refactor(de-sudo): funnel genuine system commands through runSystem

Foundation for a scoped sudoers: route every genuine system-admin command
(systemctl/ufw/ufw-docker/nft/apt/apt-get/pacman/sysctl/useradd/usermod/
service/wg/wg-quick/cscli/loginctl) through runSystem instead of raw sudo
across 28 active scripts. runSystem is 'sudo "$@"' so this is byte-identical
in every mode (safe on live installs) — it just collects all real-root use at
one chokepoint that will define the eventual /etc/sudoers.d allowlist.

Also: revert a crowdsec advice message the sweep wrongly rewrote (the admin
types sudo, not runSystem), and give crontab_check_processor.sh the same
startup bootstrap as the task processor — it runs standalone via cron and
already used runFileOp/runFileWrite (undefined there), so it was silently
broken; now it sources the helpers + docker-type config.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Signed-off-by: librelad <librelad@digitalangels.vip>
This commit is contained in:
librelad 2026-05-24 15:21:53 +01:00
parent ab505ac012
commit 014d8e5fcc
29 changed files with 121 additions and 101 deletions

View File

@ -1,5 +1,5 @@
#!/bin/bash #!/bin/bash
appCrowdSecAlertsList() { appCrowdSecAlertsList() {
sudo cscli alerts list runSystem cscli alerts list
} }

View File

@ -1,7 +1,7 @@
#!/bin/bash #!/bin/bash
appCrowdSecConsoleDisable() { appCrowdSecConsoleDisable() {
sudo cscli console disable -e all runSystem cscli console disable -e all
checkSuccess "Console enrollment removed — no signals will leave this host" checkSuccess "Console enrollment removed — no signals will leave this host"
sudo systemctl reload crowdsec runSystem systemctl reload crowdsec
} }

View File

@ -8,7 +8,7 @@ appCrowdSecConsoleEnroll() {
isNotice "Get a token at https://app.crowdsec.net (free account). Enrolling shares attacker IPs + scenario names with CrowdSec SAS." isNotice "Get a token at https://app.crowdsec.net (free account). Enrolling shares attacker IPs + scenario names with CrowdSec SAS."
return 1 return 1
fi fi
sudo cscli console enroll "$token" runSystem cscli console enroll "$token"
checkSuccess "Enrolled with CrowdSec Console — community blocklists will start syncing" checkSuccess "Enrolled with CrowdSec Console — community blocklists will start syncing"
sudo systemctl reload crowdsec runSystem systemctl reload crowdsec
} }

View File

@ -1,5 +1,5 @@
#!/bin/bash #!/bin/bash
appCrowdSecDecisionsList() { appCrowdSecDecisionsList() {
sudo cscli decisions list runSystem cscli decisions list
} }

View File

@ -1,10 +1,10 @@
#!/bin/bash #!/bin/bash
appCrowdSecHubUpdate() { appCrowdSecHubUpdate() {
sudo cscli hub update runSystem cscli hub update
checkSuccess "Hub index refreshed" checkSuccess "Hub index refreshed"
sudo cscli hub upgrade runSystem cscli hub upgrade
checkSuccess "Installed collections upgraded" checkSuccess "Installed collections upgraded"
sudo systemctl reload crowdsec runSystem systemctl reload crowdsec
checkSuccess "Reloaded CrowdSec to apply changes" checkSuccess "Reloaded CrowdSec to apply changes"
} }

View File

@ -1,5 +1,5 @@
#!/bin/bash #!/bin/bash
appCrowdSecMetrics() { appCrowdSecMetrics() {
sudo cscli metrics runSystem cscli metrics
} }

View File

@ -8,9 +8,9 @@ appCrowdSecStatus() {
systemctl status crowdsec-firewall-bouncer --no-pager --lines=5 2>&1 | head -15 systemctl status crowdsec-firewall-bouncer --no-pager --lines=5 2>&1 | head -15
echo echo
echo "=== installed collections ===" echo "=== installed collections ==="
sudo cscli collections list -o human 2>&1 | head -30 runSystem cscli collections list -o human 2>&1 | head -30
echo echo
echo "=== machines + bouncers ===" echo "=== machines + bouncers ==="
sudo cscli machines list 2>&1 runSystem cscli machines list 2>&1
sudo cscli bouncers list 2>&1 runSystem cscli bouncers list 2>&1
} }

View File

@ -7,6 +7,6 @@ appCrowdSecUnban() {
isNotice "No IP provided — pass ip=<address> via the Tools modal." isNotice "No IP provided — pass ip=<address> via the Tools modal."
return 1 return 1
fi fi
sudo cscli decisions delete --ip "$ip" runSystem cscli decisions delete --ip "$ip"
checkSuccess "Removed decisions for $ip" checkSuccess "Removed decisions for $ip"
} }

View File

@ -11,11 +11,11 @@ borgInstall()
isHeader "Installing BorgBackup" isHeader "Installing BorgBackup"
if command -v apt-get >/dev/null 2>&1; then if command -v apt-get >/dev/null 2>&1; then
sudo apt-get install -y borgbackup && return 0 runSystem apt-get install -y borgbackup && return 0
elif command -v dnf >/dev/null 2>&1; then elif command -v dnf >/dev/null 2>&1; then
sudo dnf install -y borgbackup && return 0 sudo dnf install -y borgbackup && return 0
elif command -v pacman >/dev/null 2>&1; then elif command -v pacman >/dev/null 2>&1; then
sudo pacman -S --noconfirm borg && return 0 runSystem pacman -S --noconfirm borg && return 0
fi fi
isError "Could not install BorgBackup — no supported package manager found." isError "Could not install BorgBackup — no supported package manager found."

View File

@ -21,14 +21,14 @@ checkInstallTypeRequirement()
{ {
if [[ "$OS_TYPE" == "Ubuntu" || "$OS_TYPE" == "Debian" ]]; then if [[ "$OS_TYPE" == "Ubuntu" || "$OS_TYPE" == "Debian" ]]; then
ISCOMP=$( (docker compose -v ) 2>&1 ) ISCOMP=$( (docker compose -v ) 2>&1 )
ISUFW=$( (sudo ufw status ) 2>&1 ) ISUFW=$( (runSystem ufw status ) 2>&1 )
ISUFWD=$( (sudo ufw-docker) 2>&1 ) ISUFWD=$( (sudo ufw-docker) 2>&1 )
resolveDockerInstallUser resolveDockerInstallUser
if [[ $CFG_DOCKER_INSTALL_TYPE == "rooted" ]]; then if [[ $CFG_DOCKER_INSTALL_TYPE == "rooted" ]]; then
# Used for checking if rooted docket is active # Used for checking if rooted docket is active
ISACT=$( (sudo systemctl is-active docker ) 2>&1 ) ISACT=$( (runSystem systemctl is-active docker ) 2>&1 )
elif [[ $CFG_DOCKER_INSTALL_TYPE == "rootless" ]]; then elif [[ $CFG_DOCKER_INSTALL_TYPE == "rootless" ]]; then
# Used for checking the rootless user # Used for checking the rootless user
local ISUSER=$( (sudo id -u "$CFG_DOCKER_INSTALL_USER")) local ISUSER=$( (sudo id -u "$CFG_DOCKER_INSTALL_USER"))

