|
|
@@ -89,6 +89,7 @@ SSH_SESSION_CACHE_TTL=10
|
|
|
SSH_SESSION_CACHE_TS=0
|
|
|
SSH_SESSION_CACHE_DB_MTIME=0
|
|
|
SSH_SESSION_TOTAL=0
|
|
|
+FF_USERS_GROUP="ffusers"
|
|
|
declare -A SSH_SESSION_COUNTS=()
|
|
|
declare -A SSH_SESSION_PIDS=()
|
|
|
|
|
|
@@ -116,6 +117,100 @@ ensure_firewallfalcon_dirs() {
|
|
|
touch "$DB_FILE"
|
|
|
}
|
|
|
|
|
|
+ensure_firewallfalcon_system_group() {
|
|
|
+ getent group "$FF_USERS_GROUP" >/dev/null 2>&1 || groupadd "$FF_USERS_GROUP" >/dev/null 2>&1 || true
|
|
|
+}
|
|
|
+
|
|
|
+db_has_user() {
|
|
|
+ [[ -f "$DB_FILE" ]] || return 1
|
|
|
+ awk -F: -v target="$1" '$1 == target { found=1; exit } END { exit(found ? 0 : 1) }' "$DB_FILE"
|
|
|
+}
|
|
|
+
|
|
|
+is_firewallfalcon_orphan_user() {
|
|
|
+ local username="$1"
|
|
|
+ local passwd_line system_user _ uid _ home shell
|
|
|
+
|
|
|
+ passwd_line=$(getent passwd "$username" 2>/dev/null) || return 1
|
|
|
+ IFS=: read -r system_user _ uid _ _ home shell <<< "$passwd_line"
|
|
|
+ [[ "$uid" =~ ^[0-9]+$ ]] || return 1
|
|
|
+ db_has_user "$username" && return 1
|
|
|
+
|
|
|
+ if id -nG "$username" 2>/dev/null | tr ' ' '\n' | grep -Fxq "$FF_USERS_GROUP"; then
|
|
|
+ return 0
|
|
|
+ fi
|
|
|
+
|
|
|
+ (( uid >= 1000 )) || return 1
|
|
|
+ [[ "$home" == "/home/$username" || "$home" == /home/* ]] || return 1
|
|
|
+
|
|
|
+ case "$shell" in
|
|
|
+ /usr/sbin/nologin|/usr/bin/false|/bin/false) return 0 ;;
|
|
|
+ esac
|
|
|
+
|
|
|
+ return 1
|
|
|
+}
|
|
|
+
|
|
|
+get_firewallfalcon_orphan_users() {
|
|
|
+ local username
|
|
|
+ while IFS=: read -r username _rest; do
|
|
|
+ [[ -n "$username" ]] || continue
|
|
|
+ if is_firewallfalcon_orphan_user "$username"; then
|
|
|
+ echo "$username"
|
|
|
+ fi
|
|
|
+ done < /etc/passwd
|
|
|
+}
|
|
|
+
|
|
|
+get_firewallfalcon_known_users() {
|
|
|
+ local username
|
|
|
+ local -A seen_users=()
|
|
|
+
|
|
|
+ if [[ -f "$DB_FILE" ]]; then
|
|
|
+ while IFS=: read -r username _rest; do
|
|
|
+ [[ -n "$username" && "$username" != \#* ]] || continue
|
|
|
+ seen_users["$username"]=1
|
|
|
+ done < "$DB_FILE"
|
|
|
+ fi
|
|
|
+
|
|
|
+ while IFS= read -r username; do
|
|
|
+ [[ -n "$username" ]] && seen_users["$username"]=1
|
|
|
+ done < <(get_firewallfalcon_orphan_users)
|
|
|
+
|
|
|
+ (( ${#seen_users[@]} > 0 )) || return 0
|
|
|
+ printf "%s\n" "${!seen_users[@]}" | sort
|
|
|
+}
|
|
|
+
|
|
|
+delete_firewallfalcon_user_accounts() {
|
|
|
+ local -a users_to_delete=("$@")
|
|
|
+ local username
|
|
|
+
|
|
|
+ [[ ${#users_to_delete[@]} -gt 0 ]] || return 0
|
|
|
+
|
|
|
+ for username in "${users_to_delete[@]}"; do
|
|
|
+ [[ -n "$username" ]] || continue
|
|
|
+ killall -u "$username" -9 &>/dev/null
|
|
|
+ if id "$username" &>/dev/null; then
|
|
|
+ if userdel -r "$username" &>/dev/null; then
|
|
|
+ echo -e " ✅ System user '${C_YELLOW}$username${C_RESET}' deleted."
|
|
|
+ else
|
|
|
+ echo -e " ❌ Failed to delete system user '${C_YELLOW}$username${C_RESET}'."
|
|
|
+ fi
|
|
|
+ else
|
|
|
+ echo -e " ℹ️ System user '${C_YELLOW}$username${C_RESET}' was already missing. Removing manager data only."
