baco/born2beroot
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Files
eb20a87072599f5cafebf927d47335ac1d642d2a
born2beroot/bootstrap.sh
gbaconni 702d2dc971 2021-11-07 23:30:51
2021-11-07 23:30:51 +01:00

152 lines
5.4 KiB
Bash
Executable File
Raw Blame History

# **************************************************************************** #
# #
# ::: :::::::: #
# bootstrap.sh :+: :+: :+: #
# +:+ +:+ +:+ #
# By: gbaconni@student.42lausanne.ch +#+ +:+ +#+ #
# +#+#+#+#+#+ +#+ #
# Created: 2021/11/04 10:58:16 by gbaconni #+# #+# #
# Updated: 2021/11/07 23:30:49 by gbaconni ### lausanne.ch #
# #
# **************************************************************************** #
PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
ft_apt ()
{
user=${1-marvin}
sed -i'.orig' -r 's/^(deb cdrom)/#\1/' /etc/apt/sources.list
apt-get update >/dev/null 2>&1
apt-get clean
return 0
}
ft_editor ()
{
user=${1-marvin}
update-alternatives --set editor /usr/bin/vim.basic >/dev/null 2>&1
ln -snf /usr/bin/vim.basic /etc/alternatives/editor
return 0
}
ft_ssh ()
{
user=${1-marvin}
port=${2-4242}
home=$(eval echo ~${user})
sed -i'.orig' -r 's/^#?(Port) .*/\1 '${port}'/; s/^#?(PermitRootLogin) .*/\1 no/;' /etc/ssh/sshd_config
install -D -d -o ${user} -g ${user} -m 0700 ${home}/.ssh
install -o ${user} -g ${user} -m 0600 /dev/null ${home}/.ssh/authorized_keys
echo 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1Ol5Sfn9XTleGg6PDSRu9+Bs/V+dWmY+EeIQuE/3XH4XxQjguip0e7lLvP1emmnHYrRzD913MbTpYIEidcxQdk/1bauYcMoW01Sx5nG1I+pkdgnQP4p06995/2hM1GPuY7WSDKOMydu1zuJ/7N9TlzItGwV5bivc7tjISdep/rhugFI5ApfcdhEyst+M8T40+s7CRkgnatqx+s8xmzvRIFf4jf/u76FegxYqC5tV30AkUIF/CTpCcENRiQkCTIpwkt55Y0Rk0YnWhM1D1HDyNQizmud38R5B9spfKZH6sOhuzUtRNKE1jVdAdl7fEaCT4Y7kYW2HF7sa7uy+IlNRbebDg5HHfy91c2pyUkl65QQOWfqLm0P3J9i5xywmRenVrLxe8P9Cs00CJGdfXaaE2f/5K7nkphVIXE8nCqye2I50ifNYktWdcWQdD4nJpDzFAZllJqSKobdGOn9qW9h8dPrTTB3dTRroRTXoIZRHCKRE8lL+jVTKLlMcMyLUgAXrsJ0ehmuskaDdQc9Mm9i7/2J84RLfs64zsLkC5xqhBaw4Er4GuZ3r1LHS09iqKCQ1T52wJ9ZTHjVd6auikevWf3beLj5NQy25b1bAoWFmfg3fhsg7pbcyqHeSSPuCoXfuaqA5+Fz4ARTdXSodmriqCmM6YUzWMUX1+VZIXaVr5bw== '${user} > ${home}/.ssh/authorized_keys
return 0
}
ft_groups ()
{
user=${1-marvin}
groupadd -f -r sudo
groupadd -f user42
usermod -a -G sudo,user42 ${user}
return 0
}
ft_policy ()
{
user=${1-marvin}
sed -i'.orig' -r 's/^#?(PASS_MAX_DAYS).*/\1\t30/; s/^#?(PASS_MIN_DAYS).*/\1\t2/; s/^#?(PASS_WARN_AGE).*/\1\t7/; s/^#?(PASS_MIN_LEN).*/\1\t10/;' /etc/login.defs
sed -i'.orig' -r 's/^[# ]*(minlen =)/\1 10/; s/^[# ]*([ud]credit =)/\1 -1/; s/^[# ]*(maxrepeat =)/\1 3/; s/^[# ]*(usercheck =)/\1 1/; s/^[# ]*(difok =)/\1 7/;' /etc/security/pwquality.conf
