Servisi koji su onemoguceni u datoteci /etc/inetd.conf
authorDragan Dosen <bane@nekkar.carnet.hr>
Sat, 21 Feb 2009 13:28:14 +0000 (14:28 +0100)
committerDragan Dosen <bane@nekkar.carnet.hr>
Sat, 21 Feb 2009 13:28:14 +0000 (14:28 +0100)
  ne migriraju se, provjera ispravnosti konfiguracije servisa.

  Dodatna provjera konfiguracije pojedinog servisa - servis
  koji nema ispravne atribute je onemogucen ('user', 'group',
  'server').

  Izmjena u README.CARNet datoteci, ispravke za sed i egrep u
  debian/postinst.

debian/README.CARNet
debian/changelog
debian/postinst

index 533dfb0..9b73ec1 100644 (file)
@@ -9,7 +9,8 @@ INSTALACIJA:
 
 Servisi koji su zapisani u /etc/inetd.conf datoteci bit ce
 automatski konvertirani u zasebne konfiguracijske datoteke unutar
-/etc/xinetd.d/ direktorija.
+/etc/xinetd.d/ direktorija.  To vrijedi samo za one servise koji
+nisu onemoguceni unutar /etc/inetd.conf datoteke.
 
 Servisi koji su konfigurirani unutar konfiguracijske datoteke
 /etc/xinetd.conf bit ce takodjer automatski konvertirani u 
@@ -17,6 +18,10 @@ zasebne konfiguracije u /etc/xinetd.d/ direktoriju.  U datoteci
 /etc/xinetd.conf ostat ce samo globalne opcije i linija koja 
 ukljucuje konfiguraciju iz /etc/xinetd.d/ direktorija.
 
+Konfiguracija pojedinog servisa dodatno se provjerava - u slucaju
+da servis nema ispravne atribute ('user', 'group' ili 'server'),
+isti ce biti onemogucen (zakomentiran).
+
 
 VAZNA NAPOMENA:
 
index a799cef..2392606 100644 (file)
@@ -10,6 +10,10 @@ xinetd-cn (1:2.3.14-2) stable; urgency=low
       /etc/default/xinetd - isti se postavlja u 'INETD_COMPAT=No',
     + backup konfiguracijskih datoteka od sada se nalazi unutar
       direktorija /var/backups/xinetd-cn/,
+    + servisi koji su onemoguceni unutar /etc/inetd.conf datoteke
+      ne migriraju se,
+    + provjera konfiguracije pojedinog servisa - servis koji nema
+      ispravne atribute je onemogucen ('user', 'group', 'server'),
     + dodatne manje izmjene.
   * Datoteka debian/control:
     + ovisnost o xinetd (>= 1:2.3.14-7~cn1).
index b7878b6..b6ff377 100644 (file)
@@ -34,6 +34,32 @@ cleanup () {
        fi
 }
 
+# backup_and_disable_service()
+#
+#   Backup and disable service with invalid configuration.
+#   Arguments:  service, services_file
+#
+backup_and_disable_service () {
+
+       local serv servfile out
+       serv="$1"
+       servfile="$2"
+
+       if cp_backup_conffile -r -d $BACKUPDIR -p /etc/xinetd.d/$servfile; then
+               cp_echo "CN: Old /etc/xinetd.d/$servfile saved as $BACKUPDIR/`basename /etc/xinetd.d/$servfile`.bak."
+       fi
+
+       cp_echo "CN: Disabling service '$serv' in configuration file /etc/xinetd.d/$servfile."
+
+       out=`mktemp /etc/xinetd.d/$servfile.tmp.XXXXXX`
+       temp_files="$temp_files $out"
+
+       sed -r "/^[[:space:]]*service[[:space:]]+$serv[[:space:]]*$/,/^}/ s/^(.*)/#\1/" \
+               /etc/xinetd.d/$servfile > $out
+       rm -f /etc/xinetd.d/$servfile
+       mv "$out" "/etc/xinetd.d/$servfile"
+       chmod 644 "/etc/xinetd.d/$servfile"
+}
 
 # Set trap for deleting all temp files.
 #
@@ -54,7 +80,7 @@ temp_files="$CONFTMP"
 if [ -f "$INETDCONF" ]; then
 
        # Convert inetd.conf to temporary xinetd.conf file using xconv.pl tool
-       /usr/sbin/xconv.pl < $INETDCONF > $CONFTMP
+       egrep -v "^#<off>#" $INETDCONF | /usr/sbin/xconv.pl > $CONFTMP || true
 fi
 