|
|
|
+ fi
|
|
|
+ rm -f "$BANDWIDTH_DIR/${username}.usage"
|
|
|
+ rm -rf "$BANDWIDTH_DIR/pidtrack/${username}"
|
|
|
+ done
|
|
|
+
|
|
|
+ if [[ -f "$DB_FILE" ]]; then
|
|
|
+ local db_tmp
|
|
|
+ db_tmp=$(mktemp)
|
|
|
+ awk -F: 'NR==FNR { drop[$1]=1; next } !($1 in drop)' <(printf "%s\n" "${users_to_delete[@]}") "$DB_FILE" > "$db_tmp" && mv "$db_tmp" "$DB_FILE"
|
|
|
+ rm -f "$db_tmp" 2>/dev/null
|
|
|
+ fi
|
|
|
+
|
|
|
+ invalidate_banner_cache
|
|
|
+ refresh_dynamic_banner_routing_if_enabled
|
|
|
+}
|
|
|
+
|
|
|
require_interactive_terminal() {
|
|
|
if [[ ! -t 0 || ! -t 1 ]]; then
|
|
|
echo -e "${C_RED}❌ Error: The FirewallFalcon menu must be run from an interactive terminal.${C_RESET}"
|
|
|
@@ -128,6 +223,7 @@ initial_setup() {
|
|
|
check_environment
|
|
|
|
|
|
ensure_firewallfalcon_dirs
|
|
|
+ ensure_firewallfalcon_system_group
|
|
|
|
|
|
echo -e "${C_BLUE}🔹 Configuring user limiter service...${C_RESET}"
|
|
|
setup_limiter_service
|
|
|
@@ -251,15 +347,30 @@ setup_limiter_service() {
|
|
|
# Combined limiter + bandwidth monitoring
|
|
|
cat > "$LIMITER_SCRIPT" << 'EOF'
|
|
|
#!/bin/bash
|
|
|
-# FirewallFalcon limiter version 2026-03-22.1
|
|
|
+# FirewallFalcon limiter version 2026-03-27.1
|
|
|
DB_FILE="/etc/firewallfalcon/users.db"
|
|
|
BW_DIR="/etc/firewallfalcon/bandwidth"
|
|
|
PID_DIR="$BW_DIR/pidtrack"
|
|
|
+BANNER_DIR="/etc/firewallfalcon/banners"
|
|
|
SCAN_INTERVAL=30
|
|
|
|
|
|
mkdir -p "$BW_DIR" "$PID_DIR"
|
|
|
shopt -s nullglob
|
|
|
|
|
|
+write_banner_if_changed() {
|
|
|
+ local user="$1"
|
|
|
+ local content="$2"
|
|
|
+ local banner_file="$BANNER_DIR/${user}.txt"
|
|
|
+ local tmp_file="${banner_file}.tmp"
|
|
|
+
|
|
|
+ printf "%s" "$content" > "$tmp_file"
|
|
|
+ if ! cmp -s "$tmp_file" "$banner_file" 2>/dev/null; then
|
|
|
+ mv "$tmp_file" "$banner_file"
|
|
|
+ else
|
|
|
+ rm -f "$tmp_file"
|
|
|
+ fi
|
|
|
+}
|
|
|
+
|
|
|
while true; do
|
|
|
if [[ ! -s "$DB_FILE" ]]; then
|
|
|
sleep "$SCAN_INTERVAL"
|
|
|
@@ -267,11 +378,11 @@ while true; do
|
|
|
fi
|
|
|
|
|
|
current_ts=$(date +%s)
|
|
|
- declare -A session_counts=()
|
|
|
+ dynamic_banners_enabled=false
|
|
|
declare -A session_pids=()
|
|
|
declare -A locked_users=()
|
|
|
declare -A uid_to_user=()
|
|
|
- declare -A seen_sessions=()
|
|
|
+ declare -A loginuid_pids=()
|
|
|
|
|
|
while IFS=: read -r username _ uid _rest; do
|
|
|
[[ -n "$username" && "$uid" =~ ^[0-9]+$ ]] && uid_to_user["$uid"]="$username"
|
|
|
@@ -280,34 +391,56 @@ while true; do
|
|
|
while read -r ssh_pid ssh_owner; do
|
|
|
[[ "$ssh_pid" =~ ^[0-9]+$ ]] || continue
|
|
|
|
|
|
- session_user=""
|
|
|
if [[ -n "$ssh_owner" && "$ssh_owner" != "root" && "$ssh_owner" != "sshd" ]]; then
|
|
|
- session_user="$ssh_owner"
|
|
|
- elif [[ -r "/proc/$ssh_pid/loginuid" ]]; then
|
|
|
- login_uid=""
|
|
|
- read -r login_uid < "/proc/$ssh_pid/loginuid" || login_uid=""
|
|
|
- if [[ "$login_uid" =~ ^[0-9]+$ && "$login_uid" != "4294967295" ]]; then
|
|
|
- session_user="${uid_to_user[$login_uid]}"
|
|
|
- fi
|
|
|
+ session_pids["$ssh_owner"]+="$ssh_pid "
|
|
|
fi
|
|
|
+ done < <(ps -C sshd -o pid=,user= 2>/dev/null)
|
|
|
+
|
|
|
+ for p in /proc/[0-9]*/loginuid; do
|
|
|
+ [[ -f "$p" ]] || continue
|
|
|
+ login_uid=""
|
|
|
+ read -r login_uid < "$p" || login_uid=""
|
|
|
+ [[ "$login_uid" =~ ^[0-9]+$ && "$login_uid" != "4294967295" ]] || continue
|
|
|
|
|
|
+ session_user="${uid_to_user[$login_uid]}"
|
|
|
[[ -n "$session_user" ]] || continue
|
|
|
- session_key="${session_user}:$ssh_pid"
|
|
|
- [[ -z "${seen_sessions[$session_key]+x}" ]] || continue
|
|
|
|
|
|
- seen_sessions["$session_key"]=1
|
|
|
- ((session_counts["$session_user"]++))
|
|
|
- session_pids["$session_user"]+="$ssh_pid "
|
|
|
- done < <(ps -C sshd -o pid=,user= 2>/dev/null)
|
|
|
+ pid_dir=$(dirname "$p")
|
|
|
+ pid_num=$(basename "$pid_dir")
|
|
|
+ comm=""
|
|
|
+ read -r comm < "$pid_dir/comm" || comm=""
|
|
|
+ [[ "$comm" == "sshd" ]] || continue
|
|
|
+
|
|
|
+ ppid_val=""
|
|
|
+ while read -r key value; do
|
|
|
+ if [[ "$key" == "PPid:" ]]; then
|
|
|
+ ppid_val="${value:-}"
|
|
|
+ break
|
|
|
+ fi
|
|
|
+ done < "$pid_dir/status"
|
|
|
+ [[ "$ppid_val" == "1" ]] && continue
|
|
|
+
|
|
|
+ loginuid_pids["$session_user"]+="$pid_num "
|
|
|
+ done
|
|
|
|
|
|
while read -r passwd_user _ passwd_status _rest; do
|
|
|
[[ "$passwd_status" == "L" ]] && locked_users["$passwd_user"]=1
|
|
|
done < <(passwd -Sa 2>/dev/null)
|
|
|
|
|
|
+ if [[ -f "/etc/firewallfalcon/banners_enabled" ]]; then
|
|
|
+ mkdir -p "$BANNER_DIR"
|
|
|
+ dynamic_banners_enabled=true
|
|
|
+ fi
|
|
|
