forked from ytti/oxidized
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathopenwrt.rb
80 lines (71 loc) · 3.07 KB
/
openwrt.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
class OpenWrt < Oxidized::Model
using Refinements
prompt /^[^#]+#/
comment '#'
cmd 'cat /etc/banner' do |cfg|
comment "#### Info: /etc/banner #####\n#{cfg}"
end
cmd 'cat /proc/cpuinfo' do |cfg|
comment "#### Info: /proc/cpuinfo #####\n#{cfg}"
end
cmd 'cat /etc/openwrt_release' do |cfg|
comment "#### Info: /etc/openwrt_release #####\n#{cfg}"
end
cmd 'sysupgrade -l' do |cfg|
@sysupgradefiles = cfg
comment "#### Info: sysupgrade -l #####\n#{cfg}"
end
cmd 'cat /proc/mtd' do |cfg|
@mtdpartitions = cfg
comment "#### Info: /proc/mtd #####\n#{cfg}"
end
post do
cfg = []
binary_files = vars(:openwrt_binary_files) || %w[/etc/dropbear/dropbear_rsa_host_key]
non_sensitive_files = vars(:openwrt_non_sensitive_files) || %w[rpcd uhttpd]
partitions_to_backup = vars(:openwrt_partitions_to_backup) || %w[art devinfo u_env config caldata]
@sysupgradefiles.lines.each do |sysupgradefile|
sysupgradefile = sysupgradefile.strip
if sysupgradefile.start_with?('/etc/config/')
unless sysupgradefile.end_with?('-opkg')
filename = sysupgradefile.split('/')[-1]
cfg << comment("#### File: #{sysupgradefile} #####")
uciexport = cmd("uci export #{filename}")
Oxidized.logger.debug "Exporting uci config - #{filename}"
if vars(:remove_secret) && !(non_sensitive_files.include? filename)
Oxidized.logger.debug "Scrubbing uci config - #{filename}"
uciexport.gsub!(/^(\s+option\s+(password|key)\s+')[^']+'/, '\\1<secret hidden>\'')
end
cfg << uciexport
end
elsif binary_files.include? sysupgradefile
Oxidized.logger.debug "Exporting binary file - #{sysupgradefile}"
cfg << comment("#### Binary file: #{sysupgradefile} #####")
cfg << comment("Decode using 'echo -en <data> | gzip -dc > #{sysupgradefile}'")
cfg << cmd("gzip -c #{sysupgradefile} | hexdump -ve '1/1 \"_x%.2x\"' | tr _ \\")
elsif vars(:remove_secret) && sysupgradefile == '/etc/shadow'
Oxidized.logger.debug 'Exporting and scrubbing /etc/shadow'
cfg << comment("#### File: #{sysupgradefile} #####")
shadow = cmd("cat #{sysupgradefile}")
shadow.gsub!(/^([^:]+:)[^:]*(:[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:)/, '\\1\\2')
cfg << shadow
else
Oxidized.logger.debug "Exporting file - #{sysupgradefile}"
cfg << comment("#### File: #{sysupgradefile} #####")
cfg << cmd("cat #{sysupgradefile}")
end
end
@mtdpartitions.scan(/(\w+):\s+\w+\s+\w+\s+"(.*)"/).each do |partition, name|
next unless vars(:openwrt_backup_partitions) && partitions_to_backup.include?(name)
Oxidized.logger.debug "Exporting partition - #{name}(#{partition})"
cfg << comment("#### Partition: #{name} /dev/#{partition} #####")
cfg << comment("Decode using 'echo -en <data> | gzip -dc > #{name}'")
cfg << cmd("dd if=/dev/#{partition} 2>/dev/null | gzip -c | hexdump -ve '1/1 \"%.2x\"'")
end
cfg.join "\n"
end
cfg :ssh do
exec true
pre_logout 'exit'
end
end