clean-ccd 1.13 KB
Newer Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
#!/bin/bash 

set -e

if [ -f /var/lib/openvpn-server/ca-store ]
then
  /usr/lib/openvpn-server/ovs-commands/mount-ca-store
    if [ $? = 1 ]
    then
            echo "ca-store mount failed"
            exit 1
    fi

fi

. /usr/share/openvpn-server/functions.sh
. /etc/openvpn-server/config.sh


cd /etc/openvpn/

22
23
if [ ! -d "$CCDREVOKEDDIR" ]; then
	mkdir "$CCDREVOKEDDIR"
24
25
26
27
fi

echo "Beginning ccd clean up..." 

28
for f in `ls "$CCDDIR"` ; do
29
30
31

	if grep -q "^R.*$f.*" /var/lib/openvpn-server/openssl/index.txt ; then 
		echo "$f moved"
32
		mv "$CCDDIR/$f" "$CCDREVOKEDDIR"
33
34
35
36
	fi 

done

37
echo "You can find moved files in $CCDREVOKEDDIR"
38
39
40
41
42
echo "" 

wtf=false
echo "Checking for ccd's without a valid key..."

43
for f in `ls "$CCDDIR"` ; do
44
45
46
47
48
49
50
51
52
53
54
55

	if ! grep -q "^V.*$f.*" /var/lib/openvpn-server/openssl/index.txt ; then 
		wtf=true
		echo "$f"
	fi 

done

if [ "$wtf" = true ] ; then
	echo "..wtfomgbbq!?! Son you've got a serious problem, the ccd file(s) above don't have a valid key nor are they revoked. Get it sorted will ya." 
else
	echo "...all good"
56
57
58
59

    create_shorewall_vars
    prompt_restart_shorewall

60
61
62
63
64
65
66
fi



/usr/lib/openvpn-server/ovs-commands/umount-ca-store