+
|
|
|
while IFS=: read -r user pass expiry limit bandwidth_gb _extra; do
|
|
|
[[ -z "$user" || "$user" == \#* ]] && continue
|
|
|
|
|
|
- online_count=${session_counts["$user"]:-0}
|
|
|
+ declare -A unique_pids=()
|
|
|
+ for pid in ${session_pids["$user"]} ${loginuid_pids["$user"]}; do
|
|
|
+ [[ "$pid" =~ ^[0-9]+$ ]] && unique_pids["$pid"]=1
|
|
|
+ done
|
|
|
+
|
|
|
+ online_count=${#unique_pids[@]}
|
|
|
user_locked=false
|
|
|
if [[ -n "${locked_users[$user]+x}" ]]; then
|
|
|
user_locked=true
|
|
|
@@ -339,6 +472,44 @@ while true; do
|
|
|
fi
|
|
|
fi
|
|
|
|
|
|
+ if $dynamic_banners_enabled; then
|
|
|
+ days_left="N/A"
|
|
|
+ if [[ "$expiry" != "Never" && -n "$expiry" && "$expiry_ts" =~ ^[0-9]+$ && $expiry_ts -gt 0 ]]; then
|
|
|
+ diff_secs=$((expiry_ts - current_ts))
|
|
|
+ if (( diff_secs <= 0 )); then
|
|
|
+ days_left="EXPIRED"
|
|
|
+ else
|
|
|
+ d_l=$(( diff_secs / 86400 ))
|
|
|
+ h_l=$(( (diff_secs % 86400) / 3600 ))
|
|
|
+ if (( d_l == 0 )); then
|
|
|
+ days_left="${h_l}h left"
|
|
|
+ else
|
|
|
+ days_left="${d_l}d ${h_l}h"
|
|
|
+ fi
|
|
|
+ fi
|
|
|
+ fi
|
|
|
+
|
|
|
+ bw_info="Unlimited"
|
|
|
+ if [[ "$bandwidth_gb" != "0" && -n "$bandwidth_gb" ]]; then
|
|
|
+ usagefile="$BW_DIR/${user}.usage"
|
|
|
+ accum_disp=0
|
|
|
+ if [[ -f "$usagefile" ]]; then
|
|
|
+ read -r accum_disp < "$usagefile"
|
|
|
+ [[ "$accum_disp" =~ ^[0-9]+$ ]] || accum_disp=0
|
|
|
+ fi
|
|
|
+ used_gb=$(awk "BEGIN {printf \"%.2f\", $accum_disp / 1073741824}")
|
|
|
+ remain_gb=$(awk "BEGIN {r=$bandwidth_gb - $used_gb; if(r<0) r=0; printf \"%.2f\", r}")
|
|
|
+ bw_info="${used_gb}/${bandwidth_gb} GB used | ${remain_gb} GB left"
|
|
|
+ fi
|
|
|
+
|
|
|
+ banner_content="<br><font color=\"yellow\"><b> ✨ ACCOUNT STATUS ✨ </b></font><br><br>"
|
|
|
+ banner_content+="<font color=\"white\">👤 <b>Username :</b> $user</font><br>"
|
|
|
+ banner_content+="<font color=\"white\">📅 <b>Expiration :</b> $expiry ($days_left)</font><br>"
|
|
|
+ banner_content+="<font color=\"white\">📊 <b>Bandwidth :</b> $bw_info</font><br>"
|
|
|
+ banner_content+="<font color=\"white\">🔌 <b>Sessions :</b> $online_count/$limit</font><br><br>"
|
|
|
+ write_banner_if_changed "$user" "$banner_content"
|
|
|
+ fi
|
|
|
+
|
|
|
[[ -z "$bandwidth_gb" || "$bandwidth_gb" == "0" ]] && continue
|
|
|
|
|
|
usagefile="$BW_DIR/${user}.usage"
|
|
|
@@ -348,15 +519,13 @@ while true; do
|
|
|
[[ "$accumulated" =~ ^[0-9]+$ ]] || accumulated=0
|
|
|
fi
|
|
|
|
|
|
- pids="${session_pids["$user"]}"
|
|
|
- if [[ -z "$pids" ]]; then
|
|
|
+ if (( ${#unique_pids[@]} == 0 )); then
|
|
|
rm -f "$PID_DIR/${user}__"*.last 2>/dev/null
|
|
|
continue
|
|
|
fi
|
|
|
|
|
|
delta_total=0
|
|
|
- for pid in $pids; do
|
|
|
- [[ "$pid" =~ ^[0-9]+$ ]] || continue
|
|
|
+ for pid in "${!unique_pids[@]}"; do
|
|
|
io_file="/proc/$pid/io"
|
|
|
cur=0
|
|
|
if [[ -r "$io_file" ]]; then
|
|
|
@@ -445,11 +614,16 @@ EOF
|
|
|
}
|
|
|
|
|
|
sync_runtime_components_if_needed() {
|
|
|
- local limiter_marker="# FirewallFalcon limiter version 2026-03-22.1"
|
|
|
+ local limiter_marker="# FirewallFalcon limiter version 2026-03-27.1"
|
|
|
if [[ ! -f "$LIMITER_SCRIPT" ]] || ! grep -Fqx "$limiter_marker" "$LIMITER_SCRIPT" 2>/dev/null; then
|
|
|
setup_limiter_service >/dev/null 2>&1
|
|
|
fi
|
|
|
- if [[ -f "$SSHD_FF_CONFIG" || -f "/etc/firewallfalcon/banners_enabled" ]]; then
|
|
|
+ if [[ -f "$BADVPN_SERVICE_FILE" ]]; then
|
|
|
+ ensure_badvpn_service_is_quiet
|
|
|
+ fi
|
|
|
+ if [[ -f "/etc/firewallfalcon/banners_enabled" ]]; then
|
|
|
+ update_ssh_banners_config
|
|
|
+ elif [[ -f "$SSHD_FF_CONFIG" ]]; then
|
|
|
disable_dynamic_ssh_banner_system
|
|
|
systemctl reload sshd 2>/dev/null || systemctl reload ssh 2>/dev/null || true
|
|
|
fi
|
|
|
@@ -500,14 +674,77 @@ disable_dynamic_ssh_banner_system() {
|
|
|
invalidate_banner_cache
|
|
|
}
|
|
|
|
|
|
+disable_static_ssh_banner_in_sshd_config() {
|
|
|
+ sed -i.bak -E "s|^[[:space:]]*Banner[[:space:]]+$SSH_BANNER_FILE[[:space:]]*$|# Banner $SSH_BANNER_FILE|" /etc/ssh/sshd_config 2>/dev/null
|
|
|
+}
|
|
|
+
|
|
|
+is_static_ssh_banner_enabled() {
|
|
|
+ grep -q -E "^[[:space:]]*Banner[[:space:]]+$SSH_BANNER_FILE[[:space:]]*$" /etc/ssh/sshd_config 2>/dev/null && [ -f "$SSH_BANNER_FILE" ]
|
|
|
+}
|
|
|
+
|
|
|
+is_dynamic_ssh_banner_enabled() {
|
|
|
+ [[ -f "/etc/firewallfalcon/banners_enabled" && -f "$SSHD_FF_CONFIG" ]]
|
|
|
+}
|
|
|
+
|
|
|
+get_ssh_banner_mode() {
|
|
|
+ if is_dynamic_ssh_banner_enabled; then
|
|
|
+ echo "dynamic"
|
|
|
+ elif is_static_ssh_banner_enabled; then
|
|
|
+ echo "static"
|
|
|
+ else
|
|
|
