#/bin/bash

echo 
echo "*** Configure SIP endpoints provisioning ***"
echo

HOME=/home/PlcmSpIp
DIRS="CONTACTS LICENSE  LOGS  OVERRIDES"

# make PlcmSpIp
useradd PlcmSpIp
echo PlcmSpIp:PlcmSpIp | chpasswd
chsh -s /sbin/nologin PlcmSpIp

[ "`grep -c -e "^DenyUsers PlcmSpIp" /etc/ssh/sshd_config`" = "0" ] && echo -e "\n\n#block PlcmSpIp from ssh tunneling\nDenyUsers PlcmSpIp\n" >> /etc/ssh/sshd_config

#cp -f /var/www/html/index.php /home/PlcmSpIp/

chmod 751 $HOME
chown -R root. /home/PlcmSpIp
cd $HOME
mkdir $DIRS
chown -R PlcmSpIp. $DIRS

# adjust TFTP config
cat > /etc/xinetd.d/tftp <<-EOF
# default: off
# description: The tftp server serves files using the trivial file transfer \
#       protocol.  The tftp protocol is often used to boot diskless \
#       workstations, download configuration files to network-aware printers, \
#       and to start the installation process for some operating systems.
service tftp
{
        disable = no
        socket_type             = dgram
        protocol                = udp
        wait                    = yes
        user                    = root
        server                  = /usr/sbin/in.tftpd
        server_args             = -vvvvvvv -s $HOME
        per_source              = 11
        cps                     = 100 2
        flags                   = IPv4
}
EOF

# adjust Thirdlane
IFCONFIG=`which ifconfig 2>/dev/null||echo /sbin/ifconfig`
IPADDR=`$IFCONFIG eth0|gawk '/inet addr/{print $2}'|gawk -F: '{print $2}'`
cat > /etc/asterisk/provisioning.txt <<EOF
server=$IPADDR
directory=$HOME
servicetype=2
EOF

chown asterisk:asterisk /etc/asterisk/provisioning.txt

# adjust VSFTPD
cd /etc/vsftpd/
touch chroot_list
cat >vsftpd.patch <<-EOF
--- vsftpd.conf.orig    2012-06-22 11:55:02.000000000 +0400
+++ vsftpd.conf 2012-08-29 18:39:26.981757392 +0400
@@ -9,7 +9,7 @@
 # capabilities.
 #
 # Allow anonymous FTP? (Beware - allowed by default if you comment this out).
-anonymous_enable=YES
+anonymous_enable=NO
 #
 # Uncomment this to allow local users to log in.
 local_enable=YES
@@ -93,8 +93,8 @@
 # You may specify an explicit list of local users to chroot() to their home
 # directory. If chroot_local_user is YES, then this list becomes a list of
 # users to NOT chroot().
-#chroot_local_user=YES
-#chroot_list_enable=YES
+chroot_local_user=YES
+chroot_list_enable=YES
 # (default follows)
 #chroot_list_file=/etc/vsftpd/chroot_list
 #
@@ -117,3 +117,22 @@
 pam_service_name=vsftpd
 userlist_enable=YES
 tcp_wrappers=YES
+
+userlist_deny=YES
+user_config_dir=/etc/vsftpd/
+
+ssl_enable=YES
+allow_anon_ssl=NO
+force_local_data_ssl=NO
+force_local_logins_ssl=NO
+ssl_tlsv1=YES
+ssl_sslv2=NO
+ssl_sslv3=NO
+rsa_cert_file=/etc/vsftpd/vsftpd.pem
+
+#debug_ssl=YES
+dual_log_enable=YES
+#log_ftp_protocol=YES
+
+pasv_min_port=49152 
+pasv_max_port=65534
EOF
patch -p0 < vsftpd.patch

echo "dirlist_enable=NO" > PlcmSpIp
echo "deny_file={*.php,*.cgi,*.shtml,*.phtml,*.pl,*.js,*.htm,*.html,.bash*}" >> PlcmSpIp

