|
|
@@ -93,7 +93,6 @@ initial_setup() {
|
|
|
|
|
|
echo -e "${C_BLUE}🔹 Configuring user limiter service...${C_RESET}"
|
|
|
setup_limiter_service
|
|
|
- install_login_notifier
|
|
|
|
|
|
if [ ! -f "$INSTALL_FLAG_FILE" ]; then
|
|
|
touch "$INSTALL_FLAG_FILE"
|
|
|
@@ -476,7 +475,6 @@ create_user() {
|
|
|
if ! [[ "$limit" =~ ^[0-9]+$ ]]; then echo -e "\n${C_RED}❌ Invalid number.${C_RESET}"; return; fi
|
|
|
local expire_date
|
|
|
expire_date=$(date -d "+$days days" +%Y-%m-%d)
|
|
|
- expire_date=$(date -d "+$days days" +%Y-%m-%d)
|
|
|
useradd -m -s /usr/sbin/nologin "$username"; echo "$username:$password" | chpasswd; chage -E "$expire_date" "$username"
|
|
|
echo "$username:$password:$expire_date:$limit" >> "$DB_FILE"
|
|
|
|
|
|
@@ -494,8 +492,6 @@ create_user() {
|
|
|
if [[ "$gen_conf" == "y" || "$gen_conf" == "Y" ]]; then
|
|
|
generate_client_config "$username" "$password"
|
|
|
fi
|
|
|
- # Refresh banners for the new user
|
|
|
- update_all_user_banners
|
|
|
}
|
|
|
|
|
|
delete_user() {
|
|
|
@@ -544,9 +540,6 @@ delete_user() {
|
|
|
|
|
|
sed -i "/^$username:/d" "$DB_FILE"
|
|
|
echo -e "${C_GREEN}✅ User '$username' has been completely removed.${C_RESET}"
|
|
|
-
|
|
|
- # Clean up banner config
|
|
|
- update_all_user_banners
|
|
|
}
|
|
|
|
|
|
edit_user() {
|
|
|
@@ -595,7 +588,6 @@ edit_user() {
|
|
|
esac
|
|
|
echo -e "\nPress ${C_YELLOW}[Enter]${C_RESET} to continue editing..." && read -r
|
|
|
done
|
|
|
- update_all_user_banners
|
|
|
}
|
|
|
|
|
|
lock_user() {
|
|
|
@@ -712,7 +704,6 @@ renew_user() {
|
|
|
local line; line=$(grep "^$u:" "$DB_FILE"); local pass; pass=$(echo "$line"|cut -d: -f2); local limit; limit=$(echo "$line"|cut -d: -f4)
|
|
|
sed -i "s/^$u:.*/$u:$pass:$new_expire_date:$limit/" "$DB_FILE"
|
|
|
echo -e "\n${C_GREEN}✅ User '$u' has been renewed. New expiration date is ${C_YELLOW}${new_expire_date}${C_RESET}."
