-
Notifications
You must be signed in to change notification settings - Fork 0
/
stackscript_123.sh
executable file
·171 lines (142 loc) · 4.32 KB
/
stackscript_123.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
#!/bin/bash
#
# System related utilities
#
# Copyright (c) 2010 Filip Wasilewski <[email protected]>.
#
# My ref: http://www.linode.com/?r=aadfce9845055011e00f0c6c9a5c01158c452deb
###########################################################
# LAST COPIED FROM LINODE : 13 SEPTEMBER 2012
###########################################################
function lower {
# helper function
echo $1 | tr '[:upper:]' '[:lower:]'
}
function system_add_user {
# system_add_user(username, password, groups, shell=/bin/bash)
USERNAME=`lower $1`
PASSWORD=$2
SUDO_GROUP=$3
SHELL=$4
if [ -z "$4" ]; then
SHELL="/bin/bash"
fi
useradd --create-home --shell "$SHELL" --user-group --groups "$SUDO_GROUP" "$USERNAME"
echo "$USERNAME:$PASSWORD" | chpasswd
}
function system_add_system_user {
# system_add_system_user(username, home, shell=/bin/bash)
USERNAME=`lower $1`
HOME_DIR=$2
SHELL=$3
if [ -z "$3" ]; then
SHELL="/bin/bash"
fi
useradd --system --create-home --home-dir "$HOME_DIR" --shell "$SHELL" --user-group $USERNAME
}
function system_lock_user {
# system_lock_user(username)
passwd -l "$1"
}
function system_get_user_home {
# system_get_user_home(username)
cat /etc/passwd | grep "^$1:" | cut --delimiter=":" -f6
}
function system_user_add_ssh_key {
# system_user_add_ssh_key(username, ssh_key)
USERNAME=`lower $1`
USER_HOME=`system_get_user_home "$USERNAME"`
sudo -u "$USERNAME" mkdir "$USER_HOME/.ssh"
sudo -u "$USERNAME" touch "$USER_HOME/.ssh/authorized_keys"
sudo -u "$USERNAME" echo "$2" >> "$USER_HOME/.ssh/authorized_keys"
chmod 0600 "$USER_HOME/.ssh/authorized_keys"
}
function system_sshd_edit_bool {
# system_sshd_edit_bool (param_name, "Yes"|"No")
VALUE=`lower $2`
if [ "$VALUE" == "yes" ] || [ "$VALUE" == "no" ]; then
sed -i "s/^#*\($1\).*/\1 $VALUE/" /etc/ssh/sshd_config
fi
}
function system_sshd_permitrootlogin {
system_sshd_edit_bool "PermitRootLogin" "$1"
}
function system_sshd_passwordauthentication {
system_sshd_edit_bool "PasswordAuthentication" "$1"
}
function system_update_hostname {
# system_update_hostname(system hostname)
if [ -z "$1" ]; then
echo "system_update_hostname() requires the system hostname as its first argument"
return 1;
fi
echo $1 > /etc/hostname
hostname -F /etc/hostname
echo -e "\n127.0.0.1 $1 $1.local\n" >> /etc/hosts
}
function system_security_logcheck {
aptitude -y install logcheck logcheck-database
# configure email
# start after setup
}
function system_security_fail2ban {
aptitude -y install fail2ban
}
function system_security_ufw_configure_basic {
# see https://help.ubuntu.com/community/UFW
ufw logging on
ufw default deny
ufw allow ssh/tcp
ufw limit ssh/tcp
ufw allow http/tcp
ufw allow https/tcp
ufw enable
}
function system_configure_private_network {
# system_configure_private_network(private_ip)
PRIVATE_IP=$1
NETMASK="255.255.128.0"
cat >>/etc/network/interfaces <<EOF
auto eth0:0
iface eth0:0 inet static
address $PRIVATE_IP
netmask $NETMASK
EOF
touch /tmp/restart_initd-networking
}
function restart_services {
# restarts upstart services that have a file in /tmp/needs-restart/
for service_name in $(ls /tmp/ | grep restart-* | cut -d- -f2-10); do
service $service_name restart
rm -f /tmp/restart-$service_name
done
}
function restart_initd_services {
# restarts upstart services that have a file in /tmp/needs-restart/
for service_name in $(ls /tmp/ | grep restart_initd-* | cut -d- -f2-10); do
/etc/init.d/$service_name restart
rm -f /tmp/restart_initd-$service_name
done
}
# Maintain for compatibility with scripts using this library for Ubuntu 10.04
function system_get_codename {
echo `lsb_release -sc`
}
function system_get_release {
echo `lsb_release -sr`
}
function system_sshd_pubkeyauthentication {
system_sshd_edit_bool "PubkeyAuthentication" "$1"
}
function system_update_locale_en_US_UTF_8 {
# locale-gen en_US.UTF-8
dpkg-reconfigure locales
update-locale LANG=en_US.UTF-8
}
function system_enable_universe {
sed -i 's/^#\(.*deb.*\) universe/\1 universe/' /etc/apt/sources.list
aptitude update
}
function system_security_ufw_install {
aptitude -y install ufw
}