File: raspberry/boot-part/newvm.sh

Recommend this page to a friend!

raspberry/boot-part/newvm.sh

File:	`raspberry/boot-part/newvm.sh`
Role:	Auxiliary data
Content type:	`text/plain`
Description:	Auxiliary data
Class:	multiOTP PHP class Authenticate and manage OTP strong user tokens
Author:	By André Liechti
Last change:	New release 5.9.7.1 FIX: Command line number of parameters detection corrected ENH: It's now possible to define the number of digits for new created PIN (multiotp -config default-pin-digits=n) ENH: It's now possible to generate the HTML provisioning file by command line (multiotp -htmlinfo username /full/path/to/username.html or multiotp -htmlinfo /full/path/to/folder/ to generate files for all users) ENH: Embedded Windows nginx edition updated to version 1.25.3 ENH: Embedded Windows internal tools updated (wget 1.21.4 and fart 1.99d) ENH: Embedded Windows freeradius is now launched using NSSM (instead of SRVANY) New release 5.9.7.0 FIX: Better Windows nginx configuration support (path backslashes replaced by slashes) ENH: Embedded Windows nginx edition updated to version 1.24.0 ENH: Embedded Windows PHP edition updated to version 8.2.13 ENH: Better hardware/model detection ENH: Documentation enhanced with instructions for RDWeb on Windows ENH: Upgrade of some internal tools ENH: Better internal configuration organization New release 5.9.6.7 ENH: Documentation updated for "Configuring multiOTP with FreeRADIUS 3.x under Linux" ENH: Without2FA tokens cannot be used for multi_account connection ENH: Added documentation for SSH login with multiOTP New release 5.9.6.5 FIX: Better Raspberry Pi support FIX: ShowLog() method (used by -showlog option) was buggy New release 5.9.6.1 FIX: Automated concurrent access for the same user with "Without2FA" token could corrupt the user file FIX: Any files backend operation is now secured with explicit lock mechanism ENH: Template updated to print bigger QRcode for "MOTP-XML" tokens New release 5.9.5.7 FIX: Weekly anonymized stats date was not always updated FIX: Adding -tokenslist command in CLI mode (mas missing) FIX: Remove a debug line displaying sometimes "COMMDN:$command\n"; FIX: Some minor PHP notice corrections ENH: Adding on-premises smsgateway (https://github.com/multiOTP/SMSGateway) as a new SMS provider ENH: Better warning messages when CheckUserLdapPassword failed ENH: Embedded documentation enhanced ENH: Template updated to display correct information for WITHOUT2FA tokens
Date:	1 year ago
Size:	`20,283 bytes`

