1.5 The 'patchcreate' script
Code:
1 #!/bin/sh
2 # $Id: Patchcreate.xml,v 1.6 2010/01/24 14:11:53 j65nko Exp $
3
4 EDIT=/usr/bin/vi
5 PATCHSCRIPT=_patcher
6
7 mkdir -p ORIG
8 mkdir -p NEW
9
10 # -- file name specified?
11 if [ $# -ne 1 ] ; then
12 echo $0 ERROR: No file name specified!
13 exit 1
14 fi
15
16 # -- specified file exists?
17 if [ -f $1 -o -f ORIG/$1 ] ; then
18 echo Ok, found file $1
19 else
20 echo $0 ERROR file "$1" does not exist!
21 exit 1
22 fi
23
24 if [ -f ORIG/$1 ]; then
25 echo Good, found original $1 in directory ORIG
26 else
27 echo Saving copy of $1 in directory ORIG
28 cp -p $1 ORIG/$1
29 fi
30
31 ls -l ORIG/$1
32
33 if [ -f NEW/$1 ]; then
34 echo Good, found $1 in directory NEW
35 ls -l NEW/$1
36 else
37 echo Copy original $1 to directory NEW for editing
38 cp -p ORIG/$1 NEW/$1
39 ls -l NEW/$1
40 fi
41
42 # exit
43
44 printf "\nPress Enter to edit $1" ; read X
45
46 $EDIT NEW/$1
47
48 # ------- create patch script with the patch in-line
49
50 cat <<END > ${PATCHSCRIPT}
51 # ----------------------------------------------------------
52 echo
53 echo --- patch script for: $1 --- BEGIN
54
55 # --- edit the following line if needed
56 FILE=./$1
57
58 patch -b -p0 \${FILE} <<END_OF_PATCH
59 $(diff -u ORIG/${1} NEW/${1})
60 $(echo 'END_OF_PATCH')
61
62 echo --- patch script for: $1 --- END
63 END
64
65 echo "Copying original ORIG/$1 back to current dir to test <${PATCHSCRIPT}>"
66 cp -p ORIG/$1 .
67 ls -l $1 ${PATCHSCRIPT}
68
Keep the unmodified file in
'ORIG', the file to be changed, or already modified in
'NEW'. At the end (lines 65-67), copy the original to the current directory for testing.
The actual work, creating a here document to be used by
'patch', is done in 58-60. The complete script generation, starts on line 50 and ends on line 63 and is done with another here document.
As dessert, the next section shows the effect of this
'sshd_config' patch.
1.6 Comparison of 'sshd' before and after patching
Before the patch:
Code:
$ netstat -a -f inet
Active Internet connections (including servers)
Proto Recv-Q Send-Q Local Address Foreign Address (state)
tcp 0 48 vintrax.ssh hercules.47094 ESTABLISHED
tcp 0 0 localhost.submissi *.* LISTEN
tcp 0 0 localhost.smtp *.* LISTEN
tcp 0 0 *.ssh *.* LISTEN
Active Internet connections (including servers)
Proto Recv-Q Send-Q Local Address Foreign Address (state)
udp 0 0 vintrax.4599 virtueledoos.nl.ntp
udp 0 0 vintrax.13835 ntp2.hro.nl.ntp
udp 0 0 vintrax.43599 ntp.mediamatic.n.ntp
udp 0 0 *.syslog *.*
$ netstat -a -f inet6
Active Internet connections (including servers)
Proto Recv-Q Send-Q Local Address Foreign Address (state)
tcp6 0 0 localhost.submissi *.* LISTEN
tcp6 0 0 localhost.smtp *.* LISTEN
tcp6 0 0 *.ssh *.* LISTEN
After the patch and stopping and restarting
'sshd':
Code:
$ netstat -af inet
Active Internet connections (including servers)
Proto Recv-Q Send-Q Local Address Foreign Address (state)
tcp 0 48 vintrax.ssh hercules.33562 ESTABLISHED
tcp 0 0 vintrax.ssh *.* LISTEN
tcp 0 0 localhost.submissi *.* LISTEN
tcp 0 0 localhost.smtp *.* LISTEN
$ netstat -af inet6
Active Internet connections (including servers)
Proto Recv-Q Send-Q Local Address Foreign Address (state)
tcp6 0 0 localhost.submissi *.* LISTEN
tcp6 0 0 localhost.smtp *.* LISTEN
Instead of LISTENing on all IP4 addresses (*.ssh),
'sshd' will now restrict itself to the 192.168.222.244 'vintrax' IP address. It also stopped LISTENing on all IPv6 addresses (*.ssh).
$Id: Patchcreate.xml,v 1.6 2010/01/24 14:11:53 j65nko Exp $
$Id: vbul-html.xsl,v 1.15 2010/01/16 00:58:03 j65nko Exp $