#!/bin/bash # CWP INSTALL APP TERMINAL yum -y update ca-certificates # NEW CODE # Use NVM for node.js installation management. Options are "y" or "n" DEFAULT = n usenvm=n # Version of Node.js to install. DEFAULT = 16.18.1 nodeversion=16.18.1 function getsystemnodeversion { if [ -e "/usr/bin/node" ]; then /usr/bin/node -v fi } function checkfornodejsrpm { yum list installed nodejs | grep nodejs } function currentnodefilepath { nvm which current } if [ "$usenvm" == "n" ]; then if [ -e "$HOME/.nvm" ]; then if [ -z "$(checkfornodejsrpm)" ]; then rm -f /usr/bin/node fi fi if [ ! -e "/usr/bin/node" ];then yum -y install nodejs --enablerepo=epel cd /root npm cache clean -f npm install -g n n stable PATH="$PATH" fi if [ ! -e "/usr/bin/npm" ];then yum -y install npm --enablerepo=epel cd /root fi elif [ "$usenvm" == "y" ]; then if [ ! -z "$(checkfornodejsrpm)" ]; then yum -y remove nodejs fi if [ -e "$HOME/.nvm" ];then export NVM_DIR="$HOME/.nvm" [ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh" # This loads nvm [ -s "$NVM_DIR/bash_completion" ] && \. "$NVM_DIR/bash_completion" # This loads nvm bash_completion nvm install $nodeversion nvm use $nodeversion if [ "$(getsystemnodeversion)" != "v$nodeversion" ]; then ln -sf $(currentnodefilepath) /usr/bin/node fi fi if [ ! -e "$HOME/.nvm" ]; then yum -y install curl curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.1/install.sh | bash export NVM_DIR="$HOME/.nvm" [ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh" # This loads nvm [ -s "$NVM_DIR/bash_completion" ] && \. "$NVM_DIR/bash_completion" # This loads nvm bash_completion nvm install "$nodeversion" nvm use $nodeversion ln -sf $(currentnodefilepath) /usr/bin/node fi fi # Old Code #yum -y install gcc-c++ make #npm install express pty.js --production #npm install --save express-ws --production #npm install node-pty --production #npm install socket.io --production #npm install xterm --production # NEW CODE gccversion=7 yum install -y yum-utils centos-release-scl yum-config-manager --disable centos-sclo-rh yum -y --enablerepo=centos-sclo-rh-testing install devtoolset-$gccversion-gcc devtoolset-$gccversion-gcc-c++ gccenvcheck=$(cat /etc/profile | grep devtoolset-$gccversion) if [ -z "$gccenvcheck" ]; then echo "source /opt/rh/devtoolset-$gccversion/enable" >> /etc/profile source /opt/rh/devtoolset-$gccversion/enable fi source /opt/rh/devtoolset-$gccversion/enable yum -y install python3 cd /root npm install express --omit=dev npm install --save express-ws --omit=dev npm install node-pty --omit=dev npm install socket.io --omit=dev npm install xterm --omit=dev cat > /root/server.js <= 1) { } else { if(iface.address!="127.0.0.1"){ if(ipActual==""){ ipActual=iface.address; } } } ++alias; }); }); app.use("/",express.static("./")); var keyFile=''; var certFile=''; if (fs.existsSync('/etc/pki/tls/private/hostname.key')) { keyFile='/etc/pki/tls/private/hostname.key'; }else{ keyFile='/etc/pki/tls/private/'+hostname_serv+'.key'; } if (fs.existsSync('/etc/pki/tls/certs/hostname.bundle')) { certFile='/etc/pki/tls/certs/hostname.bundle'; }else{ certFile='/etc/pki/tls/certs/'+hostname_serv+'.cert'; } const options = { key: fs.readFileSync(keyFile), cert: fs.readFileSync(certFile) }; var SOCKETFILE = '/root/terminal.sock'; if (fs.existsSync(SOCKETFILE)) { fs.unlink(SOCKETFILE, function(err){}); } var server = https.createServer(options,app).listen(SOCKETFILE); fs.chmodSync(SOCKETFILE, '600'); var io = require('socket.io')(server,{path:'/terminal/socket.io/'}); var Dtoken=''; io.on('connection', function(socket){ socket.auth = false; socket.on('authenticate', function(dataT){ fs.readFile(FILE_LOCATION, function (err, data) { if (err){ console.log("Not file"); socket.disconnect(); io.close(); }else{ fs.stat(FILE_LOCATION, function (err, stats) { Dtoken=dataT.token; console.log("Authenticated socket ", socket.id); socket.auth = true; var term = pty.spawn('bash', [], { cwd: '/root', cols: 125, rows: 45 }); term.on('data', function(data){ socket.emit('output', data); }); socket.on('input', function(data){ term.write(data); }); socket.on("disconnect", function(){ term.destroy(); process.exit(0); console.log("CWP Pro Terminal browser window was closed"); }); socket.on("resize", function(dataC){ var cols = parseInt(dataC.cols), rows = parseInt(dataC.rows); console.log(cols+" "+rows); term.resize(cols, rows); }); }); } }); }); }); EOF CHKTERMINAL=`grep terminal.sock /usr/local/cwpsrv/conf/cwp_services.conf` if [ -z "$CHKTERMINAL" ];then echo ' location ~ /terminal/socket.io/ { auth_pam "Secure Zone | root login required"; auth_pam_service_name "cwpadmin-auth"; # Header settings for application behind proxy proxy_set_header Host $host; # proxy_set_header X-NginX-Proxy true; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; # Proxy pass settings proxy_pass https://unix:/root/terminal.sock; # Proxy redirect settings proxy_redirect off; # HTTP version settings proxy_http_version 1.1; # Response buffering from proxied server default 1024m proxy_max_temp_file_size 0; # Proxy cache bypass define conditions under the response will not be taken from cache proxy_cache_bypass $http_upgrade; gzip on; gzip_proxied any; gzip_types *; }' >> /usr/local/cwpsrv/conf/cwp_services.conf fi if [ ! -e "/etc/pam.d/cwpadmin-auth" ];then cat > "/etc/pam.d/cwpadmin-auth" <