Download

#!/bin/bash
##########################################################################
#
# @file   newvm.sh
# @brief  Reset multiOTP open source installation (Raspberry Pi / VM / Docker)
#
# multiOTP package - Strong two-factor authentication open source package
# https://www.multiotp.net/
#
# @author    Andre Liechti, SysCo systemes de communication sa, <info@multiotp.net>
# @version   5.9.7.1
# @date      2023-12-03
# @since     2013-09-22
# @copyright (c) 2013-2023 SysCo systemes de communication sa
# @copyright GNU Lesser General Public License
#
# 2023-11-23 5.9.7.0 SysCo/al Update Raspberry Pi detection 
# 2023-10-11 5.9.6.8 SysCo/al Add Debian Bookworm 12.0 support
# 2022-05-26 5.9.0.3 SysCo/al ssue with /run/php when a Docker container is restarted
# 2022-05-08 5.8.8.4 SysCo/al Better docker support (also for Synology)
# 2022-05-08 5.8.8.1 SysCo/al Add Raspberry Pi Bullseye 11.0 support
# 2021-09-14 5.8.3.0 SysCo/al VM version 011 support
#                             (Debian Bullseye 11.0, PHP 7.4, FreeRADIUS 3.0.21, Nginx 1.18.0)
# 2020-08-31 5.8.0.0 SysCo/al Raspberry Pi 4B support
#                             New unified distribution
#                             Debian Buster 10.5 support
#                             PHP 7.3 support
# 2019-10-23 5.6.1.5 SysCo/al Debian Buster support
# 2019-01-30 5.4.1.7 SysCo/al Support any source path for the installation
# 2019-01-07 5.4.1.1 SysCo/al VM version 008 support (Debian 9.x Stretch, PHP 7, FreeRADIUS 3.x)
# 2018-03-20 5.1.1.2 SysCo/al VM version 007 for Debian 8.x (PHP 5)
#                             Initial Docker support (Debian 8.x)
#                             OS version and ID detection
# 2017-05-16 5.0.4.4 SysCo/al VM upgraded to version 006
# 2016-11-19 5.0.3.1 SysCo/al Better support for Raspberry Pi, enhanced SSL support
# 2016-11-07 5.0.2.7 SysCo/al Better tuning depending on virtual family
#                              (blacklist i2c_piix4 and nsc_ircc)
# 2016-11-04 5.0.2.6 SysCo/al Better hardware detection
# 2016-03-18 5.0.0.0 SysCo/al Raspberry Pi support
# 2013-09-22 4.0.9.0 SysCo/al Initial release
##########################################################################

TEMPVERSION="@version   5.9.7.1"
MULTIOTPVERSION="$(echo -e "${TEMPVERSION:8}" | tr -d '[[:space:]]')"
IFS='.' read -ra MULTIOTPVERSIONARRAY <<< "$MULTIOTPVERSION"
MULTIOTPMAJORVERSION=${MULTIOTPVERSIONARRAY[0]}


RUNDOCKER="FALSE"
if [ $# -ge 1 ]; then
  if [[ "$1" == "RUNDOCKER" ]] || [[ "$2" == "RUNDOCKER" ]] || [[ "$3" == "RUNDOCKER" ]]; then
    RUNDOCKER="TRUE"
  else
    RUNDOCKER="FALSE"
  fi
fi


if [[ "${RUNDOCKER}" == "TRUE" ]]; then
  if [ ! -e /etc/multiotp/config/multiotp.ini ] ; then
    cp -f -rp /var/multiotp-temp/etc/multiotp/* /etc/multiotp
    cp -f -rp /var/multiotp-temp/etc/freeradius/* /etc/freeradius
    cp -f -rp /var/multiotp-temp/log/multiotp/* /var/log/multiotp
    cp -f -rp /var/multiotp-temp/log/freeradius/* /var/log/freeradius
  fi
fi


SOURCE="${BASH_SOURCE[0]}"
while [ -h "$SOURCE" ]; do # resolve $SOURCE until the file is no longer a symlink
  DIR="$( cd -P "$( dirname "$SOURCE" )" >/dev/null 2>&1 && pwd )"
  SOURCE="$(readlink "$SOURCE")"
  [[ $SOURCE != /* ]] && SOURCE="$DIR/$SOURCE" # if $SOURCE was a relative symlink, we need to resolve it relative to the path where the symlink file was located
done
SOURCEDIR="$( cd -P "$( dirname "$SOURCE" )" >/dev/null 2>&1 && pwd )"

# OS ID and version (2023-11-20)
# Architecture (for example x86_64)
OSID=$(cat /etc/os-release | grep "^ID=" | awk -F'=' '{print $2}')
OSVERSION=$(cat /etc/os-release | grep "VERSION_ID=" | awk -F'"' '{print $2}')
ARCHITECTURE=$(lscpu |grep "^Architecture" | awk -F':' '{print $2}' | awk '{$1=$1;print}')