View File

@ -4,7 +4,7 @@ checkWebUISystemdRequirement()
{ {
if [[ $CFG_REQUIREMENT_WEBUI_SERVICE == "true" ]]; then if [[ $CFG_REQUIREMENT_WEBUI_SERVICE == "true" ]]; then
### Check if systemd service is running ### Check if systemd service is running
if sudo systemctl is-active --quiet libreportal.service; then if runSystem systemctl is-active --quiet libreportal.service; then
isSuccessful "LibrePortal task processor service is running." isSuccessful "LibrePortal task processor service is running."
else else
isNotice "LibrePortal task processor service is not running." isNotice "LibrePortal task processor service is not running."

View File

@ -10,9 +10,9 @@ installCrontab()
ISCRON=$( (sudo -u $sudo_user_name crontab -l) 2>&1 ) ISCRON=$( (sudo -u $sudo_user_name crontab -l) 2>&1 )
if [[ "$ISCRON" == *"command not found"* ]]; then if [[ "$ISCRON" == *"command not found"* ]]; then
isNotice "Crontab is not installed, setting up now." isNotice "Crontab is not installed, setting up now."
local result=$(sudo apt update) local result=$(runSystem apt update)
checkSuccess "Updating apt for post installation" checkSuccess "Updating apt for post installation"
local result=$(sudo apt install cron -y) local result=$(runSystem apt install cron -y)
isSuccessful "Installing crontab application" isSuccessful "Installing crontab application"
local result=$(sudo -u $sudo_user_name crontab -l) local result=$(sudo -u $sudo_user_name crontab -l)
isSuccessful "Enabling crontab on the system" isSuccessful "Enabling crontab on the system"

View File

@ -10,6 +10,26 @@ script_check_processor_flag="$1"
# Only run when executed directly, not when sourced # Only run when executed directly, not when sourced
if [[ "$script_check_processor_flag" == "start_script" ]]; then if [[ "$script_check_processor_flag" == "start_script" ]]; then
# --- Load the privilege helpers + docker-type config -------------------------
# cron runs this standalone, so the de-sudo helpers (runFileOp/runFileWrite/
# runSystem) and the config they key off are NOT otherwise in scope — without
# them every privileged op is "command not found". Same bootstrap as
# crontab_task_processor.sh. These files are pure function/var defs, safe to
# source.
LP_SCRIPTS="${install_scripts_dir:-/docker/install/scripts/}"
LP_DOCKER_CFG="/docker/configs/general/general_docker_install"
[[ -f "$LP_DOCKER_CFG" ]] && \
eval "$(grep -E '^CFG_DOCKER_INSTALL_(TYPE|USER)=' "$LP_DOCKER_CFG" | sed 's/[[:space:]]*#.*//')"
: "${sudo_user_name:=libreportal}"
: "${containers_dir:=/docker/containers/}"
: "${docker_dir:=/docker}"
for _lp_f in docker/command/run_privileged.sh \
docker/command/docker_run_install.sh \
checks/requirements/check_install_type.sh; do
[[ -f "${LP_SCRIPTS}${_lp_f}" ]] && source "${LP_SCRIPTS}${_lp_f}"
done
command -v resolveDockerInstallUser >/dev/null 2>&1 && resolveDockerInstallUser
# ======================================== # ========================================
# HEALTH CHECK CONFIGURATION # HEALTH CHECK CONFIGURATION
# ======================================== # ========================================

View File

@ -6,11 +6,11 @@ installDockerRootedCheck()
#### Test if Docker Service is Running ### #### Test if Docker Service is Running ###
########################################## ##########################################
if [[ $CFG_DOCKER_INSTALL_TYPE == "rooted" ]]; then if [[ $CFG_DOCKER_INSTALL_TYPE == "rooted" ]]; then
ISACT=$( (sudo systemctl is-active docker ) 2>&1 ) ISACT=$( (runSystem systemctl is-active docker ) 2>&1 )
if [[ "$ISACT" != "active" ]]; then if [[ "$ISACT" != "active" ]]; then
isNotice "Checking Docker service status. Waiting if not found." isNotice "Checking Docker service status. Waiting if not found."
while [[ "$ISACT" != "active" ]] && [[ $X -le 10 ]]; do while [[ "$ISACT" != "active" ]] && [[ $X -le 10 ]]; do
sudo systemctl start docker | sudo tee -a "$logs_dir/$docker_log_file" 2>&1 runSystem systemctl start docker | sudo tee -a "$logs_dir/$docker_log_file" 2>&1
sleep 10s & sleep 10s &
pid=$! # Process Id of the previous running command pid=$! # Process Id of the previous running command
spin='-\|/' spin='-\|/'
@ -22,7 +22,7 @@ installDockerRootedCheck()
sleep .1 sleep .1
done done
printf "\r" printf "\r"
ISACT=`sudo systemctl is-active docker` ISACT=`runSystem systemctl is-active docker`
let X=X+1 let X=X+1
echo "$X" echo "$X"
done done

