From 9579e75ab3fa473d167882d9fc9c0f6b075a822b Mon Sep 17 00:00:00 2001 From: iamromulan <50184035+iamromulan@users.noreply.github.com> Date: Sat, 13 Apr 2024 00:43:52 -0400 Subject: [PATCH] Move lighttpd files to simpleadmin -Set admin as the username -Gave sshd it's own function --- RMxxx_rgmii_toolkit.sh | 75 ++++++++++--------- {lighttpd => simpleadmin}/lighttpd.conf | 8 +- .../systemd}/lighttpd.service | 4 +- 3 files changed, 45 insertions(+), 42 deletions(-) rename {lighttpd => simpleadmin}/lighttpd.conf (82%) rename {lighttpd => simpleadmin/systemd}/lighttpd.service (58%) diff --git a/RMxxx_rgmii_toolkit.sh b/RMxxx_rgmii_toolkit.sh index bac4383..69ceefb 100644 --- a/RMxxx_rgmii_toolkit.sh +++ b/RMxxx_rgmii_toolkit.sh @@ -391,27 +391,27 @@ install_lighttpd() { done systemctl stop lighttpd echo -e "\033[0;32mInstalling/Updating Lighttpd...\033[0m" - mkdir -p "$LIGHTTPD_DIR" - wget -O "$LIGHTTPD_DIR/lighttpd.conf" https://raw.githubusercontent.com/$GITUSER/quectel-rgmii-toolkit/$GITTREE/lighttpd/lighttpd.conf - wget -O "/lib/systemd/system/lighttpd.service" https://raw.githubusercontent.com/$GITUSER/quectel-rgmii-toolkit/$GITTREE/lighttpd/lighttpd.service + mkdir -p "$SIMPLE_ADMIN_DIR" + wget -O "$SIMPLE_ADMIN_DIR/lighttpd.conf" https://raw.githubusercontent.com/$GITUSER/quectel-rgmii-toolkit/$GITTREE/simpleadmin/lighttpd.conf + wget -O "/lib/systemd/system/lighttpd.service" https://raw.githubusercontent.com/$GITUSER/quectel-rgmii-toolkit/$GITTREE/simpleadmin/lighttpd.service ln -sf "/lib/systemd/system/lighttpd.service" "/lib/systemd/system/multi-user.target.wants/" openssl req -new -newkey rsa:2048 -days 3650 -nodes -x509 \ -subj "/C=US/ST=MI/L=Romulus/O=RMIITools/CN=localhost" \ - -keyout $LIGHTTPD_DIR/server.key -out $LIGHTTPD_DIR/server.crt + -keyout $SIMPLE_ADMIN_DIR/server.key -out $SIMPLE_ADMIN_DIR/server.crt systemctl daemon-reload systemctl start lighttpd echo -e "\033[0;32mLighttpd installation/update complete.\033[0m" while true; do - echo -e "\e[1;31mPlease set your root web login password.\e[0m" + echo -e "\e[1;31mPlease set your simpleadmin (User: admin) web login password.\e[0m" read -s password if [ -z "$password" ]; then echo -e "\e[1;32mNo password provided.\e[0m" else - echo -n "root:" > $LIGHTTPD_DIR/.htpasswd - openssl passwd -crypt "$password" >> $LIGHTTPD_DIR/.htpasswd + echo -n "admin:" > $SIMPLE_ADMIN_DIR/.htpasswd + openssl passwd -crypt "$password" >> $SIMPLE_ADMIN_DIR/.htpasswd echo -e "\e[1;32mPassword set.\e[0m" break fi @@ -432,7 +432,7 @@ install_ttyd() { if [ -d "/usrdata/ttyd" ]; then echo -e "\e[1;34mttyd is already installed. Choose an option:\e[0m" - echo -e "\e[1;34m1.) Update to ttyd 1.7.7 (If you are using ttyd you will temporarly loose connection ...)\e[0m" + echo -e "\e[1;34m1.) Update to ttyd 1.7.7 (If you are using ttyd you will temporarly loose connection, update will continue ...)\e[0m" echo -e "\e[1;31m2.) Skip Update (Chose this if you already updated)\e[0m" read -p "Enter your choice (1/2): " choice case $choice in @@ -486,6 +486,7 @@ install_ttyd() { echo -e "\e[1;32mInstallation Complete! ttyd server is up on port 443. Note: No TLS/SSL enabled yet.\e[0m" } +# Function to handle ttyd upgrade check_and_install_ttyd() { remount_rw local service_file="/lib/systemd/system/ttyd.service" @@ -1060,7 +1061,36 @@ WantedBy=multi-user.target" > "$cfun_service_path" fi } +install_sshd() { + ensure_entware_installed + echo -e "\e[1;32mOpenSSH Server\e[0m" + remount_rw + mkdir /usrdata/sshd + wget -O /lib/systemd/system/sshd.service "https://raw.githubusercontent.com/$GITUSER/quectel-rgmii-toolkit/$GITTREE/sshd/sshd.service" + ln -sf "/lib/systemd/system/sshd.service" "/lib/systemd/system/multi-user.target.wants/" + + opkg install openssh-server-pam + for script in /opt/etc/init.d/*sshd*; do + if [ -f "$script" ]; then + echo "Removing existing sshd init script: $script" + rm "$script" # Remove the script if it contains 'sshd' in its name + fi + done + /opt/bin/ssh-keygen -A + systemctl daemon-reload + systemctl enable sshd + + # Enable PAM and PermitRootLogin + sed -i "s/^.