BACKENDDB="mysql"
PHPFPM="php7.3-fpm"
PHPFPMSED="php\/php7.3-fpm"
PHPINSTALLPREFIX="php"
PHPINSTALLPREFIXVERSION="php7.3"
PHPMODULEPREFIX="php/7.3"
PHPMAJORVERSION="7"
SQLITEVERSION="sqlite3"
VMRELEASENUMBER="010"
if [[ "${OSID}" == "debian" ]] && [[ "${OSVERSION}" == "7" ]]; then
    BACKENDDB="mysql"
    PHPFPM="php5-fpm"
    PHPFPMSED="php5-fpm"
    PHPINSTALLPREFIX="php5"
    PHPINSTALLPREFIXVERSION="php5"
    PHPMODULEPREFIX="php5"
    PHPMAJORVERSION="5"
    SQLITEVERSION="sqlite"
    VMRELEASENUMBER="007"
elif [[ "${OSID}" == "debian" ]] && [[ "${OSVERSION}" == "8" ]]; then
    BACKENDDB="mysql"
    PHPFPM="php5-fpm"
    PHPFPMSED="php5-fpm"
    PHPINSTALLPREFIX="php5"
    PHPINSTALLPREFIXVERSION="php5"
    PHPMODULEPREFIX="php5"
    PHPMAJORVERSION="5"
    SQLITEVERSION="sqlite"
    VMRELEASENUMBER="007"
elif [[ "${OSID}" == "debian" ]] && [[ "${OSVERSION}" == "9" ]]; then
    BACKENDDB="mysql"
    PHPFPM="php7.0-fpm"
    PHPFPMSED="php\/php7.0-fpm"
    PHPINSTALLPREFIX="php"
    PHPINSTALLPREFIXVERSION="php7.0"
    PHPMODULEPREFIX="php/7.0"
    PHPMAJORVERSION="7"
    SQLITEVERSION="sqlite"
    VMRELEASENUMBER="008"
elif [[ "${OSID}" == "debian" ]] && [[ "${OSVERSION}" == "10" ]]; then
    BACKENDDB="mariadb"
    PHPFPM="php7.3-fpm"
    PHPFPMSED="php\/php7.3-fpm"
    PHPINSTALLPREFIX="php"
    PHPINSTALLPREFIXVERSION="php7.3"
    PHPMODULEPREFIX="php/7.3"
    PHPMAJORVERSION="7"
    SQLITEVERSION="sqlite3"
    VMRELEASENUMBER="010"
elif [[ "${OSID}" == "debian" ]] && [[ "${OSVERSION}" == "11" ]]; then
    BACKENDDB="mariadb"
    PHPFPM="php7.4-fpm"
    PHPFPMSED="php\/php7.4-fpm"
    PHPINSTALLPREFIX="php"
    PHPINSTALLPREFIXVERSION="php7.4"
    PHPMODULEPREFIX="php/7.4"
    PHPMAJORVERSION="7"
    SQLITEVERSION="sqlite3"
    VMRELEASENUMBER="011"
elif [[ "${OSID}" == "debian" ]] && [[ "${OSVERSION}" == "12" ]]; then
    BACKENDDB="mariadb"
    PHPFPM="php8.2-fpm"
    PHPFPMSED="php\/php8.2-fpm"
    PHPINSTALLPREFIX="php"
    PHPINSTALLPREFIXVERSION="php8.2"
    PHPMODULEPREFIX="php/8.2"
