dropbear-initramfs 2017.75-3build1 / usr / share / initramfs-tools / scripts / init-bottom / dropbear

This file is indexed.

/usr/share/initramfs-tools/scripts/init-bottom/dropbear is in dropbear-initramfs 2017.75-3build1.

This file is owned by root:root, with mode 0o755.

The actual contents of the file can be viewed below. 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
#!/bin/sh

PREREQ=""

prereqs() {
	echo "$PREREQ"
}

case "$1" in
	prereqs)
		prereqs
		exit 0
	;;
esac

. /scripts/functions

# delete authorized_keys(5) file to forbid new SSH sessions
rm -f ~root/.ssh/authorized_keys

if PID="$(cat /run/dropbear.pid)" 2>/dev/null &&
        [ "$(readlink -f "/proc/$PID/exe")" = /sbin/dropbear ]; then
    log_begin_msg "Stopping dropbear"

    # Kill all process groups the leader of which is a child of the
    # dropbear process, i.e., SSH sessions and their sub processes
    # (busybox's kill doesn't accept multiple -PGID so we use a while loop)
    ps -o ppid= -o pid= -o pgid= | \
        sed -nr "s/^\s*$PID\s+([0-9]+)\s+\1\s*$/\1/p" | \
        while read pgid; do kill -TERM -"$pgid"; done

    # Kill remaining children (there shouldn't be any)
    ps -o ppid= -o pid= | \
        sed -nr "s/^\s*$PID\s+([0-9]+)\s*$/\1/p" | \
        while read pid; do kill -TERM "$pid"; done

    # NOTE: It's racy to kill dropbear after its children, as a new SSH
    # session could have been created in between.  However we don't care
    # about malicious race exploits (an attacker with a root shell could
    # just kill this script), so deleting root's authorized_keys(5) file
    # beforehand to forbid new SSH sessions should be good enough.

    kill -TERM "$PID"
    log_end_msg
fi


IFDOWN="*"
if grep -q ^DROPBEAR_IFDOWN= /conf/initramfs.conf; then
    # XXX backward compatibility; remove once Stretch is the current stable
    . /conf/initramfs.conf
    IFDOWN="$DROPBEAR_IFDOWN"
fi
if [ -e /etc/dropbear/config ]; then
    . /etc/dropbear/config
fi

if [ "$BOOT" != nfs ] && [ "$IFDOWN" != none ]; then
    for IFACE in /sys/class/net/$IFDOWN; do
        [ -e "$IFACE" ] || continue
        IFACE="${IFACE#/sys/class/net/}"
        log_begin_msg "Bringing down $IFACE"
        ip link    set   dev "$IFACE" down
        ip address flush dev "$IFACE"
        ip route   flush dev "$IFACE"
        log_end_msg
    done
fi

APT Browse - Built by Thomas Orozco.