View File

@ -16,10 +16,10 @@ installDockerRootless()
local docker_install_user_id=$(id -u "$CFG_DOCKER_INSTALL_USER") local docker_install_user_id=$(id -u "$CFG_DOCKER_INSTALL_USER")
local docker_install_bashrc="/home/$CFG_DOCKER_INSTALL_USER/.bashrc" local docker_install_bashrc="/home/$CFG_DOCKER_INSTALL_USER/.bashrc"
local result=$(sudo apt-get install -y apt-transport-https ca-certificates curl gnupg software-properties-common uidmap dbus-user-session fuse-overlayfs passt) local result=$(runSystem apt-get install -y apt-transport-https ca-certificates curl gnupg software-properties-common uidmap dbus-user-session fuse-overlayfs passt)
checkSuccess "Installing necessary packages" checkSuccess "Installing necessary packages"
local result=$(sudo systemctl disable --now docker.service docker.socket) local result=$(runSystem systemctl disable --now docker.service docker.socket)
checkSuccess "Disabling Docker service & Socket" checkSuccess "Disabling Docker service & Socket"
((menu_number++)) ((menu_number++))
@ -30,7 +30,7 @@ installDockerRootless()
# slirp4netns update and install # slirp4netns update and install
if ! command -v slirp4netns &> /dev/null; then if ! command -v slirp4netns &> /dev/null; then
isNotice "slirp4netns is not installed. Installing..." isNotice "slirp4netns is not installed. Installing..."
local result=$(sudo apt-get install -y slirp4netns) local result=$(runSystem apt-get install -y slirp4netns)
checkSuccess "Installing slirp4netns" checkSuccess "Installing slirp4netns"
else else
isNotice "slirp4netns is already installed" isNotice "slirp4netns is already installed"
@ -39,9 +39,9 @@ installDockerRootless()
if [[ "$installed_version" != "$latest_version" ]]; then if [[ "$installed_version" != "$latest_version" ]]; then
isNotice "slirp4netns version $installed_version is outdated." isNotice "slirp4netns version $installed_version is outdated."
isNotice "Installing version $latest_version..." isNotice "Installing version $latest_version..."
local result=$(sudo apt-get update) local result=$(runSystem apt-get update)
checkSuccess "Updating apt packages" checkSuccess "Updating apt packages"
local result=$(sudo apt-get install -y slirp4netns) local result=$(runSystem apt-get install -y slirp4netns)
checkSuccess "Installing slirp4netns" checkSuccess "Installing slirp4netns"
else else
isSuccessful "slirp4netns version $installed_version is up to date" isSuccessful "slirp4netns version $installed_version is up to date"
@ -58,7 +58,7 @@ installDockerRootless()
else else
local result=$(echo "kernel.unprivileged_userns_clone=1" | sudo tee -a $sysctl > /dev/null) local result=$(echo "kernel.unprivileged_userns_clone=1" | sudo tee -a $sysctl > /dev/null)
checkSuccess "Adding kernel.unprivileged_userns_clone=1 to $sysctl..." checkSuccess "Adding kernel.unprivileged_userns_clone=1 to $sysctl..."
local result=$(sudo sysctl --system) local result=$(runSystem sysctl --system)
checkSuccess "Running sudo -u $sudo_user_name sysctl --system..." checkSuccess "Running sudo -u $sudo_user_name sysctl --system..."
fi fi
fi fi
@ -97,7 +97,7 @@ installDockerRootless()
echo "---- $menu_number. Setting up Rootless Docker." echo "---- $menu_number. Setting up Rootless Docker."
echo "" echo ""
local result=$(sudo loginctl enable-linger $CFG_DOCKER_INSTALL_USER) local result=$(runSystem loginctl enable-linger $CFG_DOCKER_INSTALL_USER)
checkSuccess "Adding automatic start (linger)" checkSuccess "Adding automatic start (linger)"
# Rootless Install # Rootless Install
@ -216,7 +216,7 @@ net.core.bpf_jit_harden=2
EOL EOL
checkSuccess "Writing kernel LPE-surface hardening to $hardening_conf" checkSuccess "Writing kernel LPE-surface hardening to $hardening_conf"
local result=$(sudo sysctl --system) local result=$(runSystem sysctl --system)
checkSuccess "Applying changes to sysctl" checkSuccess "Applying changes to sysctl"
menu_number=0 menu_number=0

View File

@ -12,7 +12,7 @@ installDockerRootlessUser()
# -m makes its home; with SUB_UID/GID configured in login.defs, # -m makes its home; with SUB_UID/GID configured in login.defs,
# useradd also assigns its subordinate uid/gid ranges (needed for # useradd also assigns its subordinate uid/gid ranges (needed for
# rootless). Run unmasked so checkSuccess sees real failures. # rootless). Run unmasked so checkSuccess sees real failures.
sudo useradd -m -s /bin/bash -d "/home/$CFG_DOCKER_INSTALL_USER" "$CFG_DOCKER_INSTALL_USER" runSystem useradd -m -s /bin/bash -d "/home/$CFG_DOCKER_INSTALL_USER" "$CFG_DOCKER_INSTALL_USER"
checkSuccess "Creating $CFG_DOCKER_INSTALL_USER User." checkSuccess "Creating $CFG_DOCKER_INSTALL_USER User."
updateDockerInstallPassword; updateDockerInstallPassword;
fi fi

View File

@ -3,16 +3,16 @@
dockerServiceStart() dockerServiceStart()
{ {
if [[ $CFG_DOCKER_INSTALL_TYPE == "rooted" ]]; then if [[ $CFG_DOCKER_INSTALL_TYPE == "rooted" ]]; then
local result=$(sudo systemctl start docker) local result=$(runSystem systemctl start docker)
checkSuccess "Starting Docker Service" checkSuccess "Starting Docker Service"
local result=$(sudo systemctl enable docker) local result=$(runSystem systemctl enable docker)
checkSuccess "Enabling Docker Service" checkSuccess "Enabling Docker Service"
local result=$(sudo usermod -aG docker $sudo_user_name) local result=$(runSystem usermod -aG docker $sudo_user_name)
checkSuccess "Adding user to 'docker' group" checkSuccess "Adding user to 'docker' group"
local result=$(sudo systemctl restart docker) local result=$(runSystem systemctl restart docker)
checkSuccess "Restarting Docker service after group addition." checkSuccess "Restarting Docker service after group addition."
elif [[ $CFG_DOCKER_INSTALL_TYPE == "rootless" ]]; then elif [[ $CFG_DOCKER_INSTALL_TYPE == "rootless" ]]; then
installDockerRootless; installDockerRootless;

View File

@ -8,10 +8,10 @@ dockerServiceStop()
if [[ "$docker_rooted_found" == "true" ]]; then if [[ "$docker_rooted_found" == "true" ]]; then
isNotice "Stopping rooted Docker service...this may take a moment..." isNotice "Stopping rooted Docker service...this may take a moment..."
local result=$(sudo systemctl stop docker) local result=$(runSystem systemctl stop docker)
checkSuccess "Stopping Rooted Docker Service" checkSuccess "Stopping Rooted Docker Service"
local result=$(sudo systemctl disable docker) local result=$(runSystem systemctl disable docker)
checkSuccess "Disabling Rooted Docker Service" checkSuccess "Disabling Rooted Docker Service"
fi fi
fi fi