    PHPMAJORVERSION="8"
    SQLITEVERSION="sqlite3"
    VMRELEASENUMBER="012"
elif [[ "${OSID}" == "raspbian" ]] && [[ "${OSVERSION}" == "7" ]]; then
    BACKENDDB="mysql"
    PHPFPM="php5-fpm"
    PHPFPMSED="php5-fpm"
    PHPINSTALLPREFIX="php5"
    PHPINSTALLPREFIXVERSION="php5"
    PHPMODULEPREFIX="php5"
    PHPMAJORVERSION="5"
    SQLITEVERSION="sqlite"
    VMRELEASENUMBER="007"
elif [[ "${OSID}" == "raspbian" ]] && [[ "${OSVERSION}" == "8" ]]; then
    BACKENDDB="mysql"
    PHPFPM="php5-fpm"
    PHPFPMSED="php5-fpm"
    PHPINSTALLPREFIX="php5"
    PHPINSTALLPREFIXVERSION="php5"
    PHPMODULEPREFIX="php5"
    PHPMAJORVERSION="5"
    SQLITEVERSION="sqlite"
    VMRELEASENUMBER="007"
elif [[ "${OSID}" == "raspbian" ]] && [[ "${OSVERSION}" == "9" ]]; then
    BACKENDDB="mysql"
    PHPFPM="php7.0-fpm"
    PHPFPMSED="php\/php7.0-fpm"
    PHPINSTALLPREFIX="php"
    PHPINSTALLPREFIXVERSION="php7.0"
    PHPMODULEPREFIX="php/7.0"
    PHPMAJORVERSION="7"
    SQLITEVERSION="sqlite"
    VMRELEASENUMBER="008"
elif [[ "${OSID}" == "raspbian" ]] && [[ "${OSVERSION}" == "10" ]]; then
    BACKENDDB="mariadb"
    PHPFPM="php7.3-fpm"
    PHPFPMSED="php\/php7.3-fpm"
    PHPINSTALLPREFIX="php"
    PHPINSTALLPREFIXVERSION="php7.3"
    PHPMODULEPREFIX="php/7.3"
    PHPMAJORVERSION="7"
    SQLITEVERSION="sqlite3"
    VMRELEASENUMBER="010"
elif [[ "${OSID}" == "raspbian" ]] && [[ "${OSVERSION}" == "11" ]]; then
    BACKENDDB="mariadb"
    PHPFPM="php7.4-fpm"
    PHPFPMSED="php\/php7.4-fpm"
    PHPINSTALLPREFIX="php"
    PHPINSTALLPREFIXVERSION="php7.4"
    PHPMODULEPREFIX="php/7.4"
    PHPMAJORVERSION="7"
    SQLITEVERSION="sqlite3"
    VMRELEASENUMBER="011"
elif [[ "${OSID}" == "raspbian" ]] && [[ "${OSVERSION}" == "12" ]]; then
    BACKENDDB="mariadb"
    PHPFPM="php8.2-fpm"
    PHPFPMSED="php\/php8.2-fpm"
    PHPINSTALLPREFIX="php"
    PHPINSTALLPREFIXVERSION="php8.2"
    PHPMODULEPREFIX="php/8.2"
    PHPMAJORVERSION="8"
    SQLITEVERSION="sqlite3"
    VMRELEASENUMBER="012"
fi
# End of OS ID and version (2023-11-20)