|
|
|
- update_all_user_banners
|
|
|
}
|
|
|
|
|
|
cleanup_expired() {
|
|
|
@@ -2476,167 +2467,6 @@ uninstall_script() {
|
|
|
exit 0
|
|
|
}
|
|
|
|
|
|
-# --- NATIVE DYNAMIC BANNER SYSTEM ---
|
|
|
-
|
|
|
-update_all_user_banners() {
|
|
|
- local banners_dir="/etc/firewallfalcon/banners"
|
|
|
- local ssh_include_file="/etc/ssh/sshd_config.d/99-firewallfalcon-banners.conf"
|
|
|
-
|
|
|
- mkdir -p "$banners_dir"
|
|
|
- mkdir -p "$(dirname "$ssh_include_file")"
|
|
|
-
|
|
|
- # 1. Clear old config content
|
|
|
- echo "# Dynamic User Banners Generated by FirewallFalcon" > "$ssh_include_file"
|
|
|
-
|
|
|
- # 2. Iterate users and create banners + config
|
|
|
- if [[ -s "$DB_FILE" ]]; then
|
|
|
- while IFS=: read -r user pass expiry limit; do
|
|
|
- # Calculate Days Left
|
|
|
- local current_ts=$(date +%s)
|
|
|
- local expiry_ts=$(date -d "$expiry" +%s 2>/dev/null)
|
|
|
- local days_left="0"
|
|
|
- local status_text="EXPIRED"
|
|
|
-
|
|
|
- if [ -n "$expiry_ts" ]; then
|
|
|
- local diff_sec=$((expiry_ts - current_ts))
|
|
|
- days_left=$((diff_sec / 86400))
|
|
|
- if [ $days_left -ge 0 ]; then status_text="ACTIVE"; fi
|
|
|
- fi
|
|
|
-
|
|
|
- # Generate the plain text banner file (No color codes allowed in SSH Banner usually, or limited support)
|
|
|
- # Standard SSH Banners are text-only. Some clients support color codes sent here, but it's risky.
|
|
|
- # We will use clean ASCII formatting.
|
|
|
- local user_banner_file="$banners_dir/$user"
|
|
|
-
|
|
|
- cat > "$user_banner_file" <<EOF
|
|
|
-==================================================
|
|
|
- 👋 Welcome, $user
|
|
|
- --------------------------------------------------
|
|
|
- 📊 Status : $status_text
|
|
|
- ⏳ Days Left : $days_left Days
|
|
|
- 📅 Expires : $expiry
|
|
|
-==================================================
|
|
|
-
|
|
|
-EOF
|
|
|
-
|
|
|
- # Append Match Block to Config
|
|
|
- echo "" >> "$ssh_include_file"
|
|
|
- echo "Match User $user" >> "$ssh_include_file"
|
|
|
- echo " Banner $user_banner_file" >> "$ssh_include_file"
|
|
|
-
|
|
|
- done < "$DB_FILE"
|
|
|
- fi
|
|
|
-
|
|
|
- # Reload SSHD to pick up changes (Reload is safer/faster than restart)
|
|
|
- if systemctl is-active --quiet ssh; then systemctl reload ssh;
|
|
|
- elif systemctl is-active --quiet sshd; then systemctl reload sshd; fi
|
|
|
-}
|
|
|
-
|
|
|
-install_login_notifier() {
|
|
|
- echo -e "${C_BLUE}🔨 Setting up Native Dynamic Banners...${C_RESET}"
|
|
|
-
|
|
|
- # 1. Ensure Directories
|
|
|
- mkdir -p "/etc/firewallfalcon/banners"
|
|
|
- mkdir -p "/etc/ssh/sshd_config.d"
|
|
|
-
|
|
|
- # 2. Configure Main sshd_config to Include our file
|
|
|
- local main_config="/etc/ssh/sshd_config"
|
|
|
- local include_line="Include /etc/ssh/sshd_config.d/*.conf"
|
|
|
-
|
|
|
- # Check for Include support and placement
|
|
|
- # We MUST place Include at the END if it contains Match blocks, or ensure the included file ends match blocks.
|
|
|
- # To be safe against "Match block extension", we append to the end.
