]="srv_mask ssh.service" + ["srv_mask,feature"]="srv_mask" + ["srv_mask,status"]="Interface" +) + +srv_mask() { systemctl mask "$@"; } + +module_options+=( + ["srv_reload,author"]="@dimitry-ishenko" + ["srv_reload,desc"]="Reload service" + ["srv_reload,example"]="srv_reload ssh.service" + ["srv_reload,feature"]="srv_reload" + ["srv_reload,status"]="Interface" +) + +srv_reload() +{ + # ignore inside container + _srv_inside_jail || systemctl reload "$@" +} + +module_options+=( + ["srv_restart,author"]="@dimitry-ishenko" + ["srv_restart,desc"]="Restart service" + ["srv_restart,example"]="srv_restart ssh.service" + ["srv_restart,feature"]="srv_restart" + ["srv_restart,status"]="Interface" +) + +srv_restart() +{ + # ignore inside container + _srv_inside_jail || systemctl restart "$@" +} + +module_options+=( + ["srv_start,author"]="@dimitry-ishenko" + ["srv_start,desc"]="Start service" + ["srv_start,example"]="srv_start ssh.service" + ["srv_start,feature"]="srv_start" + ["srv_start,status"]="Interface" +) + +srv_start() +{ + # ignore inside container + _srv_inside_jail || systemctl start "$@" +} + +module_options+=( + ["srv_stop,author"]="@dimitry-ishenko" + ["srv_stop,desc"]="Stop service" + ["srv_stop,example"]="srv_stop ssh.service" + ["srv_stop,feature"]="srv_stop" + ["srv_stop,status"]="Interface" +) + +srv_stop() +{ + # ignore inside container + _srv_inside_jail || systemctl stop "$@" +} + +module_options+=( + ["srv_unmask,author"]="@dimitry-ishenko" + ["srv_unmask,desc"]="Unmask service" + ["srv_unmask,example"]="srv_unmask ssh.service" + ["srv_unmask,feature"]="srv_unmask" + ["srv_unmask,status"]="Interface" +) + +srv_unmask() { systemctl unmask "$@"; } From aac5996d89517b6585dc4d68eeeba73dbc2fc130 Mon Sep 17 00:00:00 2001 From: Dimitry Ishenko Date: Fri, 13 Dec 2024 22:02:32 -0500 Subject: [PATCH 2/3] service: add srv_active --- tools/modules/functions/service.sh | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/tools/modules/functions/service.sh b/tools/modules/functions/service.sh index 9a6924b4..0b3a58a6 100644 --- a/tools/modules/functions/service.sh +++ b/tools/modules/functions/service.sh @@ -4,6 +4,20 @@ _srv_inside_jail() { systemd-detect-virt -qc; } declare -A module_options +module_options+=( + ["srv_active,author"]="@dimitry-ishenko" + ["srv_active,desc"]="Check if service is active" + ["srv_active,example"]="srv_active ssh.service" + ["srv_active,feature"]="srv_active" + ["srv_active,status"]="Interface" +) + +srv_active() +{ + # ignore inside container + _srv_inside_jail && return 1 || systemctl is-active --quiet "$@" +} + module_options+=( ["srv_disable,author"]="@dimitry-ishenko" ["srv_disable,desc"]="Disable service" From dce0439abdc3bb2fb0d52f1a65e248c5c2b9ab6f Mon Sep 17 00:00:00 2001 From: Dimitry Ishenko Date: Fri, 13 Dec 2024 22:20:27 -0500 Subject: [PATCH 3/3] Automated conversion --- tools/json/config.software.json | 14 +++++++------- tools/json/config.system.json | 20 ++++++++++---------- 2 files changed, 17 insertions(+), 17 deletions(-) diff --git a/tools/json/config.software.json b/tools/json/config.software.json index a28cb4e7..8697455d 100644 --- a/tools/json/config.software.json +++ b/tools/json/config.software.json @@ -253,7 +253,7 @@ ], "status": "Stable", "author": "@igorpecovnik", - "condition": "systemctl is-active --quiet service display-manager" + "condition": "srv_active display-manager" } ] }, @@ -348,7 +348,7 @@ "command": [ "get_user_continue \"This operation will purge avahi-daemon \nDo you wish to continue?\" process_input", "check_if_installed avahi-daemon", - "systemctl stop avahi-daemon avahi-daemon.socket", + "srv_stop avahi-daemon avahi-daemon.socket", "debconf-apt-progress -- apt-get -y purge avahi-daemon" ], "status": "Stable", @@ -1161,22 +1161,22 @@ "id": "MAN003", "description": "Start Cockpit Service", "command": [ - "sudo systemctl enable --now cockpit.socket | show_infobox " + "srv_enable --now cockpit.socket | show_infobox " ], "status": "Stable", "author": "@schwar3kat", - "condition": "check_if_installed cockpit && ! systemctl is-enabled cockpit.socket > /dev/null 2>&1" + "condition": "check_if_installed cockpit && ! srv_enabled cockpit.socket > /dev/null 2>&1" }, { "id": "MAN004", "description": "Stop Cockpit Service", "command": [ - "systemctl stop cockpit cockpit.socket", - "systemctl disable cockpit.socket | show_infobox " + "srv_stop cockpit cockpit.socket", + "srv_disable cockpit.socket | show_infobox " ], "status": "Stable", "author": "@schwar3kat", - "condition": "check_if_installed cockpit && systemctl is-enabled cockpit.socket > /dev/null 2>&1" + "condition": "check_if_installed cockpit && srv_enabled cockpit.socket > /dev/null 2>&1" }, { "id": "MAN005", diff --git a/tools/json/config.system.json b/tools/json/config.system.json index 6be7d453..9da3fbf4 100644 --- a/tools/json/config.system.json +++ b/tools/json/config.system.json @@ -169,7 +169,7 @@ "description": "Disable root login", "command": [ "sed -i \"s|^#\\?PermitRootLogin.