User is now warned in its terminal if needed

scripts/lfirewall

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/dash
 ### BEGIN INIT INFO
 # Provides:          firewall.sh
 # Required-Start:    $syslog $network
@@ -18,32 +18,41 @@
 # description: Activates/Deactivates the firewall at boot time
 #
 
-
 has_parent_process(){
-	echo "${1} ${2}"
 	local parent_to_search
+	local ppid
 	parent_to_search="${1:-}"
-	if [[ -z "${parent_to_search:-}" ]]
+	if [ -z "${parent_to_search:-}" ]
 	then
-		echo "ERROR: need parent process pid as first arg"
+		echo "ERROR: need parent process pid as first arg" >&2
 		return 5
 	fi
 	local pid
-	if [[ -z "${2:-}" ]]
+	pid="${2:-}"
+	if [ -z "${pid:-}" ]
 	then
 		pid=$$
-		#pid=$(ps --pid $$ -o ppid=  | xargs)
 	fi
-	if [[ $parent_to_search -eq $pid ]]
+	if [ $parent_to_search = $pid ]
 	then
-		echo $parent_to_search
-	else if [[ $pid -gt 0 ]]
+		echo ${parent_to_search}
+		return 0
+	else if [ $pid > 1 ]
 		then
-			parent_process_terminal ${parent_to_search} $(ps --pid ${pid} -o ppid=  | xargs)
+			ppid=$(ps --pid ${pid} -o ppid= | xargs)
+			if [ $ppid = $pid ]
+			then
+				echo "ERROR: pid=$pid is the same as ppid=$ppid" >&2
+				echo -1
+			else
+				has_parent_process ${parent_to_search} ${ppid}
+			fi
 		else
-			echo 0
+			echo "NOT FOUND: ${parent_to_search}" >&2
+			echo 1
 		fi
 	fi
+	return 1
 }
 
 find_pid_user_of(){
@@ -52,46 +61,46 @@ find_pid_user_of(){
 	lsof ${used_file} | awk 'NR>1 && $1 ~ /'${regex}'/ && !($2 in a){a[$2]++; print $2}'
 }
 
-echo "<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<"
-declare -g shell_pid=""
-declare -g systemctl_pid=""
+find_systemctl_pids(){
+	ps -elf | grep 'systemctl' | grep -v grep | awk '{print $13}' | sort -u | while read term
+	do
+		#echo "$term ---"
+		#lsof /dev/$term
+		#lsof -F 'cp' /dev/$term
+		#echo "$term >>>"
+		#lsof /dev/$term | awk 'NR>1 && $1 ~ /.*sh$/ && !($2 in a){a[$2]++; print $2}'
+		if [ -z "${shell_pid:-}" ]
+		then
+			shell_pid=$(find_pid_user_of /dev/$term '.*sh$')
+		fi
+		if [ -z "${systemctl_pid:-}" ]
+		then
+			systemctl_pid=$(find_pid_user_of /dev/$term 'systemctl')
+		fi
+		#echo "shell_pid=$shell_pid" >&2
+		#echo "systemctl_pid=$systemctl_pid" >&2
+		echo ${shell_pid} ${systemctl_pid}
+		#echo "TEST:$term" > /dev/$term
+	done
+}
 
+#echo "<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<"
+#declare -g shell_pid=""
+#declare -g systemctl_pid=""
 #ps -elf | grep 'systemctl' | grep -v grep | awk '{print $13}' | sort -u | while read term ; do echo "$term"; lsof /dev/$term ; echo "TEST:$term" > /dev/$term ; done
-ps -elf | grep 'systemctl' | grep -v grep | awk '{print $13}' | sort -u | while read term
-do
-	echo "$term ---"
-	lsof /dev/$term
-	lsof -F 'cp' /dev/$term
-	echo "$term >>>"
-	#lsof /dev/$term | awk 'NR>1 && $1 ~ /.*sh$/ && !($2 in a){a[$2]++; print $2}'
-	if [[ -z "${shell_pid:-}" ]]
-	then
-		shell_pid=$(find_pid_user_of /dev/$term '.*sh$')
-	fi
-	if [[ -z "${systemctl_pid:-}" ]]
-	then
-		systemctl_pid=$(find_pid_user_of /dev/$term 'systemctl')
-	fi
-	echo "shell_pid=$shell_pid"
-	echo "systemctl_pid=$systemctl_pid"
-	echo "TEST:$term" > /dev/$term
-done
-echo "shell_pid=$shell_pid"
-echo "systemctl_pid=$systemctl_pid"
-if [[ -z "${shell_pid:-}" ]]
+process_and_parent=`find_systemctl_pids`
+
+if has_parent_process ${process_and_parent}
 then
-	echo has_parent_process ${shell_pid} ${systemctl_pid}
-	has_parent_process ${shell_pid} ${systemctl_pid}
-else
-	echo "SHELL PID NOT FOUND"
+	shell_process=$(echo ${process_and_parent} | awk '{print $1}')
+	parent_term=`readlink /proc/${shell_process}/fd/2`
 fi
-echo "Parent terminal:"
-parent_process_terminal
-echo "SSH_TTY: $SSH_TTY"
-echo "<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<"
+
+echo "Parent terminal: ${parent_term}"
+#echo "<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<"
 