chage -M 30 -m 2 -W 7 ${user}
return 0
}
ft_sudo ()
{
user=${1-marvin}
install -D -d /var/log/sudo
echo -e 'passwd_tries=3\nbadpass_message="I am sorry. I am afraid you cannot do that."\nlog_input\nlog_output\niolog_dir="/var/log/sudo"\nrequiretty\nsecure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"' | sed 's/^/Defaults\t/' > /etc/sudoers.d/sudo
chmod 0440 /etc/sudoers.d/sudo
return 0
}
ft_rc_local ()
{
user=${1-marvin}
systemctl enable rc-local.service >/dev/null 2>&1
echo '#!/bin/sh -e' > /etc/rc.local
echo '' >> /etc/rc.local
echo 'exit 0' >> /etc/rc.local
chmod +x /etc/rc.local
return 0
}
ft_ufw ()
{
user=${1-marvin}
port=${2-4242}
ft_rc_local ${user}
cp /etc/rc.local /etc/rc.local.orig
echo '#!/bin/sh' > /etc/rc.local
echo '/usr/sbin/ufw enable' >> /etc/rc.local
echo '/usr/sbin/ufw allow proto tcp from any to any port '${port} >> /etc/rc.local
echo 'mv -f /etc/rc.local.orig /etc/rc.local' >> /etc/rc.local
echo 'test -x /etc/rc.local && /etc/rc.local' >> /etc/rc.local
echo 'exit 0' >> /etc/rc.local
return 0
}
ft_monitoring ()
{
user=${1-marvin}
curl -sLo /usr/local/bin/monitoring.sh 'https://42url.com/tDJM3BPO'
chmod 0755 /usr/local/bin/monitoring.sh
echo "MONITORING=yes" > /etc/default/monitoring
echo "# min hour dom mon dow user command" > /etc/cron.d/monitoring
echo "" >> /etc/cron.d/monitoring
echo "SHELL=/bin/bash" >> /etc/cron.d/monitoring
echo "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" >> /etc/cron.d/monitoring
echo "MAILTO=root" >> /etc/cron.d/monitoring
echo "" >> /etc/cron.d/monitoring
echo "# Every 10 minutes" >> /etc/cron.d/monitoring
echo "*/10 * * * * root /usr/local/bin/monitoring.sh -w" >> /etc/cron.d/monitoring
echo "" >> /etc/cron.d/monitoring
echo "# Every 10 seconds" >> /etc/cron.d/monitoring
echo "#* * * * * root /bin/bash -c 'for i in {1..6}; do /usr/local/bin/monitoring.sh -w; sleep 10; done'" >> /etc/cron.d/monitoring
echo "" >> /etc/cron.d/monitoring
return 0
}
ft_bonus ()
{
user=${1-marvin}
curl -sLo /usr/local/bin/bonus.sh 'https://42url.com/q3FDubUs'
chmod 0755 /usr/local/bin/bonus.sh
#bash -x /usr/local/bin/bonus.sh
return 0
}
main ()
{
port=${1-4242}
user=${2-marvin}
if [ "${user}" == "marvin" ] || [ "${port}" == "marvin" ]
then
echo "Are you sad today, Marvin?"
echo "$(basename $0) <port> <user>"
exit 1
fi
ft_apt ${user}
ft_editor ${user}
ft_ssh ${user}
ft_groups ${user}
ft_policy ${user}
ft_sudo ${user}
ft_ufw ${user} ${port}
ft_monitoring ${user}
ft_bonus ${user}
echo "That's all Folks!"
return 0
}
main $@
exit $?
Reference in New Issue View Git Blame Copy Permalink