From 3f174b140e94024f7eabae50167dabd564bab17e Mon Sep 17 00:00:00 2001 From: Darren 'Tadgy' Austin Date: Sat, 3 Sep 2022 17:47:55 +0100 Subject: [PATCH 1/2] A couple of bug fixes for bootstrap. --- bootstrap | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/bootstrap b/bootstrap index e2c24b0..fabd20c 100755 --- a/bootstrap +++ b/bootstrap @@ -12,7 +12,7 @@ mkdir -p -m 755 {/opt,/opt/{bin,include,info,lib64,man,man/man{0..8},sbin,share} # Install the CA bundles, to stop wget moaning. echo "-> Adding CA certificates..." cp -R ca-certificates /usr/local/share -update-ca-certificates +LC_ALL=C update-ca-certificates -f # Install memtest86 into /boot. # Only install if /boot exists, and this isn't an EFI system. @@ -69,8 +69,8 @@ read -r -p "----> Enter GPG decryption passphrase (appears in clear text): " PAS # Decrypt the pushover-config. echo "-> Decrypting /etc/pushover/*.gpg..." for FILE in /etc/pushover/*.gpg; do - gpg -d --passphrase "$PASS" -o "/etc/pushover/${FILE%.gpg}" "$FILE" - chmod 640 "/etc/pushover/${FILE%.gpg}" + gpg -d --passphrase "$PASS" -o "${FILE%.gpg}" "$FILE" + chmod 640 "${FILE%.gpg}" done unset FILE @@ -149,7 +149,7 @@ unset PASS echo "-> Archiving old logs..." [[ ! -d /var/log/Archived ]] && mkdir -m 750 /var/log/Archived [[ ! -d /var/log/Archived/pre-bootstrapping ]] && mkdir -m 750 /var/log/Archived/pre-bootstrapping -mv /var/log/{btmp.*,{cron,debug,maillog,messages,secure,spooler,syslog}{,.*}} /var/log/Archived/pre-bootstrapping/ +mv -f /var/log/{btmp.*,{cron,debug,maillog,messages,secure,spooler,syslog}{,.*}} /var/log/Archived/pre-bootstrapping/ 2>/dev/null # Restart syslogd. echo "-> Restarting syslogd for new config..." From bd76367f278d738327ec5952e3f9bed29a3bc801 Mon Sep 17 00:00:00 2001 From: Darren 'Tadgy' Austin Date: Sat, 3 Sep 2022 17:48:46 +0100 Subject: [PATCH 2/2] Only restart fail2ban in rc.firewall if it's *not* started from boot. --- rc.d/rc.firewall | 8 +++++--- rc.d/rc.firewall-complete | 6 ++++-- rc.d/rc.firewall-float | 6 ++++-- 3 files changed, 13 insertions(+), 7 deletions(-) diff --git a/rc.d/rc.firewall b/rc.d/rc.firewall index d86171d..710029d 100755 --- a/rc.d/rc.firewall +++ b/rc.d/rc.firewall @@ -69,7 +69,7 @@ start_firewall() { # Allow unrestricted access from our IPs. for ENTRY in "${UNFILTERED_RANGES_V4[@]}"; do - iptables -A INPUT -i "$EX_IF" --s "$ENTRY" -j ACCEPT + iptables -A INPUT -i "$EX_IF" -s "$ENTRY" -j ACCEPT done for ENTRY in "${UNFILTERED_RANGES_V6[@]}"; do ip6tables -A INPUT -i "$EX_IF" -s "$ENTRY" -j ACCEPT @@ -159,7 +159,9 @@ case "$1" in ;; esac -# Restart fail2ban to re-create the ban chains. -[[ -x /etc/rc.d/rc.fail2ban ]] && /etc/rc.d/rc.fail2ban restart >/dev/null +# Unless the system is booting, restart fail2ban to re-create the ban chains. +[[ "$PREVLEVEL" != "N" ]] && { + [[ -x /etc/rc.d/rc.fail2ban ]] && /etc/rc.d/rc.fail2ban restart >/dev/null +} exit 0 diff --git a/rc.d/rc.firewall-complete b/rc.d/rc.firewall-complete index 25196f9..44e7f8e 100755 --- a/rc.d/rc.firewall-complete +++ b/rc.d/rc.firewall-complete @@ -205,7 +205,9 @@ case "$1" in ;; esac -# Restart fail2ban to re-create the ban chains. -[[ -x /etc/rc.d/rc.fail2ban ]] && /etc/rc.d/rc.fail2ban restart >/dev/null +# Unless the system is booting, restart fail2ban to re-create the ban chains. +[[ "$PREVLEVEL" != "N" ]] && { + [[ -x /etc/rc.d/rc.fail2ban ]] && /etc/rc.d/rc.fail2ban restart >/dev/null +} exit 0 diff --git a/rc.d/rc.firewall-float b/rc.d/rc.firewall-float index 9ee055f..8bae5f4 100755 --- a/rc.d/rc.firewall-float +++ b/rc.d/rc.firewall-float @@ -187,7 +187,9 @@ case "$1" in ;; esac -# Restart fail2ban to re-create the ban chains. -[[ -x /etc/rc.d/rc.fail2ban ]] && /etc/rc.d/rc.fail2ban restart >/dev/null +# Unless the system is booting, restart fail2ban to re-create the ban chains. +[[ "$PREVLEVEL" != "N" ]] && { + [[ -x /etc/rc.d/rc.fail2ban ]] && /etc/rc.d/rc.fail2ban restart >/dev/null +} exit 0