Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Refactored to new approach of two scripts, local and remote with conf…
…iguration system
- Loading branch information
Brian Pontarelli
committed
May 3, 2016
1 parent
556e781
commit fd5eab5
Showing
8 changed files
with
150 additions
and
12 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1 +1,2 @@ | ||
.idea/workspace.xml | ||
output |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,43 @@ | ||
#!/usr/bin/env bash | ||
|
||
if [[ ${#} != 4 && ${#} != 5 ]]; then | ||
echo "Usage: setup-new-server.sh <root@host> <ssh-public-key-file> <iptable-config-file> <ordinary-username> [ordinary-user-password]" | ||
echo "" | ||
echo " for example: setup-new-server.sh root@192.168.1.1 ~/.ssh/id_rsa.pub output/iptables-application-server.cfg myuser password" | ||
echo "" | ||
echo " If the password is not specified, it will be input by the user interactively" | ||
exit 1 | ||
fi | ||
|
||
|
||
root_at_host=$1 | ||
ssh_key_file=$2 | ||
iptable_cfg_file=$3 | ||
ordinary_user=$4 | ||
|
||
ordinary_user_password="" | ||
ordinary_user_password_confirm="" | ||
if [[ ${#} == 5 ]]; then | ||
ordinary_user_password=$5 | ||
else | ||
while [[ ${ordinary_user_password} != ${ordinary_user_password_confirm} ]]; do | ||
echo -n "Password: " | ||
read -s ordinary_user_password | ||
echo -n "Password (again): " | ||
read -s ordinary_user_password_confirm | ||
if [[ ${ordinary_user_password} != ${ordinary_user_password_confirm} ]]; then | ||
echo "Passwords don't match" | ||
fi | ||
done | ||
fi | ||
|
||
if ! [ -f ${ssh_key_file} ]; then | ||
bail "Invalid SSH public key file" | ||
fi | ||
|
||
if ! [ -f ${iptable_cfg_file} ]; then | ||
bail "Invalid IPTables configuration file" | ||
fi | ||
|
||
scp output/* ${ssh_key_file} ${root_at_host}:/root | ||
ssh -t ${root_at_host} "/root/setup-new-server.sh ${ssh_key_file} ${iptable_cfg_file} ${ordinary_user} ${ordinary_user_password}" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,60 @@ | ||
#!/usr/bin/env bash | ||
|
||
if [[ ${#} != 4 ]]; then | ||
echo "Usage: setup-server.sh <ssh-public-key-file> <iptable-config-file> <ordinary-username> <ordinar-user-password>" | ||
echo "" | ||
echo " for example: setup-server.sh id_rsa.pub iptables-application-server.cfg myuser password" | ||
exit 1 | ||
fi | ||
|
||
ssh_key_file=$1 | ||
iptable_cfg_file=$2 | ||
ordinary_user=$3 | ||
ordinary_user_password=$4 | ||
|
||
if ! [ -f ${ssh_key_file} ]; then | ||
bail "Invalid SSH public key file" | ||
fi | ||
|
||
if ! [ -f ${iptable_cfg_file} ]; then | ||
bail "Invalid IPTables configuration file" | ||
fi | ||
|
||
apt-get -qq -y install libpam-cracklib > /dev/null 2>&1 | ||
apt-get -qq -y install libpam-google-authenticator > /dev/null 2>&1 | ||
apt-get -qq -y install ntp > /dev/null 2>&1 | ||
debconf-set-selections <<< 'iptables-persistent iptables-persistent/autosave_v4 boolean true' | ||
debconf-set-selections <<< 'iptables-persistent iptables-persistent/autosave_v6 boolean true' | ||
apt-get -qq -y install iptables-persistent > /dev/null 2>&1 | ||
apt-get -qq -y install monit > /dev/null 2>&1 | ||
apt-get -qq -y install ruby > /dev/null 2>&1 | ||
|
||
ordinary_user_password_encrypted=$(mkpasswd -m sha-512 ${ordinary_user_password}) | ||
useradd -m -G sudo -s /bin/bash -p "${ordinary_user_password_encrypted}" ${ordinary_user} | ||
mkdir -p /home/${ordinary_user}/.ssh | ||
cp ${ssh_key_file} /home/${ordinary_user}/.ssh/authorized_keys | ||
chown -R ${ordinary_user}:${ordinary_user} /home/${ordinary_user}/.ssh | ||
chmod 700 /home/${ordinary_user}/.ssh | ||
chmod 600 /home/${ordinary_user}/.ssh/authorized_keys | ||
|
||
# Backup all the configuration files | ||
cp /etc/ssh/sshd_config /etc/ssh/sshd_config.orig | ||
cp /etc/pam.d/sshd /etc/pam.d/sshd.orig | ||
cp /etc/iptables/rules.v4 /etc/iptables/rules.v4.orig | ||
cp /etc/monit/monitrc /etc/monit/monitrc.orig | ||
|
||
# SCP over all the files | ||
cp common-password /etc/pam.d/common-password | ||
cp ${iptable_cfg_file} /etc/iptables/rules.v4 | ||
cp monit-ssh-logins.cfg /etc/monit/conf.d/ssh-logins | ||
cp monitrc /etc/monit/monitrc | ||
cp sshd_config /etc/ssh/sshd_config | ||
cp sshd /etc/pam.d/sshd | ||
if [ -f monit-slack-pushover.rb ]; then | ||
cp monit-slack-pushover.rb /etc/monit/monit-slack-pushover.rb | ||
fi | ||
|
||
service ssh restart | ||
service netfilter-persistent reload | ||
service monit restart | ||
usermod -p '*' root |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
10.10.10.10 | ||
monit-alerts@test.com | ||
smtp.test.com | ||
587 | ||
smtp-username@test.com | ||
smtp-password | ||
tlsv12 | ||
y | ||
y | ||
https://hooks.slack.com/services/A0411FLaa/B004CKBBB/E7eeeea2a7a1U6EUhnIAus6z | ||
y | ||
pushover-app | ||
pushover-user |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
10.10.10.10 | ||
monit-alerts@test.com | ||
smtp.test.com | ||
587 | ||
smtp-username@test.com | ||
smtp-password | ||
tlsv12 | ||
n |