Fincer
/
central-management-of-multiple-servers
mirror of https://github.com/Fincer/central-management-of-multiple-servers
1
0
Fork 0
Code Issues 0 Projects 0 Releases 0 Wiki Activity
Browse Source

Exercise 3: Add 'Prevent SSH port change if sessions open'

master
Pekka Helenius 6 years ago
committed by GitHub
parent
3174e405bc
commit
110b3c96cf
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 106 additions and 15 deletions
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +106
    -15
      h3.md

+ 106
- 15
h3.md View File

@ -456,8 +456,8 @@ orjakone:
Function: pkg.installed Function: pkg.installed
Result: True Result: True
Comment: All specified packages are already installed Comment: All specified packages are already installed
Started: 23:47:14.653440
Duration: 429.865 ms
Started: 00:41:53.684126
Duration: 438.565 ms
Changes: Changes:
---------- ----------
ID: check_sshd_config ID: check_sshd_config
@ -465,21 +465,37 @@ orjakone:
Name: /etc/ssh/sshd_config Name: /etc/ssh/sshd_config
Result: True Result: True
Comment: File /etc/ssh/sshd_config exists with proper permissions. No changes made. Comment: File /etc/ssh/sshd_config exists with proper permissions. No changes made.
Started: 23:47:15.085669
Duration: 1.391 ms
Started: 00:41:54.125139
Duration: 1.176 ms
Changes: Changes:
----------
ID: prevent_if_ssh_sessions_open
Function: cmd.run
Name: if [ $(/bin/netstat -tnpa | grep "ESTABLISHED.*sshd" | wc -l) -gt 0 ]; then false; fi
Result: True
Comment: Command "if [ $(/bin/netstat -tnpa | grep "ESTABLISHED.*sshd" | wc -l) -gt 0 ]; then false; fi" run
Started: 00:41:54.126854
Duration: 10.249 ms
Changes:
----------
pid:
4907
retcode:
0
stderr:
stdout:
---------- ----------
ID: ssh_port ID: ssh_port
Function: cmd.run Function: cmd.run
Name: sed -i -r "s/^[#P]+ort [0-9][0-9]*/Port 199/" /etc/ssh/sshd_config Name: sed -i -r "s/^[#P]+ort [0-9][0-9]*/Port 199/" /etc/ssh/sshd_config
Result: True Result: True
Comment: Command "sed -i -r "s/^[#P]+ort [0-9][0-9]*/Port 199/" /etc/ssh/sshd_config" run Comment: Command "sed -i -r "s/^[#P]+ort [0-9][0-9]*/Port 199/" /etc/ssh/sshd_config" run
Started: 23:47:15.087670
Duration: 3.708 ms
Started: 00:41:54.137472
Duration: 3.691 ms
Changes: Changes:
---------- ----------
pid: pid:
4319
4912
retcode: retcode:
0 0
stderr: stderr:
@ -490,8 +506,8 @@ orjakone:
Name: ssh.service Name: ssh.service
Result: True Result: True
Comment: Service restarted Comment: Service restarted
Started: 23:47:15.109629
Duration: 22.164 ms
Started: 00:41:54.159948
Duration: 23.825 ms
Changes: Changes:
---------- ----------
ssh.service: ssh.service:
@ -502,12 +518,12 @@ orjakone:
Name: echo "new SSH daemon port for $(hostname) is 199" Name: echo "new SSH daemon port for $(hostname) is 199"
Result: True Result: True
Comment: Command "echo "new SSH daemon port for $(hostname) is 199"" run Comment: Command "echo "new SSH daemon port for $(hostname) is 199"" run
Started: 23:47:15.132159
Duration: 3.246 ms
Started: 00:41:54.184166
Duration: 3.476 ms
Changes: Changes:
---------- ----------
pid: pid:
4329
4922
retcode: retcode:
0 0
stderr: stderr:
@ -516,11 +532,11 @@ orjakone:
Summary for orjakone Summary for orjakone
------------ ------------
Succeeded: 5 (changed=3)
Succeeded: 6 (changed=4)
Failed: 0 Failed: 0
------------ ------------
Total states run: 5
Total run time: 460.374 ms
Total states run: 6
Total run time: 480.982 ms
``` ```
