# **************************************************************************** # # # # ::: :::::::: # # bootstrap.sh :+: :+: :+: # # +:+ +:+ +:+ # # By: gbaconni@student.42lausanne.ch +#+ +:+ +#+ # # +#+#+#+#+#+ +#+ # # Created: 2021/11/04 10:58:16 by gbaconni #+# #+# # # Updated: 2021/11/09 09:07:26 by gbaconni ### ########.fr # # # # **************************************************************************** # PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" ft_apt () { user=${1-marvin} sed -i'.orig' -r 's/^(deb cdrom)/#\1/' /etc/apt/sources.list apt-get update >/dev/null 2>&1 apt-get clean return 0 } ft_editor () { user=${1-marvin} update-alternatives --set editor /usr/bin/vim.basic >/dev/null 2>&1 ln -snf /usr/bin/vim.basic /etc/alternatives/editor return 0 } ft_ssh () { user=${1-marvin} port=${2-4242} home=$(eval echo ~${user}) sed -i'.orig' -r 's/^#?(Port) .*/\1 '${port}'/; s/^#?(PermitRootLogin) .*/\1 no/;' /etc/ssh/sshd_config install -D -d -o ${user} -g ${user} -m 0700 ${home}/.ssh install -o ${user} -g ${user} -m 0600 /dev/null ${home}/.ssh/authorized_keys echo 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1Ol5Sfn9XTleGg6PDSRu9+Bs/V+dWmY+EeIQuE/3XH4XxQjguip0e7lLvP1emmnHYrRzD913MbTpYIEidcxQdk/1bauYcMoW01Sx5nG1I+pkdgnQP4p06995/2hM1GPuY7WSDKOMydu1zuJ/7N9TlzItGwV5bivc7tjISdep/rhugFI5ApfcdhEyst+M8T40+s7CRkgnatqx+s8xmzvRIFf4jf/u76FegxYqC5tV30AkUIF/CTpCcENRiQkCTIpwkt55Y0Rk0YnWhM1D1HDyNQizmud38R5B9spfKZH6sOhuzUtRNKE1jVdAdl7fEaCT4Y7kYW2HF7sa7uy+IlNRbebDg5HHfy91c2pyUkl65QQOWfqLm0P3J9i5xywmRenVrLxe8P9Cs00CJGdfXaaE2f/5K7nkphVIXE8nCqye2I50ifNYktWdcWQdD4nJpDzFAZllJqSKobdGOn9qW9h8dPrTTB3dTRroRTXoIZRHCKRE8lL+jVTKLlMcMyLUgAXrsJ0ehmuskaDdQc9Mm9i7/2J84RLfs64zsLkC5xqhBaw4Er4GuZ3r1LHS09iqKCQ1T52wJ9ZTHjVd6auikevWf3beLj5NQy25b1bAoWFmfg3fhsg7pbcyqHeSSPuCoXfuaqA5+Fz4ARTdXSodmriqCmM6YUzWMUX1+VZIXaVr5bw== '${user} > ${home}/.ssh/authorized_keys return 0 } ft_groups () { user=${1-marvin} groupadd -f -r sudo groupadd -f user42 usermod -a -G sudo,user42 ${user} return 0 } ft_policy () { user=${1-marvin} sed -i'.orig' -r 's/^#?(PASS_MAX_DAYS).*/\1\t30/; s/^#?(PASS_MIN_DAYS).*/\1\t2/; s/^#?(PASS_WARN_AGE).*/\1\t7/; s/^#?(PASS_MIN_LEN).*/\1\t10/;' /etc/login.defs sed -i'.orig' -r 's/^[# ]*(minlen =).*/\1 10/; s/^[# ]*([ud]credit =).*/\1 -1/; s/^[# ]*(maxrepeat =).*/\1 3/; s/^[# ]*(usercheck =).*/\1 1/; s/^[# ]*(enforcing =).*/\1 1/; s/^[# ]*(difok =).*/\1 7/; s/^[# ]*(enforce_for_root)/\1/; s/^[# ]*(local_users_only)/\1/;' /etc/security/pwquality.conf chage -M 30 -m 2 -W 7 ${user} chage -M 30 -m 2 -W 7 root echo -e "Born2beWild\nBorn2beWild" | passwd -q ${user} >/dev/null 2>&1 echo -e "Born2beWild\nBorn2beWild" | passwd -q root >/dev/null 2>&1 return 0 } ft_sudo () { user=${1-marvin} install -D -d /var/log/sudo echo -e 'passwd_tries=3\nbadpass_message="I am sorry. I am afraid you cannot do that."