From dd4fc8d0b20716faf7049e6c2822cc9b10a1638e Mon Sep 17 00:00:00 2001 From: Claudio Maradonna Date: Fri, 31 Jul 2020 16:18:50 +0200 Subject: [PATCH] better setup script --- setup-remote-host.sh | 145 +++++++++++++++++++++++++++---------------- 1 file changed, 90 insertions(+), 55 deletions(-) diff --git a/setup-remote-host.sh b/setup-remote-host.sh index 5be7b43..efc9f52 100755 --- a/setup-remote-host.sh +++ b/setup-remote-host.sh @@ -1,81 +1,116 @@ #!/bin/bash -if [[ $EUID -ne 0 ]]; then - echo "This script must be run as root." - exit 1 +read -p "Did you run this script on the remote host? " -n 1 -r +echo +if [[ ! $REPLY =~ ^[Yy]$ ]] +then + echo "Please rerun this script on the remote host as root user." + [[ "$0" = "$BASH_SOURCE" ]] && exit 1 || return 1 fi -echo "OK: Root user detected." -echo "NEXT: Checking for apt-get executable." - -APT_GET_CMD=$(which apt-get) - -if [[ -z $APT_GET_CMD ]]; then - echo "No apt-get executable found. Exiting." - exit 1; +read -p "Did you setup various targets and adjusted configurations as described in README?" -n 1 -r +echo +if [[ ! $REPLY =~ ^[Yy]$ ]] +then + echo "Please read README and rerun this script." + [[ "$0" = "$BASH_SOURCE" ]] && exit 1 || return 1 fi -echo "OK: apt-get found." -echo "NEXT: Check and eventually install necessary packages." +REMOTE_USER="root" -REQUIRED_PKG="autossh" -PKG_OK=$(dpkg-query -W --showformat='${Status}\n' $REQUIRED_PKG|grep "install ok installed") +function check_if_running_as_root { + if [[ $EUID -ne 0 ]]; then + echo "This script must be run as root." + exit 1 + fi -echo Checking for $REQUIRED_PKG: $PKG_OK + echo "OK: Root user detected." +} -if [ "" = "$PKG_OK" ]; then - echo "No $REQUIRED_PKG. Setting up $REQUIRED_PKG." - apt-get --yes install $REQUIRED_PKG -fi +function check_necessary_packages { + echo "NEXT: Checking for valid package manager." -echo "NEXT: Check for existence of autossh dedicated user." + APT_GET_CMD=$(which apt-get) + YUM_CMD=$(which yum) -if [ ! id -u autossh >/dev/null 2>&1 ]; then - echo "The user is missing so we will create for you." - useradd -m -s /bin/false autossh -fi + if [[ ! -z $APT_GET_CMD ]]; then + echo "OK: apt-get found." + apt-get --yes install autossh + elif [[ ! -z $YUM_CMD ]]; then + echo "OK: yum found." + yum install autossh + else + echo "No valid package manager found. Exiting." + exit 1; + fi -if [ ! id -u autossh >/dev/null 2>&1 ]; then - echo "There are some problems with user creation. Exiting." - exit 1; -fi + echo "OK: Autossh installed" +} -echo "NEXT: Setup autossh home." +function check_for_autossh_user { + echo "NEXT: Check for existence of autossh dedicated user." -mkdir -p "/home/autossh/.ssh" -touch -a /home/autossh/.ssh/authorized_keys + if [ ! id -u autossh >/dev/null 2>&1 ]; then + echo "The user is missing so we will create for you." + useradd -m -s /bin/false autossh + fi -if [ ! -s authorized_keys ]; then - echo "WARNING: authorized_keys in setup folder seems empty so you should manually setup host authorized_keys or rerun this script." -fi -cat authorized_keys >> /home/autossh/.ssh/authorized_keys + if [ ! id -u autossh >/dev/null 2>&1 ]; then + echo "There are some problems with user creation. Exiting." + exit 1; + fi +} -echo "OK: Files and content ready." -echo "NEXT: Setup file and folder permissions." +function adjust_ssh_folder_for { + homedir=$( getent passwd $REMOTE_USER | cut -d: -f6 ) -chown -R autossh:autossh /home/autossh/.ssh -chmod 700 /home/autossh/.ssh -chmod 600 /home/autossh/.ssh/authorized_keys + echo "NEXT: Setup ${1} home: ${homedir}." -echo "OK: File and folder permissions setup." -echo "NEXT: Checking for systemd." + mkdir -p "${homedir}/.ssh" + touch -a $homedir/.ssh/authorized_keys -SYSTEMCTL_CMD=$(which systemctl) -if [[ ! -z $SYSTEMCTL_CMD ]]; then - echo "NEXT: Copy targets into /etc/default." + if [ ! -s authorized_keys ]; then + echo "WARNING: authorized_keys in setup folder seems empty so you should manually setup host authorized_keys or rerun this script." + fi + cat authorized_keys >> $homedir/.ssh/authorized_keys - cp -n targets/* /etc/default/ + echo "OK: Files and content ready." + echo "NEXT: Setup file and folder permissions." - echo "OK: Targets copied." - echo "NEXT: Setup systemd service." + chown -R $1:$1 $homedir/.ssh + chmod 700 $homedir/.ssh + chmod 600 $homedir/.ssh/authorized_keys - cp secure-tunnel@.service /etc/systemd/system/ - systemctl daemon-reload + echo "OK: File and folder permissions setup." +} - echo "OK: Systemd service created." -else - echo "WARNING: No systemd installation found. You should manually setup an autossh service to keep tunnel alive." -fi +function setup_systemd_service_if_available { + echo "NEXT: Checking for systemd." + + SYSTEMCTL_CMD=$(which systemctl) + if [[ ! -z $SYSTEMCTL_CMD ]]; then + echo "NEXT: Copy targets into /etc/default." + + cp -n targets/* /etc/default/ + + echo "OK: Targets copied." + echo "NEXT: Setup systemd service." + + cp secure-tunnel@.service /etc/systemd/system/ + systemctl daemon-reload + + echo "OK: Systemd service created." + else + echo "WARNING: No systemd installation found. You should manually setup an autossh service to keep tunnel alive." + fi +} + +check_if_running_as_root +check_necessary_packages +check_for_autossh_user + +adjust_ssh_folder_for ${REMOTE_USER} +setup_systemd_service_if_available echo "All done. What you need to do now:\n" echo "- generate an ssh keypair with ssh-keygen for user autossh and push signature to the jump server"