+ echo "disabled"
|
|
|
+ fi
|
|
|
+}
|
|
|
+
|
|
|
+refresh_dynamic_banner_routing_if_enabled() {
|
|
|
+ if is_dynamic_ssh_banner_enabled; then
|
|
|
+ update_ssh_banners_config
|
|
|
+ fi
|
|
|
+}
|
|
|
+
|
|
|
update_ssh_banners_config() {
|
|
|
- disable_dynamic_ssh_banner_system
|
|
|
+ local tmp_conf
|
|
|
+
|
|
|
+ if [[ ! -f "/etc/firewallfalcon/banners_enabled" ]]; then
|
|
|
+ if [[ -f "$SSHD_FF_CONFIG" ]]; then
|
|
|
+ rm -f "$SSHD_FF_CONFIG" 2>/dev/null
|
|
|
+ systemctl reload sshd 2>/dev/null || systemctl reload ssh 2>/dev/null
|
|
|
+ fi
|
|
|
+ return
|
|
|
+ fi
|
|
|
+
|
|
|
+ ensure_firewallfalcon_dirs
|
|
|
+ tmp_conf="/tmp/ff_banners_new.conf"
|
|
|
+ echo "# FirewallFalcon - Dynamic per-user SSH banners" > "$tmp_conf"
|
|
|
+
|
|
|
+ if [[ -f "$DB_FILE" ]]; then
|
|
|
+ while IFS=: read -r u _rest; do
|
|
|
+ [[ -z "$u" || "$u" == \#* ]] && continue
|
|
|
+ echo "Match User $u" >> "$tmp_conf"
|
|
|
+ echo " Banner /etc/firewallfalcon/banners/${u}.txt" >> "$tmp_conf"
|
|
|
+ done < "$DB_FILE"
|
|
|
+ fi
|
|
|
+
|
|
|
+ if ! cmp -s "$tmp_conf" "$SSHD_FF_CONFIG" 2>/dev/null; then
|
|
|
+ mv "$tmp_conf" "$SSHD_FF_CONFIG"
|
|
|
+ if ! grep -q "^Include /etc/ssh/sshd_config.d/" /etc/ssh/sshd_config 2>/dev/null; then
|
|
|
+ echo "Include /etc/ssh/sshd_config.d/*.conf" >> /etc/ssh/sshd_config
|
|
|
+ fi
|
|
|
+ systemctl reload sshd 2>/dev/null || systemctl reload ssh 2>/dev/null
|
|
|
+ else
|
|
|
+ rm -f "$tmp_conf"
|
|
|
+ fi
|
|
|
}
|
|
|
|
|
|
setup_ssh_login_info() {
|
|
|
- echo -e "${C_YELLOW}⚠️ Dynamic per-user SSH banners have been removed.${C_RESET}"
|
|
|
- echo -e "${C_CYAN}Use the Static SSH Banner menu to paste a custom banner instead.${C_RESET}"
|
|
|
- return 1
|
|
|
+ ensure_firewallfalcon_dirs || return 1
|
|
|
+ if ! touch "/etc/firewallfalcon/banners_enabled"; then
|
|
|
+ echo -e "${C_RED}❌ Failed to enable dynamic SSH banners.${C_RESET}"
|
|
|
+ return 1
|
|
|
+ fi
|
|
|
+ disable_static_ssh_banner_in_sshd_config
|
|
|
+ update_ssh_banners_config
|
|
|
+ return 0
|
|
|
}
|
|
|
|
|
|
|
|
|
@@ -683,17 +920,41 @@ _select_user_interface() {
|
|
|
|
|
|
_select_multi_user_interface() {
|
|
|
local title="$1"
|
|
|
+ local include_orphan_users="${2:-false}"
|
|
|
clear; show_banner
|
|
|
echo -e "${C_BOLD}${C_PURPLE}${title}${C_RESET}\n"
|
|
|
SELECTED_USERS=()
|
|
|
- if [[ ! -s $DB_FILE ]]; then
|
|
|
- echo -e "${C_YELLOW}ℹ️ No users found in the database.${C_RESET}"
|
|
|
- SELECTED_USERS=("NO_USERS"); return
|
|
|
- fi
|
|
|
-
|
|
|
- mapfile -t all_users < <(cut -d: -f1 "$DB_FILE" | sort)
|
|
|
+ local -a all_users=()
|
|
|
+ local -a orphan_users=()
|
|
|
local -A all_user_lookup=()
|
|
|
+ local -A orphan_user_lookup=()
|
|
|
local username
|
|
|
+
|
|
|
+ if [[ -s $DB_FILE ]]; then
|
|
|
+ mapfile -t all_users < <(cut -d: -f1 "$DB_FILE" | sort)
|
|
|
+ fi
|
|
|
+
|
|
|
+ if [[ "$include_orphan_users" == "true" ]]; then
|
|
|
+ mapfile -t orphan_users < <(get_firewallfalcon_orphan_users)
|
|
|
+ for username in "${orphan_users[@]}"; do
|
|
|
+ orphan_user_lookup["$username"]=1
|
|
|
+ if ! printf "%s\n" "${all_users[@]}" | grep -Fxq "$username"; then
|
|
|
+ all_users+=("$username")
|
|
|
+ fi
|
|
|
+ done
|
|
|
+ if [[ ${#all_users[@]} -gt 0 ]]; then
|
|
|
+ mapfile -t all_users < <(printf "%s\n" "${all_users[@]}" | sort)
|
|
|
+ fi
|
|
|
+ fi
|
|
|
+
|
|
|
+ if [[ ${#all_users[@]} -eq 0 ]]; then
|
|
|
+ echo -e "${C_YELLOW}ℹ️ No users found in the manager database.${C_RESET}"
|
|
|
+ if [[ "$include_orphan_users" == "true" ]]; then
|
|
|
+ echo -e "${C_DIM}No orphan FirewallFalcon system users were found either.${C_RESET}"
|
|
|
+ fi
|
|
|
+ SELECTED_USERS=("NO_USERS"); return
|
|
|
+ fi
|
|
|
+
|
|
|
for username in "${all_users[@]}"; do
|
|
|
all_user_lookup["$username"]=1
|
|
|
done
|
|
|
@@ -715,12 +976,19 @@ _select_multi_user_interface() {
|
|
|
fi
|
|
|
echo -e "\nPlease select users:\n"
|
|
|
for i in "${!users[@]}"; do
|
|
|
- printf " ${C_GREEN}[%2d]${C_RESET} %s\n" "$((i+1))" "${users[$i]}"
|
|
|
+ local display_user="${users[$i]}"
|
|
|
+ if [[ "$include_orphan_users" == "true" && -n "${orphan_user_lookup[${users[$i]}]+x}" ]]; then
|
|
|
+ display_user="${display_user} ${C_DIM}(system-only)${C_RESET}"
|
|
|
+ fi
|
|
|
+ printf " ${C_GREEN}[%2d]${C_RESET} %s\n" "$((i+1))" "$display_user"
|
|
|
done
|
|
|
echo -e "\n ${C_GREEN}[all]${C_RESET} Select ALL listed users"
|
|
|
echo -e " ${C_RED} [0]${C_RESET} ↩️ Cancel and return to main menu"
|
|
|
echo -e "\n${C_CYAN}💡 You can select multiple by number, range, or exact username.${C_RESET}"
|
|
|
