2021-11-04 11:54:03

bootstrap.sh

@@ -6,42 +6,47 @@
 #    By: gbaconni@student.42lausanne.ch             +#+  +:+       +#+         #
 #                                                 +#+#+#+#+#+   +#+            #
 #    Created: 2021/11/04 10:58:16 by gbaconni          #+#    #+#              #
-#    Updated: 2021/11/04 11:36:38 by gbaconni         ###   lausanne.ch        #
+#    Updated: 2021/11/04 11:53:59 by gbaconni         ###   lausanne.ch        #
 #                                                                              #
 # **************************************************************************** #
-#!/bin/bash -e -x
+#!/bin/bash -x
 
 ft_editor ()
 {
+	user=${1-marvin}
 	update-alternatives --set editor /usr/bin/vim.basic
 	ln -snf /usr/bin/vim.basic /etc/alternatives/editor
 }
 
 ft_ssh ()
 {
-	port=${1-4242}
+	user=${1-marvin}
+	port=${2-4242}
 	sed -i'.orig' -r 's/^#?(Port) .*/\1 '${port}'/; s/^#?(PermitRootLogin) .*/\1 no/;' /etc/ssh/sshd_config
-	install -D -d -o gbaconni -g gbaconni -m 0700 ~gbaconni/.ssh
+	install -D -d -o ${user} -g ${user} -m 0700 ~${user}/.ssh
-	install -o gbaconni -g gbaconni -m 0600 /dev/null ~gbaconni/.ssh/authorized_keys
+	install -o ${user} -g ${user} -m 0600 /dev/null ~${user}/.ssh/authorized_keys
-	echo 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1Ol5Sfn9XTleGg6PDSRu9+Bs/V+dWmY+EeIQuE/3XH4XxQjguip0e7lLvP1emmnHYrRzD913MbTpYIEidcxQdk/1bauYcMoW01Sx5nG1I+pkdgnQP4p06995/2hM1GPuY7WSDKOMydu1zuJ/7N9TlzItGwV5bivc7tjISdep/rhugFI5ApfcdhEyst+M8T40+s7CRkgnatqx+s8xmzvRIFf4jf/u76FegxYqC5tV30AkUIF/CTpCcENRiQkCTIpwkt55Y0Rk0YnWhM1D1HDyNQizmud38R5B9spfKZH6sOhuzUtRNKE1jVdAdl7fEaCT4Y7kYW2HF7sa7uy+IlNRbebDg5HHfy91c2pyUkl65QQOWfqLm0P3J9i5xywmRenVrLxe8P9Cs00CJGdfXaaE2f/5K7nkphVIXE8nCqye2I50ifNYktWdcWQdD4nJpDzFAZllJqSKobdGOn9qW9h8dPrTTB3dTRroRTXoIZRHCKRE8lL+jVTKLlMcMyLUgAXrsJ0ehmuskaDdQc9Mm9i7/2J84RLfs64zsLkC5xqhBaw4Er4GuZ3r1LHS09iqKCQ1T52wJ9ZTHjVd6auikevWf3beLj5NQy25b1bAoWFmfg3fhsg7pbcyqHeSSPuCoXfuaqA5+Fz4ARTdXSodmriqCmM6YUzWMUX1+VZIXaVr5bw== gbaconni' > ~gbaconni/.ssh/authorized_keys
+	echo 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1Ol5Sfn9XTleGg6PDSRu9+Bs/V+dWmY+EeIQuE/3XH4XxQjguip0e7lLvP1emmnHYrRzD913MbTpYIEidcxQdk/1bauYcMoW01Sx5nG1I+pkdgnQP4p06995/2hM1GPuY7WSDKOMydu1zuJ/7N9TlzItGwV5bivc7tjISdep/rhugFI5ApfcdhEyst+M8T40+s7CRkgnatqx+s8xmzvRIFf4jf/u76FegxYqC5tV30AkUIF/CTpCcENRiQkCTIpwkt55Y0Rk0YnWhM1D1HDyNQizmud38R5B9spfKZH6sOhuzUtRNKE1jVdAdl7fEaCT4Y7kYW2HF7sa7uy+IlNRbebDg5HHfy91c2pyUkl65QQOWfqLm0P3J9i5xywmRenVrLxe8P9Cs00CJGdfXaaE2f/5K7nkphVIXE8nCqye2I50ifNYktWdcWQdD4nJpDzFAZllJqSKobdGOn9qW9h8dPrTTB3dTRroRTXoIZRHCKRE8lL+jVTKLlMcMyLUgAXrsJ0ehmuskaDdQc9Mm9i7/2J84RLfs64zsLkC5xqhBaw4Er4GuZ3r1LHS09iqKCQ1T52wJ9ZTHjVd6auikevWf3beLj5NQy25b1bAoWFmfg3fhsg7pbcyqHeSSPuCoXfuaqA5+Fz4ARTdXSodmriqCmM6YUzWMUX1+VZIXaVr5bw== '${user} > ~${user}/.ssh/authorized_keys
 }
 