cat >vsftpd.pem <<-EOF
-----BEGIN CERTIFICATE-----
MIIDkTCCAnmgAwIBAgIJAMa+EpE2MEoCMA0GCSqGSIb3DQEBBQUAMF8xLDAqBgNV
BAoMI1dlYm1pbiBXZWJzZXJ2ZXIgb24gdGhpcmRsYW5lLmxvY2FsMQowCAYDVQQD
DAEqMSMwIQYJKoZIhvcNAQkBFhRyb290QHRoaXJkbGFuZS5sb2NhbDAeFw0xMjA4
MjYyMDA5MjdaFw0xNzA4MjUyMDA5MjdaMF8xLDAqBgNVBAoMI1dlYm1pbiBXZWJz
ZXJ2ZXIgb24gdGhpcmRsYW5lLmxvY2FsMQowCAYDVQQDDAEqMSMwIQYJKoZIhvcN
AQkBFhRyb290QHRoaXJkbGFuZS5sb2NhbDCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALsVwmmIBpcYXE5mvXtuQAC0nS7ITCIKOkMTj5DYgBOqwhTJoyyE
/U14ONvheI7BuEyMhuOzwM3IYg+Z31z7htUSjn8JaGCgxHVbMqymVGdt18Rd2yFL
5ipLTnHs2srJGfXIMHNWpvaQG4xNKbhyWbrbG7Czpm+r7hnpkG44Hl6o0vGVLPiC
DSB8BqY6vGf/R7gtK8+zrgCtkVJxs1lopaUElK7w58Lgm4HY1N8cuj9hKWm0qXTW
6JH6glW9a/++2AC2MsplPUOR2p5mibJl8Q0nl2WfflDMMKDMP9WY6uOeJtl4Hwu1
xrc9ew8lYuOunrEtggmVO9aJs6kXSPw2GYcCAwEAAaNQME4wHQYDVR0OBBYEFHew
SpzlE/fXupaAdNCFtksEJq3XMB8GA1UdIwQYMBaAFHewSpzlE/fXupaAdNCFtksE
Jq3XMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAE3cvQS8ikwi/V2F
I7jsi5OTJeb05ZOxbYhWi4sh2eBIw0xEmehYk/VIhKFSJgkxlV6eakPdbhvZZLMD
xhUoUF3f0c2orEgJFSV3ng4l0s6m2gbrO8tmSAYepnpHgBO323aZJahBxj/E+hE3
40NumQMnEXQ5vbvg5HwoVDtoNXKqyUZHIo3aJzRAO+WlH5NO/kRbSC5N8aTmau1M
2Jj8Jz/zwEqqgbG4Ow7Om6Lxg9pka3NxI2ZZZPUTiI0xrMejTJXUE8zkGpb0+4Bh
4Aq2L9AZULajziy7iB6WeSkLB9RUP2lXvJ4TN9WoRGtYGxq5yVYs3LqBh74l0A0l
LVzpsmw=
-----END CERTIFICATE-----
-----BEGIN PRIVATE KEY-----
MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQC7FcJpiAaXGFxO
Zr17bkAAtJ0uyEwiCjpDE4+Q2IATqsIUyaMshP1NeDjb4XiOwbhMjIbjs8DNyGIP
md9c+4bVEo5/CWhgoMR1WzKsplRnbdfEXdshS+YqS05x7NrKyRn1yDBzVqb2kBuM
TSm4clm62xuws6Zvq+4Z6ZBuOB5eqNLxlSz4gg0gfAamOrxn/0e4LSvPs64ArZFS
cbNZaKWlBJSu8OfC4JuB2NTfHLo/YSlptKl01uiR+oJVvWv/vtgAtjLKZT1Dkdqe
ZomyZfENJ5dln35QzDCgzD/VmOrjnibZeB8Ltca3PXsPJWLjrp6xLYIJlTvWibOp
F0j8NhmHAgMBAAECggEAXKUL30KzMMOpglGyZ5tTKoZGiFI8EWdLLshTAgGUeyjG
b5DiszswTNrKHWjsUJVx9MZqTfxH8B/ZH6ytRdhxDrbfxd0cyS0T3KHK2GCNz6I/
hUiNKVHyquMb96K5Pk6UAnieNZ+lktgOLE5R6LsH4FZ8weZU91wGzuIw2cQElg7f
Y4hmVl5HMZEyr01GG6Ya7CBQK3V23W5auIVwMMSsAnOOMFLrVXBhRKJEJe9WvAP0
uiSJtWOrNvh9unwfn/BbvQWdZindoNyT+IfXBLU6uCDxHhrJaFI9XFiz5gdoCAxl
KOJRrNNxHgk2hi89IajH3TycLjxVG5cEz2tOyCgMcQKBgQDkgubHDe8RPjoq8vUF
VzMX7Fzn5/BZUDzOJRm67ENaTo0+DeBA2MPYOwxho+XUj1Waa9OHTrOSfto5nbCe
4RD5lODck0l2iKwt3BcWfboQ6fhfDHINt0IPvhIY0CZMH0LXj4Ekovkk9nDVg80k
Vd+PU/pd3lv1Ui0MJOeOnv1ZBQKBgQDRlx4D/M56ta+8vlTtkKVjeiFqYp1vE2EI
SR/NNroSwWqSBwSJ4i3f1ta64paC5wD/me1ojwHWsV0MYhY4AMB8vXLXwVRR2rtb
SDhTYYFc/sKLQnnxPuiBCWz1KazhkVFAMmIsQLg7EfMOpmMOcf8B8DrgTxAq/PxO
XJpjnXy+GwKBgHWABfDG7m4cZEafZXRYkVI03NT2g7U5N/r8Qs3GHR/7kk8dTXmq
vJGcU1KFt3FkPq1H0p4ZzuZ+SfIkbqRTsKnVbwacycKkpnxyVoDfJ2T5GhitypvY
5qQ3pRCTP44W6QT0qoBPOPNTsVNpEXwkl+8YTH4mD30Gw1kiRNsmT7mNAoGANHut
9XupzMqQTigvJioRcD6V/YjiOX1Vz/hXsVCh+a5bXGPLfCeaKzImJTg2TmNAOcE2
1Pbyk+toDIDHZZCyosnh5ysvTSwDvJDyIdcJyNq2pp6n4IRLPny4vw+HjhiQiw3S
zZgLSidtgN6jcWuUWszoQWErAEjHeWvw8T7vjL8CgYArfA6o3iKmEP/K6hy0ivOF
8zsciOVfeMod9SSDCwH3NJ1j4tpYq85Xvb51ZvaHVZrPVOrbc9A7Aex8YIi1idM8
kSsy35Cyn9OZjkOZ8bH/O/jEtRau1AlT8nyFJRzg63/7eBxRvvJLT6Uy/B9dNGGM
4D36pSKZk4IEwR4E/NV4/A==
-----END PRIVATE KEY-----
EOF