echo -e "${C_CYAN} Examples: '1 3 5' or '1,3' or '1-4' or 'alice bob'${C_RESET}"
|
|
|
+ if [[ "$include_orphan_users" == "true" ]]; then
|
|
|
+ echo -e "${C_CYAN} Users marked '(system-only)' are old accounts still on the VPS but missing from users.db${C_RESET}"
|
|
|
+ fi
|
|
|
echo
|
|
|
local choice
|
|
|
while true; do
|
|
|
@@ -814,6 +1082,7 @@ create_user() {
|
|
|
clear; show_banner
|
|
|
echo -e "${C_BOLD}${C_PURPLE}--- ✨ Create New SSH User ---${C_RESET}"
|
|
|
read -p "👉 Enter username (or '0' to cancel): " username
|
|
|
+ local adopt_existing=false
|
|
|
if [[ "$username" == "0" ]]; then
|
|
|
echo -e "\n${C_YELLOW}❌ User creation cancelled.${C_RESET}"
|
|
|
return
|
|
|
@@ -822,8 +1091,25 @@ create_user() {
|
|
|
echo -e "\n${C_RED}❌ Error: Username cannot be empty.${C_RESET}"
|
|
|
return
|
|
|
fi
|
|
|
- if id "$username" &>/dev/null || grep -q "^$username:" "$DB_FILE"; then
|
|
|
- echo -e "\n${C_RED}❌ Error: User '$username' already exists.${C_RESET}"; return
|
|
|
+ if db_has_user "$username"; then
|
|
|
+ echo -e "\n${C_RED}❌ Error: User '$username' already exists in FirewallFalcon.${C_RESET}"
|
|
|
+ return
|
|
|
+ fi
|
|
|
+ if id "$username" &>/dev/null; then
|
|
|
+ if is_firewallfalcon_orphan_user "$username"; then
|
|
|
+ echo -e "\n${C_YELLOW}⚠️ User '$username' already exists on the system but is missing from users.db.${C_RESET}"
|
|
|
+ echo -e "${C_DIM}This usually happens after uninstalling the script without deleting the SSH users.${C_RESET}"
|
|
|
+ read -p "👉 Do you want to take control of this existing user and manage it with FirewallFalcon? (y/n): " adopt_confirm
|
|
|
+ if [[ "$adopt_confirm" == "y" || "$adopt_confirm" == "Y" ]]; then
|
|
|
+ adopt_existing=true
|
|
|
+ else
|
|
|
+ echo -e "\n${C_YELLOW}❌ User creation cancelled.${C_RESET}"
|
|
|
+ return
|
|
|
+ fi
|
|
|
+ else
|
|
|
+ echo -e "\n${C_RED}❌ Error: System user '$username' already exists and does not look like a FirewallFalcon SSH account.${C_RESET}"
|
|
|
+ return
|
|
|
+ fi
|
|
|
fi
|
|
|
local password=""
|
|
|
while true; do
|
|
|
@@ -847,8 +1133,13 @@ create_user() {
|
|
|
if ! [[ "$bandwidth_gb" =~ ^[0-9]+\.?[0-9]*$ ]]; then echo -e "\n${C_RED}❌ Invalid number.${C_RESET}"; return; fi
|
|
|
local expire_date
|
|
|
expire_date=$(date -d "+$days days" +%Y-%m-%d)
|
|
|
- useradd -m -s /usr/sbin/nologin "$username"
|
|
|
- usermod -aG ffusers "$username" 2>/dev/null
|
|
|
+ ensure_firewallfalcon_system_group
|
|
|
+ if [[ "$adopt_existing" == "true" ]]; then
|
|
|
+ usermod -s /usr/sbin/nologin "$username" &>/dev/null
|
|
|
+ else
|
|
|
+ useradd -m -s /usr/sbin/nologin "$username"
|
|
|
+ fi
|
|
|
+ usermod -aG "$FF_USERS_GROUP" "$username" 2>/dev/null
|
|
|
echo "$username:$password" | chpasswd; chage -E "$expire_date" "$username"
|
|
|
echo "$username:$password:$expire_date:$limit:$bandwidth_gb" >> "$DB_FILE"
|
|
|
|
|
|
@@ -856,7 +1147,11 @@ create_user() {
|
|
|
if [[ "$bandwidth_gb" != "0" ]]; then bw_display="${bandwidth_gb} GB"; fi
|
|
|
|
|
|
clear; show_banner
|
|
|
- echo -e "${C_GREEN}✅ User '$username' created successfully!${C_RESET}\n"
|
|
|
+ if [[ "$adopt_existing" == "true" ]]; then
|
|
|
+ echo -e "${C_GREEN}✅ Existing system user '$username' has been imported into FirewallFalcon!${C_RESET}\n"
|
|
|
+ else
|
|
|
+ echo -e "${C_GREEN}✅ User '$username' created successfully!${C_RESET}\n"
|
|
|
+ fi
|
|
|
echo -e " - 👤 Username: ${C_YELLOW}$username${C_RESET}"
|
|
|
echo -e " - 🔑 Password: ${C_YELLOW}$password${C_RESET}"
|
|
|
echo -e " - 🗓️ Expires on: ${C_YELLOW}$expire_date${C_RESET}"
|
|
|
@@ -872,10 +1167,11 @@ create_user() {
|
|
|
fi
|
|
|
|
|
|
invalidate_banner_cache
|
|
|
+ refresh_dynamic_banner_routing_if_enabled
|
|
|
}
|
|
|
|
|
|
delete_user() {
|
|
|
- _select_multi_user_interface "--- 🗑️ Delete Users (from DB) ---"
|
|
|
+ _select_multi_user_interface "--- 🗑️ Delete FirewallFalcon Users ---" "true"
|
|
|
if [[ ${#SELECTED_USERS[@]} -eq 0 || "${SELECTED_USERS[0]}" == "NO_USERS" ]]; then return; fi
|
|
|
|
|
|
echo -e "\n${C_RED}⚠️ You selected ${#SELECTED_USERS[@]} user(s) to delete: ${C_YELLOW}${SELECTED_USERS[*]}${C_RESET}"
|
|
|
@@ -883,30 +1179,7 @@ delete_user() {
|
|
|
if [[ "$confirm" != "y" ]]; then echo -e "\n${C_YELLOW}❌ Deletion cancelled.${C_RESET}"; return; fi
|
|
|
|
|
|
echo -e "\n${C_BLUE}🗑️ Deleting selected users...${C_RESET}"
|
|
|
- local username
|
|
|
- for username in "${SELECTED_USERS[@]}"; do
|
|
|
- killall -u "$username" -9 &>/dev/null
|
|
|
- if id "$username" &>/dev/null; then
|
|
|
- if userdel -r "$username" &>/dev/null; then
|
|
|
- echo -e " ✅ System user '${C_YELLOW}$username${C_RESET}' deleted."
