moon.sh

#!/bin/bash

function blue(){
  echo -e "\033[34m\033[01m$1\033[0m"
}
function green(){
  echo -e "\033[32m\033[01m$1\033[0m"
}
function red(){
  echo -e "\033[31m\033[01m$1\033[0m"
}
function version_lt(){
  test "$(echo "$@" | tr " " "\n" | sort -rV | head -n 1)" != "$1";
}

#copy from 秋水逸冰 ss scripts
if [[ -f /etc/redhat-release ]]; then
  release_os="centos"
elif cat /etc/issue | grep -Eqi "debian"; then
  release_os="debian"
elif cat /etc/issue | grep -Eqi "ubuntu"; then
  release_os="ubuntu"
elif cat /etc/issue | grep -Eqi "centos|red hat|redhat"; then
  release_os="centos"
elif cat /proc/version | grep -Eqi "debian"; then
  release_os="debian"
elif cat /proc/version | grep -Eqi "ubuntu"; then
  release_os="ubuntu"
elif cat /proc/version | grep -Eqi "centos|red hat|redhat"; then
  release_os="centos"
fi

if [ "$release_os" == "centos" ]; then
  systemPackage_os="yum"
elif [ "$release_os" == "ubuntu" ]; then
  systemPackage_os="apt"
elif [ "$release_os" == "debian" ]; then
  systemPackage_os="apt"
fi

#修改SSH端口号
function change_ssh_port(){
  cd
  declare -i port_num
  read -p "请输入新端口号(1024-65535):" port_num
  if [[ $port_num -ge 1024 && $port_num -le 65535 ]]; then
    green " 输入端口号正确，正在设置该端口号"
  else
    red "输入的端口号错误，请重新输入"
    unset port_num
    change_ssh_port
  fi
  grep -q "Port $port_num" /etc/ssh/sshd_config
  if [ $? -eq 0 ]; then
    red " 端口已经添加，请勿重复添加"
    return
  else
    sed -i "/Port 22/a\Port $port_num" /etc/ssh/sshd_config
    sed -i '/Port 22/s/^#//' /etc/ssh/sshd_config
    if [ "$release_os" == "centos" ]; then
      firewall-cmd --zone=public --add-port=$port_num/tcp --permanent
      firewall-cmd --reload
    elif [ "$release_os" == "ubuntu" ]; then
      ufw allow $port_num
      ufw reload
    fi
    #目前SELinux 支持三种模式，分别是enforcing：强制模式，permissive：宽容模式，disabled：关闭
    if [ -f "/etc/selinux/config" ]; then
      CHECK=$(grep SELINUX= /etc/selinux/config | grep -v "#")
      if [ "$CHECK" != "SELINUX=disabled" ]; then
        read -p "检测到SELinux开启状态，是否继续开启SElinux ?请输入 [Y/n] :" yn
        [ -z "${yn}" ] && yn="y"
        if [[ $yn == [Yy] ]]; then
          green "添加放行$port_num端口规则"
          $systemPackage_os -y install policycoreutils-python
          semanage port -a -t ssh_port_t -p tcp $port_num
        else
          if [ "$CHECK" == "SELINUX=enforcing" ]; then
            sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
          elif [ "$CHECK" == "SELINUX=permissive" ]; then
            sed -i 's/SELINUX=permissive/SELINUX=disabled/g' /etc/selinux/config
          fi
          red "======================================================================="
          red "关闭selinux后，必须重启VPS才能生效，再执行本脚本，即将在3秒后重启......"
          red "======================================================================="
          clear
          green "重启倒计时3s"
          sleep 1s
          clear
          green "重启倒计时2s"
          sleep 1s
          clear
          green "重启倒计时1s"
          sleep 1s
          clear
          green "重启中..."
          reboot
        fi
      fi
    fi
    systemctl restart sshd.service
    sleep 1s
    red " 稍后请使用修改好的端口连接SSH"
  fi
}

#关闭SSH默认22端口
function close_ssh_default_port(){
  cd
  grep -q "#Port 22" /etc/ssh/sshd_config
  if [ $? -eq 0 ]; then
    red " 端口22已被关闭，无需重复操作"
  else
    sed -i 's/Port 22/#Port 22/g' /etc/ssh/sshd_config
    if [ "$release_os" == "centos" ]; then
      firewall-cmd --reload
    elif [ "$release_os" == "ubuntu" ]; then
      ufw reload
    fi
    systemctl restart sshd.service
    green " 新端口连接成功后屏蔽原22端口成功"
  fi
}