# Early docker detection (2023-11-20)
UNAME=$(uname -a)
if [[ "${UNAME}" == *docker* ]]; then
    # Docker
    FAMILY="VAP"
    TYPE="DOCKER"
elif grep -q docker /proc/1/cgroup; then 
    FAMILY="VAP"
    TYPE="DOCKER"
elif grep -q docker /proc/self/cgroup; then 
    FAMILY="VAP"
    TYPE="DOCKER"
elif [ -f /.dockerenv ]; then
    FAMILY="VAP"
    TYPE="DOCKER"
fi
# End of early docker detection (2023-11-20)


if [ $# -ge 1 ]; then
    BACKEND="$1"
    if [[ "${BACKEND}" != "mysql" ]] && [[ "$2" != "mysql" ]]; then
        BACKEND="files"
    else
        BACKEND="mysql"
    fi
else
    BACKEND="files"
fi


# Docker backend is forced to be files
if [[ "${TYPE}" == "DOCKER" ]]; then
    BACKEND="files"
fi


# Hardware detection (2023-11-20)
FAMILY=""
UNAME=$(uname -a)
MODEL=$(cat /proc/cpuinfo | grep "Model" | awk -F': ' '{print $2}')
if [[ "${UNAME}" == *docker* ]]; then
    # Docker
    FAMILY="VAP"
    TYPE="DOCKER"
elif grep -q docker /proc/1/cgroup; then 
    FAMILY="VAP"
    TYPE="DOCKER"
elif grep -q docker /proc/self/cgroup; then 
    FAMILY="VAP"
    TYPE="DOCKER"
elif [ -f /.dockerenv ]; then
    FAMILY="VAP"
    TYPE="DOCKER"
elif [[ "${MODEL}" == *"Raspberry Pi 5"* ]]; then
    # Raspberry Pi 5
    FAMILY="RPI"
    TYPE="RP5"
elif [[ "${MODEL}" == *"Raspberry Pi 4"* ]]; then
    # Raspberry Pi 4
    FAMILY="RPI"
    TYPE="RP4"
elif [[ "${MODEL}" == *"Raspberry Pi 3 Model B Plus"* ]]; then
    # Raspberry Pi 3 B+
    FAMILY="RPI"
    TYPE="RP3+"
elif [[ "${MODEL}" == *"Raspberry Pi 3"* ]]; then
    # Raspberry Pi 3
    FAMILY="RPI"
    TYPE="RP3"
elif [[ "${MODEL}" == *"Raspberry Pi 2"* ]]; then
    # Raspberry Pi 2
    FAMILY="RPI"
    TYPE="RP2"
elif [[ "${MODEL}" == *"Raspberry Pi"* ]]; then
    # Raspberry Pi generic
    FAMILY="RPI"
    TYPE="RP"
elif [[ "${UNAME}" == *armv8* ]] || [[ "${UNAME}" == *aarch64* ]]; then
    HARDWARE=$(cat /proc/cpuinfo | grep "Hardware" | awk -F': ' '{print $2}')
    if [[ "${HARDWARE}" == *BCM27* ]] || [[ "${HARDWARE}" == *BCM28* ]]; then
        LSCPU=$(/usr/bin/lscpu | grep "CPU max MHz" | awk -F': ' '{print $2}')
        if [[ "${LSCPU}" == *1500* ]]; then
            # Raspberry Pi 4
            FAMILY="RPI"
            TYPE="RP4"
        elif [[ "${LSCPU}" == *1400* ]]; then
            # Raspberry Pi 3 B+
            FAMILY="RPI"
            TYPE="RP3+"
        else
            # Raspberry Pi 3
            FAMILY="RPI"
            TYPE="RP3"
        fi
    else
        FAMILY="ARM"
        TYPE="ARM"
    fi
elif [[ "${UNAME}" == *armv7l* ]]; then
    HARDWARE=$(cat /proc/cpuinfo | grep "Hardware" | awk -F': ' '{print $2}')
    if [[ "${HARDWARE}" == *BCM27* ]] || [[ "${HARDWARE}" == *BCM28* ]]; then
        LSCPU=$(/usr/bin/lscpu | grep "CPU max MHz" | awk -F': ' '{print $2}')
        if [[ "${LSCPU}" == *1500* ]]; then
            # Raspberry Pi 4
            FAMILY="RPI"
            TYPE="RP4"
        elif [[ "${LSCPU}" == *1400* ]]; then
            # Raspberry Pi 3 B+
            FAMILY="RPI"
            TYPE="RP3+"
        elif [[ "${LSCPU}" == *1200* ]]; then
            # Raspberry Pi 3
            FAMILY="RPI"
            TYPE="RP3"
        else
            # Raspberry Pi 2
            FAMILY="RPI"
            TYPE="RP2"
        fi
    else
        # Beaglebone Black or similar
        FAMILY="ARM"
        if [ -e /sys/class/leds/beaglebone:green:usr0/trigger ] ; then
            TYPE="BBB"
        else
            TYPE="ARM"
        fi
    fi
elif [[ "${UNAME}" == *armv6l* ]]; then
    # Raspberry Pi B/B+
    FAMILY="RPI"
    TYPE="RPI"
else
    # others (Virtual Appliance)
    FAMILY="VAP"
    TYPE="VA"
    DMIDECODE=$(dmidecode -s system-product-name)
    if [[ "${DMIDECODE}" == *VMware* ]]; then
        VMTOOLS=$(which vmtoolsd)
        if [[ "${VMTOOLS}" == *vmtoolsd* ]]; then
            TYPE="VM"
        else
            TYPE="VA"
        fi
    elif [[ "${DMIDECODE}" == *Virtual\ Machine* ]]; then
        TYPE="HV"
    elif [[ "${DMIDECODE}" == *VirtualBox* ]]; then
        TYPE="VB"
    fi
fi
# End of hardware detection (2023-11-20)