Näyttäisi siltä, että portti 199 on generoitu uudeksi SSH daemonin yhteysportiksi koneelle 'orjakone'. Varmistetaan tietojen oikeellisuus. Tämän voi tehdä etänä SSH-yhteyden avulla muultakin koneelta (testataan yhteyden toimivuus orjakoneen IP:een SSH clientilla porttia 199 käyttäen), Näyttäisi siltä, että portti 199 on generoitu uudeksi SSH daemonin yhteysportiksi koneelle 'orjakone'. Varmistetaan tietojen oikeellisuus. Tämän voi tehdä etänä SSH-yhteyden avulla muultakin koneelta (testataan yhteyden toimivuus orjakoneen IP:een SSH clientilla porttia 199 käyttäen),
@ -534,6 +550,81 @@ Toinen esimerkki:
![randomport-from-master](https://raw.githubusercontent.com/Fincer-altego/central-management-of-multiple-servers/master/images/ssh_randomport_for_minion.png) ![randomport-from-master](https://raw.githubusercontent.com/Fincer-altego/central-management-of-multiple-servers/master/images/ssh_randomport_for_minion.png)
**Lisänä - SSH-portin vaihtamisen estäminen, jos SSH-yhteyksiä on muodostettu minionille**
Jos SSH-yhteyksiä on minionilla auki, voimme haluta estää portin vaihtamisen kesken kaiken. Yllä olevassa SLS-tiedostossa tämä on määritetty state:lla _prevent_if_ssh_sessions_open_.
Masterin output, jos minionilla on SSH-yhteyksiä auki:
```
orjakone:
----------
ID: check_sshd_install
Function: pkg.installed
Result: True
Comment: All specified packages are already installed
Started: 00:37:52.470756
Duration: 425.447 ms
Changes:
----------
ID: check_sshd_config
Function: file.managed
Name: /etc/ssh/sshd_config
Result: True
Comment: File /etc/ssh/sshd_config exists with proper permissions. No changes made.
Started: 00:37:52.898531
Duration: 1.179 ms
Changes:
----------
ID: prevent_if_ssh_sessions_open
Function: cmd.run
Name: if [ $(/bin/netstat -tnpa | grep "ESTABLISHED.*sshd" | wc -l) -gt 0 ]; then false; fi
Result: False
Comment: Command "if [ $(/bin/netstat -tnpa | grep "ESTABLISHED.*sshd" | wc -l) -gt 0 ]; then false; fi" run
Started: 00:37:52.900237
Duration: 10.394 ms
Changes:
----------
pid:
4815
retcode:
1
stderr:
stdout:
----------
ID: ssh_port
Function: cmd.run
Name: sed -i -r "s/^[#P]+ort [0-9][0-9]*/Port 305/" /etc/ssh/sshd_config
Result: False
Comment: One or more requisite failed: ssh_random.prevent_if_ssh_sessions_open
Changes:
----------
ID: sshd_restart
Function: service.running
Name: ssh.service
Result: False
Comment: One or more requisite failed: ssh_random.ssh_port
Changes:
----------
ID: ssh_new_port_inform
Function: cmd.run
Name: echo "new SSH daemon port for $(hostname) is 305"
Result: False
Comment: One or more requisite failed: ssh_random.ssh_port, ssh_random.sshd_restart
Changes:
Summary for orjakone
------------
Succeeded: 2 (changed=1)
Failed: 4
------------
Total states run: 6
Total run time: 437.020 ms
ERROR: Minions returned with non-zero exit code
```
![prevent-ssh-portchange](https://raw.githubusercontent.com/Fincer-altego/central-management-of-multiple-servers/master/images/ssh_prevent_portchange.png)
**e)** Kokeile jonkun toisen opiskelijan tekemää Salt-tilaa. Kokeiltava tila voi olla mistä vain harjoituksesta. Opiskelijoiden raportteja ja koodeja löydät tämän sivun perästä kommenteista. **e)** Kokeile jonkun toisen opiskelijan tekemää Salt-tilaa. Kokeiltava tila voi olla mistä vain harjoituksesta. Opiskelijoiden raportteja ja koodeja löydät tämän sivun perästä kommenteista.
-------------- --------------


Write Preview
Loading…
Cancel
Save