PS: 所有v p n的字樣全部屏蔽成了***了,真噁心
由於商業版的ssl***等設備價格較貴,不如開源的來的方便,且能自己能通過腳本來減輕自己的工作,只需要在企業內部搭建好服務器後,在出口防火牆做外網映射即可,具體的安裝步驟不介紹了。
本腳本包含自動新建賬號、證書併發送到用戶的郵箱中,用戶名以郵箱的前綴命名
daily=`date +%Y%m%d-%H%M`
confdir="/etc/open***/config"
#open***的配置目錄,該下面有server.crt ca.crt ca.key psw-file server.conf等文件
workdir="/home/appadm/open***-2.4.4" #open***解壓後的目錄,主要會用到easy-rsa/2.0下的目錄
userdir="/home/appadm/×××User" #將生成的用戶信息拷貝到該目錄下
adduser() {
##################賬號密碼創建#############
####if賬號不存在則新建,else返回已存在#####
read -p "Please input username need to be added: " acc
[email protected]
userchallpass=$usermail
if [[ ! -e $workdir/easy-rsa/2.0/keys/${acc}.crt ]];then
cd $workdir/easy-rsa/2.0/
./vars
sleep 2
source ./vars
sleep 2
############以下爲證書生成###############
expect -c "
spawn $workdir/easy-rsa/2.0/build-key $acc
expect {
\"*\" {send \"\r\"}
}
expect {
\"*\" {send \"\r\"}
}
expect {
\"*\" {send \"\r\"}
}
expect {
\"*\" {send \"\r\"}
}
expect {
\"*\" {send \"\r\"}
}
expect {
\"*\" {send \"\r\"}
}
expect {
\"*\" {send \"\r\"}
}
expect {
\"*\" {send \"$usermail\r\"}
}
expect {
\"*\" {send \"$userchallpass\r\"}
}
expect {
\"*\" {send \"\r\"}
}
expect {
\"*\" {send \"y\r\"}
}
expect {
\"*\" {send \"y\r\"}
}
expect {
\"*\" {send \"\r\"}
}
expect eof "
##########################################
mkdir -p $userdir/$acc
cd $workdir/easy-rsa/2.0/keys
cp ${acc}.crt ${acc}.key ta.key ca.crt $userdir/$acc
cp ${acc}.* $userdir/keys
cd $userdir
cp client.conf ./$acc/${acc}.o***
cd ./$acc
sed -i "s/cert client.crt/cert ${acc}.crt/g" ./$acc.o***
sed -i "s/key client.key/key ${acc}.key/g" ./$acc.o***
tar -zcvf ./${acc}.tar.gz ${acc}.crt ${acc}.key ${acc}.o*** ta.key ca.crt
echo -e "\033[32m Cert user $acc has been created \033[0m"
cp $confdir/psw-file $confdir/psw-file.bak
if [[ `cat $confdir/psw-file | grep "$acc"` == "" ]];then
accpass=`</dev/urandom tr -dc '!@#$%&'A-Za-z0-9 | head -c${1:-10};echo`
echo "$acc $accpass" >> $confdir/psw-file
fi
echo -e "\033[32m Now $acc userid and password has been generated \033[0m"
else
echo -e "\033[33m User $acc exists\033[0m"
fi
echo -e "Here is user's certificate:$userdir/$acc\n"
sleep 1
echo -e "Here is user's account and password:$confdir/psw-file\n"
##############以下爲open***賬號密碼證書以及客戶端自動發送##################################################
userpass=`more $confdir/psw-file | grep $acc | awk '{print $2}'`
to=$usermail
#to="[email protected]"
secr="[email protected]"
subject="$acc's open*** information"
body="Hello,your open*** account is: $acc,<br>and your password is: $userpass"
/app/comm/sendEmail-v1.56/sendEmail -f [email protected] -t "$to" -bcc "$secr" -s smtp.exmail.qq.com -u "$subject" \
-a "$userdir/$acc/$acc.tar.gz" "$userdir/open***-install-2.4.4-I601.exe" "$userdir/open***-readme.docx"\
-o message-content-type=html -o message-charset=utf8 -xu [email protected]
-xp "Sg5d_JE9xVDtPkdz" -m "$body" &>>/tmp/open***mail.log
########################################################################################################################
cd /home/appadm
./useforopen***.sh
}
#############################以下爲刪除用戶######################################################################################
deluser() {
read -p "Input the username want to delete: " deluser
cd $workdir/easy-rsa/2.0/
./vars
sleep 1
source ./vars
sleep 1
./revoke-full $deluser &>> /tmp/open***log.txt
sleep 2
if [[ `more /tmp/open***log.txt|grep "Already revoked"` != "" ]];then
echo -e "\033[31m Do nothing,user $deluser has been eliminated before\033[0m"
elif [[ `more /tmp/open***log.txt|grep "Error opening "$deluser".crt "$deluser".crt"` != "" ]];then
echo -e "\033[31m User $deluser not exist \033[0m"
else
cp $confdir/psw-file $confdir/psw-file.bak"$daily"
echo -e "\033[44;37m Now backup the lastest user account \033[0m"
sleep 1
sed -i "/^$deluser.*/d" $confdir/psw-file
echo -e "\033[44;37m Now delete use $deluser and password \033[0m"
sleep 1
cd $userdir
mv $deluser ./deleteuser
# cd $workdir/easy-rsa/2.0/keys
# mv "$deluser".* $workdir/user/deleteuser
echo -e "\033[44;37m User $deluser disappeared now\033[0m"
cd $confdir
./restartopen***.sh
fi
cd /home/appadm
./useforopen***.sh
}
################################################################
echo -e "
##########################################
### 1. create a new user ###
### 2. delete an unused user ###
### 3. exit ###
##########################################"
read -p "Input your choice: " choice
case $choice in
"1")
adduser
;;
"2")
deluser
;;
"3")
exit 0
;;
*)
echo "Usage $0 {1|2|3}"
;;
esac