if [[ "${FAMILY}" == "RPI" ]]; then
    # Kill all processes which are running with pi user
    ps -ef | grep pi | awk '{ print $2 }' | xargs kill -9 > /dev/null 2>&1

    # Remove the initial user named pi
    userdel -r pi > /dev/null 2>&1
fi


if [[ "${RUNDOCKER}" != "TRUE" ]]; then

  # Kill all processes which are running with debian user
  ps -ef | grep debian | awk '{ print $2 }' | xargs kill -9 > /dev/null 2>&1

  # Remove the demo user named debian
  userdel -r debian > /dev/null 2>&1


  # Remove multiotp.php crontab entries, if any
  sed -i '/.*multiotp.php.*/d' /etc/crontab

  #dmidecode -s system-product-name
  #VMware Virtual Platform
  #apt-get -y install open-vm-tools
  #apt-get -y remove open-vm-tools


  # Clean VM distribution
  # Stop Nginx
  if [ -e /etc/init.d/nginx ] ; then
      /etc/init.d/nginx stop
  else
      service nginx stop
  fi
  # Backup the plateform release
  if [ -e /etc/multiotp/config/vmrelease.ini ] ; then
      cp -f /etc/multiotp/config/vmrelease.ini /dev/shm/vmrelease.ini
  fi
  if [ -e /etc/multiotp/config/hwrelease.ini ] ; then
      cp -f /etc/multiotp/config/hwrelease.ini /dev/shm/hwrelease.ini
  fi

  # Stop Freeradius
  if [ -e /etc/init.d/freeradius ] ; then
      /etc/init.d/freeradius stop
  else
      service freeradius stop
  fi

  # Remove the start file for fake-hwclock
  rm -R /etc/*/*fake-hwclock > /dev/null 2>&1

  # Blacklist speaker support to avoid error during boot
  /bin/grep "pcspkr" /etc/modprobe.d/blacklist.conf > /dev/null 2>&1
  if [ $? != 0 ]; then
      echo 'blacklist pcspkr' >> /etc/modprobe.d/blacklist.conf
      echo 'blacklist snd_pcsp' >> /etc/modprobe.d/blacklist.conf
  fi

  # Blacklist i2c_piix4 support to avoid error during boot
  /bin/grep "i2c_piix4" /etc/modprobe.d/blacklist.conf > /dev/null 2>&1
  if [ $? != 0 ]; then
      echo 'blacklist i2c_piix4' >> /etc/modprobe.d/blacklist.conf
  fi

  # Blacklist nsc_ircc support to avoid error during boot
  /bin/grep "nsc_ircc" /etc/modprobe.d/blacklist.conf > /dev/null 2>&1
  if [ $? != 0 ]; then
      echo 'blacklist nsc_ircc' >> /etc/modprobe.d/blacklist.conf
  fi

  # Blacklist intel_rapl support to avoid error during boot (5.0.3.2)
  /bin/grep "intel_rapl" /etc/modprobe.d/blacklist.conf > /dev/null 2>&1
  if [ $? != 0 ]; then
      echo 'blacklist intel_rapl' >> /etc/modprobe.d/blacklist.conf
  fi

  if [[ "${FAMILY}" == "VAP" ]]; then
      update-initramfs -u -k all
  fi

  if [[ "${TYPE}" != "DOCKER" ]]; then
      # Since 5.0.3.1, fix iptable if necessary