View File

@ -75,10 +75,10 @@ installCrowdsecHost()
echo "---- $menu_number. Enabling CrowdSec services." echo "---- $menu_number. Enabling CrowdSec services."
echo "" echo ""
local result=$(sudo systemctl enable --now crowdsec) local result=$(runSystem systemctl enable --now crowdsec)
checkSuccess "Enabling CrowdSec agent" checkSuccess "Enabling CrowdSec agent"
local result=$(sudo systemctl enable --now crowdsec-firewall-bouncer) local result=$(runSystem systemctl enable --now crowdsec-firewall-bouncer)
checkSuccess "Enabling CrowdSec firewall bouncer" checkSuccess "Enabling CrowdSec firewall bouncer"
((menu_number++)) ((menu_number++))
@ -86,13 +86,13 @@ installCrowdsecHost()
echo "---- $menu_number. Installing baseline collections." echo "---- $menu_number. Installing baseline collections."
echo "" echo ""
local result=$(sudo cscli collections install crowdsecurity/linux) local result=$(runSystem cscli collections install crowdsecurity/linux)
checkSuccess "Installing crowdsecurity/linux collection" checkSuccess "Installing crowdsecurity/linux collection"
local result=$(sudo cscli collections install crowdsecurity/sshd) local result=$(runSystem cscli collections install crowdsecurity/sshd)
checkSuccess "Installing crowdsecurity/sshd collection" checkSuccess "Installing crowdsecurity/sshd collection"
local result=$(sudo systemctl reload crowdsec) local result=$(runSystem systemctl reload crowdsec)
checkSuccess "Reloading CrowdSec to pick up collections" checkSuccess "Reloading CrowdSec to pick up collections"
((menu_number++)) ((menu_number++))
@ -106,14 +106,14 @@ installCrowdsecHost()
# unregistering. Idempotent on either branch. # unregistering. Idempotent on either branch.
local community_blocklist="${CFG_CROWDSEC_COMMUNITY_BLOCKLIST:-true}" local community_blocklist="${CFG_CROWDSEC_COMMUNITY_BLOCKLIST:-true}"
if [[ "$community_blocklist" == "true" ]]; then if [[ "$community_blocklist" == "true" ]]; then
if sudo cscli capi status 2>&1 | grep -qi 'You can successfully'; then if runSystem cscli capi status 2>&1 | grep -qi 'You can successfully'; then
isNotice "Community blocklist already registered." isNotice "Community blocklist already registered."
else else
local result=$(sudo cscli capi register 2>&1) local result=$(runSystem cscli capi register 2>&1)
checkSuccess "Registered with CrowdSec Central API (community blocklist)" checkSuccess "Registered with CrowdSec Central API (community blocklist)"
fi fi
else else
local result=$(sudo cscli capi unregister 2>&1) local result=$(runSystem cscli capi unregister 2>&1)
checkSuccess "Unregistered from CrowdSec Central API (community blocklist disabled)" checkSuccess "Unregistered from CrowdSec Central API (community blocklist disabled)"
fi fi
@ -129,19 +129,19 @@ installCrowdsecHost()
local console_enroll="${CFG_CROWDSEC_CONSOLE_ENROLL:-false}" local console_enroll="${CFG_CROWDSEC_CONSOLE_ENROLL:-false}"
local console_token="${CFG_CROWDSEC_CONSOLE_TOKEN:-}" local console_token="${CFG_CROWDSEC_CONSOLE_TOKEN:-}"
local enrolled=false local enrolled=false
sudo cscli console status 2>&1 | grep -qi 'enrolled' && enrolled=true runSystem cscli console status 2>&1 | grep -qi 'enrolled' && enrolled=true
if [[ "$console_enroll" == "true" ]]; then if [[ "$console_enroll" == "true" ]]; then
if [[ -z "$console_token" ]]; then if [[ -z "$console_token" ]]; then
isNotice "Console enrollment ON but CFG_CROWDSEC_CONSOLE_TOKEN is empty — paste your token from app.crowdsec.net to complete." isNotice "Console enrollment ON but CFG_CROWDSEC_CONSOLE_TOKEN is empty — paste your token from app.crowdsec.net to complete."
elif [[ "$enrolled" == true ]]; then elif [[ "$enrolled" == true ]]; then
isNotice "Already enrolled with the SaaS console — skipping." isNotice "Already enrolled with the SaaS console — skipping."
else else
local result=$(sudo cscli console enroll "$console_token" 2>&1) local result=$(runSystem cscli console enroll "$console_token" 2>&1)
checkSuccess "Enrolled with app.crowdsec.net SaaS console" checkSuccess "Enrolled with app.crowdsec.net SaaS console"
fi fi
else else
if [[ "$enrolled" == true ]]; then if [[ "$enrolled" == true ]]; then
local result=$(sudo cscli console disenroll 2>&1) local result=$(runSystem cscli console disenroll 2>&1)
checkSuccess "Disenrolled from app.crowdsec.net SaaS console" checkSuccess "Disenrolled from app.crowdsec.net SaaS console"
else else
isNotice "SaaS console enrollment disabled — skipping." isNotice "SaaS console enrollment disabled — skipping."
@ -161,7 +161,7 @@ installCrowdsecHost()
if [[ -f "$lapi_cfg" ]] && ! sudo grep -qE 'listen_uri:[[:space:]]*0\.0\.0\.0:8080' "$lapi_cfg"; then if [[ -f "$lapi_cfg" ]] && ! sudo grep -qE 'listen_uri:[[:space:]]*0\.0\.0\.0:8080' "$lapi_cfg"; then
sudo sed -i 's|listen_uri:.*|listen_uri: 0.0.0.0:8080|' "$lapi_cfg" sudo sed -i 's|listen_uri:.*|listen_uri: 0.0.0.0:8080|' "$lapi_cfg"
checkSuccess "LAPI bound to 0.0.0.0:8080" checkSuccess "LAPI bound to 0.0.0.0:8080"
sudo systemctl restart crowdsec runSystem systemctl restart crowdsec
checkSuccess "CrowdSec restarted" checkSuccess "CrowdSec restarted"
else else
isNotice "LAPI already bound to 0.0.0.0:8080 — skipping." isNotice "LAPI already bound to 0.0.0.0:8080 — skipping."
@ -189,7 +189,7 @@ installCrowdsecHost()
s|listen_port:.*|listen_port: ${prom_port}| s|listen_port:.*|listen_port: ${prom_port}|
}" "$cs_cfg" }" "$cs_cfg"
checkSuccess "CrowdSec metrics endpoint bound to ${prom_listen}" checkSuccess "CrowdSec metrics endpoint bound to ${prom_listen}"
sudo systemctl restart crowdsec runSystem systemctl restart crowdsec
checkSuccess "CrowdSec restarted" checkSuccess "CrowdSec restarted"
else else
