From 65a4d7ae986a6463c7d2615a9104352cba129d72 Mon Sep 17 00:00:00 2001
From: Pratik Tripathy <>
Date: Mon, 8 Sep 2025 15:36:29 +0530
Subject: [PATCH] feat: FreeBSD support for "root password reset" operation

- refactor: Operation logs moved from `main` to `reset_root_password`
- Always file-log command `output` and not only on operation error
---
 init-linux-harden.sh | 33 +++++++++++++++++----------------
 1 file changed, 17 insertions(+), 16 deletions(-)

diff --git a/init-linux-harden.sh b/init-linux-harden.sh
index e832b99..75a13e5 100755
--- a/init-linux-harden.sh
+++ b/init-linux-harden.sh
@@ -259,29 +259,31 @@ manage_service() {
 ###################################### OPERATIONS #########################################
 
 reset_root_password() {
+    console_log "INFO" "Resetting root password..."
     file_log "INFO" "Attempting to reset root password"
+
     ROOT_PASSWORD=$(head -c 12 /dev/urandom | base64 | tr -dc "[:alnum:]" | head -c 15)
 
-    # Change root password
-    output=$(printf "%s\n%s\n" "${ROOT_PASSWORD}" "${ROOT_PASSWORD}" | passwd root 2>&1)
+    if command -v pw >/dev/null 2>&1; then # FreeBSD
+        output=$(printf '%s\n' "$ROOT_PASSWORD" | pw usermod root -h 0 2>&1)
+        command_status=$?
+    else # Linux
+        output=$(printf "%s\n%s\n" "${ROOT_PASSWORD}" "${ROOT_PASSWORD}" | passwd root 2>&1)
+        command_status=$?
+    fi
+
+    file_log "INFO" "$output"
 
     # shellcheck disable=SC2181
-    if [ $? -ne 0 ]; then
+    if [ $command_status -ne 0 ]; then
         console_log "ERROR" "Failed to reset root password"
         file_log "ERROR" "Failed to reset root password"
-        if [ -n "$output" ]; then
-            file_log "ERROR" "passwd command output: $output"
-        fi
         return 1
+    else
+        console_log "SUCCESS" "Root password reset"
+        file_log "SUCCESS" "Root password reset"
+        log_credentials "New root password: $ROOT_PASSWORD"
     fi
-
-    if [ -n "$output" ]; then
-        file_log "INFO" "passwd command output: $output"
-    fi
-
-    log_credentials "New root password: $ROOT_PASSWORD"
-
-    return 0
 }
 
 revert_create_user() {
@@ -748,9 +750,8 @@ main() {
 
     # Step 1: Reset root password if requested
     if [ "$RESET_ROOT" = true ]; then
-        console_log "INFO" "Resetting root password..."
         reset_root_password
-        # Continue regardless of any errors
+        # Continue regardless of error
     fi
 
     # Step 2: Create new user