#!/usr/bin/env bash

echo 
echo "*** Configure SIP endpoints provisioning ***"
echo

# disable pam_shells.so at /etc/pam.d/vsftpd
sed -i 's/^auth\s*required\s*pam_shells.so$/#auth       required     pam_shells.so/' /etc/pam.d/vsftpd

HOME=/home/PlcmSpIp
DIRS="CONTACTS LICENSE  LOGS  OVERRIDES"

# make PlcmSpIp
useradd PlcmSpIp
echo PlcmSpIp:PlcmSpIp | chpasswd
chsh -s /sbin/nologin PlcmSpIp

[ "`grep -c -e "^DenyUsers PlcmSpIp" /etc/ssh/sshd_config`" = "0" ] && echo -e "\n\n#block PlcmSpIp from ssh tunneling\nDenyUsers PlcmSpIp\n" >> /etc/ssh/sshd_config

#cp -f /var/www/html/index.php /home/PlcmSpIp/

chmod 751 $HOME
chown -R root. /home/PlcmSpIp
cd $HOME
mkdir $DIRS
chown -R PlcmSpIp. $DIRS

# adjust TFTP config
cat > /etc/xinetd.d/tftp <<-EOF
# default: off
# description: The tftp server serves files using the trivial file transfer \
#       protocol.  The tftp protocol is often used to boot diskless \
#       workstations, download configuration files to network-aware printers, \
#       and to start the installation process for some operating systems.
service tftp
{
        disable = no
        socket_type             = dgram
        protocol                = udp
        wait                    = yes
        user                    = root
        server                  = /usr/sbin/in.tftpd
        server_args             = -vvvvvvv -s $HOME
        per_source              = 11
        cps                     = 100 2
        flags                   = IPv4
}
EOF

# adjust Thirdlane
cat > /etc/asterisk/provisioning.txt <<EOF
directory=$HOME
servicetype=2
EOF

chown asterisk:asterisk /etc/asterisk/provisioning.txt

# adjust VSFTPD
cd /etc/vsftpd/
touch chroot_list
cat >vsftpd.patch <<-EOF
--- vsftpd.conf.orig    2023-05-10 13:26:54.774057140 +0300
+++ vsftpd.conf 2023-05-10 13:29:40.344274989 +0300
@@ -124,3 +124,22 @@
 
 pam_service_name=vsftpd
 userlist_enable=YES
+
+userlist_deny=YES
+user_config_dir=/etc/vsftpd/
+
+ssl_enable=YES
+allow_anon_ssl=NO
+force_local_data_ssl=NO
+force_local_logins_ssl=NO
+ssl_tlsv1=YES
+ssl_sslv2=NO
+ssl_sslv3=NO
+rsa_cert_file=/etc/vsftpd/vsftpd.pem
+
+#debug_ssl=YES
+dual_log_enable=YES
+#log_ftp_protocol=YES
+
+pasv_min_port=49152 
+pasv_max_port=65534
EOF
patch -p0 < vsftpd.patch

echo "dirlist_enable=NO" > PlcmSpIp
echo "deny_file={*.php,*.cgi,*.shtml,*.phtml,*.pl,*.js,*.htm,*.html,.bash*}" >> PlcmSpIp