|
|
|
-
|
|
|
- # Remove any existing Include lines we might have added at the top
|
|
|
- sed -i "\|^$include_line|d" "$main_config"
|
|
|
-
|
|
|
- # Append to the end if not present
|
|
|
- if ! grep -q "^Include /etc/ssh/sshd_config.d/\*\.conf" "$main_config"; then
|
|
|
- echo "" >> "$main_config"
|
|
|
- echo "$include_line" >> "$main_config"
|
|
|
- fi
|
|
|
-
|
|
|
- # 3. Clean up OLD methods (Wrapper / Profile) to prevent double banners
|
|
|
- rm -f "/usr/local/bin/firewallfalcon-wrapper"
|
|
|
- rm -f "/etc/profile.d/z_firewallfalcon_banner.sh"
|
|
|
- sed -i '/ForceCommand \/usr\/local\/bin\/firewallfalcon-wrapper/d' "$main_config"
|
|
|
- sed -i '/Match User !root/d' "$main_config"
|
|
|
-
|
|
|
- # 4. Global Config cleanup
|
|
|
- # Ensure standard Banner is disabled so we don't get duplicates
|
|
|
- sed -i 's/^Banner /#Banner /' "$main_config"
|
|
|
- if grep -q "^PrintMotd" "$main_config"; then
|
|
|
- sed -i 's/^PrintMotd.*/PrintMotd no/' "$main_config"
|
|
|
- else
|
|
|
- echo "PrintMotd no" >> "$main_config"
|
|
|
- fi
|
|
|
-
|
|
|
- # 5. Generate Initial Banners
|
|
|
- update_all_user_banners
|
|
|
-
|
|
|
- # 6. Cron Job for Daily Updates (At 00:01)
|
|
|
- # We need a small separate script or command line to update banners
|
|
|
- local updater_cmd="bash -c 'source $(realpath $0); update_all_user_banners'"
|
|
|
- # Since we can't easily source this big script in cron, let's make a dedicated tiny updater
|
|
|
- # OR simpler: Write the update logic to a small standalone script
|
|
|
- local stand_alone_updater="/usr/local/bin/firewallfalcon-update-banners"
|
|
|
-
|
|
|
- # We need to export the function logic to the file.
|
|
|
- # We reconstruct the logic simply here to avoid complex variable passing.
|
|
|
- cat > "$stand_alone_updater" <<EOF
|
|
|
-#!/bin/bash
|
|
|
-DB_FILE="/etc/firewallfalcon/users.db"
|
|
|
-BANNERS_DIR="/etc/firewallfalcon/banners"
|
|
|
-CONF_FILE="/etc/ssh/sshd_config.d/99-firewallfalcon-banners.conf"
|
|
|
-
|
|
|
-mkdir -p "\$BANNERS_DIR"
|
|
|
-echo "# Dynamic User Banners" > "\$CONF_FILE"
|
|
|
-
|
|
|
-if [[ -s "\$DB_FILE" ]]; then
|
|
|
- while IFS=: read -r user pass expiry limit; do
|
|
|
- current_ts=\$(date +%s)
|
|
|
- expiry_ts=\$(date -d "\$expiry" +%s 2>/dev/null)
|
|
|
- days_left="0"
|
|
|
- status="EXPIRED"
|
|
|
-
|
|
|
- if [ -n "\$expiry_ts" ]; then
|
|
|
- diff=\$((expiry_ts - current_ts))
|
|
|
- days_left=\$((diff / 86400))
|
|
|
- if [ \$days_left -ge 0 ]; then status="ACTIVE"; fi
|
|
|
- fi
|
|
|
-
|
|
|
- # Write Banner File
|
|
|
- cat > "\$BANNERS_DIR/\$user" <<BANNER
|
|
|
-==================================================
|
|
|
- 👋 Welcome, \$user
|
|
|
- --------------------------------------------------
|
|
|