isNotice "CrowdSec metrics already bound to ${prom_addr} — skipping." isNotice "CrowdSec metrics already bound to ${prom_addr} — skipping."
@ -197,7 +197,7 @@ installCrowdsecHost()
elif [[ -f "$cs_cfg" ]] && sudo grep -qE 'listen_addr:[[:space:]]*0\.0\.0\.0' "$cs_cfg"; then elif [[ -f "$cs_cfg" ]] && sudo grep -qE 'listen_addr:[[:space:]]*0\.0\.0\.0' "$cs_cfg"; then
sudo sed -i "/^prometheus:/,/^[^[:space:]#]/ s|listen_addr:.*|listen_addr: 127.0.0.1|" "$cs_cfg" sudo sed -i "/^prometheus:/,/^[^[:space:]#]/ s|listen_addr:.*|listen_addr: 127.0.0.1|" "$cs_cfg"
checkSuccess "CrowdSec metrics endpoint rebound to 127.0.0.1 (monitoring off)" checkSuccess "CrowdSec metrics endpoint rebound to 127.0.0.1 (monitoring off)"
sudo systemctl restart crowdsec runSystem systemctl restart crowdsec
checkSuccess "CrowdSec restarted" checkSuccess "CrowdSec restarted"
else else
isNotice "Monitoring off — CrowdSec metrics endpoint left at its default." isNotice "Monitoring off — CrowdSec metrics endpoint left at its default."
@ -217,9 +217,9 @@ installCrowdsecHost()
local key_file="/etc/crowdsec/traefik_bouncer.key" local key_file="/etc/crowdsec/traefik_bouncer.key"
local cfg_file="/docker/configs/security/security_crowdsec" local cfg_file="/docker/configs/security/security_crowdsec"
if ! sudo cscli bouncers list -o raw 2>/dev/null | grep -q '^traefik-bouncer'; then if ! runSystem cscli bouncers list -o raw 2>/dev/null | grep -q '^traefik-bouncer'; then
local bouncer_key local bouncer_key
bouncer_key=$(sudo cscli bouncers add traefik-bouncer -o raw 2>&1 | tail -1) bouncer_key=$(runSystem cscli bouncers add traefik-bouncer -o raw 2>&1 | tail -1)
if [[ -n "$bouncer_key" && "$bouncer_key" != *"error"* ]]; then if [[ -n "$bouncer_key" && "$bouncer_key" != *"error"* ]]; then
echo "$bouncer_key" | sudo tee "$key_file" >/dev/null echo "$bouncer_key" | sudo tee "$key_file" >/dev/null
sudo chown libreportal:libreportal "$key_file" sudo chown libreportal:libreportal "$key_file"
@ -250,16 +250,16 @@ installCrowdsecHost()
# The firewall bouncer needs a moment to install its nftables table # The firewall bouncer needs a moment to install its nftables table
# after enable. Poll up to ~10s before deciding it's missing. # after enable. Poll up to ~10s before deciding it's missing.
local _wait=0 local _wait=0
until sudo nft list tables 2>/dev/null | grep -qiE 'crowdsec' || [[ $_wait -ge 10 ]]; do until runSystem nft list tables 2>/dev/null | grep -qiE 'crowdsec' || [[ $_wait -ge 10 ]]; do
sleep 1; _wait=$((_wait+1)) sleep 1; _wait=$((_wait+1))
done done
if ! sudo nft list tables 2>/dev/null | grep -qiE 'crowdsec'; then if ! runSystem nft list tables 2>/dev/null | grep -qiE 'crowdsec'; then
isNotice "CrowdSec nftables table not yet present after ${_wait}s. Bouncer may still be starting; re-run the verification Tools action in a minute if rules don't appear." isNotice "CrowdSec nftables table not yet present after ${_wait}s. Bouncer may still be starting; re-run the verification Tools action in a minute if rules don't appear."
else else
local cs_prio ufw_prio local cs_prio ufw_prio
cs_prio=$(sudo nft list ruleset 2>/dev/null | awk '/table .* crowdsec/{flag=1} flag && /priority/{match($0,/priority [-0-9]+/); print substr($0,RSTART+9,RLENGTH-9); exit}') cs_prio=$(runSystem nft list ruleset 2>/dev/null | awk '/table .* crowdsec/{flag=1} flag && /priority/{match($0,/priority [-0-9]+/); print substr($0,RSTART+9,RLENGTH-9); exit}')
ufw_prio=$(sudo nft list ruleset 2>/dev/null | awk '/chain ufw[a-z0-9-]*input/{flag=1} flag && /priority/{match($0,/priority [-0-9]+/); print substr($0,RSTART+9,RLENGTH-9); exit}') ufw_prio=$(runSystem nft list ruleset 2>/dev/null | awk '/chain ufw[a-z0-9-]*input/{flag=1} flag && /priority/{match($0,/priority [-0-9]+/); print substr($0,RSTART+9,RLENGTH-9); exit}')
if [[ -z "$ufw_prio" ]]; then if [[ -z "$ufw_prio" ]]; then
isSuccessful "UFW not in nftables — no ordering needed (CrowdSec prio: ${cs_prio:-?})." isSuccessful "UFW not in nftables — no ordering needed (CrowdSec prio: ${cs_prio:-?})."
@ -291,10 +291,10 @@ installCrowdsecHost()
echo "---- $menu_number. Re-enabling CrowdSec services." echo "---- $menu_number. Re-enabling CrowdSec services."
echo "" echo ""
local result=$(sudo systemctl enable --now crowdsec) local result=$(runSystem systemctl enable --now crowdsec)
checkSuccess "Enabling CrowdSec agent" checkSuccess "Enabling CrowdSec agent"
local result=$(sudo systemctl enable --now crowdsec-firewall-bouncer) local result=$(runSystem systemctl enable --now crowdsec-firewall-bouncer)
checkSuccess "Enabling CrowdSec firewall bouncer" checkSuccess "Enabling CrowdSec firewall bouncer"
isSuccessful "CrowdSec services re-enabled." isSuccessful "CrowdSec services re-enabled."
@ -312,10 +312,10 @@ installCrowdsecHost()
echo "---- $menu_number. Stopping and disabling CrowdSec services." echo "---- $menu_number. Stopping and disabling CrowdSec services."
echo "" echo ""
local result=$(sudo systemctl disable --now crowdsec-firewall-bouncer 2>&1) local result=$(runSystem systemctl disable --now crowdsec-firewall-bouncer 2>&1)
checkSuccess "Disabling CrowdSec firewall bouncer" checkSuccess "Disabling CrowdSec firewall bouncer"
local result=$(sudo systemctl disable --now crowdsec 2>&1) local result=$(runSystem systemctl disable --now crowdsec 2>&1)
checkSuccess "Disabling CrowdSec agent" checkSuccess "Disabling CrowdSec agent"
isSuccessful "CrowdSec disabled. Package remains installed — set CFG_CROWDSEC_ENABLED=true to re-enable, or uninstall via the Tools tab." isSuccessful "CrowdSec disabled. Package remains installed — set CFG_CROWDSEC_ENABLED=true to re-enable, or uninstall via the Tools tab."

