V8.03.256.2025.06.02
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
@@ -156,10 +156,10 @@ jobs:
|
|||||||
--control "${timestamp}" \
|
--control "${timestamp}" \
|
||||||
--debug \
|
--debug \
|
||||||
--dhcp-centurion \
|
--dhcp-centurion \
|
||||||
--jump-host "${{ secrets.CISS_DLB_JUMP_HOSTS }}" \
|
--jump-host ${{ secrets.CISS_DLB_JUMP_HOSTS }} \
|
||||||
--provider-netcup-ipv6 "${{ secrets.CISS_DLB_NETCUP_IPV6 }}" \
|
--provider-netcup-ipv6 ${{ secrets.CISS_DLB_NETCUP_IPV6 }} \
|
||||||
--root-password-file /opt/config/password.txt \
|
--root-password-file /opt/config/password.txt \
|
||||||
--ssh-port "${{ secrets.CISS_DLB_SSH_PORT }}" \
|
--ssh-port ${{ secrets.CISS_DLB_SSH_PORT }} \
|
||||||
--ssh-pubkey /opt/config
|
--ssh-pubkey /opt/config
|
||||||
|
|
||||||
- name: 📥 Checking Centurion Cloud for existing LIVE ISOs.
|
- name: 📥 Checking Centurion Cloud for existing LIVE ISOs.
|
||||||
|
|||||||
@@ -154,9 +154,9 @@ jobs:
|
|||||||
--architecture amd64 \
|
--architecture amd64 \
|
||||||
--build-directory /opt/livebuild \
|
--build-directory /opt/livebuild \
|
||||||
--control "${timestamp}" \
|
--control "${timestamp}" \
|
||||||
--jump-host "${{ secrets.CISS_DLB_JUMP_HOSTS_1 }}" \
|
--jump-host ${{ secrets.CISS_DLB_JUMP_HOSTS_1 }} \
|
||||||
--root-password-file /opt/config/password.txt \
|
--root-password-file /opt/config/password.txt \
|
||||||
--ssh-port "${{ secrets.CISS_DLB_SSH_PORT_1 }}" \
|
--ssh-port ${{ secrets.CISS_DLB_SSH_PORT_1 }} \
|
||||||
--ssh-pubkey /opt/config
|
--ssh-pubkey /opt/config
|
||||||
|
|
||||||
- name: 📥 Checking Centurion Cloud for existing LIVE ISOs.
|
- name: 📥 Checking Centurion Cloud for existing LIVE ISOs.
|
||||||
|
|||||||
@@ -212,23 +212,56 @@ arg_parser() {
|
|||||||
;;
|
;;
|
||||||
|
|
||||||
--jump-host)
|
--jump-host)
|
||||||
if [[ -n "${2}" && "${2}" != -* ]]; then
|
if [[ -n "${2}" && "${2}" != -* ]]; then
|
||||||
|
### Take the entire blob in raw and split it later
|
||||||
|
declare raw="${2}"
|
||||||
|
### Remove control characters:
|
||||||
|
raw=$(printf '%s' "${raw}" | tr -d '[:cntrl:]')
|
||||||
|
### Split into a temporary array using spaces:
|
||||||
|
declare split_hosts
|
||||||
|
IFS=' ' read -r -a split_hosts <<< "${raw}"
|
||||||
declare -i count=0
|
declare -i count=0
|
||||||
shift
|
### Insert up to ten entries in ARY_HANDLER_JUMPHOST:
|
||||||
while [[ "${#}" -gt 0 && "${1}" != -* && count -lt 10 ]]; do
|
declare count h
|
||||||
declare -g ARY_HANDLER_JUMPHOST+=("$1")
|
for h in "${split_hosts[@]}"; do
|
||||||
count=$((count + 1))
|
if [[ ${count} -lt 10 ]]; then
|
||||||
shift
|
ARY_HANDLER_JUMPHOST+=("${h}")
|
||||||
done
|
count=$((count + 1))
|
||||||
while [[ "${#}" -gt 0 && "${1}" != -* ]]; do
|
else
|
||||||
|
break
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
### Then skip all host values that were originally specified after --jump-host
|
