Changes - j0ke.net Open Build Service

Changes of Revision 17

[-] [+]	Changed	tacacs+.changes
@@ -1,4 +1,11 @@ ------------------------------------------------------------------- +Fri Dec 13 16:58:13 UTC 2013 - cs@linux-administrator.com + +- add service user +- add logrotate +- update init script + +------------------------------------------------------------------- Tue Dec 10 22:01:45 UTC 2013 - cs@linux-administrator.com - update to F4.0.4.27a
[-] [+]	Changed	tacacs+.spec ^
@@ -9,16 +9,26 @@ Source1: tac_plus.init.suse Source2: tac_plus.sysconfig Source3: tac_plus.init.rh +Source4: tac_plus.logrotate BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: glibc-devel libgcc gcc gcc-c++ flex bison %if 0%{?suse_version} BuildRequires: tcpd-devel %endif - %if 0%{?fedora_version} \|\| 0%{?centos_version} \|\| 0%{?redhat_version} \|\| 0%{?rhel_version} \|\| 0%{?sl_version} BuildRequires: tcp_wrappers tcp_wrappers-devel %endif +%if 0%{?suse_version} +Requires(pre): pwdutils +Requires: logrotate +%else +Requires: shadow-utils +Requires: logrotate +%endif + +%define user_name tacacs + %description Terminal access controller access control system (TACACS) is a remote authentication protocol that is used to communicate with an @@ -42,8 +52,15 @@ %__install -D -m 0755 %{S:1} %{buildroot}%{_sysconfdir}/init.d/tac_plus %__install -D -m 0755 %{S:2} %{buildroot}%{_localstatedir}/adm/fillup-templates/sysconfig.%{name} %else +%__install -D -m 0755 %{S:2} %{buildroot}%{_sysconfdir}/sysconfig/tac_plus %__install -D -m 0755 %{S:3} %{buildroot}%{_sysconfdir}/init.d/tac_plus %endif +%__install -D -m 0644 %{S:4} %{buildroot}%{_sysconfdir}/logrotate.d/tac_plus + +%pre +getent group %{user_name} >/dev/null \|\| groupadd -r %{user_name} +getent passwd %{user_name} >/dev/null \|\| useradd -r -g %{user_name} -d /var/lib/%{user_name} -s /sbin/nologin -c "user for %{user_name}" %{user_name} +exit 0 %post %if 0%{?suse_version} @@ -93,16 +110,13 @@ %{_libdir}/libtacacs.* %{_includedir}/tacacs.h %doc %{_docdir}/%{name} +%config(noreplace) %{_sysconfdir}/logrotate.d/tac_plus %if 0%{?suse_version} %{_sysconfdir}/init.d/tac_plus %{_localstatedir}/adm/fillup-templates/sysconfig.%{name} %else +%{_sysconfdir}/sysconfig/tac_plus %{_sysconfdir}/init.d/tac_plus %endif %changelog -* Sun Dec 12 2010 Carsten Schoene <cs@linux-administrator.com> - F4.0.4.19-1 -- update to release F4.0.4.19 - -* Thu Feb 21 2008 Carsten Schoene <cs@linux-administrator.com> -- initial package
[-] [+]	Added	tac_plus.conf ^
@@ -0,0 +1,41 @@ +#default authentication = file /etc/passwd +accounting file = /var/log/tac_plus.acct +#default authorization = permit +#key = <changeme> # comment while debug + +# Limit group foo logins to routers 192.168.0.* and 192.168.1., except for the device 192.168.0.13 +acl = foo_acl { + deny = 192.168.0\.13$ + permit = 192.168.[01]\. +} +group = foo { + acl = foo_acl +} +user = bar { + member = foo +} + +# Deny logins to certain hosts in a prefix and allow all others +acl = foo_acl { + deny = 192.168.0\.(1\|20\|50\|90)$ + permit = . +} + +# Limit devices on which a user or group can enable +user = bar { + enableacl = foo_acl +} + +# Define a different enable password for a specific user or group +user = bar1 { + enable = des wa8N/a017BC +} + +user = bar2 { + enable = file /etc/tac_enable_pwd +} + +user = bar3 { + enable = cleartext "letmein" +} +
