From 2b52626cf06db8a811c439870995b7ff41a57650 Mon Sep 17 00:00:00 2001 From: CedarLUG Date: Sun, 11 Sep 2016 18:56:39 -0500 Subject: [PATCH] Pastebin and hastebin posting subsystem for scripting the posting of stripped confidential information to pastebin/hastebin. --- lgsm/functions/command_details.sh | 10 +- lgsm/functions/command_postdetails.sh | 136 ++++++++++++++++++++++++++ lgsm/functions/core_functions.sh | 12 +++ lgsm/functions/core_getopt.sh | 16 ++- 4 files changed, 172 insertions(+), 2 deletions(-) create mode 100644 lgsm/functions/command_postdetails.sh diff --git a/lgsm/functions/command_details.sh b/lgsm/functions/command_details.sh index 0cc18d692..cff501c27 100644 --- a/lgsm/functions/command_details.sh +++ b/lgsm/functions/command_details.sh @@ -580,6 +580,8 @@ fn_details_ark(){ # Run checks and gathers details to display. + +fn_display_details() { check.sh info_config.sh info_distro.sh @@ -642,4 +644,10 @@ else fi fn_details_statusbottom -core_exit.sh \ No newline at end of file +} + +if [ -z ${POSTDETAILS} ] ; +then + fn_display_details + core_exit.sh +fi diff --git a/lgsm/functions/command_postdetails.sh b/lgsm/functions/command_postdetails.sh new file mode 100644 index 000000000..22736fd52 --- /dev/null +++ b/lgsm/functions/command_postdetails.sh @@ -0,0 +1,136 @@ +#!/bin/bash -x +# LGSM command_postdetails.sh function +# Author: CedarLUG +# Contributor: CedarLUG +# Website: https://gameservermanagers.com +# Description: Strips sensitive information out of Details output + +local commandname="POSTDETAILS" +local commandaction="Postdetails" +local function_selfname="$(basename $(readlink -f "${BASH_SOURCE[0]}"))" + +# POSTDETAILS variable affects the output of command_details.sh. Setting +# it here silences the output from sourcing command_details.sh. +POSTDETAILS=yes + +# Set POSTTARGET to the appropriately-defined post destination. The present +# option is only pastebin, but hastebin is on the todo list (and should be +# a lot easier than pastebin. +# +# Another reason for an alternative here is that pastebin limits guest +# posts to 10 per day, which might be a tight limit for some debugging situations. + +POSTTARGET="http://pastebin.com" +POSTEXPIRE="1W" # use 1 week as the default, other options are '24h' for a day, etc. + +# This file sources the command_details.sh file to leverage all +# of the already-defined functions. To keep the command_details.sh +# from actually producing output, the main executable statements have +# been wrapped in the equivalent of an ifdef clause, that looks +# for the variable "postdetails" to be defined. -CedarLUG + +# source all of the functions defined in the details command +. ${functionsdir}/command_details.sh + +fn_bad_tmpfile() { + echo "There was a problem creating a temporary file ${tmpfile}." + core_exit.sh +} + +fn_gen_rand() { + # This is just a simple random generator to generate a random + # name for storing the output. Named pipes would (possibly) be + # better. -CedarLUG + # + # len holds the number of digits in our random string + local len=$1 + # If not specified, default to 10. + : {len:=10} + # Quick generator for a random filename, pulled from /dev/urandom + tr -dc A-Za-z0-9_ < /dev/urandom | head -c ${len} | xargs +} + +# Rather than a one-pass sed parser, default to using a temporary directory +filedir="${lgsmdir}/tmp" + +# Not all game servers possess a tmp directory. So create it if +# it doesn't already exist +mkdir -p ${filedir} 2>&1 >/dev/null + +tmpfile=${filedir}/$(fn_gen_rand 10).tmp + +touch ${tmpfile} || fn_bad_tmpfile + +# fn_display_details is found in the command_details.sh file (which +# was sourced above. The output is parsed for passwords and other +# confidential information. -CedarLUG + +# The numerous sed lines could certainly be condensed quite a bit, +# but they are separated out to provide examples for how to add +# additional criteria in a straight-forward manner. +# (This was originally a sed one-liner.) -CedarLUG + +fn_display_details | sed -e 's/password="[^"]*/password="--stripped--/' | + sed -e 's/password "[^"]*/password "--stripped--/' | + sed -e 's/password: .