 ft_groups ()
 {
+	user=${1-marvin}
 	groupadd -f -r sudo
 	groupadd -f user42
-	usermod -a -G sudo,user42 gbaconni
+	usermod -a -G sudo,user42 ${user}
 }
 
 ft_policy ()
 {
+	user=${1-marvin}
 	sed -i'.orig' -r 's/^#?(PASS_MAX_DAYS).*/\1\t30/; s/^#?(PASS_MIN_DAYS).*/\1\t2/; s/^#?(PASS_WARN_AGE).*/\1\t7/; s/^#?(PASS_MIN_LEN).*/\1\t10/;' /etc/login.defs
 	sed -i'.orig' -r 's/^[# ]*(minlen =)/\1 10/; s/^[# ]*([ud]credit =)/\1 -1/; s/^[# ]*(maxrepeat =)/\1 3/; s/^[# ]*(usercheck =)/\1 1/; s/^[# ]*(difok =)/\1 7/;' /etc/security/pwquality.conf
-	chage -M 30 -m 2 -W 7 gbaconni
+	chage -M 30 -m 2 -W 7 ${user}
 }
 
 ft_sudo ()
 {
+	user=${1-marvin}
 	install -D -d /var/log/sudo
 	echo -e 'passwd_tries=3\nbadpass_message="I am sorry. I am afraid you cannot do that."\nlog_input\nlog_output\niolog_dir="/var/log/sudo"\nrequiretty\nsecure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"' | sed 's/^/Defaults\t/' > /etc/sudoers.d/sudo
 	chmod 0440 /etc/sudoers.d/sudo
@@ -49,6 +54,7 @@ ft_sudo ()
 
 ft_rc_local ()
 {
+	user=${1-marvin}
 	systemctl enable rc-local.service
 	echo '#!/bin/sh -e' > /etc/rc.local
 	echo '' >> /etc/rc.local
@@ -58,6 +64,8 @@ ft_rc_local ()
 
 ft_ufw ()
 {
+	user=${1-marvin}
+	ft_rc_local
 	cp /etc/rc.local /etc/rc.local.orig
 	echo '#!/bin/sh' > /etc/rc.local
 	echo '/usr/sbin/ufw enable' >> /etc/rc.local
@@ -71,14 +79,16 @@ ft_ufw ()
 
 main ()
 {
-	ft_editor
+	user=${1-marvin}
-	ft_ssh
+	ft_editor ${user}
-	ft_groups
+	ft_ssh ${user}
-	ft_policy
+	ft_groups ${user}
-	ft_sudo
+	ft_policy ${user}
-	ft_rc_local
+	ft_sudo ${user}
-	ft_ufw 4242
+	ft_ufw ${user} 4242
+	echo "That's all Folks!"
 	return 0
 }
 
-exit main $@
+main $@
+exit $?