||||||
|
shift ### Remove: --jump-host
|
||||||
|
### Now one must perform as many shifts as there were words in the raw blob:
|
||||||
|
declare _
|
||||||
|
for _ in "${split_hosts[@]}"; do
|
||||||
shift
|
shift
|
||||||
done
|
done
|
||||||
|
unset count h raw split_hosts _
|
||||||
else
|
else
|
||||||
if ! $VAR_HANDLER_AUTOBUILD; then boot_screen_cleaner; fi
|
if ! $VAR_HANDLER_AUTOBUILD; then boot_screen_cleaner; fi
|
||||||
printf "\e[91m❌ Error: --jump-host MUST contain one or up to ten IPs.\e[0m\n" >&2
|
printf "\e[91m❌ Error: --jump-host MUST contain one or up to ten IPs.\e[0m\n" >&2
|
||||||
read -p -r $'\e[92m✅ Press \'ENTER\' to exit the script ... \e[0m'
|
read -p -r $'\e[92m✅ Press \'ENTER\' to exit the script ... \e[0m'
|
||||||
exit "${ERR_ARG_MSMTCH}"
|
exit "${ERR_ARG_MSMTCH}"
|
||||||
fi
|
fi
|
||||||
|
#if [[ -n "${2}" && "${2}" != -* ]]; then
|
||||||
|
# declare -i count=0
|
||||||
|
# shift
|
||||||
|
# while [[ "${#}" -gt 0 && "${1}" != -* && count -lt 10 ]]; do
|
||||||
|
# declare -g ARY_HANDLER_JUMPHOST+=("$1")
|
||||||
|
# count=$((count + 1))
|
||||||
|
# shift
|
||||||
|
# done
|
||||||
|
# while [[ "${#}" -gt 0 && "${1}" != -* ]]; do
|
||||||
|
# shift
|
||||||
|
# done
|
||||||
|
#else
|
||||||
|
# if ! $VAR_HANDLER_AUTOBUILD; then boot_screen_cleaner; fi
|
||||||
|
# printf "\e[91m❌ Error: --jump-host MUST contain one or up to ten IPs.\e[0m\n" >&2
|
||||||
|
# read -p -r $'\e[92m✅ Press \'ENTER\' to exit the script ... \e[0m'
|
||||||
|
# exit "${ERR_ARG_MSMTCH}"
|
||||||
|
#fi
|
||||||
;;
|
;;
|
||||||
|
|
||||||
--log-statistics-only)
|
--log-statistics-only)
|
||||||
|
|||||||
@@ -148,7 +148,7 @@ hardening_ultra() {
|
|||||||
declare host
|
declare host
|
||||||
for host in "${ARY_HANDLER_JUMPHOST_UNIQUE[@]}"; do
|
for host in "${ARY_HANDLER_JUMPHOST_UNIQUE[@]}"; do
|
||||||
((line++))
|
((line++))
|
||||||
sed -i "${line}a ufw allow from \"${host}\" to any port \"${sshport}\" proto tcp comment \"Incoming SSH ([${host}]:${sshport})\"" "$file"
|
sed -i "${line}a ufw allow from ${host} to any port ${sshport} proto tcp comment \"Incoming SSH ([${host}]:${sshport})\"" "$file"
|
||||||
done
|
done
|
||||||
fi
|
fi
|
||||||
|
|
||||||
@@ -179,7 +179,7 @@ hardening_ultra() {
|
|||||||
declare host
|
declare host
|
||||||
for host in "${ARY_HANDLER_JUMPHOST_UNIQUE[@]}"; do
|
for host in "${ARY_HANDLER_JUMPHOST_UNIQUE[@]}"; do
|
||||||
((line++))
|
((line++))
|
||||||
sed -i "${line}a ufw allow from \"${host}\" to any port \"${sshport}\" proto tcp comment \"Incoming SSH ([${host}]:${sshport})\"" "$file"
|
sed -i "${line}a ufw allow from ${host} to any port ${sshport} proto tcp comment \"Incoming SSH ([${host}]:${sshport})\"" "$file"
|
||||||
done
|
done
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|||||||
Reference in New Issue
Block a user