      # autorizing PING
      iptables -A INPUT -p icmp -j ACCEPT > /dev/null 2>&1

      # authorized ports
      iptables -A INPUT -p tcp --dport 22 -j ACCEPT > /dev/null 2>&1
      iptables -A INPUT -p tcp --dport 80 -j ACCEPT > /dev/null 2>&1
      iptables -A INPUT -p udp --dport 161 -j ACCEPT > /dev/null 2>&1
      iptables -A INPUT -p tcp --dport 443 -j ACCEPT > /dev/null 2>&1
      iptables -A INPUT -p udp --dport 1812 -j ACCEPT > /dev/null 2>&1
      iptables -A INPUT -p udp --dport 1813 -j ACCEPT > /dev/null 2>&1

      # no firewall on the local loop (127.x.x.x)
      iptables -A INPUT -i lo -j ACCEPT > /dev/null 2>&1
      iptables -A OUTPUT -o lo -j ACCEPT > /dev/null 2>&1

      # existing connections receive their traffic
      iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT > /dev/null 2>&1

      # refused by default
      iptables -P INPUT DROP > /dev/null 2>&1

      iptables-save > /etc/iptables/rules.v4 > /dev/null 2>&1
      # ip6 can be swapped if not used
      ip6tables-save > /etc/iptables/rules.v6 > /dev/null 2>&1

      # Clean history and other files
      # Ideas: http://lonesysadmin.net/2013/03/26/preparing-linux-template-vms/
      /usr/sbin/logrotate -f /etc/logrotate.conf
      /bin/rm -f /var/log/*-???????? /var/log/*.gz
      /bin/rm -rf /tmp/*
      /bin/rm -rf /var/tmp/*
  fi

  /bin/rm -f ~root/.bash_history
  unset HISTFILE

  # Clean the history
  history -c


  # Docker could be mounted with existing configuration
  if [[ "${TYPE}" != "DOCKER" ]]; then
      rm -f /var/log/multiotp/*
      rm -f /etc/multiotp/config/*
      rm -f /etc/multiotp/devices/*
      rm -f /etc/multiotp/groups/*
      rm -f /etc/multiotp/tokens/*
      rm -f /etc/multiotp/touch/*
      rm -f /etc/multiotp/users/*
  fi

  if [ ! -e /etc/multiotp ] ; then
      mkdir /etc/multiotp
  fi
  if [ ! -e /etc/multiotp/config ] ; then
      mkdir /etc/multiotp/config
  fi


  if [ ! -e /etc/multiotp/config/multiotp.ini ] ; then
      # Touch config file to give the necessary right
      touch /etc/multiotp/config/multiotp.ini

      # Change various rights
      chmod 777 -R /etc/multiotp

      # Change some owners
      chown -R www-data:www-data /etc/multiotp

      echo Creating a new multiotp.ini file
      touch /etc/multiotp/config/multiotp.ini
      chmod 777 -R /etc/multiotp
      chown -R www-data:www-data /etc/multiotp
      echo multiotp-database-format-v3 > /etc/multiotp/config/multiotp.ini
      echo  >> /etc/multiotp/config/multiotp.ini
      echo log=1 >> /etc/multiotp/config/multiotp.ini