|
|
|
- else
|
|
|
- echo -e " ❌ Failed to delete system user '${C_YELLOW}$username${C_RESET}'."
|
|
|
- fi
|
|
|
- else
|
|
|
- echo -e " ℹ️ System user '${C_YELLOW}$username${C_RESET}' was already missing. Removing manager data only."
|
|
|
- fi
|
|
|
- rm -f "$BANDWIDTH_DIR/${username}.usage"
|
|
|
- rm -rf "$BANDWIDTH_DIR/pidtrack/${username}"
|
|
|
- done
|
|
|
-
|
|
|
- if [[ -f "$DB_FILE" ]]; then
|
|
|
- local db_tmp
|
|
|
- db_tmp=$(mktemp)
|
|
|
- awk -F: 'NR==FNR { drop[$1]=1; next } !($1 in drop)' <(printf "%s\n" "${SELECTED_USERS[@]}") "$DB_FILE" > "$db_tmp" && mv "$db_tmp" "$DB_FILE"
|
|
|
- rm -f "$db_tmp" 2>/dev/null
|
|
|
- fi
|
|
|
-
|
|
|
- invalidate_banner_cache
|
|
|
+ delete_firewallfalcon_user_accounts "${SELECTED_USERS[@]}"
|
|
|
}
|
|
|
|
|
|
edit_user() {
|
|
|
@@ -1173,6 +1446,7 @@ cleanup_expired() {
|
|
|
done
|
|
|
echo -e "\n${C_GREEN}✅ Expired users have been cleaned up.${C_RESET}"
|
|
|
invalidate_banner_cache
|
|
|
+ refresh_dynamic_banner_routing_if_enabled
|
|
|
else
|
|
|
echo -e "\n${C_YELLOW}❌ Cleanup cancelled.${C_RESET}"
|
|
|
fi
|
|
|
@@ -1245,14 +1519,15 @@ restore_user_data() {
|
|
|
fi
|
|
|
|
|
|
echo -e "${C_BLUE}⚙️ Re-synchronizing system accounts with the restored database...${C_RESET}"
|
|
|
+ ensure_firewallfalcon_system_group
|
|
|
|
|
|
while IFS=: read -r user pass expiry limit; do
|
|
|
echo "Processing user: ${C_YELLOW}$user${C_RESET}"
|
|
|
if ! id "$user" &>/dev/null; then
|
|
|
echo " - User does not exist in system. Creating..."
|
|
|
useradd -m -s /usr/sbin/nologin "$user"
|
|
|
- usermod -aG ffusers "$user" 2>/dev/null
|
|
|
fi
|
|
|
+ usermod -aG "$FF_USERS_GROUP" "$user" 2>/dev/null
|
|
|
echo " - Setting password..."
|
|
|
echo "$user:$pass" | chpasswd
|
|
|
echo " - Setting expiration to $expiry..."
|
|
|
@@ -1263,6 +1538,7 @@ restore_user_data() {
|
|
|
echo -e "\n${C_GREEN}✅ SUCCESS: User data restore completed.${C_RESET}"
|
|
|
|
|
|
invalidate_banner_cache
|
|
|
+ refresh_dynamic_banner_routing_if_enabled
|
|
|
}
|
|
|
|
|
|
_enable_banner_in_sshd_config() {
|
|
|
@@ -1326,8 +1602,8 @@ view_ssh_banner() {
|
|
|
|
|
|
remove_ssh_banner() {
|
|
|
clear; show_banner
|
|
|
- echo -e "${C_BOLD}${C_PURPLE}--- 🗑️ Remove SSH Banner ---${C_RESET}"
|
|
|
- read -p "👉 Are you sure you want to disable and remove the SSH banner? (y/n): " confirm
|
|
|
+ echo -e "${C_BOLD}${C_PURPLE}--- 🗑️ Disable SSH Banners ---${C_RESET}"
|
|
|
+ read -p "👉 Are you sure you want to disable all SSH banners? (y/n): " confirm
|
|
|
if [[ "$confirm" != "y" ]]; then
|
|
|
echo -e "\n${C_YELLOW}❌ Action cancelled.${C_RESET}"
|
|
|
echo -e "\nPress ${C_YELLOW}[Enter]${C_RESET} to return..." && read -r
|
|
|
@@ -1341,12 +1617,43 @@ remove_ssh_banner() {
|
|
|
fi
|
|
|
disable_dynamic_ssh_banner_system
|
|
|
echo -e "\n${C_BLUE}⚙️ Disabling banner in sshd_config...${C_RESET}"
|
|
|
- sed -i.bak -E "s/^( *Banner\s+$SSH_BANNER_FILE)/#\1/" /etc/ssh/sshd_config
|
|
|
+ disable_static_ssh_banner_in_sshd_config
|
|
|
echo -e "${C_GREEN}✅ Banner disabled in configuration.${C_RESET}"
|
|
|
_restart_ssh
|
|
|
echo -e "\nPress ${C_YELLOW}[Enter]${C_RESET} to return..." && read -r
|
|
|
}
|
|
|
|
|
|
+preview_dynamic_ssh_banner() {
|
|
|
+ if ! is_dynamic_ssh_banner_enabled; then
|
|
|
+ echo -e "\n${C_RED}❌ Dynamic banners are not enabled right now.${C_RESET}"
|
|
|
+ press_enter
|
|
|
+ return
|
|
|
+ fi
|
|
|
+
|
|
|
+ echo -e "${C_DIM}Refreshing dynamic banner worker...${C_RESET}"
|
|
|
+ setup_limiter_service >/dev/null 2>&1
|
|
|
+ _select_user_interface "--- 📝 Preview Dynamic Banner ---"
|
|
|
+ local u=$SELECTED_USER
|
|
|
+ if [[ -z "$u" || "$u" == "NO_USERS" ]]; then
|
|
|
+ return
|
|
|
+ fi
|
|
|
+
|
|
|
+ echo -e "\n${C_CYAN}--- Dynamic Banner Preview for user '$u' ---${C_RESET}\n"
|
|
|
+ if [[ -f "/etc/firewallfalcon/banners/${u}.txt" ]]; then
|
|
|
+ cat "/etc/firewallfalcon/banners/${u}.txt"
|
|
|
+ else
|
|
|
+ echo -e "${C_RED}Banner file not generated yet. Waiting up to 10s for the worker...${C_RESET}"
|
|
|
+ sleep 5
|
|
|
+ if ! cat "/etc/firewallfalcon/banners/${u}.txt" 2>/dev/null; then
|
|
|
+ echo -e "\n${C_RED}Still not generated. Here are the last limiter logs:${C_RESET}"
