Skip to content

Latest commit

 

History

History
 
 

cfgsystem

Use on your own risk, it can harm your system configuration files.

cfgsystem.so
------------

TransAPI module primarily intended for the Netopeer server, but in general
for libnetconf based NETCONF servers. The module should correctly work on
RHEL, SUSE and Debian based distros.

Install
~~~~~~~

$ ./configure
$ make
# make install

configure options:

--with-netopeer-confdir=DIR

  If you changed the sysconfdir of the Netopeer server, please reflect
  this change in this option. By default, the Netopeer server stores its
  configuration files in ${sysconfdir}/netopeer/ directory. Instead of the
  complete path, you can alternatively specify the sysconfdir value
  (--sysconfdir=DIR) in the same way as in case of the Netopeer server.

--with-[useradd|userdel|shutdown]=PATH

  On some distros (RHEL based) when a normal user builds (run configure)
  it is unable to detect, that these tools are available when you are
  root. Therefore, if configure cannot detect those tools, you can specify
  them manually. Otherwise, configure switches off the functionality of the
  cfgsystem that depends on that tools.

Functionality
~~~~~~~~~~~~~

This module implements ietf-system data model as defined in RFC 7317. It
implements only the folowing features of the data model:

- authentication - configuration of the user authentication by manipulating
  with the sshd_config of SSH daemon listening for the NETCONF connections
  and basic certificate management.
- local-users - configuration of local user authentication by manipulating
  with the /etc/passwd, /etc/shadow and ~/.ssh/authorized_keys files.
- ntp - configuration of usage NTP server(s) by manipulating with
  /etc/ntp.conf file and the ntp (or ntpd on RHEL based distros) service.
- timezone-name - allows timezone configuration using TZ database.

The module also allows configuration of
- DNS resolver by manipulating with the /etc/resolv.conf.

For the detailed description of content for the specific configuration
element, please read the RFC 7317.

!!environment variables:

cfgsystem relies on retrieving some information from the environment
variables exported by netopeer-server(8), namely:

SSHD_PID - PID number of the sshd process

File monitoring
~~~~~~~~~~~~~~~

4 files are monitored:

- /etc/passwd
- /etc/shadow
- /etc/ntp.conf
- /etc/resolv.conf

Any changes to these files outside this module are reflected in the running
configuration. However, no callbacks are called for these changes and it is
assumed that they were applied outside cfgsystem (some other application,
a user, e.c.).

cfgsystem-init
--------------

This small utility is able to load all the configurations managed by the
ietf-system model and store them as the startup configuration data for use
in the netopeer-server.

The tool is automatically used with 'make install' when the Netopeer server
(netopeer-manager(1)) is already installed, so after that you don't need to run
it manually.

Remember, that having empty startup datastore on netopeer-server startup with
the cfgsystem module enabled causes removing all current configuration settings
(NTP and DNS servers, users,...)!

Usage:
	./cfgsystem-init <cfgsystem's datastore path> <supported feature> ...