View File

@ -3,7 +3,7 @@
installUFW() installUFW()
{ {
if [[ "$CFG_REQUIREMENT_UFW" == "true" ]]; then if [[ "$CFG_REQUIREMENT_UFW" == "true" ]]; then
ISUFW=$( (sudo ufw status ) 2>&1 ) ISUFW=$( (runSystem ufw status ) 2>&1 )
if [[ "$ISUFW" == *"command not found"* ]]; then if [[ "$ISUFW" == *"command not found"* ]]; then
isHeader "Install UFW Firewall" isHeader "Install UFW Firewall"
@ -12,7 +12,7 @@ installUFW()
echo "---- $menu_number. Installing using linux package installer" echo "---- $menu_number. Installing using linux package installer"
echo "" echo ""
local result=$(yes | sudo apt-get install ufw ) local result=$(yes | runSystem apt-get install ufw )
checkSuccess "Installing UFW package" checkSuccess "Installing UFW package"
# ((menu_number++)) # ((menu_number++))
@ -27,9 +27,9 @@ installUFW()
# ssh_port=${ssh_port:-22} # Default to 22 if not found # ssh_port=${ssh_port:-22} # Default to 22 if not found
# fi # fi
# local result=$(sudo ufw allow $ssh_port) # local result=$(runSystem ufw allow $ssh_port)
# checkSuccess "Enabling Port $ssh_port through the firewall" # checkSuccess "Enabling Port $ssh_port through the firewall"
# local result=$(sudo ufw allow ssh) # local result=$(runSystem ufw allow ssh)
# checkSuccess "Enabling SSH through the firewall" # checkSuccess "Enabling SSH through the firewall"
# while true; do # while true; do
@ -42,13 +42,13 @@ installUFW()
# done # done
# if [[ "$UFWSSH" == [nN] ]]; then # if [[ "$UFWSSH" == [nN] ]]; then
# local result=$(sudo ufw deny $ssh_port) # local result=$(runSystem ufw deny $ssh_port)
# checkSuccess "Blocking Port $ssh_port through the firewall" # checkSuccess "Blocking Port $ssh_port through the firewall"
# local result=$(sudo ufw deny ssh) # local result=$(runSystem ufw deny ssh)
# checkSuccess "Blocking SSH through the firewall" # checkSuccess "Blocking SSH through the firewall"
# fi # fi
local result=$(sudo ufw --force enable) local result=$(runSystem ufw --force enable)
checkSuccess "Enabling UFW Firewall" checkSuccess "Enabling UFW Firewall"
((menu_number++)) ((menu_number++))
@ -56,7 +56,7 @@ installUFW()
echo "---- $menu_number. Changing logging options" echo "---- $menu_number. Changing logging options"
echo "" echo ""
local result=$(yes | sudo ufw logging $CFG_UFW_LOGGING) local result=$(yes | runSystem ufw logging $CFG_UFW_LOGGING)
checkSuccess "Disabling UFW Firewall Logging" checkSuccess "Disabling UFW Firewall Logging"
isSuccessful "UFW Firewall has been installed, you can use ufw status to see the status" isSuccessful "UFW Firewall has been installed, you can use ufw status to see the status"

View File

@ -23,10 +23,10 @@ installUFWDocker()
local result=$(sudo chmod +x $ufwpath) local result=$(sudo chmod +x $ufwpath)
checkSuccess "Setting permissions for install files" checkSuccess "Setting permissions for install files"
local result=$(sudo ufw-docker install > /dev/null 2>&1) local result=$(runSystem ufw-docker install > /dev/null 2>&1)
checkSuccess "Installing UFW Docker" checkSuccess "Installing UFW Docker"
local result=$(sudo systemctl restart ufw) local result=$(runSystem systemctl restart ufw)
checkSuccess "Restarting UFW Firewall service" checkSuccess "Restarting UFW Firewall service"
isSuccessful "UFW-Docker has been installed, you can use ufw-docker to see the available commands" isSuccessful "UFW-Docker has been installed, you can use ufw-docker to see the available commands"

View File

@ -10,7 +10,7 @@ installDockerManagerUser()
isNotice "User '$CFG_DOCKER_MANAGER_USER' does not exist, starting creation..." isNotice "User '$CFG_DOCKER_MANAGER_USER' does not exist, starting creation..."
# Create the User Account # Create the User Account
local result=$(sudo useradd -m -s /bin/bash "$CFG_DOCKER_MANAGER_USER") local result=$(runSystem useradd -m -s /bin/bash "$CFG_DOCKER_MANAGER_USER")
checkSuccess "Adding user via useradd command" checkSuccess "Adding user via useradd command"
local result=$(echo "$CFG_DOCKER_MANAGER_USER:$CFG_DOCKER_MANAGER_PASS" | sudo chpasswd) local result=$(echo "$CFG_DOCKER_MANAGER_USER:$CFG_DOCKER_MANAGER_PASS" | sudo chpasswd)
@ -66,7 +66,7 @@ EOL")
checkSuccess "Updating SSH Server Configuration for the Manager User." checkSuccess "Updating SSH Server Configuration for the Manager User."
# Reload SSH Service # Reload SSH Service
local result=$(sudo service ssh reload) local result=$(runSystem service ssh reload)
checkSuccess "Reloading SSH Service" checkSuccess "Reloading SSH Service"
fi fi

View File

@ -14,7 +14,7 @@ uninstallDockerManagerUser()
checkSuccess "Removing the Docker Manager User from $sshd_config." checkSuccess "Removing the Docker Manager User from $sshd_config."
# Restart SSH Service # Restart SSH Service
local result=$(sudo service ssh restart) local result=$(runSystem service ssh restart)
checkSuccess "Restarting SSH Service" checkSuccess "Restarting SSH Service"
fi fi
fi fi

View File

@ -7,7 +7,7 @@ installArch()
if [[ "$UPDARCH" == [yY] ]]; then if [[ "$UPDARCH" == [yY] ]]; then
isNotice "Installing System Updates... this may take a while...be patient." isNotice "Installing System Updates... this may take a while...be patient."
(sudo pacman -Syu --noconfirm) > $logs_dir/$docker_log_file 2>&1 & (runSystem pacman -Syu --noconfirm) > $logs_dir/$docker_log_file 2>&1 &
## Show a spinner for activity progress ## Show a spinner for activity progress
pid=$! # Process Id of the previous running command pid=$! # Process Id of the previous running command
spin='-\|/' spin='-\|/'
@ -25,12 +25,12 @@ installArch()
isNotice "Installing Prerequisite Packages..." isNotice "Installing Prerequisite Packages..."
sudo pacman -Sy git curl wget --noconfirm | sudo tee -a "$logs_dir/$docker_log_file" 2>&1 runSystem pacman -Sy git curl wget --noconfirm | sudo tee -a "$logs_dir/$docker_log_file" 2>&1
if [[ "$ISACT" != "active" ]]; then if [[ "$ISACT" != "active" ]]; then
isNotice "Installing Docker-CE (Community Edition)..." isNotice "Installing Docker-CE (Community Edition)..."
sudo pacman -Sy docker --noconfirm | sudo tee -a "$logs_dir/$docker_log_file" 2>&1 runSystem pacman -Sy docker --noconfirm | sudo tee -a "$logs_dir/$docker_log_file" 2>&1
echo "- docker-ce version is now:" echo "- docker-ce version is now:"
DOCKERV=$(docker -v) DOCKERV=$(docker -v)