 # Parse /etc/xinetd.conf file and convert services' configuration to
@@ -62,12 +88,12 @@ fi
 #
 conffile_list="$CONFTMP"
 if [ -f "$CONF" ]; then
-       if egrep -q "^service[[:space:]]+" "$CONF"; then
+       if egrep -q "^[[:space:]]*service[[:space:]]+" "$CONF"; then
                conffile_list="$CONF $conffile_list"
                xinetd_conf_did=1
        fi
 fi
-services_list="`cat $conffile_list | egrep "^service[[:space:]]+" | sed -r 's/service[[:space:]]+//g' | uniq`" || true
+services_list="`sed -nr 's/^[[:space:]]*service[[:space:]]+//p' $conffile_list | uniq`"
 
 if [ -n "$services_list" ]; then
 
@@ -84,12 +110,13 @@ if [ -n "$services_list" ]; then
 
        touch /etc/xinetd.d/$service || true
        # cat "$CONF" "$CONFTMP" | sed -n "/^service $service/,/^}/p" | cp-update "$PKG" "/etc/xinetd.d/$service"
-       cat $conffile_list | sed -rn "/^service[[:space:]]+$service/,/^}/p" >> "/etc/xinetd.d/$service"
+       sed -rn "/^[[:space:]]*service[[:space:]]+$service[[:space:]]*$/,/^}/p" \
+               $conffile_list >> "/etc/xinetd.d/$service"
 
        need_restart=1
     done
 
-    if egrep -q "^service[[:space:]]+" "$CONFTMP"; then
+    if egrep -q "^[[:space:]]*service[[:space:]]+" "$CONFTMP"; then
        cp_echo "CN: All services were converted from $INETDCONF file to separated"
        cp_echo "CN: configuration files located in /etc/xinetd.d/ directory."
     fi
@@ -110,8 +137,8 @@ fi
 
 # Remove services from /etc/xinetd.conf file
 #
-cp_check_and_sed "^service[[:space:]]+" \
-       "/^service[[:space:]]/,/^}/d" \
+cp_check_and_sed "^[[:space:]]*service[[:space:]]+" \
+       "/^[[:space:]]*service[[:space:]]/,/^}/d" \
        "$CONF" && need_restart=1 || true
 
 # Check if there is no defaults block in /etc/xinetd.conf
@@ -134,6 +161,61 @@ if ! egrep -q '^includedir /etc/xinetd.d' "$CONF"; then
        need_restart=1
 fi
 
+# Validate services' configuration.
+#
+services_file_list="`ls -1 /etc/xinetd.d/`"
+if [ -n "$services_file_list" ]; then
+
+    for services_file in $services_file_list; do
+
+       # Get services list from $services_file
+       services_list="`sed -rn "s/^[[:space:]]*service[[:space:]]+(.*)[[:space:]]*$/\1/p" /etc/xinetd.d/$services_file`"
+
+       if [ -n "$services_list" ]; then
+
+           for service in $services_list; do
+
+               service_disable=0
+               service_block="`sed -rn "/^[[:space:]]*service[[:space:]]+$service[[:space:]]*$/,/^}/p" /etc/xinetd.d/$services_file`"
+
+               # Check service's user
+               service_user="`echo "$service_block" | sed -nr "s/^[[:space:]]*user[[:space:]]*=[[:space:]]*(.*)[[:space:]]*$/\1/p"`"
+               if [ -n "$service_user" ]; then
+
+                   service_user_chk="`getent passwd "$service_user"`" || true
+                   if [ -z "$service_user_chk" ]; then
+                       cp_echo "CN: Error in /etc/xinetd.d/$services_file for service '$service' - user '$service_user' does not exist."
+                       service_disable=1
+                   fi
+               fi
+
+               # Check service's group
+               service_group="`echo "$service_block" | sed -nr "s/^[[:space:]]*group[[:space:]]*=[[:space:]]*(.*)[[:space:]]*$/\1/p"`"
+               if [ -n "$service_group" ]; then
+
+                   service_group_chk="`getent passwd "$service_group"`" || true
+                   if [ -z "$service_group_chk" ]; then
+                       cp_echo "CN: Error in /etc/xinetd.d/$services_file for service '$service' - group '$service_group' does not exist."
+                       service_disable=1
+                   fi
+               fi
+
+               # Check service's binary
+               service_server="`echo "$service_block" | sed -nr "s/^[[:space:]]*server[[:space:]]*=[[:space:]]*(.*)[[:space:]]*$/\1/p"`"
+               if [ -n "$service_server" ] && [ ! -x "$service_server" ]; then
+                   cp_echo "CN: Error in /etc/xinetd.d/$services_file for service '$service' - server '$service_server' does not exist."
+                   service_disable=1
+               fi
+
+               if [ $service_disable -eq 1 ]; then
+                   backup_and_disable_service "$service" "$services_file"
+                   need_restart=1
+               fi
+           done
+       fi
+    done
+fi
+
 # Remove -inetd_compat option and set INETD_COMPAT to 'No' in /etc/default/xinetd
 #
 if [ -f "$DEFAULT" ]; then