[-] [+]	Changed	tac_plus.init.rh ^
@@ -8,61 +8,73 @@ # Define variables TACPLUS_PID=/var/run/tac_plus.pid TACPLUS_EXE=/usr/bin/tac_plus -TACPLUS_ARG="" +TACPLUS_OPTS="" TACPLUS_CNF=/etc/tac_plus.conf +TACPLUS_SYSCONFIG=/etc/sysconfig/tac_plus +test -r $TACPLUS_SYSCONFIG \|\| exit 6 +. $TACPLUS_SYSCONFIG + # Source function library. . /etc/rc.d/init.d/functions case "$1" in start) -# Check to see if tac_plus is running. -if [[ -f ${TACPLUS_PID} \|\| -f /var/lock/subsys/tac_plus ]]; then - echo "tac_plus may already be running. Check for existing tac_plus processes." - exit 1 -fi -echo -n "Starting tac_plus:" -$TACPLUS_EXE $TACPLUS_ARG -C $TACPLUS_CNF && success \|\| failure -echo -touch /var/lock/subsys/tac_plus + # Check to see if tac_plus is running. + if [ -n "`pidof tac_plus`" ] ; then + echo "tac_plus is already running!" + exit 1 + elif [ -f ${TACPLUS_PID} \|\| -f /var/lock/subsys/tac_plus ]; then + echo "tac_plus may already be running. Check for existing tac_plus processes." + echo "if tac_plus is not running, remove ${TACPLUS_PID} and /var/lock/subsys/tac_plus" + exit 1 + else + echo -n "Starting tac_plus:" + $TACPLUS_EXE $TACPLUS_OPTS -C $TACPLUS_CNF && success \|\| failure + echo + touch /var/lock/subsys/tac_plus + fi ;; stop) -if [[ -f ${TACPLUS_PID} && -f /var/lock/subsys/tac_plus ]]; then - echo -n "Stopping tac_plus:" - killproc -p ${TACPLUS_PID} - echo - rm -f /var/lock/subsys/tac_plus - rm -f ${TACPLUS_PID} -else - echo "tac_plus does not appear to be running." -fi + if [ -f ${TACPLUS_PID} && -f /var/lock/subsys/tac_plus ]; then + echo -n "Stopping tac_plus:" + killproc -p ${TACPLUS_PID} + echo + rm -f /var/lock/subsys/tac_plus + rm -f ${TACPLUS_PID} + elif [ -n "`pidof tac_plus`" ] ; then + echo -n "Stopping tac_plus:" + kill -9 `pidof tac_plus` + echo + else + echo "tac_plus does not appear to be running." + fi ;; status) -if [[ -f ${TACPLUS_PID} && -f /var/lock/subsys/tac_plus ]]; then - echo "tac_plus pid is `cat ${TACPLUS_PID}`" -else - echo "tac_plus does not appear to be running." -fi + if [[ -f ${TACPLUS_PID} && -f /var/lock/subsys/tac_plus ]]; then + echo "tac_plus pid is `cat ${TACPLUS_PID}`" + else + echo "tac_plus does not appear to be running." + fi ;; restart) -$0 stop; $0 start + $0 stop; $0 start ;; reload) -echo -n "Reloading tac_plus..." -if [[ -f ${TACPLUS_PID} && -f /var/lock/subsys/tac_plus ]]; then - kill -HUP `cat ${TACPLUS_PID}` - RETVAL=$? -fi -if [ $RETVAL -ne 0 ]; then - failure -else - success -fi -echo - + echo -n "Reloading tac_plus..." + if [[ -f ${TACPLUS_PID} && -f /var/lock/subsys/tac_plus ]]; then + kill -HUP `cat ${TACPLUS_PID}` + RETVAL=$? + fi + if [ $RETVAL -ne 0 ]; then + failure + else + success + fi + echo ;; *) -echo "Usage: $0 {start\|stop\|status\|reload\|restart}" -exit 1 + echo "Usage: $0 {start\|stop\|status\|reload\|restart}" + exit 1 ;; esac
[-] [+]	Added	tac_plus.logrotate ^
@@ -0,0 +1,8 @@ +/var/log/tac_plus.log { + missingok + daily + notifempty + missingok + compress + rotate 30 +}