- 📊 Status : \$status
|
|
|
- ⏳ Days Left : \$days_left Days
|
|
|
- 📅 Expires : \$expiry
|
|
|
-==================================================
|
|
|
-
|
|
|
-BANNER
|
|
|
- # Append Config
|
|
|
- echo "" >> "\$CONF_FILE"
|
|
|
- echo "Match User \$user" >> "\$CONF_FILE"
|
|
|
- echo " Banner \$BANNERS_DIR/\$user" >> "\$CONF_FILE"
|
|
|
- done < "\$DB_FILE"
|
|
|
-fi
|
|
|
-
|
|
|
-if systemctl is-active --quiet ssh; then systemctl reload ssh;
|
|
|
-elif systemctl is-active --quiet sshd; then systemctl reload sshd; fi
|
|
|
-EOF
|
|
|
- chmod +x "$stand_alone_updater"
|
|
|
-
|
|
|
- # Add to Crontab
|
|
|
- (crontab -l 2>/dev/null | grep -v "firewallfalcon-update-banners") | crontab -
|
|
|
- (crontab -l 2>/dev/null; echo "1 0 * * * $stand_alone_updater") | crontab -
|
|
|
-
|
|
|
- echo -e "${C_GREEN}✅ Native Dynamic Banners Configured.${C_RESET}"
|
|
|
-}
|
|
|
-
|
|
|
-
|
|
|
-
|
|
|
# --- NEW FEATURES ---
|
|
|
|
|
|
generate_client_config() {
|
|
|
@@ -3000,10 +2830,10 @@ main_menu() {
|
|
|
|
|
|
echo
|
|
|
echo -e " ${C_TITLE}════════════[ ${C_BOLD}⚙️ SYSTEM SETTINGS ${C_RESET}${C_TITLE}]═════════════${C_RESET}"
|
|
|
- printf " ${C_CHOICE}[%2s]${C_RESET} %-25s ${C_CHOICE}[%2s]${C_RESET} %-25s\n" "13" "CloudFlare Free Domain" "14" "Auto-Reboot Task"
|
|
|
- printf " ${C_CHOICE}[%2s]${C_RESET} %-25s ${C_CHOICE}[%2s]${C_RESET} %-25s\n" "15" "Backup User Data" "16" "Restore User Data"
|
|
|
- printf " ${C_CHOICE}[%2s]${C_RESET} %-25s ${C_CHOICE}[%2s]${C_RESET} %-25s\n" "17" "Cleanup Expired Users" ""
|
|
|
-
|
|
|
+ printf " ${C_CHOICE}[%2s]${C_RESET} %-25s ${C_CHOICE}[%2s]${C_RESET} %-25s\n" "13" "CloudFlare Free Domain" "16" "Backup User Data"
|
|
|
+ printf " ${C_CHOICE}[%2s]${C_RESET} %-25s ${C_CHOICE}[%2s]${C_RESET} %-25s\n" "14" "SSH Banner Config" "17" "Restore User Data"
|
|
|
+ printf " ${C_CHOICE}[%2s]${C_RESET} %-25s ${C_CHOICE}[%2s]${C_RESET} %-25s\n" "15" "Auto-Reboot Task" "18" "Cleanup Expired Users"
|
|
|
+
|
|
|
echo
|
|
|
echo -e " ${C_DANGER}═══════════════════[ ${C_BOLD}🔥 DANGER ZONE ${C_RESET}${C_DANGER}]═══════════════════${C_RESET}"
|
|
|
echo -e " ${C_DANGER}[99]${C_RESET} Uninstall Script ${C_WARN}[ 0]${C_RESET} Exit"
|
|
|
@@ -3025,11 +2855,11 @@ main_menu() {
|
|
|
12) torrent_block_menu ;;
|
|
|
|
|
|
13) dns_menu; press_enter ;;
|
|
|
-
|
|
|
- 14) auto_reboot_menu ;;
|
|
|
- 15) backup_user_data; press_enter ;;
|
|
|
- 16) restore_user_data; press_enter ;;
|
|
|
- 17) cleanup_expired; press_enter ;;
|
|
|
+ 14) ssh_banner_menu ;;
|
|
|
+ 15) auto_reboot_menu ;;
|
|
|
+ 16) backup_user_data; press_enter ;;
|
|
|
+ 17) restore_user_data; press_enter ;;
|
|
|
+ 18) cleanup_expired; press_enter ;;
|
|
|
|
|
|
99) uninstall_script ;;
|
|
|
0) exit 0 ;;
|
firewallfalcons