pratik/server_init_harden
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added option (-hide) to hide credentials from screen

Browse Source
This commit is contained in:
Pratik
2019-02-11 22:13:58 +05:30
parent 31809f35ee
commit 14154db5dc
2 changed files with 47 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@@ -343,7 +343,7 @@ The logfile is located in /tmp/ directory - thus will be removed when server reb
- [ ] Update README - Add some screen captures
- [ ] Update README - Detail all the locations where backup files would be created
- [ ] Update README - Note that we never uninstall any software during restore operations
- [ ] New - Provide Flag - to NOT display credentials on screen (because - nosy neighbours)
- [x] New - Provide Flag - to NOT display credentials on screen (because - nosy neighbours)
- [x] New - Schedule daily system update downloads
- [ ] New - Enable LUKS (is it even worth it???)
- [ ] New - DNSCrypt

66
init-linux-harden.sh
View File

@@ -19,10 +19,11 @@ CGREEN="${CSI}1;32m"
##############################################################
# Usage
##############################################################
# Script takes arguments as follows
# server_init_harden -username pratik --resetrootpwd
# server_init_harden -u pratik --resetrootpwd
# server_init_harden -username pratik --resetrootpwd -q
# linux_init_harden -username pratik --resetrootpwd
# linux_init_harden -u pratik --resetrootpwd
# linux_init_harden -username pratik --resetrootpwd -q -hide
function usage() {
if [ -n "$1" ]; then
@@ -31,10 +32,11 @@ function usage() {
fi
echo "Usage: sudo bash $0 [-u|--username username] [-r|--resetrootpwd] [--defaultsourcelist]"
echo " -u, --username Username for your server (If omitted script will choose an username for you)"
echo " -r, --resetrootpwd Reset current root password"
echo " -d, --defaultsourcelist Updates /etc/apt/sources.list to download software from debian.org."
echo " NOTE - If you fail to update system after using it, you need to manually reset it. This script keeps a backup in the same folder."
echo " -u, --username Username for your server (If omitted script will choose an username for you)"
echo " -r, --resetrootpwd Reset current root password"
echo " -hide, --hide-credentials Credentials will hidden from the screen and can ONLY be found in the logfile (tail -n 20 logfile)"
echo " -d, --defaultsourcelist Updates /etc/apt/sources.list to download software from debian.org"
echo " NOTE - If you fail to update system after using it, you need to manually reset it. This script keeps a backup in the same folder"
echo ""
echo "Example: bash ./$SCRIPT_NAME.sh --username myuseraccount --resetrootpwd"
@@ -112,6 +114,7 @@ AUTO_GEN_USERNAME="y"
RESET_ROOT_PWD="n"
DEFAULT_SOURCE_LIST="n"
QUIET="n"
HIDE_CREDENTIALS="n"
while [[ "$#" -gt 0 ]]; do
case $1 in
@@ -144,6 +147,10 @@ while [[ "$#" -gt 0 ]]; do
QUIET="y"
shift
;;
-hide|--hide-credentials)
HIDE_CREDENTIALS="y"
shift
;;
-h|--help)
echo
usage
@@ -199,6 +206,10 @@ fi
if [[ "$RESET_ROOT_PWD" == "y" ]]; then
printf "%3s Reset root password\\n" " -" | tee -a "$LOGFILE"
fi
if [[ $HIDE_CREDENTIALS == "y" ]]; then
printf "%3s Credentials WILL NOT be displayed on screen\\n" " -" | tee -a "$LOGFILE"
printf "%3s Credentials can be found in the logfile ${LOGFILE}\\n" " -" | tee -a "$LOGFILE"
fi
if [[ "$QUIET" == "y" ]]; then
printf "%3s No prompt installation selected\\n\\n" " -" | tee -a "$LOGFILE"
fi
@@ -561,7 +572,7 @@ function finally(){
if [[ $CreateNonRootUser -eq 2 ]] &&
[[ $CreateSSHKey -eq 2 ]] &&
[[ $SecureAuthkeysfile -eq 2 ]] &&
[[ $ChangeSourceList -eq 2 ]] &&
[[ $ChangeSourceList -le 2 ]] && # Since 0 (NO-OP) is still success
[[ $InstallReqSoftwares -eq 2 ]] &&
[[ $ConfigureUFW -le 2 ]] && # Since 0 (NO-OP) is still success
[[ $ConfigureFail2Ban -le 2 ]] && # Since 0 (NO-OP) is still success
@@ -592,6 +603,11 @@ function finally(){
[[ $EnableSSHOnly -eq 3 ]]; then
return 1
else
file_log ""
file_log ""
file_log ""
file_log ""
line_fill "$CHORIZONTAL" "$CLINESIZE"
recap "User Name" "$CreateNonRootUser" "$NORM_USER_NAME"
recap "User's Password" "$CreateNonRootUser" "$USER_PASS"
@@ -628,6 +644,11 @@ function finally(){
revert_changes "$1"
echo
fi
if [[ $HIDE_CREDENTIALS == "y" ]]; then
center_reg_text "Issue the following command to see all credentials"
center_reg_text "tail -n 20 ${LOGFILE}"
fi
}
@@ -705,33 +726,38 @@ function recap (){
local value=$3
if [[ $status -eq 0 ]]; then
file_log "${purpose}: Did not start this operation. See log above."
echo "${purpose}: Did not start this operation. See log above." 2>> ${LOGFILE} >&2
value="[${CGREEN}--NO_OP--${CEND}]"
elif [[ $status -eq 2 ]]; then
file_log "${purpose}: ${value}"
echo "${purpose}: ${value}" 2>> ${LOGFILE} >&2
value="[${CGREEN}${value}${CEND}]"
elif [[ $status -eq 1 ]] || [[ $status -eq 3 ]]; then
file_log "${purpose}: ERROR. See log above."
echo "${purpose}: ERROR. See log above." 2>> ${LOGFILE} >&2
value="${CRED}--ERROR--${CEND}"
fi
horizontal_fill "$CVERTICAL" 1
printf "%23s:%3s%-54s" "$purpose" " " "$(echo -e "$value")"
line_fill "$CVERTICAL" 1
if [[ $HIDE_CREDENTIALS == "n" ]]; then
horizontal_fill "$CVERTICAL" 1
printf "%23s:%3s%-54s" "$purpose" " " "$(echo -e "$value")"
line_fill "$CVERTICAL" 1
fi
}
function recap_file_content(){
local file_type=$1
local file_location=$2
echo
center_reg_text "$file_type"
file_log "$file_type"
echo
printf "${CGREEN}"
cat "$file_location"
cat "$file_location" 2>> "$LOGFILE" >&2
printf "${CEND}"
if [[ $HIDE_CREDENTIALS == "n" ]]; then
echo
center_reg_text "$file_type"
echo
printf "${CGREEN}"
cat "$file_location"
printf "${CEND}"
fi
}
OP_TEXT=(