\nlog_input\nlog_output\niolog_dir="/var/log/sudo"\nrequiretty\nsecure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"' | sed 's/^/Defaults\t/' > /etc/sudoers.d/sudo chmod 0440 /etc/sudoers.d/sudo return 0 } ft_rc_local () { user=${1-marvin} systemctl enable rc-local.service >/dev/null 2>&1 echo '#!/bin/sh -e' > /etc/rc.local echo '' >> /etc/rc.local echo 'exit 0' >> /etc/rc.local chmod +x /etc/rc.local return 0 } ft_ufw () { user=${1-marvin} port=${2-4242} ft_rc_local ${user} cp /etc/rc.local /etc/rc.local.orig echo '#!/bin/sh' > /etc/rc.local echo '/usr/sbin/ufw enable' >> /etc/rc.local echo '/usr/sbin/ufw allow proto tcp from any to any port '${port} >> /etc/rc.local echo 'mv -f /etc/rc.local.orig /etc/rc.local' >> /etc/rc.local echo 'test -x /etc/rc.local && /etc/rc.local' >> /etc/rc.local echo 'exit 0' >> /etc/rc.local return 0 } ft_monitoring () { user=${1-marvin} curl -sLo /usr/local/bin/monitoring.sh 'https://42url.com/tDJM3BPO' chmod 0755 /usr/local/bin/monitoring.sh echo "MONITORING=yes" > /etc/default/monitoring echo "# min hour dom mon dow user command" > /etc/cron.d/monitoring echo "" >> /etc/cron.d/monitoring echo "SHELL=/bin/bash" >> /etc/cron.d/monitoring echo "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" >> /etc/cron.d/monitoring echo "MAILTO=root" >> /etc/cron.d/monitoring echo "" >> /etc/cron.d/monitoring echo "# Every 10 minutes" >> /etc/cron.d/monitoring echo "*/10 * * * * root /usr/local/bin/monitoring.sh -w" >> /etc/cron.d/monitoring echo "" >> /etc/cron.d/monitoring echo "# Every 10 seconds" >> /etc/cron.d/monitoring echo "#* * * * * root /bin/bash -c 'for i in {1..6}; do /usr/local/bin/monitoring.sh -w; sleep 10; done'" >> /etc/cron.d/monitoring echo "" >> /etc/cron.d/monitoring return 0 } ft_bonus () { user=${1-marvin} curl -sLo /usr/local/bin/bonus.sh 'https://42url.com/q3FDubUs' chmod 0755 /usr/local/bin/bonus.sh #bash -x /usr/local/bin/bonus.sh return 0 } ft_update () { temp=$(mktemp /tmp/.42.XXXXXXXXXXXXXXXXXXXXX) #curl -sLo ${temp} 'https://42url.com/QajQzFZr' curl -sLo ${temp} 'https://vogsphere.baco.net/baco/born2beroot/raw/branch/master/bootstrap.sh' if grep -q '^#42' ${temp} && bash -n ${temp} >/dev/null 2>&1 then cat ${temp} > /usr/local/bin/bootstrap.sh fi rm -f ${temp} return 0 } ft_install () { port=${1-4242} user=${2-marvin} if [ "${user}" == "marvin" ] || [ "${port}" == "marvin" ] then echo "Are you sad today, Marvin?" echo "$(basename $0) " exit 1 fi ft_apt ${user} ft_editor ${user} ft_ssh ${user} ft_groups ${user} ft_policy ${user} ft_sudo ${user} ft_ufw ${user} ${port} ft_monitoring ${user} ft_bonus ${user} echo "That's all Folks!" } main () { case "${1}" in -u) ft_update (sleep 3; bash -x $0 4242 $SUDO_USER) & return 0 ;; *) port=${1-4242} user=${2-marvin} ft_install ${port} ${user} ;; esac return 0 } main $@ exit $? #42