From d2554011cef8bf9fa0cf6139688cba3aa015d162 Mon Sep 17 00:00:00 2001 From: Pavel Muhortov Date: Mon, 1 May 2023 16:55:45 +0300 Subject: [PATCH] moved from utils --- README.md | 137 +++++++++-- script.sh => ovpn-cert-expiration.sh | 56 +++-- ovpn-client-management.sh | 353 +++++++++++++++++++++++++++ ovpn-connect-handling.sh | 195 +++++++++++++++ 4 files changed, 709 insertions(+), 32 deletions(-) rename script.sh => ovpn-cert-expiration.sh (57%) create mode 100644 ovpn-client-management.sh create mode 100644 ovpn-connect-handling.sh diff --git a/README.md b/README.md index af904ee..1b83014 100644 --- a/README.md +++ b/README.md @@ -1,37 +1,142 @@ -# template-bash +# openvpn-management -Template repository for projects on bash +OpenVPN management and monitoring utils. -* [`script.sh`](https://git.hmp.today/pavel.muhortov/template-bash#script-sh) +* [`ovpn-cert-expiration`.sh](https://git.hmp.today/pavel.muhortov/openvpn-management#ovpn-cert-expiration-sh) +* [`ovpn-client-management`.sh](https://git.hmp.today/pavel.muhortov/openvpn-management#ovpn-client-management-sh) +* [`ovpn-connect-handling`.sh](https://git.hmp.today/pavel.muhortov/openvpn-management#ovpn-connect-handling-sh) ____ -## `script.sh` +## `ovpn-cert-expiration`.sh **Description:** -> returning current username if privileged rights are exist -> or -> returning error, if privileged rights are not exist +> Checking openvpn server certificates expiration and preparing stats for monitoring. **Dependencies:** > -> * [bash](https://www.gnu.org/software/bash/) (tested version 5.1.4 on [Debian GNU/Linux 11](http://ftp.debian.org/debian/dists/bullseye/)) -> * [whoami](https://www.gnu.org/software/coreutils/whoami) (tested version 8.30 on [Debian GNU/Linux 11](http://ftp.debian.org/debian/dists/bullseye/)) +> * privileged rights +> * [openssl](https://www.openssl.org/) (tested version 1.1.1k on [Debian GNU/Linux 11](http://ftp.debian.org/debian/dists/bullseye/)) | POSITION | PARAMETERS | DESCRIPTION | DEFAULT | |-----------|--------------|------------------------|---------------| | 1 |**[qn]**|execution without pauses|| -| 2 |**[/path/to/conf]**|path to config|`./script.conf`| +| 2 |**[/path/to/conf]**|openvpn server config file path|/etc/openvpn/server/server.conf| -Example usage in terminal with bash: +Example usage: ```bash -bash ./script.sh qn ./script.conf +# download +sudo wget https://git.hmp.today/pavel.muhortov/openvpn-management/raw/branch/master/ovpn-cert-expiration.sh -O /etc/openvpn/server/ovpn-cert-expiration.sh +sudo chmod +x /etc/openvpn/server/ovpn-cert-expiration.sh ``` -Example usage in terminal with make the script executable: - ```bash -chmod u+x ./script.sh -script.sh +# sudo crontab -e +0 * * * * bash /etc/openvpn/server/ovpn-cert-expiration.sh qn +``` + +```bash +# check stats +watch cat /var/log/openvpn/ovpn-cert-expiration.log +``` + +____ + +## `ovpn-client-management`.sh + +**Description:** +> Creating or deleting client config for openvpn and sending config and info to email. + +**Dependencies:** +> +> * privileged rights +> * chpasswd +> * [openvpn](https://openvpn.net/) (tested version 2.5.1 on [Debian GNU/Linux 11](http://ftp.debian.org/debian/dists/bullseye/)) +> * [easy-rsa](https://github.com/OpenVPN/easy-rsa) (tested version 3.0.8 on [Debian GNU/Linux 11](http://ftp.debian.org/debian/dists/bullseye/)) +> * tar +> * [Python 3](https://www.python.org/downloads/) (tested version 3.9.5 on [Debian GNU/Linux 11](http://ftp.debian.org/debian/dists/bullseye/)) +> * existing [/usr/local/bin/sendmail.py](https://git.hmp.today/pavel.muhortov/utils#sendmail-py) + +| POSITION | PARAMETERS | DESCRIPTION | DEFAULT | +|-----------|--------------|------------------------|---------------| +| 1 |**add\|del**|add or delete client config|**REQUIRED**| +| 2 |**\**|client username|**REQUIRED**| +| 3 |**\**|client password|| +| 4 |**[-f]**,**[--force]**|service will restart after username delete|| + +Example usage: + +```bash +# download +sudo wget https://git.hmp.today/pavel.muhortov/openvpn-management/raw/branch/master/ovpn-client-management.sh -O /etc/openvpn/server/ovpn-client-management.sh +sudo chmod +x /etc/openvpn/server/ovpn-client-management.sh +``` + +```bash +# create link +ln -s /etc/openvpn/server/ovpn-client-management.sh ./ovpn +``` + +```bash +# create client +sudo ./ovpn add username password +``` + +```bash +# delete client (and restart service for applying changes) +sudo ./ovpn del username -f +``` + +```bash +# check journal +tail -f /var/log/openvpn/ovpn.log +``` + +____ + +## `ovpn-connect-handling`.sh + +**Description:** +> Handling client connection and preparing stats for monitoring. + +**Dependencies:** +> +> * executing by [openvpn](https://openvpn.net/) server (tested version 2.5.1 on [Debian GNU/Linux 11](http://ftp.debian.org/debian/dists/bullseye/)) +> * [jq](https://github.com/stedolan/jq) (tested version 1.6 on [Debian GNU/Linux 11](http://ftp.debian.org/debian/dists/bullseye/)) +> * [grepcidr](https://github.com/ryantig/grepcidr) (tested version 2.0 on [Debian GNU/Linux 11](http://ftp.debian.org/debian/dists/bullseye/)) +> * [Python 3](https://www.python.org/downloads/) (tested version 3.9.5 on [Debian GNU/Linux 11](http://ftp.debian.org/debian/dists/bullseye/)) +> * existing [/usr/local/bin/sendmail.py](https://git.hmp.today/pavel.muhortov/utils#sendmail-py) +> * [bash](https://www.gnu.org/software/bash/) (tested versions: 5.1.4 on [Debian GNU/Linux 11](http://ftp.debian.org/debian/dists/bullseye/), 5.0.17 on [Ubuntu 20](https://wiki.ubuntu.com/FocalFossa/ReleaseNotes), 4.2.46 on [CentOS 7](https://wiki.centos.org/Manuals/ReleaseNotes/CentOS7.2009)) + +| POSITION | PARAMETERS | DESCRIPTION | DEFAULT | +|-----------|--------------|------------------------|---------------| +| 1 |**inc\|dec**|increment or decrement counter|**REQUIRED**| +| 2 |****|root path for counter, names, log|**REQUIRED**| +| 3 |**[mail]**|send email notification|| +| 4 |**[geo]**|check client address geolocation|| + +Example usage: + +```bash +# download +sudo wget https://git.hmp.today/pavel.muhortov/openvpn-management/raw/branch/master/ovpn-connect-handling.sh -O /etc/openvpn/server/ovpn-connect-handling.sh +sudo chmod +x /etc/openvpn/server/ovpn-connect-handling.sh +``` + +```bash +# add options to openvpn server config file +sudo tee -a /etc/openvpn/server/server.conf > /dev/null <<'EOF' +script-security 2 +client-connect "/etc/openvpn/server/ovpn-connect-handling.sh inc /var/log/openvpn mail geo" +client-disconnect "/etc/openvpn/server/ovpn-connect-handling.sh dec /var/log/openvpn - -" +EOF +sudo systemctl restart openvpn@server +``` + +```bash +# check counter and names +watch cat /var/log/openvpn/openvpn-counts.log +# check journal +tail -f /var/log/openvpn/ovpn-connect-handling.log ``` diff --git a/script.sh b/ovpn-cert-expiration.sh similarity index 57% rename from script.sh rename to ovpn-cert-expiration.sh index 60f4d6b..fc75703 100644 --- a/script.sh +++ b/ovpn-cert-expiration.sh @@ -1,16 +1,17 @@ #! /bin/bash # DESCRIPTION: -# returning current username if privileged rights are exist -# or -# returning error, if privileged rights are not exist +# checking openvpn server certificates expiration +# and +# preparing stats for monitoring # # DEPENDENCIES: -# - whoami +# - privileged rights +# - openssl # # PARAMETERS: # 1: "qn" - execution without pauses -# 2: custom configuration file path +# 2: openvpn server config file path # # FUNCTIONS: # @@ -72,7 +73,9 @@ execerror() { # None ####################################### getconfig() { - logs=$(grep "logs=" "${conf}" | cut -d= -f2) + cacrpath=$(grep ^ca "${conf}" | cut -d' ' -f2) + certpath=$(grep ^cert "${conf}" | cut -d' ' -f2) + statfile="$(dirname "$(grep ^log /etc/openvpn/server/server.conf | cut -d' ' -f2)")/$(basename -s .sh "$0").log" } ####################################### @@ -92,34 +95,55 @@ checkroot() { fi } +####################################### +# Print certificate expiration date in epoch +# Globals: +# None +# Arguments: +# 1: certificate path +####################################### +checkcert() { + printf '%s\n' "$(date -d "$(openssl x509 -text -noout -in "${1}" | grep 'Not After' | cut -d':' -f2-)" +%s)" +} + # # VARIABLES: # show=$1 conf=$2 +logs=/dev/null if [ -z "${conf}" ] || [ "${conf}" == "-" ]; then - conf="$(dirname "$(realpath "$0")")/$(basename -s .sh "$0").conf" + conf=/etc/openvpn/server/server.conf fi time=$(date +%s) cd "$(dirname "$(realpath "$0")")" || execerror if [ ! -e "${conf}" ]; then - : + execerror "${conf} not found" else getconfig fi -if [ -z "${logs}" ]; then - logs=/dev/null -elif [ ! -e "${logs}" ]; then - touch "${logs}" + +if ! command -v openssl &> /dev/null; then + execerror "Not found dependencies" fi # # MAIN: # -checkroot \ -&& echo "Running as $(whoami)" \ -&& execquite \ -|| execerror "Restart this as root!" +if checkroot; then + cacrtime=$(checkcert "${cacrpath}") + certtime=$(checkcert "${certpath}") + cacrremain=$(( cacrtime - time )) + certremain=$(( certtime - time)) + addtologs "${cacrpath} remains only ${cacrremain} seconds" + addtologs "${certpath} remains only ${certremain} seconds" + printf '%s\n' "ca=${cacrremain}" > "${statfile}" + printf '%s\n' "cert=${certremain}" >> "${statfile}" + addtologs "stats wrote to ${statfile}" + execquite +else + execerror "Restart this as root!" +fi diff --git a/ovpn-client-management.sh b/ovpn-client-management.sh new file mode 100644 index 0000000..1159274 --- /dev/null +++ b/ovpn-client-management.sh @@ -0,0 +1,353 @@ +#! /bin/bash + +# DESCRIPTION: +# creating or deleting client config for openvpn +# and +# sending config and info to email +# +# DEPENDENCIES: +# - privileged rights +# - chpasswd +# - openvpn +# - easy-rsa +# - tar +# - Python 3 +# - existing /usr/local/bin/sendmail.py +# +# PARAMETERS: +# 1: "add|del" - add or delete client config +# 2: username - client username +# 3: password - client password +# -f|--force - service will restart after username delete +# +# FUNCTIONS: +# + +####################################### +# Print message and add to log. +# Globals: +# logs +# Arguments: +# 1: message to print and logging +####################################### +addtologs() { + echo "$(date +'%Y.%m.%d-%H:%M:%S') $1" | tee -a "${logs}" +} + +####################################### +# Exit procedure. +# Globals: +# show +# Arguments: +# None +####################################### +execquite() { + addtologs "execution time is $(($(date +%s)-time)) seconds, exit" + exit +} + +####################################### +# Error exit procedure +# Globals: +# None +# Arguments: +# 1: message to print and logging +####################################### +execerror() { + addtologs "error: $1" + execquite +} + +####################################### +# Checking user rights. +# Globals: +# None +# Arguments: +# None +# return: +# 0 - if privileged rights, 1 - if not privileged rights +####################################### +checkroot() { + if [ "${EUID}" -ne 0 ]; then + return 1 # false + else + return 0 # true + fi +} + +####################################### +# Creating linux user +# Globals: +# clientname +# clientpass +# Arguments: +# None +####################################### +createuser() { + useradd "${clientname}" --shell /sbin/nologin + echo "${clientname}:${clientpass}" | chpasswd +} + +####################################### +# Creating Easy-RSA user certificate +# Globals: +# easyrsadir +# easyrsavar +# easyrsaexe +# easyrsacap +# clientname +# clientpass +# Arguments: +# None +####################################### +# shellcheck disable=SC2016 +createcert() { + cd ${easyrsadir} || execerror "" + sed -i -e '$aset_var EASYRSA_REQ_CN '"${clientname}"'' ${easyrsavar} + ${easyrsaexe} --passout=pass:"${clientpass}" --passin=pass:${easyrsacap} build-client-full "${clientname}" + sed -i '/EASYRSA_REQ_CN/d' ${easyrsavar} +} + +####################################### +# Creating ovpn config file +# Globals: +# easyrsadir +# ovpncfgdef +# clientname +# ovpncfgdir +# Arguments: +# None +####################################### +createovpn() { + cd ${easyrsadir} || execerror "" + { + cat "${ovpncfgdef}" + echo -e '' + cat "${easyrsadir}/pki/ca.crt" + echo -e '\n' + cat "${easyrsadir}/pki/issued/${clientname}.crt" + echo -e '\n' + cat "${easyrsadir}/pki/private/${clientname}.key" + echo -e '\n' + cat "${easyrsadir}/pki/ta.key" + echo -e '' + } >> "${ovpncfgdir}/${clientname}.ovpn" +} + +####################################### +# Creating tar with config file +# Globals: +# easyrsadir +# clientname +# ovpncfgdir +# Arguments: +# None +####################################### +createtars() { + cp "${ovpncfgdir}/${clientname}.ovpn" "${ovpncfgdir}/vpn.cnf" + sed -i "s#auth-user-pass#auth-user-pass /config/openvpn/vpn.txt#g" ${ovpncfgdir}/vpn.cnf + { + echo -e "${clientname}" + echo -e "${clientpass}" + } >> "${ovpncfgdir}/vpn.txt" + cd ${ovpncfgdir} || execerror "" + tar cf "${clientname}.tar" --remove-files vpn.cnf vpn.txt +} + +####################################### +# Creating info file +# Globals: +# easyrsadir +# easyrsaexe +# clientname +# ovpncfgdir +# Arguments: +# None +####################################### +createinfo() { + cd ${easyrsadir} || execerror + validuntil=$(${easyrsaexe} show-cert "${clientname}" | grep "Not After" | cut -d: -f2-) + +faqprofile=$(cat < "${ovpncfgdir}/${clientname}.info" +} + +####################################### +# Send email notification about client connect +# Globals: +# clientname +# faqprofile +# ovpncfgdir +# Arguments: +# None +####################################### +startsendmail() { + subj="[OVPN Settings] $(cat /etc/hostname): ${clientname}.ovpn client profile" + ( + python3 /usr/local/bin/sendmail.py \ + -u "$(grep "from=" /usr/local/bin/sendmail.config | cut -d= -f2)" \ + -p "$(grep "pass=" /usr/local/bin/sendmail.config | cut -d= -f2)" \ + -d "$(grep "dest=" /usr/local/bin/sendmail.config | cut -d= -f2)" \ + --smtp "$(grep "smtp=" /usr/local/bin/sendmail.config | cut -d= -f2)" \ + --port "$(grep "port=" /usr/local/bin/sendmail.config | cut -d= -f2)" \ + --stls "True" \ + --subj "${subj}" \ + --text "${faqprofile}" \ + --file "${ovpncfgdir}/${clientname}.ovpn,${ovpncfgdir}/${clientname}.tar" \ + >> /dev/null 2>&1 & + ) + addtologs "sent mail with subject '${subj}'" +} + +####################################### +# Deleting linux user +# Globals: +# clientname +# Arguments: +# None +####################################### +deleteuser() { + userdel -f -r "${clientname}" +} + +####################################### +# Deleting Easy-RSA user certificate +# Globals: +# easyrsadir +# easyrsavar +# easyrsaexe +# easyrsacap +# clientname +# Arguments: +# None +####################################### +deletecert() { + cd ${easyrsadir} || execerror + ${easyrsaexe} --batch --passin=pass:${easyrsacap} revoke "${clientname}" + ${easyrsaexe} --batch --passin=pass:${easyrsacap} gen-crl +} + +####################################### +# Deleting ovpn config file +# Globals: +# clientname +# ovpncfgdir +# Arguments: +# None +####################################### +deleteovpn() { + rm -f "${ovpncfgdir}/${clientname}.ovpn" +} + +####################################### +# Deleting tar with config file +# Globals: +# clientname +# ovpncfgdir +# Arguments: +# None +####################################### +deletetars() { + rm -f "${ovpncfgdir}/${clientname}.tar" +} + +####################################### +# Deleting info file +# Globals: +# clientname +# ovpncfgdir +# Arguments: +# None +####################################### +deleteinfo() { + rm -f "${ovpncfgdir}/${clientname}.info" +} + +# +# VARIABLES: +# + +easyrsadir="/etc/openvpn/easy-rsa" +easyrsaidx="${easyrsadir}/pki/index.txt" +easyrsaexe="${easyrsadir}/easyrsa" +easyrsavar="${easyrsadir}/vars" +easyrsacap="openvpnca" +ovpncfgdir="/etc/openvpn/client" +ovpncfgdef="${ovpncfgdir}/client.conf.default" + +clienttodo=$1 +clientname=$2 +clientpass=$3 + +resetforce=0 +for argument in "${@}"; do + case $argument in + -f | --force ) + resetforce=1 + ;; + -* ) + ;; + esac +done + +time=$(date +%s) +logs=/dev/null + +# +# MAIN: +# + +if checkroot; then + logs=/var/log/openvpn/$(basename -s .sh "$0").log + if [ "${clienttodo}" == "add" ] && \ + [ -n "${clientname}" ] && \ + [ "${#clientpass}" -ge 8 ]; then + if id -u "${clientname}" >/dev/null 2>&1 || \ + grep -w "${clientname}" ${easyrsaidx} || \ + [ -e "${ovpncfgdir}/${clientname}.ovpn" ]; then + execerror "linux user or certificate or ovpn config exist, exit" + else + createuser && addtologs "created Linux user '${clientname}'" + createcert && addtologs "created certificate for ${clientname}" + createovpn && addtologs "created ovpn config file for ${clientname}" + createtars && addtologs "created tar with config file for ${clientname}" + createinfo && addtologs "created info file for ${clientname}" + startsendmail + fi + elif [ "${clienttodo}" == "del" ] && [ -n "${clientname}" ]; then + if id -u "${clientname}" >/dev/null 2>&1 || \ + grep -w "${clientname}" ${easyrsaidx} || \ + [ -e "${ovpncfgdir}/${clientname}.ovpn" ]; then + deleteuser + addtologs "deleted Linux user '${clientname}'" + deletecert && addtologs "deleted certificate for ${clientname}" + deleteovpn && addtologs "deleted ovpn config file for ${clientname}" + deletetars && addtologs "deleted tar with config file for ${clientname}" + deleteinfo && addtologs "deleted info file for ${clientname}" + if [ "${resetforce}" -eq 1 ];then + addtologs "restarting openvpn@server..." + systemctl restart openvpn@server + fi + else + execerror "linux user and certificate and ovpn config not exist, exit" + fi + else + printf "%s\n" "Usage example: $0 'add' 'username(surname)' 'password(not less 8 symbols)'" + printf "%s\n" "Usage example: $0 'del' 'username(surname)'" + printf "%s\n" "Usage example: $0 'del' 'username(surname)' -f" + fi +else + execerror "Restart this as root!" +fi +execquite diff --git a/ovpn-connect-handling.sh b/ovpn-connect-handling.sh new file mode 100644 index 0000000..96e05e4 --- /dev/null +++ b/ovpn-connect-handling.sh @@ -0,0 +1,195 @@ +#! /bin/bash + +# DESCRIPTION: +# handling client connection +# and +# preparing stats for monitoring +# +# DEPENDENCIES: +# - executing by openvpn server +# - jq +# - grepcidr +# - Python 3 +# - existing /usr/local/bin/sendmail.py +# +# PARAMETERS: +# 1: "inc|dec" - increment or decrement counter +# 2: root path for counter, names, log +# 3: "mail" - send email notification +# 4: "geo" - check client address geolocation +# +# FUNCTIONS: +# + +####################################### +# Print message and add to log. +# Globals: +# logs +# Arguments: +# 1: message to print and logging +####################################### +addtologs() { + echo "$(date +'%Y.%m.%d-%H:%M:%S') $1" | tee -a "${logs}" +} + +####################################### +# Exit procedure. +# Globals: +# show +# Arguments: +# None +####################################### +execquite() { + addtologs "execution time is $(($(date +%s)-time)) seconds, exit" + exit +} + +####################################### +# Error exit procedure +# Globals: +# None +# Arguments: +# 1: message to print and logging +####################################### +execerror() { + addtologs "error: $1" + execquite +} + +####################################### +# Incrementing counter with adding client name +# Globals: +# counts_file +# common_name (variable by openvpn server) +# ifconfig_pool_remote_ip (variable by openvpn server) +# Arguments: +# None +####################################### +# shellcheck disable=SC2154 +incremcounter() { + summary_cur=$(grep 'total=' "${counts_file}" | cut -d= -f2) + summary_new=${summary_cur} && (( summary_new += 1 )) + counts_temp=$(sed -e "s/total=${summary_cur}/total=${summary_new}/g" "${counts_file}" \ + | sed -e '$a'"${common_name}"'_'"${ifconfig_pool_remote_ip}"'') + addtologs "client ${common_name} connected, counter increment to ${summary_new}" + printf "%s\n" "${counts_temp}" > "${counts_file}" +} + +####################################### +# Decrementing counter with deleting client name +# Globals: +# counts_file +# common_name (variable by openvpn server) +# Arguments: +# None +####################################### +decremcounter(){ + summary_cur=$(grep 'total=' "${counts_file}" | cut -d= -f2) + summary_new=${summary_cur} && (( summary_new -= 1 )) + counts_temp=$(sed -e "s/total=${summary_cur}/total=${summary_new}/g" "${counts_file}" \ + | sed '0,/'"${common_name}"'/{/'"${common_name}"'/d}') + addtologs "client ${common_name} disconnected, counter decrement to ${summary_new}" + printf "%s\n" "${counts_temp}" > "${counts_file}" +} + +####################################### +# Get information about client address +# Globals: +# flaggeol +# untrusted_ip (variable by openvpn server) +# Arguments: +# None +####################################### +# shellcheck disable=SC2154 +expandaddress() { + ipinfo="Source address is ${untrusted_ip}" + localnetworks="10.0.0.0/8 + 100.64.0.0/10 + 127.0.0.1/8 + 172.16.0.0/12 + 192.168.0.0/16 + " + if ! grepcidr "${localnetworks}" <(echo "${untrusted_ip}") >/dev/null; then + if [ "${flaggeol}" == "geo" ]; then + ipinfo=$(curl "https://api.ipbase.com/v1/json/${untrusted_ip}") + if [ "$(jq -r '.country_name' <<< "$ipinfo")" != "" ]; then + z=$(jq -r '.zip_code' <<< "$ipinfo") + c=$(jq -r '.country_name' <<< "$ipinfo") + r=$(jq -r '.region_name' <<< "$ipinfo") + t=$(jq -r '.city' <<< "$ipinfo") + ipinfo="Source address ${untrusted_ip} is from ${z}, ${c}, ${r}, ${t}" + fi + fi + fi + addtologs "client ${common_name} checked. ${ipinfo}" +} + +####################################### +# Send email notification about client connect +# Globals: +# ipinfo +# common_name (variable by openvpn server) +# ifconfig_pool_remote_ip (variable by openvpn server) +# Arguments: +# None +####################################### +startsendmail() { + subj="[VPN Connected] $(cat /etc/hostname): ${common_name} connect to ${ifconfig_pool_remote_ip}" + ( + python3 /usr/local/bin/sendmail.py \ + -u "$(grep "from=" /usr/local/bin/sendmail.config | cut -d= -f2)" \ + -p "$(grep "pass=" /usr/local/bin/sendmail.config | cut -d= -f2)" \ + -d "$(grep "dest=" /usr/local/bin/sendmail.config | cut -d= -f2)" \ + --smtp "$(grep "smtp=" /usr/local/bin/sendmail.config | cut -d= -f2)" \ + --port "$(grep "port=" /usr/local/bin/sendmail.config | cut -d= -f2)" \ + --stls "True" \ + --subj "${subj}" \ + --text "${ipinfo}" \ + >> /dev/null 2>&1 & + ) + addtologs "sent mail with subject '${subj}'" +} + +# +# VARIABLES: +# + +flagmath=$1 +pathroot=$2 +flagmail=$3 +flaggeol=$4 + +time=$(date +%s) +logs="${pathroot}/$(basename -s .sh "$0").log" +counts_file="${pathroot}/ovpn-counts.log" +if [ -z "${pathroot}" ]; then + logs=/dev/null + execerror "Usage example: $0 'inc|dec' '/var/log/openvpn' '-' '-'" +elif [ ! -e "${logs}" ]; then + touch "${logs}" +fi + +if ! command -v curl &> /dev/null || \ + ! command -v /usr/local/bin/sendmail.py &> /dev/null || \ + ! command -v python3 &> /dev/null || \ + ! command -v grepcidr &> /dev/null || \ + ! command -v jq &> /dev/null; then + execerror "Not found dependencies" +fi + +# +# MAIN: +# + +if [ "${flagmath}" == "inc" ]; then + incremcounter + expandaddress + if [ "${flagmail}" == "mail" ]; then + startsendmail + fi +elif [ "${flagmath}" == "dec" ]; then + decremcounter +else + execerror "Usage example: $0 'inc|dec' '/var/log/openvpn' '-' '-'" +fi +execquite