View File

@ -14,7 +14,7 @@ installDebianUbuntu()
local result=$(DEBIAN_FRONTEND=noninteractive APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=1 apt update -qq 2>&1 && DEBIAN_FRONTEND=noninteractive APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=1 apt install sudo -yqq 2>&1 && apt-get autoclean 2>&1) local result=$(DEBIAN_FRONTEND=noninteractive APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=1 apt update -qq 2>&1 && DEBIAN_FRONTEND=noninteractive APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=1 apt install sudo -yqq 2>&1 && apt-get autoclean 2>&1)
checkSuccess "Updating System Operating system." checkSuccess "Updating System Operating system."
local result=$(DEBIAN_FRONTEND=noninteractive APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=1 sudo apt update -qq 2>&1) local result=$(DEBIAN_FRONTEND=noninteractive APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=1 runSystem apt update -qq 2>&1)
checkSuccess "Running application update" checkSuccess "Running application update"
local result=$(DEBIAN_FRONTEND=noninteractive APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=1 sudo $installed_apps -yqq 2>&1) local result=$(DEBIAN_FRONTEND=noninteractive APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=1 sudo $installed_apps -yqq 2>&1)

View File

@ -78,7 +78,7 @@ EOF
else else
# Unit already correct — ensure it's enabled + running, without a restart. # Unit already correct — ensure it's enabled + running, without a restart.
runSystem systemctl enable libreportal.service >/dev/null 2>&1 runSystem systemctl enable libreportal.service >/dev/null 2>&1
sudo systemctl is-active --quiet libreportal.service || runSystem systemctl start libreportal.service runSystem systemctl is-active --quiet libreportal.service || runSystem systemctl start libreportal.service
isSuccessful "LibrePortal task processor service already up to date." isSuccessful "LibrePortal task processor service already up to date."
fi fi

View File

@ -26,6 +26,6 @@ wireguardRevokeClient()
result=$(sudo rm -f "${CFG_WG_HOME_DIR}/${CFG_WG_SERVER_NIC}-client-${WIREGUARD_CLIENT_NAME}.conf") result=$(sudo rm -f "${CFG_WG_HOME_DIR}/${CFG_WG_SERVER_NIC}-client-${WIREGUARD_CLIENT_NAME}.conf")
checkSuccess "Removed generated client file for $WIREGUARD_CLIENT_NAME" checkSuccess "Removed generated client file for $WIREGUARD_CLIENT_NAME"
result=$(sudo wg syncconf "${CFG_WG_SERVER_NIC}" <(sudo wg-quick strip "${CFG_WG_SERVER_NIC}")) result=$(runSystem wg syncconf "${CFG_WG_SERVER_NIC}" <(runSystem wg-quick strip "${CFG_WG_SERVER_NIC}"))
checkSuccess "Restart wireguard to apply changes" checkSuccess "Restart wireguard to apply changes"
} }