*/password: --stripped--/' | + sed -e 's/gslt="[^"]*/gslt="--stripped--/' | + sed -e 's/gslt "[^"]*/gslt "--stripped--/' | + sed -e 's/pushbullettoken="[^"]*/pushbullettoken="--stripped--/' | + sed -e 's/pushbullettoken "[^"]*/pushbullettoken "--stripped--/' | + sed -e 's/authkey="[^"]*/authkey="--stripped--/' | + sed -e 's/authkey "[^"]*/authkey "--stripped--/' | + sed -e 's/authkey [A-Za-z0-9]\+/authkey --stripped--/' | + sed -e 's/rcts_strAdminPassword="[^"]*/rcts_strAdminPassword="--stripped--/' | + sed -e 's/rcts_strAdminPassword "[^"]*/rcts_strAdminPassword "--stripped--/' | + sed -e 's/sv_setsteamaccount [A-Za-z0-9]\+/sv_setsteamaccount --stripped--/' | + sed -e 's/sv_password="[^"]*/sv_password="--stripped--/' | + sed -e 's/sv_password "[^"]*/sv_password "--stripped--/' | + sed -e 's/zmq_stats_password="[^"]*/zmq_stats_password="--stripped--/' | + sed -e 's/zmq_stats_password "[^"]*/zmq_stats_password "--stripped--/' | + sed -e 's/zmq_rcon_password="[^"]*/zmq_rcon_password="--stripped--/' | + sed -e 's/zmq_rcon_password "[^"]*/zmq_rcon_password "--stripped--/' | + sed -e 's/pass="[^"]*/pass="--stripped--/' | + sed -e 's/pass "[^"]*/pass "--stripped--/' | + sed -e 's/rconServerPassword="[^"]*/rconServerPassword="--stripped--/' | + sed -e 's/rconServerPassword "[^"]*/rconServerPassword "--stripped--/' > ${tmpfile} + +# strip off all console escape codes (colorization) +sed -i -r "s/[\x1B,\x0B]\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" ${tmpfile} + +# If the gameserver uses anonymous steam credentials, leave them displayed +# in the output. Otherwise, strip these out as well. +if ! grep -q "^steampass[= ]\"\"" ${tmpfile} ; then + sed -i -e 's/steampass[= ]"[^"]*/steampass "--stripped--/' ${tmpfile} +fi +if ! grep -q "^steamuser[= ]\"anonymous\"" ${tmpfile} ; then + sed -i -e 's/steamuser[= ]"[^"]*/steamuser "--stripped--/' ${tmpfile} +fi + +if [ "$POSTTARGET" == "http://pastebin.com" ] ; then + # grab the return from 'value' from an initial visit to pastebin. + TOKEN=$(curl -s $POSTTARGET | + sed -n 's/^.*input type="hidden" name="csrf_token_post" value="\(.*\)".*$/\1/p') + # + # Use the TOKEN to then post the content. + # + link=$(curl -s "$POSTTARGET/post.php" -D - -F "submit_hidden=submit_hidden" \ + -F "post_key=$TOKEN" -F "paste_expire_date=${POSTEXPIRE}" \ + -F "paste_name=${gamename} Debug Info" \ + -F "paste_format=8" -F "paste_private=0" \ + -F "paste_type=bash" -F "paste_code=<${tmpfile}" | + awk '/^location: / { print $2 }' | sed "s/\n//g") + + # Output the resulting link. + fn_print_warn_nl "You now need to visit (and verify) the content posted at ${POSTTARGET}${link}" +elif [ "$POSTTARGET" == "http://hastebin.com" ] ; then + # hastebin is a bit simpler. If successful, the returned result + # should look like: {"something":"key"}, putting the reference that + # we need in "key". TODO - error handling. -CedarLUG + link=$(curl -s -d "$(<${tmpfile}) | cut -d\" -f4) + fn_print_warn_nl "You now need to visit (and verify) the content posted at ${POSTTARGET}${link}" +fi + +# cleanup +rm ${tmpfile} || /bin/true + +core_exit.sh diff --git a/lgsm/functions/core_functions.sh b/lgsm/functions/core_functions.sh index de36e7a21..47903be22 100644 --- a/lgsm/functions/core_functions.sh +++ b/lgsm/functions/core_functions.sh @@ -120,6 +120,18 @@ functionfile="${FUNCNAME}" fn_fetch_function } +command_postdetails.sh(){ + functionfile="${FUNCNAME}" + tempffname=$functionfile + # First, grab the command_postdetails.sh file + fn_fetch_function + # But then next, command_details.sh needs to also be pulled + # because command_postdetails.sh sources its functions -CedarLUG + functionfile="command_details.sh" + fn_fetch_function + functionfile=$tempffname +} + command_postdetails.sh(){ functionfile="${FUNCNAME}" tempffname=$functionfile diff --git a/lgsm/functions/core_getopt.sh b/lgsm/functions/core_getopt.sh index 5b7042f8c..78d142e9c 100644 --- a/lgsm/functions/core_getopt.sh +++ b/lgsm/functions/core_getopt.sh @@ -29,6 +29,8 @@ case "${getopt}" in command_test_alert.sh;; dt|details) command_details.sh;; + pd|postdetails) + command_postdetails.sh;; b|backup) command_backup.sh;; c|console) @@ -68,6 +70,7 @@ case "${getopt}" in echo -e "${blue}monitor\t${default}m |Checks that the server is running." echo -e "${blue}test-alert\t${default}ta |Sends test alert." echo -e "${blue}details\t${default}dt |Displays useful information about the server." + echo -e "${blue}postdetails\t${default}pd | Post stripped details to pastebin (for support)" echo -e "${blue}backup\t${default}b |Create archive of the server." echo -e "${blue}console\t${default}c |Console allows you to access the live view of a server." echo -e "${blue}debug\t${default}d |See the output of the server directly to your terminal." @@ -95,6 +98,8 @@ case "${getopt}" in command_test_alert.sh;; dt|details) command_details.sh;; + pd|postdetails) + command_postdetails.sh;; b|backup) command_backup.sh;; pw|change-password) @@ -130,6 +135,7 @@ case "${getopt}" in echo -e "${blue}monitor\t${default}m |Checks that the server is running." echo -e "${blue}test-alert\t${default}ta |Sends test alert." echo -e "${blue}details\t${default}dt |Displays useful information about the server." + echo -e "${blue}postdetails\t${default}pd | Post stripped details to pastebin (for support)" echo -e "${blue}change-password\t${default}pw |Changes TS3 serveradmin password." echo -e "${blue}backup\t${default}b |Create archive of the server." echo -e "${blue}install\t${default}i |Install the server." @@ -156,6 +162,8 @@ case "${getopt}" in command_test_alert.sh;; dt|details) command_details.sh;; + pd|postdetails) + command_postdetails.sh;; b|backup) command_backup.sh;; c|console) @@ -193,6 +201,7 @@ case "${getopt}" in echo -e "${blue}monitor\t${default}m |Checks that the server is running." echo -e "${blue}test-alert\t${default}ta |Sends test alert." echo -e "${blue}details\t${default}dt |Displays useful infomation about the server." + echo -e "${blue}postdetails\t${default}pd | Post stripped details to pastebin (for support)" echo -e "${blue}backup\t${default}b |Create archive of the server." echo -e "${blue}console\t${default}c |Console allows you to access the live view of a server." echo -e "${blue}debug\t${default}d |See the output of the server directly to your terminal." @@ -220,6 +229,8 @@ case "${getopt}" in command_test_alert.sh;; dt|details) command_details.sh;; + pd|postdetails) + command_postdetails.sh;; b|backup) command_backup.sh;; dev|dev-debug) @@ -251,6 +262,7 @@ case "${getopt}" in echo -e "${blue}monitor\t${default}m |Checks that the server is running." echo -e "${blue}test-alert\t${default}ta |Sends test alert." echo -e "${blue}details\t${default}dt |Displays useful information about the server." + echo -e "${blue}postdetails\t${default}pd | Post stripped details to pastebin (for support)" echo -e "${blue}backup\t${default}b |Create archive of the server." echo -e "${blue}install\t${default}i |Install the server." } | column -s $'\t' -t @@ -280,6 +292,8 @@ case "${getopt}" in command_test_alert.sh;; dt|details) command_details.sh;; + pd|postdetails) + command_postdetails.sh;; b|backup) command_backup.sh;; c|console) @@ -557,4 +571,4 @@ elif [ "${engine}" == "unreal" ]; then else fn_getopt_generic fi -core_exit.sh \ No newline at end of file +core_exit.sh