moonq/ssh-box
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

logrotate, and healthcheck

Browse Source
This commit is contained in:
Ville Rantanen
2024-03-02 12:43:24 +02:00
parent f5829f0492
commit 401bbfed0b
3 changed files with 70 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
.gitignore vendored
View File

@@ -1,4 +1 @@
data/ data/
home/
users/
sshd_config/

5
build/Dockerfile
View File

@@ -1,10 +1,11 @@
FROM alpine FROM alpine
RUN apk add --no-cache \ RUN apk add --no-cache \
openssh \ openssh \
openssh-server-pam \
bash \ bash \
rsync \ logrotate \
moreutils \ moreutils \
openssh-server-pam \
rsync \
shadow \ shadow \
tzdata tzdata

79
build/run_ssh_box.sh
View File

@@ -18,7 +18,7 @@ Subsystem sftp /usr/lib/ssh/sftp-server -u 002
EOF EOF
rsync -va /etc/ssh/ "$basedir"/ssh-cache/ rsync -va /etc/ssh/ "$basedir"/ssh-cache/
} }
mkdir -p "$basedir"/users "$basedir"/ssh-cache "$basedir"/home mkdir -p "$basedir"/users "$basedir"/ssh-cache "$basedir"/home "$basedir"/log
rsync -va --del "$basedir"/ssh-cache/ /etc/ssh/ rsync -va --del "$basedir"/ssh-cache/ /etc/ssh/
chown -R $USR "$basedir"/users "$basedir"/ssh-cache chown -R $USR "$basedir"/users "$basedir"/ssh-cache
chown -R root:root /etc/ssh/ chown -R root:root /etc/ssh/
@@ -47,20 +47,75 @@ ln -sfT "$basedir"/home /home
touch /tmp/empty_keys touch /tmp/empty_keys
chmod 0200 /tmp/empty_keys chmod 0200 /tmp/empty_keys
cat <<EOF > /etc/profile
alias ll='ls -al'
EOF
echo "$NAME" > /etc/motd
cat <<EOF > /usr/local/sbin/sshd_start.sh
#!/bin/sh
exec "/usr/sbin/sshd" "-D" "-e" -g 60 "-f" "/etc/ssh/sshd_config" 2>&1 | \
ts "%b %d %H:%M:%S ${HOSTNAME} sshd[$$]:" >> "${basedir}"/log/sshd.log
EOF
cat <<'EOF' > /usr/local/sbin/sshd_restart.sh
#!/bin/sh
test -e /var/run/sshd.pid && {
kill `cat /var/run/sshd.pid`
}
/usr/local/sbin/sshd_start.sh &
EOF
cat <<'EOF' > /etc/logrotate.d/sshd
/var/log/sshd.log
{
rotate 12
monthly
missingok
notifempty
compress
delaycompress
sharedscripts
postrotate
[ -x /usr/local/sbin/sshd_restart.sh ] && /usr/local/sbin/sshd_restart.sh || true
endscript
}
EOF
cat <<'EOF' > /usr/local/sbin/logrotate_weekly.sh
#!/bin/sh
/usr/sbin/logrotate -s /var/log/logrotate.state /etc/logrotate.conf
EOF
ln -sfT /usr/local/sbin/logrotate_weekly.sh /etc/periodic/daily/logrotate_weekly
cat <<'EOF' > /usr/local/sbin/health_check.sh
#!/bin/sh
_fail() {
echo sshd missing | \
ts "%b %d %H:%M:%S ${HOSTNAME} health[$$]:" >> /var/log/health.log
kill -9 -1
}
test -e /var/run/sshd.pid || _fail
test -e /var/run/sshd.pid && {
sshdpid=$( cat /var/run/sshd.pid )
test -e /proc/$sshdpid/stat || _fail
}
EOF
ln -sfT /usr/local/sbin/health_check.sh /etc/periodic/15min/health_check
chown root:root /usr/local/sbin/*.sh chown root:root /usr/local/sbin/*.sh
chmod 0700 /usr/local/sbin/*.sh chmod 0700 /usr/local/sbin/*.sh
cat <<EOF > /etc/profile
alias ll='ls -al'
EOF
echo "$NAME" > /etc/motd
update_users.sh update_users.sh
touch /var/ssh-box/sshd.log rmdir /var/log || true
chmod 0600 /var/ssh-box/sshd.log ln -sfT "$basedir"/log /var/log
"/usr/sbin/sshd" "-D" "-e" "-f" "/etc/ssh/sshd_config" 2>&1 | \ touch "$basedir"/log/sshd.log
ts "%b %d %H:%M:%S $HOSTNAME sshd[$$]:" | \ chmod 0600 "$basedir"/log/*
tee -a /var/ssh-box/sshd.log
/usr/local/sbin/sshd_restart.sh
crond -f -L "${basedir}/log/cron.log"