*UsePAM .*/UsePAM yes/" "/opt/etc/ssh/sshd_config" + sed -i "s/^.*PermitRootLogin .*/PermitRootLogin yes/" "/opt/etc/ssh/sshd_config" + + # Ensure the sshd user exists in the /opt/etc/passwd file + grep "sshd:x:106" /opt/etc/passwd || echo "sshd:x:106:65534:Linux User,,,:/opt/run/sshd:/bin/nologin" >> /opt/etc/passwd + systemctl start sshd + + echo -e "\e[1;32mOpenSSH installed!!\e[0m" +} # Main menu while true; do @@ -1214,34 +1244,7 @@ echo " :+##+. " echo -e "\e[1;32mThe fast.com test tops out at 40Mbps on the modem\e[0m" ;; 10) - ensure_entware_installed - echo -e "\e[1;32mOpenSSH Server\e[0m" - remount_rw - - mkdir /usrdata/sshd - wget -O /lib/systemd/system/sshd.service "https://raw.githubusercontent.com/$GITUSER/quectel-rgmii-toolkit/$GITTREE/sshd/sshd.service" - ln -sf "/lib/systemd/system/sshd.service" "/lib/systemd/system/multi-user.target.wants/" - - opkg install openssh-server-pam - for script in /opt/etc/init.d/*sshd*; do - if [ -f "$script" ]; then - echo "Removing existing sshd init script: $script" - rm "$script" # Remove the script if it contains 'sshd' in its name - fi - done - /opt/bin/ssh-keygen -A - systemctl daemon-reload - systemctl enable sshd - - # Enable PAM and PermitRootLogin - sed -i "s/^.*UsePAM .*/UsePAM yes/" "/opt/etc/ssh/sshd_config" - sed -i "s/^.*PermitRootLogin .*/PermitRootLogin yes/" "/opt/etc/ssh/sshd_config" - - # Ensure the sshd user exists in the /opt/etc/passwd file - grep "sshd:x:106" /opt/etc/passwd || echo "sshd:x:106:65534:Linux User,,,:/opt/run/sshd:/bin/nologin" >> /opt/etc/passwd - systemctl start sshd - - echo -e "\e[1;32mOpenSSH installed!!\e[0m" + install_sshd ;; 11) echo -e "\e[1;32mGoodbye!\e[0m" diff --git a/lighttpd/lighttpd.conf b/simpleadmin/lighttpd.conf similarity index 82% rename from lighttpd/lighttpd.conf rename to simpleadmin/lighttpd.conf index cd25d7a..145d673 100644 --- a/lighttpd/lighttpd.conf +++ b/simpleadmin/lighttpd.conf @@ -14,13 +14,13 @@ server.document-root = "/usrdata/simpleadmin/www" index-file.names = ( "index.html" ) auth.backend = "htpasswd" -auth.backend.htpasswd.userfile = "/usrdata/lighttpd/.htpasswd" +auth.backend.htpasswd.userfile = "/usrdata/simpleadmin/.htpasswd" $SERVER["socket"] == "0.0.0.0:443" { ssl.engine = "enable" - ssl.privkey= "/usrdata/lighttpd/server.key" - ssl.pemfile= "/usrdata/lighttpd/server.crt" - ssl.acme-tls-1 = "/etc/lighttpd/dehydrated/tls-alpn-01" + ssl.privkey= "/usrdata/simpleadmin/server.key" + ssl.pemfile= "/usrdata/simpleadmin/server.crt" + ssl.acme-tls-1 = "/etc/simpleadmin/dehydrated/tls-alpn-01" ssl.openssl.ssl-conf-cmd = ("MinProtocol" => "TLSv1.2") # (lighttpd 1.4.56 default; recommended to accept only TLSv1.2 and TLSv1.3) auth.require = ( "/" => ( "method" => "basic", diff --git a/lighttpd/lighttpd.service b/simpleadmin/systemd/lighttpd.service similarity index 58% rename from lighttpd/lighttpd.service rename to simpleadmin/systemd/lighttpd.service index a40c389..65eae2f 100644 --- a/lighttpd/lighttpd.service +++ b/simpleadmin/systemd/lighttpd.service @@ -5,8 +5,8 @@ After=network.target [Service] Type=simple PIDFile=/opt/var/run/lighttpd.pid -ExecStartPre=/opt/sbin/lighttpd -tt -f /usrdata/lighttpd/lighttpd.conf -ExecStart=/opt/sbin/lighttpd -D -f /usrdata/lighttpd/lighttpd.conf +ExecStartPre=/opt/sbin/lighttpd -tt -f /usrdata/simpleadmin/lighttpd.conf +ExecStart=/opt/sbin/lighttpd -D -f /usrdata/simpleadmin/lighttpd.conf ExecReload=/bin/kill -USR1 $MAINPID Restart=on-failure