Created
February 18, 2014 02:52
-
-
Save Red5d/9063836 to your computer and use it in GitHub Desktop.
This script helps set up GeoIP-based access restriction.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#! /bin/bash | |
# This script helps set up GeoIP-based access restriction. | |
# Commands adapted from http://blog.grimneko.de/?p=228 | |
echo "Installing libgeoip-dev, libpam0g-dev, and make (just in case it's not there)..." | |
sudo apt-get install libgeoip-dev libpam0g-dev make | |
echo | |
echo "Downloading the pam_geoip module..." | |
wget http://download.ankh-morp.org/pam_geoip/pam_geoip-1.1.tar.gz | |
echo | |
echo "Extracting..." | |
tar -xf pam_geoip-1.1.tar.gz | |
cd pam_geoip-1.1 | |
echo | |
echo "Making the pam_geoip module..." | |
make | |
echo | |
echo "If everything is ok so far, press the Enter key to continue." | |
read | |
echo "Copying the module into place and setting permissions..." | |
sudo -i | |
mkdir -p /lib/security | |
cp pam_geoip.so /lib/security/ | |
chown root:root /lib/security/pam_geoip.so && chmod 644 /lib/security/pam_geoip.so | |
echo "Copying geoip.conf file into place and setting permissions..." | |
cp geoip.conf /etc/security/ | |
chown root:root /etc/security/geoip.conf && chmod 644 /etc/security/geoip.conf | |
echo "Downloading GeoIP database and setting permissions..." | |
cd /etc/security | |
wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz | |
gunzip GeoLiteCity.dat.gz | |
chmod 644 /etc/security/GeoLiteCity.dat | |
echo "Next, we'll add the following line to the pam file for the service you want to restrict with GeoIP:" | |
echo "account required pam_geoip.so geoip_db=/etc/security/GeoLiteCity.dat system_file=/etc/security/geoip.conf action=allow" | |
echo "(press enter to continue)" | |
read | |
echo "Which service do you want to restrict with GeoIP?:" | |
num=1 | |
for item in $(ls /etc/pam.d/) | |
do | |
echo $num". "$item | |
let num=$num+1 | |
done | |
echo -n "Enter the number next to the service: " | |
read serviceNum | |
serviceName=$(echo "$(ls /etc/pam.d/)" | sed -n $serviceNum'p') | |
echo | |
echo -n "Do you want to enable GeoIP restriction for "$serviceName"? (y/n): " | |
read yesno | |
if [ "$yesno" == 'y' ];then | |
echo "account required pam_geoip.so geoip_db=/etc/security/GeoLiteCity.dat system_file=/etc/security/geoip.conf action=allow" >> /etc/pam.d/$serviceName | |
else | |
echo "No? Ok. Whenever you're ready, append the following line to the end of the file in /etc/pam.d for the service:" | |
echo "account required pam_geoip.so geoip_db=/etc/security/GeoLiteCity.dat system_file=/etc/security/geoip.conf action=allow" | |
fi | |
echo | |
echo "Now edit the /etc/security/geoip.conf file as needed." | |
echo "See the default examples in the file or check this site to see how to configure it: http://ankh-morp.org/code/pam_geoip/geoip.conf.html" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment