forked from hercules-team/augeas
/
sshd.aug
131 lines (89 loc) · 3.36 KB
/
sshd.aug
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
(*
Module: Sshd
Parses /etc/ssh/sshd_config
Author: David Lutterkort lutter@redhat.com
Dominique Dumont dominique.dumont@hp.com
About: Reference
sshd_config man page.
See http://www.openbsd.org/cgi-bin/man.cgi?query=sshd_config&sektion=5
About: License
This file is licensed under the LGPL v2+.
About: Lens Usage
Sample usage of this lens in augtool:
* Get your current setup
> print /files/etc/ssh/sshd_config
...
* Set X11Forwarding to "no"
> set /files/etc/ssh/sshd_config/X11Forwarding "no"
More advanced usage:
* Set a Match section
> set /files/etc/ssh/sshd_config/Match[1]/Condition/User "foo"
> set /files/etc/ssh/sshd_config/Match[1]/Settings/X11Forwarding "yes"
Saving your file:
> save
About: CAVEATS
In sshd_config, Match blocks must be located at the end of the file.
This means that any new "global" parameters (i.e. outside of a Match
block) must be written before the first Match block. By default,
Augeas will write new parameters at the end of the file.
I.e. if you have a Match section and no ChrootDirectory parameter,
this command:
> set /files/etc/ssh/sshd_config/ChrootDirectory "foo"
will be stored in a new node after the Match section and Augeas will
refuse to save sshd_config file.
To create a new parameter as the right place, you must first create
a new Augeas node before the Match section:
> ins ChrootDirectory before /files/etc/ssh/sshd_config/Match
Then, you can set the parameter
> set /files/etc/ssh/sshd_config/ChrootDirectory "foo"
About: Configuration files
This lens applies to /etc/ssh/sshd_config
*)
module Sshd =
autoload xfm
let eol = del /[ \t]*\n/ "\n"
let sep = Util.del_ws_spc
let key_re = /[A-Za-z0-9]+/
- /MACs|Match|AcceptEnv|Subsystem|(Allow|Deny)(Groups|Users)/
let comment = Util.comment
let empty = Util.empty
let array_entry (k:string) =
let value = store /[^ \t\n]+/ in
[ key k . [ sep . seq k . value]* . eol ]
let other_entry =
let value = store /[^ \t\n]+([ \t]+[^ \t\n]+)*/ in
[ key key_re . sep . value . eol ]
let accept_env = array_entry "AcceptEnv"
let allow_groups = array_entry "AllowGroups"
let allow_users = array_entry "AllowUsers"
let deny_groups = array_entry "DenyGroups"
let deny_users = array_entry "DenyUsers"
let subsystemvalue =
let value = store (/[^ \t\n](.*[^ \t\n])?/) in
[ key /[A-Za-z0-9\-]+/ . sep . value . eol ]
let subsystem =
[ key "Subsystem" . sep . subsystemvalue ]
let macs =
let mac_value = store /[^, \t\n]+/ in
[ key "MACs" . sep .
[ seq "macs" . mac_value ] .
([ seq "macs" . Util.del_str "," . mac_value])* .
eol ]
let condition_entry =
let value = store /[^ \t\n]+/ in
[ sep . key /[A-Za-z0-9]+/ . sep . value ]
let match_cond =
[ label "Condition" . condition_entry+ . eol ]
let match_entry =
( comment | empty | (Util.indent . other_entry) )
let match =
[ key "Match" . match_cond
. [ label "Settings" . match_entry+ ]
]
let lns = (comment | empty | accept_env | allow_groups | allow_users
| deny_groups | subsystem | deny_users | macs
| other_entry ) * . match*
let xfm = transform lns (incl "/etc/ssh/sshd_config")
(* Local Variables: *)
(* mode: caml *)
(* End: *)