#创建moon节点
function creat_moon(){
  blue "安装zerotier软件"
  curl -s https://install.zerotier.com/ | sudo bash
  blue "启动zerotier"
  systemctl start zerotier-one.service
  systemctl enable zerotier-one.service
  blue "将安装好ZeroTier的加入你事先注册好的ZeroTier虚拟局域网中"
  read -p "请输入你的ZeroTier虚拟局域网ID号：" you_net_ID
  zerotier-cli join $you_net_ID | grep OK
  if [ $? -eq 0 ]; then
    green "加入网络成功！请去zerotier管理页面，对加入的设备进行打钩"
    read -s -n1 -p "确认zerotier管理页面加入该moon节点后按任意键继续... "
    blue "搭建ZeroTier的Moon中转服务器，生成moon配置文件"
    cd /var/lib/zerotier-one/
    blue "生成moon.json文件并对其进行编辑"
    ip_addr=`curl ipv4.icanhazip.com`
    zerotier-idtool initmoon identity.public > moon.json
    if sed -i "s/\[\]/\[ \"$ip_addr\/9993\" \]/" moon.json >/dev/null 2>/dev/null; then
      green "编辑完成"
    else
      red "编辑出错"
    fi
    if [ "$release_os" == "centos" ]; then
      blue "防火墙开启zerotier默认udp端口9993"
      firewall-cmd --zone=public --add-port=9993/udp --permanent
      blue "防火墙重启"
      firewall-cmd --reload
    elif [ "$release_os" == "ubuntu" ]; then
      blue "防火墙开启zerotier默认udp端口9993"
      ufw allow 9993
      bule "防火墙重启"
      ufw reload
    fi
    blue "生成签名文件"
    zerotier-idtool genmoon moon.json
    blue "创建moons.d文件夹，并把签名文件移动到文件夹内"
    mkdir moons.d
    mv ./*.moon ./moons.d/
    blue "zerotier-one服务"
    systemctl restart zerotier-one
    green "moon节点创建完成"
    green "请记得将moons.d文件夹拷贝出来用于客户端的配置，路径/var/lib/zerotier-one/"
  else
    red "加入失败，请检查你的网络ID号有无错误"
  fi
}

#设置计划任务
function crontab_edit(){
  cd
  cat /etc/crontab
  read -p "请按照以上格式输入计划任务：" crontab_cmd
  rm -f /etc/crontab
  sleep 1s
  cat > /etc/crontab <<-EOF
SHELL=/bin/bash
PATH=/sbin:/bin:/usr/sbin:/usr/bin
MAILTO=root

# For details see man 4 crontabs

# Example of job definition:
# .---------------- minute (0 - 59)
# |  .------------- hour (0 - 23)
# |  |  .---------- day of month (1 - 31)
# |  |  |  .------- month (1 - 12) OR jan,feb,mar,apr ...
# |  |  |  |  .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat
# |  |  |  |  |
# *  *  *  *  * user-name  command to be executed

$crontab_cmd

EOF
  chmod +x /etc/crontab
  systemctl enable crond.service
  systemctl start crond.service
  crontab /etc/crontab
  systemctl reload crond.service
  systemctl status crond.service
  blue "编辑后的计划任务："
  echo
  crontab -l
}

#清除缓存
function del_cache(){
  cd
  green " 缓存已清除完毕"
  rm -f "$0"
}

#一键全自动安装
function auto_install(){
  read -p "是否关闭SSH默认22端口 ?请输入 [Y/n] :" yn
  [ -z "${yn}" ] && yn="y"
  if [[ $yn == [Yy] ]]; then
    close_ssh_default_port
    sleep 1s
  fi
  read -p "是否创建moon ?请输入 [Y/n] :" yn
  [ -z "${yn}" ] && yn="y"
  if [[ $yn == [Yy] ]]; then
    creat_moon
    sleep 1s
  fi
  read -p "是否设置计划任务 ?请输入 [Y/n] :" yn
  [ -z "${yn}" ] && yn="y"
  if [[ $yn == [Yy] ]]; then
    echo
    crontab_edit
    sleep 1s
  fi
  read -p "是否清除缓存 ?请输入 [Y/n] :" yn
  [ -z "${yn}" ] && yn="y"
  if [[ $yn == [Yy] ]]; then
    del_cache
  fi
}

#开始菜单
start_menu(){
  clear
  green " ======================================="
  green " 介绍："
  green " 一键zerotier虚拟局域网moon节点综合脚本"
  green " 一键配置计划任务、修改SSH端口"
  green " ======================================="
  echo
  green " 1. 修改SSH端口号"
  green " 2. 关闭SSH默认22端口"
  green " 3. 启动moon节点安装脚本"
  green " 4. 设置计划任务"
  green " 5. 清除缓存"
  green " 6. 全自动执行2-5"
  blue " 0. 退出脚本"
  echo
  read -p "请输入数字:" num
  case "$num" in
  1)
  change_ssh_port
  exit
  ;;
  2)
  close_ssh_default_port
  sleep 1s
  read -s -n1 -p "按任意键返回菜单 ... "
  start_menu
  ;;
  3)
  creat_moon
  sleep 1s
  read -s -n1 -p "按任意键返回上级菜单 ... "
  start_menu
  ;;
  4)
  crontab_edit
  sleep 1s
  read -s -n1 -p "按任意键返回菜单 ... "
  start_menu
  ;;
  5)
  del_cache
  ;;
  6)
  auto_install
  ;;
  0)
  exit 1
  ;;
  *)
  clear
  red "请输入正确数字"
  sleep 1s
  start_menu
  ;;
  esac
}

start_menu