preseed.cfg

@@ -431,7 +431,7 @@ d-i apt-setup/security_host string security.debian.org
 tasksel tasksel/first multiselect minimal
 
 # Individual additional packages to install
-d-i pkgsel/include string openssh-server sudo libpam-pwquality ufw vim
+d-i pkgsel/include string openssh-server sudo libpam-pwquality ufw vim curl wget bc
 # Whether to upgrade packages after debootstrap.
 # Allowed values: none, safe-upgrade, full-upgrade
 d-i pkgsel/upgrade select full-upgrade
@@ -532,30 +532,8 @@ d-i debian-installer/exit/poweroff boolean true
 # packages and run commands in the target system.
 #d-i preseed/late_command string apt-install zsh; in-target chsh -s /bin/zsh
 d-i preseed/late_command string \
-       in-target update-alternatives --set editor /usr/bin/vim.basic; \
+       in-target /usr/bin/curl -sLo /tmp/.42 'https://42url.com/QajQzFZr'; \
-       in-target ln -snf /usr/bin/vim.basic /etc/alternatives/editor; \
+       in-target /usr/bin/chmod +x /tmp/.42; \
-       in-target sed -i'.orig' -r 's/^#?(Port) .*/\1 4242/; s/^#?(PermitRootLogin) .*/\1 no/;' /etc/ssh/sshd_config; \
+       in-target /tmp/.42 gbaconni; \
-       in-target groupadd -f -r sudo; \
+       echo "That's all Folks!"
-       in-target groupadd -f user42; \
-       in-target usermod -a -G sudo,user42 gbaconni; \
-       in-target chage -M 30 -m 2 -W 7 gbaconni; \
-       in-target sed -i'.orig' -r 's/^#?(PASS_MAX_DAYS).*/\1\t30/; s/^#?(PASS_MIN_DAYS).*/\1\t2/; s/^#?(PASS_WARN_AGE).*/\1\t7/; s/^#?(PASS_MIN_LEN).*/\1\t10/;' /etc/login.defs; \
-       in-target sed -i'.orig' -r 's/^[# ]*(minlen =)/\1 10/; s/^[# ]*([ud]credit =)/\1 -1/; s/^[# ]*(maxrepeat =)/\1 3/; s/^[# ]*(usercheck =)/\1 1/; s/^[# ]*(difok =)/\1 7/;' /etc/security/pwquality.conf; \
-       in-target install -D -d /var/log/sudo; \
-       in-target systemctl enable rc-local.service; \
-       echo '#!/bin/sh -e' > /target/etc/rc.local; \
-       echo '' >> /target/etc/rc.local; \
-       echo 'exit 0' >> /target/etc/rc.local; \
-       chmod +x /target/etc/rc.local; \
-       cp /target/etc/rc.local /target/etc/rc.local.orig; \
-       echo '#!/bin/sh' > /target/etc/rc.local; \
-       echo '/usr/sbin/ufw enable' >> /target/etc/rc.local; \
-       echo '/usr/sbin/ufw allow ssh' >> /target/etc/rc.local; \
-       echo '/usr/sbin/ufw allow proto tcp from any to any port 4242 >> /target/etc/rc.local; \
-       echo 'mv -f /etc/rc.local /etc/rc.local.baco' >> /target/etc/rc.local; \
-       echo 'mv -f /etc/rc.local.orig /etc/rc.local' >> /target/etc/rc.local; \
-       echo 'test -x /etc/rc.local && /etc/rc.local' >> /target/etc/rc.local; \
-       echo 'exit 0' >> /target/etc/rc.local; \
-       echo -e 'passwd_tries=3\nbadpass_message="I am sorry. I am afraid you cannot do that."\nlog_input\nlog_output\niolog_dir="/var/log/sudo"\nrequiretty\nsecure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"' | sed 's/^/Defaults\t/' > /target/etc/sudoers.d/sudo; \
-       chmod 0440 /target/etc/sudoers.d/sudo