Dih5/whitelistFeed.sh

## whitelistFeed.sh
#!/bin/bash
# Script to whitelist hosts for remote access using gmail's https atom feed.
# Update the vars defined below and chmod 700 root:root, since the password is in clear text.
# Use cron to run it periodically.
#
# To add a host to the whitelist send an email to the GMAILUSER account with a subject like: "allow 13.13.13.13" (whithout quotes) using any of the accounts in ALLOWED
# To remove a host from whitelist read or delete the corresponding email. Note the feed shows only unread mail.
#
# The script works by updating hosts.allow. It checks the feed for mails like those described above.
# The whitelist stored in hosts.allow, between 2 markers (START FEEDSCRIPT, END FEEDSCRIPT), which should not be removed
# Other entries in hosts.allow will not be affected.
#
# Acknowledgement: This script is heavily based on the one posted by silvik in:
# https://bbs.archlinux.org/viewtopic.php?id=114828

#The account used to administrate the list
GMAILUSER=""
GMAILPASSWD=""
#Accounts that are allowed to change the file using this script, separated by "|".
ALLOWED="$GMAILUSER@gmail.com|anotherUser@gmail.com"
#Token of the daemon to be allowed (e.g., sshd or ALL)
ALLOWTOKEN="ALL"
#pattern matching valid IPs (only IPv4 here)
IPPATTERN="(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)"
#path to the hosts.allow file
FILE="/etc/hosts.allow"

#remove old whitelist
perl -ni -e 'print unless(/START FEEDSCRIPT/../END FEEDSCRIPT/)' $FILE

echo "#START FEEDSCRIPT" >> $FILE
echo "#IPs allowed by the gmail feed script" >> $FILE
echo "#Do not remove these markers" >> $FILE

curl -u $GMAILUSER:$GMAILPASSWD --silent "https://mail.google.com/mail/feed/atom" | tr -d '\n' | \
awk -F '<entry>' '{for (i=2; i<=NF; i++) {print $i}}' | sed -n "s/<title>\(.*\)<\/title.*email>\(.*\)<\/email>.*/\2 - \1/p" | \
grep -Ei "^($ALLOWED) - allow $IPPATTERN$" | cut -d- -f2 | sed "s/ allow/$ALLOWTOKEN :/g"  >> $FILE

echo "#END FEEDSCRIPT" >> $FILE
	#!/bin/bash
	# Script to whitelist hosts for remote access using gmail's https atom feed.
	# Update the vars defined below and chmod 700 root:root, since the password is in clear text.
	# Use cron to run it periodically.
	#
	# To add a host to the whitelist send an email to the GMAILUSER account with a subject like: "allow 13.13.13.13" (whithout quotes) using any of the accounts in ALLOWED
	# To remove a host from whitelist read or delete the corresponding email. Note the feed shows only unread mail.
	#
	# The script works by updating hosts.allow. It checks the feed for mails like those described above.
	# The whitelist stored in hosts.allow, between 2 markers (START FEEDSCRIPT, END FEEDSCRIPT), which should not be removed
	# Other entries in hosts.allow will not be affected.
	#
	# Acknowledgement: This script is heavily based on the one posted by silvik in:
	# https://bbs.archlinux.org/viewtopic.php?id=114828

	#The account used to administrate the list
	GMAILUSER=""
	GMAILPASSWD=""
	#Accounts that are allowed to change the file using this script, separated by "\|".
	ALLOWED="$GMAILUSER@gmail.com\|anotherUser@gmail.com"
	#Token of the daemon to be allowed (e.g., sshd or ALL)
	ALLOWTOKEN="ALL"
	#pattern matching valid IPs (only IPv4 here)
	IPPATTERN="(25[0-5]\|2[0-4][0-9]\|[01]?[0-9][0-9]?)\.(25[0-5]\|2[0-4][0-9]\|[01]?[0-9][0-9]?)\.(25[0-5]\|2[0-4][0-9]\|[01]?[0-9][0-9]?)\.(25[0-5]\|2[0-4][0-9]\|[01]?[0-9][0-9]?)"
	#path to the hosts.allow file
	FILE="/etc/hosts.allow"

	#remove old whitelist
	perl -ni -e 'print unless(/START FEEDSCRIPT/../END FEEDSCRIPT/)' $FILE

	echo "#START FEEDSCRIPT" >> $FILE
	echo "#IPs allowed by the gmail feed script" >> $FILE
	echo "#Do not remove these markers" >> $FILE

	curl -u $GMAILUSER:$GMAILPASSWD --silent "https://mail.google.com/mail/feed/atom" \| tr -d '\n' \| \
	awk -F '<entry>' '{for (i=2; i<=NF; i++) {print $i}}' \| sed -n "s/<title>\(.\)<\/title.email>\(.\)<\/email>./\2 - \1/p" \| \
	grep -Ei "^($ALLOWED) - allow $IPPATTERN$" \| cut -d- -f2 \| sed "s/ allow/$ALLOWTOKEN :/g" >> $FILE

	echo "#END FEEDSCRIPT" >> $FILE