-
-
Notifications
You must be signed in to change notification settings - Fork 0
/
install_terminal
249 lines (225 loc) · 7.54 KB
/
install_terminal
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
#!/bin/bash
# CWP INSTALL APP TERMINAL
yum -y update ca-certificates
# NEW CODE
# Use NVM for node.js installation management. Options are "y" or "n" DEFAULT = n
usenvm=n
# Version of Node.js to install. DEFAULT = 16.18.1
nodeversion=16.18.1
function getsystemnodeversion {
if [ -e "/usr/bin/node" ]; then
/usr/bin/node -v
fi
}
function checkfornodejsrpm {
yum list installed nodejs | grep nodejs
}
function currentnodefilepath {
nvm which current
}
if [ "$usenvm" == "n" ]; then
if [ -e "$HOME/.nvm" ]; then
if [ -z "$(checkfornodejsrpm)" ]; then
rm -f /usr/bin/node
fi
fi
if [ ! -e "/usr/bin/node" ];then
yum -y install nodejs --enablerepo=epel
cd /root
npm cache clean -f
npm install -g n
n stable
PATH="$PATH"
fi
if [ ! -e "/usr/bin/npm" ];then
yum -y install npm --enablerepo=epel
cd /root
fi
elif [ "$usenvm" == "y" ]; then
if [ ! -z "$(checkfornodejsrpm)" ]; then
yum -y remove nodejs
fi
if [ -e "$HOME/.nvm" ];then
export NVM_DIR="$HOME/.nvm"
[ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh" # This loads nvm
[ -s "$NVM_DIR/bash_completion" ] && \. "$NVM_DIR/bash_completion" # This loads nvm bash_completion
nvm install $nodeversion
nvm use $nodeversion
if [ "$(getsystemnodeversion)" != "v$nodeversion" ]; then
ln -sf $(currentnodefilepath) /usr/bin/node
fi
fi
if [ ! -e "$HOME/.nvm" ]; then
yum -y install curl
curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.1/install.sh | bash
export NVM_DIR="$HOME/.nvm"
[ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh" # This loads nvm
[ -s "$NVM_DIR/bash_completion" ] && \. "$NVM_DIR/bash_completion" # This loads nvm bash_completion
nvm install "$nodeversion"
nvm use $nodeversion
ln -sf $(currentnodefilepath) /usr/bin/node
fi
fi
# Old Code
#yum -y install gcc-c++ make
#npm install express pty.js --production
#npm install --save express-ws --production
#npm install node-pty --production
#npm install socket.io --production
#npm install xterm --production
# NEW CODE
gccversion=7
yum install -y yum-utils centos-release-scl
yum-config-manager --disable centos-sclo-rh
yum -y --enablerepo=centos-sclo-rh-testing install devtoolset-$gccversion-gcc devtoolset-$gccversion-gcc-c++
gccenvcheck=$(cat /etc/profile | grep devtoolset-$gccversion)
if [ -z "$gccenvcheck" ]; then
echo "source /opt/rh/devtoolset-$gccversion/enable" >> /etc/profile
source /opt/rh/devtoolset-$gccversion/enable
fi
source /opt/rh/devtoolset-$gccversion/enable
yum -y install python3
cd /root
npm install express --omit=dev
npm install --save express-ws --omit=dev
npm install node-pty --omit=dev
npm install socket.io --omit=dev
npm install xterm --omit=dev
cat > /root/server.js <<EOF
var express = require('express');
var https = require('https');
var http = require('http');
var fs = require('fs');
var pty = require('node-pty');
var app = express();
var os = require('os');
var ipActual='';
var ifaces = os.networkInterfaces();
var FILE_LOCATION='/usr/local/cwp/.conf/terminaltoken.conf';
var hostname_serv = os.hostname();
Object.keys(ifaces).forEach(function (ifname) {
var alias = 0;
ifaces[ifname].forEach(function (iface) {
if ('IPv4' !== iface.family || iface.internal !== false) {
return;
}
if (alias >= 1) {
} else {
if(iface.address!="127.0.0.1"){
if(ipActual==""){
ipActual=iface.address;
}
}
}
++alias;
});
});
app.use("/",express.static("./"));
var keyFile='';
var certFile='';
if (fs.existsSync('/etc/pki/tls/private/hostname.key')) {
keyFile='/etc/pki/tls/private/hostname.key';
}else{
keyFile='/etc/pki/tls/private/'+hostname_serv+'.key';
}
if (fs.existsSync('/etc/pki/tls/certs/hostname.bundle')) {
certFile='/etc/pki/tls/certs/hostname.bundle';
}else{
certFile='/etc/pki/tls/certs/'+hostname_serv+'.cert';
}
const options = {
key: fs.readFileSync(keyFile),
cert: fs.readFileSync(certFile)
};
var SOCKETFILE = '/root/terminal.sock';
if (fs.existsSync(SOCKETFILE)) {
fs.unlink(SOCKETFILE, function(err){});
}
var server = https.createServer(options,app).listen(SOCKETFILE);
fs.chmodSync(SOCKETFILE, '600');
var io = require('socket.io')(server,{path:'/terminal/socket.io/'});
var Dtoken='';
io.on('connection', function(socket){
socket.auth = false;
socket.on('authenticate', function(dataT){
fs.readFile(FILE_LOCATION, function (err, data) {
if (err){
console.log("Not file");
socket.disconnect();
io.close();
}else{
fs.stat(FILE_LOCATION, function (err, stats) {
Dtoken=dataT.token;
console.log("Authenticated socket ", socket.id);
socket.auth = true;
var term = pty.spawn('bash', [], {
cwd: '/root',
cols: 125,
rows: 45
});
term.on('data', function(data){
socket.emit('output', data);
});
socket.on('input', function(data){
term.write(data);
});
socket.on("disconnect", function(){
term.destroy();
process.exit(0);
console.log("CWP Pro Terminal browser window was closed");
});
socket.on("resize", function(dataC){
var cols = parseInt(dataC.cols),
rows = parseInt(dataC.rows);
console.log(cols+" "+rows);
term.resize(cols, rows);
});
});
}
});
});
});
EOF
CHKTERMINAL=`grep terminal.sock /usr/local/cwpsrv/conf/cwp_services.conf`
if [ -z "$CHKTERMINAL" ];then
echo '
location ~ /terminal/socket.io/ {
auth_pam "Secure Zone | root login required";
auth_pam_service_name "cwpadmin-auth";
# Header settings for application behind proxy
proxy_set_header Host $host;
# proxy_set_header X-NginX-Proxy true;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# Proxy pass settings
proxy_pass https://unix:/root/terminal.sock;
# Proxy redirect settings
proxy_redirect off;
# HTTP version settings
proxy_http_version 1.1;
# Response buffering from proxied server default 1024m
proxy_max_temp_file_size 0;
# Proxy cache bypass define conditions under the response will not be taken from cache
proxy_cache_bypass $http_upgrade;
gzip on;
gzip_proxied any;
gzip_types *;
}' >> /usr/local/cwpsrv/conf/cwp_services.conf
fi
if [ ! -e "/etc/pam.d/cwpadmin-auth" ];then
cat > "/etc/pam.d/cwpadmin-auth" <<EOF
#%PAM-1.0
auth required pam_succeed_if.so user ingroup root
auth include password-auth
auth required pam_shells.so
auth required pam_nologin.so
account include password-auth
password include password-auth
session required pam_loginuid.so
session include password-auth
EOF
fi
service cwpsrv reload
sleep 3