cat >vsftpd.pem <<-EOF
-----BEGIN CERTIFICATE-----
MIIDYTCCAkkCFEm0pfrBhbJhk0Wtd+/2IPFXhtpzMA0GCSqGSIb3DQEBCwUAMG0x
CzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEQMA4GA1UEBwwHRmFpcmZheDEWMBQG
A1UECgwNVGhpcmRsYW5lIExMQzELMAkGA1UECwwCSVQxGjAYBgNVBAMMEWdpdC50
aGlyZGxhbmUuY29tMB4XDTIzMDUxMDEyMzYwOVoXDTI3MDUwOTEyMzYwOVowbTEL
MAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMRAwDgYDVQQHDAdGYWlyZmF4MRYwFAYD
VQQKDA1UaGlyZGxhbmUgTExDMQswCQYDVQQLDAJJVDEaMBgGA1UEAwwRZ2l0LnRo
aXJkbGFuZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDD1BqN
GSyRm+orsoY9WRwIXShUFI9FalniUWdlS921uKsVDteoaSEAkukP0hHbFw0KJgFt
GVX3ajbUmrnBWFYT3aOcQYz3LRO8d6hmfQU/G6HNdOvVwILKSj3S+pu4s2ydpIrt
pXcYDxZxG/obEUgvIHAd382i2QQpf6rPa+5ro2Wv0btO8gpzp61AvZ72F38xW2m4
ZnNu5axbnXQuW8DTtdKEhap/Rfdd1D2H/h+Jwya8xFiPOdLSy1+/kfLQK+VM4PQb
+ykp2cDr3ypi83TVogveEgGoPiTiwFB3gQeEc1BOjDPi+LeUGD282C20ZXD0Gd1M
GKvKAiuxLzGd+MI9AgMBAAEwDQYJKoZIhvcNAQELBQADggEBAMJ2YECXP9UTzAr5
K/2iBx7M48ljLmfP5DpgwO7mbSrDczAgE+pcytgm1WtANQASs18Q9dCoNmt8Wmof
zM6NvRwwxWZpSLPBRTbSPIQ4O6JH/Uoymw1yhAHOdBDLSnKl/LuKxnQsq3Wr6bM1
5iB5HnyS/Pq4986KMQ0Ftkmu9XHh3VHL3iPUkGK2pFZPYs7/CE1WCdMVO/z9TDMC
eD0IqU8pIrtwakxNGHNzRy6CL3vEEcmqgzqSHsWAM8b1XN+zz0sSbPRY6jN3IReJ
alQitfO8tmJTbguwee0N8GbONdtXrcjKTdEKb9mNwlsQsCs/JVnTAfVy4+zSHL1y
1OB0BbQ=
-----END CERTIFICATE-----
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDD1BqNGSyRm+or
soY9WRwIXShUFI9FalniUWdlS921uKsVDteoaSEAkukP0hHbFw0KJgFtGVX3ajbU
mrnBWFYT3aOcQYz3LRO8d6hmfQU/G6HNdOvVwILKSj3S+pu4s2ydpIrtpXcYDxZx
G/obEUgvIHAd382i2QQpf6rPa+5ro2Wv0btO8gpzp61AvZ72F38xW2m4ZnNu5axb
nXQuW8DTtdKEhap/Rfdd1D2H/h+Jwya8xFiPOdLSy1+/kfLQK+VM4PQb+ykp2cDr
3ypi83TVogveEgGoPiTiwFB3gQeEc1BOjDPi+LeUGD282C20ZXD0Gd1MGKvKAiux
LzGd+MI9AgMBAAECggEBAI6hDJmaLUj8i2k6ROWn4nABEd9zfgpr9H2PFsTDpf62
Ov1CazaBI4Vcex2HvnOZbWjn14ATxPZISRk+fG7jHQapFoI3iCl7jnVlnaTQCCM3
x/hx4Vc1OM2Hl1H0L7kuDb0f3ARM0NoYGxtU6iwOwUl50c8gc5DZiVuEXe9nSCbi
e50NnbQ8Sx1wA5Map2uKD5wE/x7NVuIS+sSne5LwLx/u9kMlH9gED2qAjaB5pOFY
//YLazdUpuAb4JGiBd4mCwj5wdI5ydb7yP76sdIcNidSJ8WYzS3B1gWtgAsmlur2
I2C0lslQcTeNdhxB49GHFGos+ikLSYVyKztwm7SQqw0CgYEA8TThgIGGAbIjPUcL
dx46cNsLNsxIE5VI66adi2wLBtGa7j3OCXlG2fGXoI2eE1z7cibDgf8yMGrAuwYc
jtr+yhYtRdZQeT7CDarGZRaoKT57Ehxz8caSdxyC9gu8Ifo3g2NU1zh7y0QjP7MM
AjgEFNVvQgYUKd6OvFidxp+vBxcCgYEAz9bBK1HcK7bohlVynupJ7A+MZPN2tnqj
Ac6ePqc7js6qnN7XZ+OMqERMJOxkV2+vrUEXcqXvBu9UKdihp8THiwT95xbwiAXg
1GveopKUB3Q0RpiBdMPZ8VIY9dNw63la/EbCpAi9MULfYs2Nl4/ofDCt4FL7vFY2
NfTytdn41csCgYB6hcwORLzXW69+zvnJ9jblYL7fhQEPwYMbALWCPs2TFyHF5usj
8NDGoGvPCGDFoTOwlnQ1MnZCFdf0qHQVNLS73mv8z5JtJC3aV2cTrmCZIr3NQ1q5
844upvL3HJrh/4H3YZuU/4ISjHgDQWXWMrIQCyLKvN+9LOoATltGq5Jy3QKBgBYH
Kt4OhQlVD3v9XnKdXkxYsYaZj0Fz6gbtATSewN835DlQHQBzy5qh8ngPXesueS4h
sfyCvby8bO0qeqevYX7IfqiZc9DW3qdk72nHo0zO8iNxUncvss+y5dZYHKW4bP5D
+aktC/BGqCpuos0ngXp4JlWaNfgWIxTA62B+w7LVAoGBAJG5SNs4pikNgvGr5Fm4
2lMG1CUHzWplbzk2EBY0S/R9YLtpvDCTv7SP+F9pw1DbgwK3Aw+bzUTASTfSS0u6
GCmZYrsT47dhpLOk3Tb8y93pNhfKJseone4XCpyUU+Ll1lEixxAlbQE9lFqM/BY/
X/UXDX7saf/U6X+d03pU9yxA
-----END PRIVATE KEY-----
EOF