View File

@ -33,7 +33,7 @@ installStandaloneWireGuard()
# Install WireGuard tools and module # Install WireGuard tools and module
if [[ "$OS_TYPE" == "Ubuntu" || "$OS_TYPE" == "Debian" ]]; then if [[ "$OS_TYPE" == "Ubuntu" || "$OS_TYPE" == "Debian" ]]; then
sudo apt-get install -y wireguard iptables resolvconf qrencode runSystem apt-get install -y wireguard iptables resolvconf qrencode
# Update DNS after installing resolvconf # Update DNS after installing resolvconf
updateDNS "" standalonewireguard; updateDNS "" standalonewireguard;
@ -95,12 +95,12 @@ PostDown = iptables -t nat -D POSTROUTING -o ${server_nic} -j MASQUERADE" | sudo
local result=$(echo '# WIREGUARD END' | sudo tee -a "$sysctl" > /dev/null) local result=$(echo '# WIREGUARD END' | sudo tee -a "$sysctl" > /dev/null)
checkSuccess "Adding wireguard header to sysctl" checkSuccess "Adding wireguard header to sysctl"
result=$(sudo systemctl start "wg-quick@${CFG_WG_SERVER_NIC}") result=$(runSystem systemctl start "wg-quick@${CFG_WG_SERVER_NIC}")
checkSuccess "Started wg-quick@${CFG_WG_SERVER_NIC} service." checkSuccess "Started wg-quick@${CFG_WG_SERVER_NIC} service."
result=$(sudo systemctl enable "wg-quick@${CFG_WG_SERVER_NIC}") result=$(runSystem systemctl enable "wg-quick@${CFG_WG_SERVER_NIC}")
checkSuccess "Enabled wg-quick@${CFG_WG_SERVER_NIC} service." checkSuccess "Enabled wg-quick@${CFG_WG_SERVER_NIC} service."
result=$(sudo sysctl --system) result=$(runSystem sysctl --system)
checkSuccess "Reloaded sysctl" checkSuccess "Reloaded sysctl"
portUse wireguardstandalone $CFG_WG_SERVER_PORT install; portUse wireguardstandalone $CFG_WG_SERVER_PORT install;
@ -168,9 +168,9 @@ wireguardNewClient()
fi fi
# Generate key pair for the client # Generate key pair for the client
local WIREGUARD_CLIENT_PRIV_KEY=$(sudo wg genkey) local WIREGUARD_CLIENT_PRIV_KEY=$(runSystem wg genkey)
local WIREGUARD_CLIENT_PUB_KEY=$(echo "${WIREGUARD_CLIENT_PRIV_KEY}" | sudo wg pubkey) local WIREGUARD_CLIENT_PUB_KEY=$(echo "${WIREGUARD_CLIENT_PRIV_KEY}" | runSystem wg pubkey)
local WIREGUARD_CLIENT_PRE_SHARED_KEY=$(sudo wg genpsk) local WIREGUARD_CLIENT_PRE_SHARED_KEY=$(runSystem wg genpsk)
local WIREGUARD_ENDPOINT="${public_ip_v4}:${CFG_WG_SERVER_PORT}" local WIREGUARD_ENDPOINT="${public_ip_v4}:${CFG_WG_SERVER_PORT}"
# Create client file # Create client file
@ -195,12 +195,12 @@ PublicKey = ${WIREGUARD_CLIENT_PUB_KEY}
PresharedKey = ${WIREGUARD_CLIENT_PRE_SHARED_KEY} PresharedKey = ${WIREGUARD_CLIENT_PRE_SHARED_KEY}
AllowedIPs = ${CFG_WG_ALLOWED_IPS}" | sudo tee -a "/etc/wireguard/${CFG_WG_SERVER_NIC}.conf" >/dev/null AllowedIPs = ${CFG_WG_ALLOWED_IPS}" | sudo tee -a "/etc/wireguard/${CFG_WG_SERVER_NIC}.conf" >/dev/null
#result=$(sudo wg syncconf ${CFG_WG_SERVER_NIC} /etc/wireguard/${CFG_WG_SERVER_NIC}.conf) #result=$(runSystem wg syncconf ${CFG_WG_SERVER_NIC} /etc/wireguard/${CFG_WG_SERVER_NIC}.conf)
#checkSuccess "Syncing config file for $CFG_WG_SERVER_NIC" #checkSuccess "Syncing config file for $CFG_WG_SERVER_NIC"
#result=$(sudo systemctl stop "wg-quick@${CFG_WG_SERVER_NIC}") #result=$(runSystem systemctl stop "wg-quick@${CFG_WG_SERVER_NIC}")
#checkSuccess "Stopped wg-quick@${CFG_WG_SERVER_NIC} service." #checkSuccess "Stopped wg-quick@${CFG_WG_SERVER_NIC} service."
#result=$(sudo systemctl start "wg-quick@${CFG_WG_SERVER_NIC}") #result=$(runSystem systemctl start "wg-quick@${CFG_WG_SERVER_NIC}")
#checkSuccess "Started wg-quick@${CFG_WG_SERVER_NIC} service." #checkSuccess "Started wg-quick@${CFG_WG_SERVER_NIC} service."
# Generate QR code if qrencode is installed # Generate QR code if qrencode is installed
@ -248,7 +248,7 @@ wireguardRevokeClient()
result=$(sudo rm -f "${CFG_WG_HOME_DIR}/${CFG_WG_SERVER_NIC}-client-${WIREGUARD_CLIENT_NAME}.conf") result=$(sudo rm -f "${CFG_WG_HOME_DIR}/${CFG_WG_SERVER_NIC}-client-${WIREGUARD_CLIENT_NAME}.conf")
checkSuccess "Removed generated client file for $WIREGUARD_CLIENT_NAME" checkSuccess "Removed generated client file for $WIREGUARD_CLIENT_NAME"
result=$(sudo wg syncconf "${CFG_WG_SERVER_NIC}" <(sudo wg-quick strip "${CFG_WG_SERVER_NIC}")) result=$(runSystem wg syncconf "${CFG_WG_SERVER_NIC}" <(runSystem wg-quick strip "${CFG_WG_SERVER_NIC}"))
checkSuccess "Restart wireguard to apply changes" checkSuccess "Restart wireguard to apply changes"
} }
@ -274,14 +274,14 @@ wireguardUninstall()
if [[ $WIREGUARD_REMOVE == [yY] ]]; then if [[ $WIREGUARD_REMOVE == [yY] ]]; then
if [[ "$OS_TYPE" == "Ubuntu" || "$OS_TYPE" == "Debian" ]]; then if [[ "$OS_TYPE" == "Ubuntu" || "$OS_TYPE" == "Debian" ]]; then
result=$(sudo systemctl stop "wg-quick@${CFG_WG_SERVER_NIC}") result=$(runSystem systemctl stop "wg-quick@${CFG_WG_SERVER_NIC}")
checkSuccess "Stopped wg-quick@${CFG_WG_SERVER_NIC} service." checkSuccess "Stopped wg-quick@${CFG_WG_SERVER_NIC} service."
result=$(sudo systemctl disable "wg-quick@${CFG_WG_SERVER_NIC}") result=$(runSystem systemctl disable "wg-quick@${CFG_WG_SERVER_NIC}")
checkSuccess "Disabled wg-quick@${CFG_WG_SERVER_NIC} service." checkSuccess "Disabled wg-quick@${CFG_WG_SERVER_NIC} service."
if [[ "$OS_TYPE" == "Ubuntu" || "$OS_TYPE" == "Debian" ]]; then if [[ "$OS_TYPE" == "Ubuntu" || "$OS_TYPE" == "Debian" ]]; then
result=$(sudo apt-get remove -y wireguard wireguard-tools qrencode) result=$(runSystem apt-get remove -y wireguard wireguard-tools qrencode)
checkSuccess "Removed wireguard wireguard-tools qrencode" checkSuccess "Removed wireguard wireguard-tools qrencode"
fi fi
@ -290,7 +290,7 @@ wireguardUninstall()
result=$(sudo rm -f /etc/sysctl.d/wg.conf) result=$(sudo rm -f /etc/sysctl.d/wg.conf)
checkSuccess "Delete /etc/sysctl.d/wg.conf file." checkSuccess "Delete /etc/sysctl.d/wg.conf file."
result=$(sudo sysctl --system) result=$(runSystem sysctl --system)
checkSuccess "Reloaded sysctl" checkSuccess "Reloaded sysctl"
portUnuse wireguardstandalone $CFG_WG_SERVER_PORT install; portUnuse wireguardstandalone $CFG_WG_SERVER_PORT install;

View File

@ -11,14 +11,14 @@ wireguardUninstall()
if [[ $WIREGUARD_REMOVE == [yY] ]]; then if [[ $WIREGUARD_REMOVE == [yY] ]]; then
if [[ "$OS_TYPE" == "Ubuntu" || "$OS_TYPE" == "Debian" ]]; then if [[ "$OS_TYPE" == "Ubuntu" || "$OS_TYPE" == "Debian" ]]; then
result=$(sudo systemctl stop "wg-quick@${CFG_WG_SERVER_NIC}") result=$(runSystem systemctl stop "wg-quick@${CFG_WG_SERVER_NIC}")
checkSuccess "Stopped wg-quick@${CFG_WG_SERVER_NIC} service." checkSuccess "Stopped wg-quick@${CFG_WG_SERVER_NIC} service."
result=$(sudo systemctl disable "wg-quick@${CFG_WG_SERVER_NIC}") result=$(runSystem systemctl disable "wg-quick@${CFG_WG_SERVER_NIC}")
checkSuccess "Disabled wg-quick@${CFG_WG_SERVER_NIC} service." checkSuccess "Disabled wg-quick@${CFG_WG_SERVER_NIC} service."
if [[ "$OS_TYPE" == "Ubuntu" || "$OS_TYPE" == "Debian" ]]; then if [[ "$OS_TYPE" == "Ubuntu" || "$OS_TYPE" == "Debian" ]]; then
result=$(sudo apt-get remove -y wireguard wireguard-tools qrencode) result=$(runSystem apt-get remove -y wireguard wireguard-tools qrencode)
checkSuccess "Removed wireguard wireguard-tools qrencode" checkSuccess "Removed wireguard wireguard-tools qrencode"
fi fi
@ -27,7 +27,7 @@ wireguardUninstall()
result=$(sudo rm -f /etc/sysctl.d/wg.conf) result=$(sudo rm -f /etc/sysctl.d/wg.conf)
checkSuccess "Delete /etc/sysctl.d/wg.conf file." checkSuccess "Delete /etc/sysctl.d/wg.conf file."
result=$(sudo sysctl --system) result=$(runSystem sysctl --system)
checkSuccess "Reloaded sysctl" checkSuccess "Reloaded sysctl"
portUnuse wireguardstandalone $CFG_WG_SERVER_PORT install; portUnuse wireguardstandalone $CFG_WG_SERVER_PORT install;