From 12551a6bcdb0fa7915567db280073cb21de59a6c Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Thu, 7 Nov 2013 10:23:45 -0200 Subject: Use /etc/default/mumble-server for LD_PRELOAD ECDHE --- files/ecdhforce/mumble-server.Debian | 142 ++++------------------------------- 1 file changed, 13 insertions(+), 129 deletions(-) mode change 100755 => 100644 files/ecdhforce/mumble-server.Debian (limited to 'files/ecdhforce/mumble-server.Debian') diff --git a/files/ecdhforce/mumble-server.Debian b/files/ecdhforce/mumble-server.Debian old mode 100755 new mode 100644 index 61b6808..7c4f707 --- a/files/ecdhforce/mumble-server.Debian +++ b/files/ecdhforce/mumble-server.Debian @@ -1,133 +1,17 @@ -#! /bin/sh -# -### BEGIN INIT INFO -# Provides: mumble-server -# Required-Start: $network $local_fs $remote_fs dbus -# Required-Stop: $network $local_fs $remote_fs dbus -# Should-Start: $mysql -# Should-Stop: $mysql -# Default-Start: 2 3 4 5 -# Default-Stop: 0 1 6 -# Short-Description: Mumble VoIP Server -### END INIT INFO +# 0 = don't start, 1 = start +MURMUR_DAEMON_START=1 -PATH=/sbin:/bin:/usr/sbin:/usr/bin -NAME=mumble-server -DESC="Mumble VoIP Server" -PIDDIR=/var/run/$NAME -PIDFILE=$PIDDIR/$NAME.pid -DAEMON=/usr/sbin/murmurd -USER=mumble-server -GROUP=mumble-server - -test -x $DAEMON || exit 0 - -INIFILE=/etc/mumble-server.ini -DAEMON_OPTS="-ini $INIFILE" -MURMUR_DAEMON_START=0 +# 0 = don't use capabilities, 1 = start process as root and drop to non-privileged user +# If started as root, mumble will keep the CAP_NET_ADMIN privilege and drop +# all others. This allows it to set high-priority TOS on outgoing IP packets. MURMUR_USE_CAPABILITIES=0 -MURMUR_LIMIT_NOFILE=0 - -# ECDHE Perfect Forward Secrecy on the Murmur server via an LD_PRELOAD -# https://github.com/ultramancool/ecdhforce -STARTSTOP="LD_PRELOAD=/var/lib/mumble-server/ecdhforce/ecdhforce.so start-stop-daemon" -# Include murmur defaults if available -if [ -f /etc/default/$NAME ] ; then - . /etc/default/$NAME -fi +# This controls how many file descriptors the murmur process can open. +# As a rule of thumb, you should have about 20 descriptors per virtaul +# server and one for each client. So 30 servers with 20 clients each would +# need at least 720 descriptors (30 * 4 + 30 * 20). +# MURMUR_LIMIT_NOFILE=65536 -. /lib/init/vars.sh -. /lib/lsb/init-functions - -if [ "$MURMUR_LIMIT_NOFILE" -gt 0 ] ; then - ulimit -n $MURMUR_LIMIT_NOFILE -fi - -case "$1" in - start) - if [ "$MURMUR_DAEMON_START" != "1" ] ; then - log_warning_msg "Not starting $DESC $NAME, disabled via /etc/default/$NAME" - exit 0 - fi - [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME" - [ -d $PIDDIR ] || install -o $USER -d $PIDDIR - if [ "$MURMUR_USE_CAPABILITIES" != "1" ] ; then - $STARTSTOP --start --quiet \ - --pidfile $PIDFILE \ - --chuid $USER:$GROUP \ - --exec $DAEMON \ - -- $DAEMON_OPTS - else - $STARTSTOP --start --quiet \ - --pidfile $PIDFILE \ - --exec $DAEMON \ - -- $DAEMON_OPTS - fi - case "$?" in - 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; - 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; - esac - ;; - stop) - [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME" - $STARTSTOP --stop --quiet \ - --retry=TERM/30/KILL/5 \ - --pidfile $PIDFILE \ - --user $USER \ - --exec $DAEMON - case "$?" in - 0|1) rm -f $PIDFILE - [ "$VERBOSE" != no ] && log_end_msg 0 - ;; - 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; - esac - ;; - force-reload) - $STARTSTOP --stop --test --quiet \ - --pidfile $PIDFILE \ - --user $USER \ - --exec $DAEMON \ - && $0 restart || exit 0 - ;; - restart) - [ "$VERBOSE" != no ] && log_daemon_msg "Restarting $DESC" "$NAME" - $STARTSTOP --stop --quiet \ - --retry=TERM/30/KILL/5 \ - --pidfile $PIDFILE \ - --user $USER \ - --exec $DAEMON - case "$?" in - 0|1) - [ -d $PIDDIR ] || install -o $USER -d $PIDDIR - rm -f $PIDFILE - if [ "$MURMUR_USE_CAPABILITIES" != "1" ] ; then - $STARTSTOP --start --quiet \ - --pidfile $PIDFILE \ - --chuid $USER:$GROUP \ - --exec $DAEMON \ - -- $DAEMON_OPTS - else - $STARTSTOP --start --quiet \ - --pidfile $PIDFILE \ - --exec $DAEMON \ - -- $DAEMON_OPTS - fi - case "$?" in - 0) [ "$VERBOSE" != no ] && log_end_msg 0 ;; - *) [ "$VERBOSE" != no ] && log_end_msg 1 ;; - esac - ;; - *) - [ "$VERBOSE" != no ] && log_end_msg 0 - ;; - esac - ;; - *) - N=/etc/init.d/$NAME - echo "Usage: $N {start|stop|restart|force-reload}" >&2 - exit 3 - ;; -esac - -exit 0 +# ECDHE Perfect Forward Secrecy on the Murmur server via LD_PRELOAD +# https://github.com/ultramancool/ecdhforce +export LD_PRELOAD="/var/lib/mumble-server/ecdhforce/ecdhforce.so start-stop-daemon" -- cgit v1.2.3