*|PermitRootLogin no|\" /etc/ssh/sshd_config", - "systemctl restart sshd.service 2>/dev/null | systemctl restart ssh.service 2>/dev/null" + "srv_restart sshd.service 2>/dev/null | srv_restart ssh.service 2>/dev/null" ], "status": "Stable", "author": "@igorpecovnik", @@ -180,7 +180,7 @@ "description": "Enable root login", "command": [ "sed -i \"s/^#\\?PermitRootLogin.*/PermitRootLogin yes/\" /etc/ssh/sshd_config", - "systemctl restart sshd.service 2>/dev/null | systemctl restart ssh.service 2>/dev/null" + "srv_restart sshd.service 2>/dev/null | srv_restart ssh.service 2>/dev/null" ], "status": "Stable", "author": "@igorpecovnik", @@ -191,7 +191,7 @@ "description": "Disable password login", "command": [ "sed -i \"s/^#\\?PasswordAuthentication.*/PasswordAuthentication no/\" /etc/ssh/sshd_config", - "systemctl restart sshd.service 2>/dev/null | systemctl restart ssh.service 2>/dev/null" + "srv_restart sshd.service 2>/dev/null | srv_restart ssh.service 2>/dev/null" ], "status": "Stable", "author": "@igorpecovnik", @@ -202,7 +202,7 @@ "description": "Enable password login", "command": [ "sed -i \"s/^#\\?PasswordAuthentication.*/PasswordAuthentication yes/\" /etc/ssh/sshd_config", - "systemctl restart sshd.service 2>/dev/null | systemctl restart ssh.service 2>/dev/null" + "srv_restart sshd.service 2>/dev/null | srv_restart ssh.service 2>/dev/null" ], "status": "Stable", "author": "@igorpecovnik", @@ -213,7 +213,7 @@ "description": "Disable Public key authentication login", "command": [ "sed -i \"s/^#\\?PubkeyAuthentication.*/PubkeyAuthentication no/\" /etc/ssh/sshd_config", - "systemctl restart sshd.service 2>/dev/null | systemctl restart ssh.service 2>/dev/null" + "srv_restart sshd.service 2>/dev/null | srv_restart ssh.service 2>/dev/null" ], "status": "Stable", "author": "@igorpecovnik", @@ -224,7 +224,7 @@ "description": "Enable Public key authentication login", "command": [ "sed -i \"s/^#\\?PubkeyAuthentication.*/PubkeyAuthentication yes/\" /etc/ssh/sshd_config", - "systemctl restart sshd.service 2>/dev/null | systemctl restart ssh.service 2>/dev/null" + "srv_restart sshd.service 2>/dev/null | srv_restart ssh.service 2>/dev/null" ], "status": "Stable", "author": "@igorpecovnik", @@ -238,7 +238,7 @@ "! check_if_installed libpam-google-authenticator && ! check_if_installed qrencode || debconf-apt-progress -- apt-get -y purge libpam-google-authenticator qrencode", "sed -i \"s/^#\\?ChallengeResponseAuthentication.*/ChallengeResponseAuthentication no/\" /etc/ssh/sshd_config || sed -i \"0,/KbdInteractiveAuthentication/s//ChallengeResponseAuthentication yes/\" /etc/ssh/sshd_config", "sed -i '/^auth required pam_google_authenticator.so nullok/ d' /etc/pam.d/sshd", - "systemctl restart sshd.service 2>/dev/null | systemctl restart ssh.service 2>/dev/null" + "srv_restart sshd.service 2>/dev/null | srv_restart ssh.service 2>/dev/null" ], "status": "Stable", "author": "@igorpecovnik", @@ -253,7 +253,7 @@ "sed -i \"s/^#\\?ChallengeResponseAuthentication.*/ChallengeResponseAuthentication yes/\" /etc/ssh/sshd_config", "sed -i $'/KbdInteractiveAuthentication/{iChallengeResponseAuthentication yes\\n:a;n;ba}' /etc/ssh/sshd_config || sed -n -i '/password updating/{p;:a;N;/@include common-password/!ba;s/.*\\n/auth required pam_google_authenticator.so nullok\\nauth required pam_permit.so\\n/};p' /etc/pam.d/sshd", "[ ! -f /root/.google_authenticator ] && qr_code generate", - "systemctl restart sshd.service 2>/dev/null | systemctl restart ssh.service 2>/dev/null" + "srv_restart sshd.service 2>/dev/null | srv_restart ssh.service 2>/dev/null" ], "status": "Stable", "author": "@igorpecovnik", @@ -284,7 +284,7 @@ "description": "Disable last login banner", "command": [ "sed -i \"s/^#\\?PrintLastLog.*/PrintLastLog no/\" /etc/ssh/sshd_config", - "systemctl restart ssh.service " + "srv_restart ssh.service " ], "status": "Stable", "author": "@igorpecovnik", @@ -295,7 +295,7 @@ "description": "Enable last login banner", "command": [ "sed -i \"s/^#\\?PrintLastLog.*/PrintLastLog yes/\" /etc/ssh/sshd_config", - "systemctl restart ssh.service " + "srv_restart ssh.service " ], "status": "Stable", "author": "@igorpecovnik",