      #MySQL backbone configuration
      if [[ "${BACKEND}" == "mysql" ]]; then
          echo Add SQL configuration to multiotp.ini file
          sed -i '/^sql_server/d' /etc/multiotp/config/multiotp.ini
          echo sql_server=127.0.0.1 >> /etc/multiotp/config/multiotp.ini
          sed -i '/^sql_username/d' /etc/multiotp/config/multiotp.ini
          echo sql_username=multiotp >> /etc/multiotp/config/multiotp.ini
          sed -i '/^sql_password/d' /etc/multiotp/config/multiotp.ini
          echo sql_password=dfh45AReTZTxsdR >> /etc/multiotp/config/multiotp.ini
          sed -i '/^sql_database/d' /etc/multiotp/config/multiotp.ini
          echo sql_database=multiotp >> /etc/multiotp/config/multiotp.ini
          sed -i '/^backend_type/d' /etc/multiotp/config/multiotp.ini
          echo backend_type=mysql >> /etc/multiotp/config/multiotp.ini
          echo backend_type_validated=1 >> /etc/multiotp/config/multiotp.ini
      fi
  fi


  # Cleaning space, than
  #  VMware CLI: vmkfstools --punchzero  multiOTP-xxx.vmdk
  #  Hyper-V GUI: "Compact" option in the settings of the virtual machine
  #  VirtualBox CLI: VBoxManage modifyhd ?compact /path/to/multiOTP-xxx.vdi?
  if [[ "${TYPE}" != "DOCKER" ]]; then
      if [[ ! "$1" == "nozero" ]]; then
          echo "Zeroing disk space..."
          dd if=/dev/zero of=/zeroes bs=4096
          rm -f /zeroes
      fi
  fi

  if [ -e /dev/shm/vmrelease.ini ] ; then
      # Retrieve the version release
      cp -f /dev/shm/vmrelease.ini /etc/multiotp/config/vmrelease.ini
  fi
  if [ -e /dev/shm/hwrelease.ini ] ; then
      # Retrieve the version release
      cp -f /dev/shm/hwrelease.ini /etc/multiotp/config/hwrelease.ini
  fi


  if [[ "${TYPE}" != "DOCKER" ]]; then
    touch /etc/multiotp/certificates/multiotp.generic
    touch /etc/ssh/ssh.generic

    # Remove this file
    if [ -e ${BASH_SOURCE} ] ; then
        rm -f ${BASH_SOURCE}
    fi
  else
  
    if [ ! -e /var/multiotp-temp/log/freeradius ] ; then
      mkdir /var/multiotp-temp
      mkdir /var/multiotp-temp/etc
      mkdir /var/multiotp-temp/etc/multiotp
      mkdir /var/multiotp-temp/etc/freeradius
      mkdir /var/multiotp-temp/log
      mkdir /var/multiotp-temp/log/multiotp
      mkdir /var/multiotp-temp/log/freeradius
    fi
  
    cp -f -rp /etc/multiotp/* /var/multiotp-temp/etc/multiotp
    cp -f -rp /etc/freeradius/* /var/multiotp-temp/etc/freeradius
    cp -f -rp /var/log/multiotp/* /var/multiotp-temp/log/multiotp
    cp -f -rp /var/log/freeradius/* /var/multiotp-temp/log/freeradius
  fi

  echo The device is now halted.

  #Stop the VM
  shutdown now -h &
  exit 0

else

  if [ -e /etc/init.d/freeradius ] ; then
    /etc/init.d/freeradius start
  else
    service freeradius start
  fi
  if [ -e /etc/init.d/nginx ] ; then
    /etc/init.d/nginx start
  else
    service nginx start
  fi
  if [ -e /etc/init.d/ntp ] ; then
    /etc/init.d/ntp start
  else
    service ntp start
  fi
  
  if [ -e /etc/init.d/${PHPFPM} ] ; then
    if [ -e /run/php ] ; then
      /etc/init.d/${PHPFPM} restart
    else
      /etc/init.d/${PHPFPM} start
    fi
  else
    if [ -e /run/php ] ; then
      service ${PHPFPM} restart
    else
      service ${PHPFPM} start
    fi
  fi
  
  # Keep container running
  while true;
    do sleep 30;
  done;

fi

About us

Advertise on this site

For more information send a message to info at phpclasses dot org.

File: raspberry/boot-part/newvm.sh

Contents