 
-set -euo pipefail
+set -eu #o pipefail
 
 help_message_lfirewall(){
 cat <<-EOF
@@ -129,7 +138,7 @@ EOF
 
 options=$(getopt -l "help,verbose,logging" -o "hvl" -- "$@")
 
-if [[ $? != 0 ]] ; then
+if [ $? != 0 ] ; then
 	help_message_lfirewall
 	exit 1
 fi
@@ -146,7 +155,7 @@ logging=" "
 
 while :
 do
-	if [[ ${verbose} = "1" ]] ; then
+	if [ ${verbose} = "1" ] ; then
 		echo "$@"
 	fi
 
@@ -157,11 +166,11 @@ do
 			;;
 		-v|--verbose)
 			verbose=$(( verbose + 1 ))
-			if [[ ${verbose} -gt 1 ]]
+			if [ ${verbose} -gt 1 ]
 			then
 				set -x
 			fi
-			if [[ ${verbose} -gt 2 ]]
+			if [ ${verbose} -gt 2 ]
 			then
 				set -v
 			fi
@@ -275,7 +284,7 @@ do_exec () {
 			echo "Nothing to be done for $1"
 		;;
 	esac
-	if [[ ${verbose} -ge 1 ]] ; then
+	if [ ${verbose} -ge 1 ] ; then
 		echo $IP_TABLES $iptables_option $*
 	fi
 	$IP_TABLES $iptables_option $*	
@@ -299,7 +308,7 @@ do_check () {
 		;;
 	esac
 	default_option=-C
-	if [[ ${verbose} -ge 1 ]] ; then
+	if [ ${verbose} -ge 1 ] ; then
 		echo $do_log "$the_action:" $IP_TABLES -C $*
 		echo $IP_TABLES -C $*
 	fi
@@ -411,7 +420,7 @@ fw_execute () {
 			$do_action $IPTABLES_ADD $IT_OUTPUT -p udp --dport ${PORT} -j ACCEPT
 		done
 	fi
-	if [[ "${ACTIVATE_LOGGING:-1}" = 1 ]]
+	if [ "${ACTIVATE_LOGGING:-1}" = 1 ]
 	then
 		# All other connections are registered in system log's backend
 		$do_action $IPTABLES_ADD $IT_INPUT -j LOG
@@ -438,13 +447,13 @@ fw_network_protection(){
 	# Other network protections
 	# (some will only work with some kernel versions)
 	#**************************************************************************#
-	if [[ "${ALLOW_IP_FORWARDING:-0}" = 0 ]]
+	if [ "${ALLOW_IP_FORWARDING:-0}" = 0 ]
 	then
 		echo 0 > /proc/sys/net/ipv4/ip_forward
 	else
 		echo 1 > /proc/sys/net/ipv4/ip_forward
 	fi
-	if [[ "${NETWORK_PROTECTION:-1}" = 1 ]]
+	if [ "${NETWORK_PROTECTION:-1}" = 1 ]
 	then
 		echo 1 > /proc/sys/net/ipv4/tcp_syncookies
 		echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
@@ -458,7 +467,7 @@ fw_network_protection(){
 }
 
 do_this(){
-    if [[ ${verbose} -ge 1 ]] ; then
+    if [ ${verbose} -ge 1 ] ; then
       echo $*
     fi
     $*
@@ -495,7 +504,7 @@ fw_restore_user(){
 do_delete () {
 	the_action=$1
 	shift
-	if [[ ${verbose} -gt 1 ]] ; then
+	if [ ${verbose} -gt 1 ] ; then
 		$do_log "Trying to delete:" $(translate_iptables_rule $IP_TABLES $the_action $*)
 	fi
 	case $the_action in
@@ -573,7 +582,7 @@ fw_clear () {
 ##########################
 
 fw_save () {
-	if [[ ${verbose} -ge 1 ]] ; then
+	if [ ${verbose} -ge 1 ] ; then
 	    echo "$IP_TABLES_SAVE > /etc/lfirewall/iptables.backup"
 	fi
 
@@ -584,7 +593,7 @@ fw_restore () {
 	fw_clear
 	BACKUP_FILE=/etc/lfirewall/iptables.backup
 	if [ -e $BACKUP_FILE ]; then
-	  if [[ ${verbose} -ge 1 ]] ; then
+	  if [ ${verbose} -ge 1 ] ; then
 	    echo "IP_TABLES_RESTORE > $BACKUP_FILE"
 	  fi
 
@@ -600,7 +609,7 @@ fw_test () {
 	wait $(jobs -p)
 }
 
-if [[ ${verbose} -gt 0 ]] ; then
+if [ ${verbose} -gt 0 ] ; then
 	do_log=log_action
 fi
 case "$1" in
@@ -650,6 +659,10 @@ case "$1" in
 		echo "Droping all connections !!!"
 		fw_dropall
 		echo "done."
+		if [ -n "${parent_term}" ]
+		then
+			exec 2>${parent_term}
+		fi
 		echo "###############################################################" >&2
 		echo "#                   IMPORTANT WARNING !!!                     #" >&2
 		echo "# From now any new SSH session or INPUT                       #" >&2