#!/bin/sh
################################################################################
#
#  Author:        Ryan McLean
#  Copyright:     2014 (c) Ryan McLean
#  EMail:         ryan1_00@hotmail.com
#  Version:       0.6
#  Filename:      SSHProtocolUpdate.sh
#  Location:
#
#  Last Modified: 2014-05-26
#
#  Description:   Updates the SSH protocol version in the sshd config
#
#  Limitations:
#                 *
#
#  Workflow:
#                 * Iterate over Search Dirs
#                 * Iterate over filenames
#                 * if rollback look for backup and revert
#                 * if update backup and update config
#
#  Release Notes:
#                 * 2014-05-26 - v0.6
#                 ** Changed case statements to if..elif as SunOS didn't seem to be
#                 ** matching
#                 * 2014-05-23 - v0.5
#                 ** Updated "Update ()" to support multiple OSes
#                 * 2014-05-22 - v0.4
#                 ** Updated "Update ()" to use ascii octal codes for \t and \n to
#                    to handle AIX
#                 ** changed function calls to be SunOS compatible
#                 ** changed 'if [[ ]]' to 'if []' to be SunOS compatible
#                 ** changed '==' to '=' to be SunOS compatible
#                 ** changed 'grep -v -e "^#" -e "^$"' to 'egrep -v "^#|^$"' to be
#                    AIX compatible
#                 * 2014-05-14 - v0.3
#                 ** Updated "Update" to remove any Protocol line and then readd
#                 ** Adjustments made to restartssh ()
#                 * 2014-05-13 - v0.2
#                 ** Adjustments made to restartssh ()
#                 * 2014-04-30 - v0.1
#                 ** Initial Script
#
################################################################################

# Version
VERSION="0.6"

# Files and locations
SEARCHDIRS="/etc/ssh /usr/local/etc"
FILENAMES="sshd_config"

# Unique file extension
TIMESTAMP=`date +%Y%m%d%H%M%S`
BEXT="baksshv_"
OSFAM=`uname`

help () {
  echo "Change SSH Protocol v${VERSION}";
  echo "Usage:";
  echo "$(basename "$0") rollback|update [sshv#]";
  echo "$(basename "$0") rollback";
  echo "$(basename "$0") update 2";
  exit 1
}

update () {
  SSHPATH=$1
  FILENAME=$2

  echo "INFO: Moving  ${SSHPATH}/${FILENAME}  ${SSHPATH}/${FILENAME}.${BEXT}${TIMESTAMP}"
  mv ${SSHPATH}/${FILENAME} ${SSHPATH}/${FILENAME}.${BEXT}${TIMESTAMP}
  if [ $? -ne 0 ]; then
    echo "ERROR: Failed to backup ${SSHPATH}/${FILENAME}.${BEXT}${TIMESTAMP}"
    exit 1
  fi
  
  # Delete Protocol line then prepend new version to file,
  # this ensures that we do not end up with 2 protocol lines
  # and if one is not present it is added
  echo "INFO: Updating ${SSHPATH}/${FILENAME}"
  echo "Protocol ${SSHV}" > ${SSHPATH}/${FILENAME}
  if [ $? -ne 0 ]; then
    echo "ERROR: Failed to create new ${SSHPATH}/${FILENAME}"
    exit 1
  fi
  egrep -v "^#|^$" ${SSHPATH}/${FILENAME}.${BEXT}${TIMESTAMP} | \
    sed "/^[ $(echo '\011')]*Protocol.*/d" >> ${SSHPATH}/${FILENAME}
  if [ $? -ne 0 ]; then
    echo "ERROR: Failed to append to ${SSHPATH}/${FILENAME}"
    exit 1
  fi
}

rollback () {
  SSHPATH=$1
  FILENAME=$2

  if [ `ls -ltr ${SSHPATH} | grep -c "${FILENAME}.${BEXT}"` -gt 0 ]; then
    BFLIE=`ls -ltr ${SSHPATH} | grep "${FILENAME}.${BEXT}" | tail -n 1 | awk '{print $NF}'`
    echo "INFO: Backup found: ${BFLIE}"
    echo "INFO: Backup current config"
    mv ${SSHPATH}/${FILENAME} ${SSHPATH}/${FILENAME}.rollback_${TIMESTAMP}
    echo "INFO: Copy backup (${SSHPATH}/${BFLIE}) to current ${SSHPATH}/${FILENAME}"
    cp ${SSHPATH}/${BFLIE} ${SSHPATH}/${FILENAME}
  else
    echo "WARNING: Could not find backup of ${SSHPATH}/${FILENAME}"
  fi
}

restartSSH () {
  TIMEOUT=30
  if [ "${OSFAM}" = "AIX" ]; then  ### AIX
    echo "INFO: Restart (AIX)"
    stopsrc -g sshd
    startsrc -g sshd
  elif [ "${OSFAM}" = "Linux" ]; then  ### Linux
    echo "INFO: Restart (Linux)"
    /etc/init.d/sshd stop
    /etc/init.d/sshd start
  elif [ "${OSFAM}" = "SunOS" ]; then   ### SOLARIS
    ##### Starting #######
    echo "INFO: Restarting SSH (SunOS)"
    echo "INFO: Stopping SSH"
    /etc/init.d/sshd stop
    ### ensure SSH is dead
    i=${TIMEOUT}
    ps -ef | grep [s]shd | awk '{print $2}' | \
      while read sshdpid; do
        kill $sshdpid
        i=`expr ${i} - 1`
        if [ ${i} -eq 0 ]; then  # Prevents infinite loop
          break
        fi
      done
    echo "INFO: Starting SSH"
    /etc/init.d/sshd start
  else  ### ERROR
    echo "ERROR: No CASE ${OSFAM}"
    exit 1
  fi
}

main () {
  echo "INFO: System detected as ${OSFAM}"
  for SDIR in ${SEARCHDIRS};
  do
    echo "INFO: Searching for ${SDIR}" 
    if [ -d "${SDIR}" ]; then
      echo "INFO: Found dir ${SDIR}"
      for FNAME in ${FILENAMES};
      do
        echo "INFO: Searching for ${FNAME} in ${SDIR}"
        if [ -f "${SDIR}/${FNAME}" ]; then
          echo "INFO: Found file ${SDIR}/${FNAME}"
          if [ "${FUNC}" = "update" ]; then
            echo "INFO: Updating"
            update ${SDIR} ${FNAME}
          elif [ "${FUNC}" = "rollback" ]; then
            echo "INFO: rolling back"
            rollback ${SDIR} ${FNAME}
          else
            echo "ERROR: ${FUNC} does not exist "
            exit 1
          fi
        else
          echo "WARNING: ${SDIR}/${FNAME} does not exist"
        fi
      done
    else
      echo "WARNING: ${SDIR} does not exist"
    fi
  done
  restartSSH
}

if [ $# -lt 1 ] || [ $# -gt 2 ]; then
  help
  exit 1
fi

FUNC=$1
SSHV=$2


if [ "${FUNC}" != "update" ] && [ "${FUNC}"  != "rollback" ]; then
  help
  exit 1
fi


main