|
|
|
+ echo -e "----------------------------------------------------------------------"
|
|
|
+ journalctl -u firewallfalcon-limiter -n 15 --no-pager
|
|
|
+ echo -e "----------------------------------------------------------------------"
|
|
|
+ fi
|
|
|
+ fi
|
|
|
+ press_enter
|
|
|
+}
|
|
|
+
|
|
|
ssh_banner_menu() {
|
|
|
while true; do
|
|
|
show_banner
|
|
|
@@ -1475,6 +1782,27 @@ uninstall_udp_custom() {
|
|
|
}
|
|
|
|
|
|
|
|
|
+ensure_badvpn_service_is_quiet() {
|
|
|
+ if [[ ! -f "$BADVPN_SERVICE_FILE" ]] || grep -q "^StandardOutput=null$" "$BADVPN_SERVICE_FILE" 2>/dev/null; then
|
|
|
+ return
|
|
|
+ fi
|
|
|
+
|
|
|
+ local tmp_service
|
|
|
+ tmp_service=$(mktemp)
|
|
|
+ awk '
|
|
|
+ /^\[Service\]$/ {
|
|
|
+ print
|
|
|
+ print "StandardOutput=null"
|
|
|
+ print "StandardError=null"
|
|
|
+ next
|
|
|
+ }
|
|
|
+ { print }
|
|
|
+ ' "$BADVPN_SERVICE_FILE" > "$tmp_service" && mv "$tmp_service" "$BADVPN_SERVICE_FILE"
|
|
|
+ rm -f "$tmp_service" 2>/dev/null
|
|
|
+ systemctl daemon-reload
|
|
|
+ systemctl restart badvpn.service >/dev/null 2>&1 || true
|
|
|
+}
|
|
|
+
|
|
|
install_badvpn() {
|
|
|
clear; show_banner
|
|
|
echo -e "${C_BOLD}${C_PURPLE}--- 🚀 Installing badvpn (udpgw) ---${C_RESET}"
|
|
|
@@ -1513,6 +1841,8 @@ ExecStart=$badvpn_binary --listen-addr 0.0.0.0:7300 --max-clients 1000 --max-con
|
|
|
User=root
|
|
|
Restart=always
|
|
|
RestartSec=3
|
|
|
+StandardOutput=null
|
|
|
+StandardError=null
|
|
|
[Install]
|
|
|
WantedBy=multi-user.target
|
|
|
EOF
|
|
|
@@ -3245,9 +3575,25 @@ uninstall_script() {
|
|
|
echo -e "\n${C_GREEN}✅ Uninstallation cancelled.${C_RESET}"
|
|
|
return
|
|
|
fi
|
|
|
+ local -a removable_users=()
|
|
|
+ local remove_users_confirm
|
|
|
+ local remove_users_on_uninstall=false
|
|
|
+ mapfile -t removable_users < <(get_firewallfalcon_known_users)
|
|
|
+ if [[ ${#removable_users[@]} -gt 0 ]]; then
|
|
|
+ echo -e "\n${C_YELLOW}FirewallFalcon SSH users detected on this VPS:${C_RESET} ${removable_users[*]}"
|
|
|
+ read -p "👉 Do you also want to permanently delete these SSH users before uninstalling? (y/n): " remove_users_confirm
|
|
|
+ if [[ "$remove_users_confirm" == "y" || "$remove_users_confirm" == "Y" ]]; then
|
|
|
+ remove_users_on_uninstall=true
|
|
|
+ fi
|
|
|
+ fi
|
|
|
export UNINSTALL_MODE="silent"
|
|
|
echo -e "\n${C_BLUE}--- 💥 Starting Uninstallation 💥 ---${C_RESET}"
|
|
|
|
|
|
+ if [[ "$remove_users_on_uninstall" == "true" ]]; then
|
|
|
+ echo -e "\n${C_BLUE}🗑️ Removing FirewallFalcon SSH users before uninstall...${C_RESET}"
|
|
|
+ delete_firewallfalcon_user_accounts "${removable_users[@]}"
|
|
|
+ fi
|
|
|
+
|
|
|
echo -e "\n${C_BLUE}🗑️ Removing active limiter service...${C_RESET}"
|
|
|
systemctl stop firewallfalcon-limiter &>/dev/null
|
|
|
systemctl disable firewallfalcon-limiter &>/dev/null
|
|
|
@@ -3388,8 +3734,9 @@ create_trial_account() {
|
|
|
expiry_timestamp=$(date -d "+${duration_hours} hours" '+%Y-%m-%d %H:%M:%S')
|
|
|
|
|
|
# Create the system user
|
|
|
+ ensure_firewallfalcon_system_group
|
|
|
useradd -m -s /usr/sbin/nologin "$username"
|
|
|
- usermod -aG ffusers "$username" 2>/dev/null
|
|
|
+ usermod -aG "$FF_USERS_GROUP" "$username" 2>/dev/null
|
|
|
echo "$username:$password" | chpasswd
|
|
|
chage -E "$expire_date" "$username"
|
|
|
echo "$username:$password:$expire_date:$limit:$bandwidth_gb" >> "$DB_FILE"
|
|
|
@@ -3422,6 +3769,7 @@ create_trial_account() {
|
|
|
fi
|
|
|
|
|
|
invalidate_banner_cache
|
|
|
+ refresh_dynamic_banner_routing_if_enabled
|
|
|
}
|
|
|
|
|
|
view_user_bandwidth() {
|
|
|
@@ -3508,6 +3856,7 @@ bulk_create_users() {
|
|
|
local expire_date
|
|
|
expire_date=$(date -d "+$days days" +%Y-%m-%d)
|
|
|
local bw_display="Unlimited"; [[ "$bandwidth_gb" != "0" ]] && bw_display="${bandwidth_gb} GB"
|
|
|
+ ensure_firewallfalcon_system_group
|
|
|
|
|
|
echo -e "\n${C_BLUE}⚙️ Creating $count users with prefix '${prefix}'...${C_RESET}\n"
|
|
|
echo -e "${C_YELLOW}================================================================${C_RESET}"
|
|
|
@@ -3523,7 +3872,7 @@ bulk_create_users() {
|
|
|
fi
|
|
|
local password=$(head /dev/urandom | tr -dc 'A-Za-z0-9' | head -c 8)
