create scripts 'mdns' and 'set_root_password'
edit for secure create_db.sh
This commit is contained in:
@@ -10,7 +10,7 @@ check_root() {
|
||||
}
|
||||
|
||||
generate_token() {
|
||||
tr -dc 'A-Za-z0-9@#%+=_-' < /dev/urandom | head -c "${1:-32}"
|
||||
tr -dc 'A-Za-z0-9' < /dev/urandom | head -c "${1:-32}"
|
||||
echo
|
||||
}
|
||||
|
||||
|
||||
133
scripts/common/setup_mdns.sh
Normal file
133
scripts/common/setup_mdns.sh
Normal file
@@ -0,0 +1,133 @@
|
||||
#!/bin/bash
|
||||
# Basé sur un travail de Cédric Abonnel / Cédrix sous licence CC BY-NC 4.0
|
||||
|
||||
# Importer les fonctions communes
|
||||
source "$(dirname "$0")/../common/common_utils.sh"
|
||||
|
||||
# Vérifier si le script est exécuté en root
|
||||
check_root
|
||||
|
||||
set -e
|
||||
|
||||
echo "=== Détection des interfaces réseau actives ==="
|
||||
INTERFACES=$(ip -o link show | awk -F': ' '{print $2}' | grep -Ev 'lo|docker|veth|br|vmnet|virbr')
|
||||
echo "Interfaces détectées : $INTERFACES"
|
||||
ALLOWED_INTERFACES=$(echo "$INTERFACES" | paste -sd "," -)
|
||||
|
||||
echo "=== Installation d'Avahi (mDNS) et des dépendances ==="
|
||||
apt update
|
||||
apt install -y avahi-daemon avahi-utils libnss-mdns nscd systemd-resolved
|
||||
|
||||
echo "=== Vérification de la présence de libnss_mdns.so.2 ==="
|
||||
if [[ ! -f /lib/x86_64-linux-gnu/libnss_mdns.so.2 ]]; then
|
||||
echo "❌ libnss_mdns.so.2 manquante, tentative de réinstallation"
|
||||
apt install --reinstall -y libnss-mdns
|
||||
fi
|
||||
|
||||
echo "=== Configuration de /etc/nsswitch.conf ==="
|
||||
if grep -q '^hosts:' /etc/nsswitch.conf; then
|
||||
sed -i 's/^hosts:.*/hosts: files mdns4 dns/' /etc/nsswitch.conf
|
||||
else
|
||||
echo "hosts: files mdns4 dns" >> /etc/nsswitch.conf
|
||||
fi
|
||||
grep hosts /etc/nsswitch.conf
|
||||
|
||||
echo "=== Redémarrage des caches DNS si présents ==="
|
||||
systemctl restart nscd || echo "nscd non utilisé"
|
||||
systemctl restart systemd-resolved || echo "systemd-resolved non utilisé"
|
||||
|
||||
echo "=== Vérification d'un éventuel service sur le port 80 ==="
|
||||
if ss -tuln | grep -q ':80 '; then
|
||||
echo "❌ Un service écoute déjà sur le port 80. Abandon de la publication HTTP de test."
|
||||
PUBLISH_HTTP=false
|
||||
else
|
||||
PUBLISH_HTTP=true
|
||||
fi
|
||||
|
||||
echo "=== Sauvegarde de la conf avahi ==="
|
||||
cp /etc/avahi/avahi-daemon.conf /etc/avahi/avahi-daemon.conf.bak.$(date +%F-%H%M)
|
||||
|
||||
echo "=== Génération de la configuration avahi-daemon.conf ==="
|
||||
cat > /etc/avahi/avahi-daemon.conf <<EOF
|
||||
[server]
|
||||
host-name=$(hostname)
|
||||
use-ipv4=yes
|
||||
use-ipv6=no
|
||||
allow-interfaces=$ALLOWED_INTERFACES
|
||||
ratelimit-interval-usec=1000000
|
||||
ratelimit-burst=10
|
||||
|
||||
[wide-area]
|
||||
enable-wide-area=no
|
||||
|
||||
[publish]
|
||||
publish-addresses=yes
|
||||
publish-hinfo=yes
|
||||
publish-workstation=yes
|
||||
publish-domain=yes
|
||||
|
||||
[reflector]
|
||||
enable-reflector=no
|
||||
|
||||
[rlimits]
|
||||
rlimit-as=0
|
||||
rlimit-core=0
|
||||
rlimit-data=4194304
|
||||
rlimit-fsize=0
|
||||
rlimit-nofile=300
|
||||
rlimit-stack=4194304
|
||||
EOF
|
||||
|
||||
if $PUBLISH_HTTP; then
|
||||
echo "=== Publication temporaire d'un service HTTP de test ==="
|
||||
mkdir -p /etc/avahi/services
|
||||
cat > /etc/avahi/services/test-http.service <<EOF
|
||||
<?xml version="1.0" standalone='no'?>
|
||||
<!DOCTYPE service-group SYSTEM "avahi-service.dtd">
|
||||
<service-group>
|
||||
<name replace-wildcards="yes">Test HTTP on %h</name>
|
||||
<service>
|
||||
<type>_http._tcp</type>
|
||||
<port>80</port>
|
||||
</service>
|
||||
</service-group>
|
||||
EOF
|
||||
fi
|
||||
|
||||
echo "=== Activation et redémarrage du service Avahi ==="
|
||||
systemctl enable avahi-daemon
|
||||
systemctl restart avahi-daemon
|
||||
|
||||
echo "=== Vérification du statut du service ==="
|
||||
systemctl status avahi-daemon --no-pager || { echo "❌ Avahi ne fonctionne pas."; exit 1; }
|
||||
|
||||
echo "=== Vérification du multicast sur l'interface ==="
|
||||
ip a | grep MULTICAST || echo "⚠️ Aucune interface multicast détectée"
|
||||
|
||||
echo "=== Vérification de l'écoute sur le port UDP 5353 ==="
|
||||
ss -uln | grep 5353 || echo "⚠️ Aucun service écoutant sur UDP/5353"
|
||||
|
||||
echo "=== Test de la résolution mDNS avec getent (NSS) ==="
|
||||
LOCAL_HOST="$(hostname).local"
|
||||
if getent hosts "$LOCAL_HOST"; then
|
||||
echo "✅ Résolution mDNS de $LOCAL_HOST réussie via getent"
|
||||
else
|
||||
echo "❌ La résolution mDNS de $LOCAL_HOST a échoué via getent"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo "=== Scan des services mDNS disponibles ==="
|
||||
avahi-browse -a -t || echo "⚠️ Aucun service mDNS visible (normal si peu de services publiés)"
|
||||
|
||||
echo "✅ mDNS opérationnel sur : $ALLOWED_INTERFACES"
|
||||
echo "$INTERFACES" > /var/log/mdns_interfaces.log
|
||||
echo "Interfaces enregistrées dans /var/log/mdns_interfaces.log"
|
||||
|
||||
if $PUBLISH_HTTP; then
|
||||
echo "=== Suppression du service HTTP de test ==="
|
||||
rm -f /etc/avahi/services/test-http.service
|
||||
systemctl restart avahi-daemon
|
||||
echo "✅ Service HTTP de test retiré proprement"
|
||||
fi
|
||||
|
||||
echo "✅ Script terminé avec succès"
|
||||
Reference in New Issue
Block a user