|
|
|
useradd -m -s /usr/sbin/nologin "$username"
|
|
|
- usermod -aG ffusers "$username" 2>/dev/null
|
|
|
+ usermod -aG "$FF_USERS_GROUP" "$username" 2>/dev/null
|
|
|
echo "$username:$password" | chpasswd
|
|
|
chage -E "$expire_date" "$username"
|
|
|
echo "$username:$password:$expire_date:$limit:$bandwidth_gb" >> "$DB_FILE"
|
|
|
@@ -3535,6 +3884,7 @@ bulk_create_users() {
|
|
|
echo -e "\n${C_GREEN}✅ Created $created users. Conn Limit: ${limit} | BW: ${bw_display}${C_RESET}"
|
|
|
|
|
|
invalidate_banner_cache
|
|
|
+ refresh_dynamic_banner_routing_if_enabled
|
|
|
}
|
|
|
|
|
|
generate_client_config() {
|
|
|
@@ -3834,18 +4184,22 @@ _flush_torrent_rules() {
|
|
|
ssh_banner_menu() {
|
|
|
while true; do
|
|
|
show_banner
|
|
|
+ local banner_mode
|
|
|
local banner_status
|
|
|
- if grep -q -E "^\s*Banner\s+$SSH_BANNER_FILE" /etc/ssh/sshd_config && [ -f "$SSH_BANNER_FILE" ]; then
|
|
|
- banner_status="${C_STATUS_A}(Active)${C_RESET}"
|
|
|
- else
|
|
|
- banner_status="${C_STATUS_I}(Inactive)${C_RESET}"
|
|
|
- fi
|
|
|
+ banner_mode=$(get_ssh_banner_mode)
|
|
|
+ case "$banner_mode" in
|
|
|
+ dynamic) banner_status="${C_STATUS_A}Dynamic${C_RESET}" ;;
|
|
|
+ static) banner_status="${C_STATUS_A}Static${C_RESET}" ;;
|
|
|
+ *) banner_status="${C_STATUS_I}Disabled${C_RESET}" ;;
|
|
|
+ esac
|
|
|
|
|
|
- echo -e "\n ${C_TITLE}═════════════════[ ${C_BOLD}🎨 STATIC SSH BANNER ${banner_status} ${C_RESET}${C_TITLE}]═════════════════${C_RESET}"
|
|
|
- echo -e "${C_DIM}Uses the standard OpenSSH directive: Banner $SSH_BANNER_FILE${C_RESET}"
|
|
|
- printf " ${C_CHOICE}[ 1]${C_RESET} %-40s\n" "📋 Paste or Replace Static Banner"
|
|
|
- printf " ${C_CHOICE}[ 2]${C_RESET} %-40s\n" "👁️ View Current Banner"
|
|
|
- printf " ${C_DANGER}[ 3]${C_RESET} %-40s\n" "🗑️ Disable and Remove Banner"
|
|
|
+ echo -e "\n ${C_TITLE}═════════════════[ ${C_BOLD}🎨 SSH BANNER MODE: ${banner_status} ${C_RESET}${C_TITLE}]═════════════════${C_RESET}"
|
|
|
+ echo -e "${C_DIM}Static mode uses 'Banner $SSH_BANNER_FILE'. Dynamic mode shows per-user account info.${C_RESET}"
|
|
|
+ printf " ${C_CHOICE}[ 1]${C_RESET} %-40s\n" "✨ Enable Dynamic Account Banner"
|
|
|
+ printf " ${C_CHOICE}[ 2]${C_RESET} %-40s\n" "📋 Paste or Replace Static Banner"
|
|
|
+ printf " ${C_CHOICE}[ 3]${C_RESET} %-40s\n" "👁️ View Current Static Banner"
|
|
|
+ printf " ${C_CHOICE}[ 4]${C_RESET} %-40s\n" "📝 Preview Dynamic Banner"
|
|
|
+ printf " ${C_DANGER}[ 5]${C_RESET} %-40s\n" "🗑️ Disable All SSH Banners"
|
|
|
echo -e " ${C_DIM}~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~${C_RESET}"
|
|
|
echo -e " ${C_WARN}[ 0]${C_RESET} ↩️ Return to Main Menu"
|
|
|
echo
|
|
|
@@ -3854,9 +4208,17 @@ ssh_banner_menu() {
|
|
|
return
|
|
|
fi
|
|
|
case $choice in
|
|
|
- 1) set_ssh_banner_paste ;;
|
|
|
- 2) view_ssh_banner ;;
|
|
|
- 3) remove_ssh_banner ;;
|
|
|
+ 1)
|
|
|
+ if setup_ssh_login_info; then
|
|
|
+ echo -e "\n${C_GREEN}✅ Dynamic account banner enabled.${C_RESET}"
|
|
|
+ echo -e "${C_DIM}Users will now see their account info banner instead of the static banner.${C_RESET}"
|
|
|
+ fi
|
|
|
+ press_enter
|
|
|
+ ;;
|
|
|
+ 2) set_ssh_banner_paste ;;
|
|
|
+ 3) view_ssh_banner ;;
|
|
|
+ 4) preview_dynamic_ssh_banner ;;
|
|
|
+ 5) remove_ssh_banner ;;
|
|
|
0) return ;;
|
|
|
*) echo -e "\n${C_RED}❌ Invalid option.${C_RESET}" && sleep 1 ;;
|
|
|
esac
|
|
|
@@ -3931,7 +4293,7 @@ main_menu() {
|
|
|
echo
|
|
|
echo -e " ${C_TITLE}══════════════[ ${C_BOLD}⚙️ SYSTEM SETTINGS ${C_RESET}${C_TITLE}]═══════════════${C_RESET}"
|
|
|
printf " ${C_CHOICE}[%2s]${C_RESET} %-28s ${C_CHOICE}[%2s]${C_RESET} %-28s\n" "15" "☁️ CloudFlare Free Domain" "18" "💾 Backup User Data"
|
|
|
- printf " ${C_CHOICE}[%2s]${C_RESET} %-28s ${C_CHOICE}[%2s]${C_RESET} %-28s\n" "16" "🎨 Static SSH Banner" "19" "📥 Restore User Data"
|
|
|
+ printf " ${C_CHOICE}[%2s]${C_RESET} %-28s ${C_CHOICE}[%2s]${C_RESET} %-28s\n" "16" "🎨 SSH Banner Config" "19" "📥 Restore User Data"
|
|
|
printf " ${C_CHOICE}[%2s]${C_RESET} %-28s ${C_CHOICE}[%2s]${C_RESET} %-28s\n" "17" "🔄 Auto-Reboot Task" "20" "🧹 Cleanup Expired Users"
|
|
|
|
|
|
echo
|
firewallfalcons