pratik/server_init_harden
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Refactoring

Browse Source
This commit is contained in:
Pratik
2019-02-12 22:52:50 +05:30
parent 14154db5dc
commit 70be73c547
2 changed files with 156 additions and 222 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@@ -318,7 +318,7 @@ This step contines from step 3 to harden our ssh login. Here, we edit */etc/ssh/
### 10. Display Summary ### 11. Display Summary
All the generated username, passwords, SSH Key location & SSH Keys themselves are displayed on the screen. All the generated username, passwords, SSH Key location & SSH Keys themselves are displayed on the screen.
This might not be desired (nosy neighbours), on future versions you might find option to NOT show the details on screen and find them from the log file. This might not be desired (nosy neighbours), on future versions you might find option to NOT show the details on screen and find them from the log file.

362
init-linux-harden.sh
View File

@@ -226,7 +226,7 @@ fi
############################################################## ##############################################################
# Error Handling # Op-tech & Utility Functions
############################################################## ##############################################################
OP_CODE=0 OP_CODE=0
@@ -247,6 +247,19 @@ ChangeRootPwd=0
ScheduleUpdate=0 ScheduleUpdate=0
EnableSSHOnly=0 EnableSSHOnly=0
OP_TEXT=(
"Creating new user" #0
"Creating SSH Key for new user" #1
"Securing 'authorized_keys' file" #2
"Enabling SSH-only login" #3
"Reset sources.list to defaults" #4
"Installing required softwares" #5
"Configure UFW" #6
"Configure Fail2Ban" #7
"Changing root password" #8
"Scheduling daily update download" #9
)
function set_op_code() { function set_op_code() {
if [[ $OP_CODE -eq 0 ]] && [[ $1 -gt 0 ]]; then if [[ $OP_CODE -eq 0 ]] && [[ $1 -gt 0 ]]; then
OP_CODE=$1 OP_CODE=$1
@@ -257,14 +270,15 @@ function reset_op_code(){
OP_CODE=0 OP_CODE=0
} }
function service_action_and_chk_error() { function update_event_status() {
local servicename=$1 local event
local serviceaction=$2 event=$(get_event_var_from_event "$1")
local servicemsg eval "$event"="$2"
}
servicemsg=$(service "$servicename" "$serviceaction" 2>&1) function get_event_status() {
file_log "$servicemsg" local event=get_event_var_from_event "$1"
return $(echo "$servicemsg" | grep -c 'ERROR') return ${!event}
} }
function get_event_var_from_event() { function get_event_var_from_event() {
@@ -305,17 +319,84 @@ function get_event_var_from_event() {
esac esac
} }
function update_event_status() { function service_action_and_chk_error() {
local event local servicename=$1
event=$(get_event_var_from_event "$1") local serviceaction=$2
eval "$event"="$2" local servicemsg
servicemsg=$(service "$servicename" "$serviceaction" 2>&1)
file_log "$servicemsg"
return $(echo "$servicemsg" | grep -c 'ERROR')
} }
function get_event_status() { function finally(){
local event=get_event_var_from_event "$1" if [[ $CreateNonRootUser -eq 2 ]] &&
return ${!event} [[ $CreateSSHKey -eq 2 ]] &&
[[ $SecureAuthkeysfile -eq 2 ]] &&
[[ $ChangeSourceList -le 2 ]] && # Since 0 (NO-OP) is still success
[[ $InstallReqSoftwares -eq 2 ]] &&
[[ $ConfigureUFW -le 2 ]] && # Since 0 (NO-OP) is still success
[[ $ConfigureFail2Ban -le 2 ]] && # Since 0 (NO-OP) is still success
[[ $ScheduleUpdate -eq 2 ]] &&
[[ $EnableSSHOnly -eq 2 ]]; then
echo
line_fill "$CHORIZONTAL" "$CLINESIZE"
line_fill "$CHORIZONTAL" "$CLINESIZE"
center_reg_text "ALL OPERATIONS COMPLETED SUCCESSFULLY"
fi
#Recap
file_log ""
file_log ""
file_log ""
file_log ""
line_fill "$CHORIZONTAL" "$CLINESIZE"
recap "User Name" "$CreateNonRootUser" "$NORM_USER_NAME"
recap "User's Password" "$CreateNonRootUser" "$USER_PASS"
recap "SSH Private Key File" "$CreateSSHKey" "$SSH_DIR"/"$NORM_USER_NAME".pem
recap "SSH Public Key File" "$CreateSSHKey" "$SSH_DIR"/"$NORM_USER_NAME".pem.pub
recap "SSH Key Passphrase" "$CreateSSHKey" "$KEY_PASS"
if [[ "$RESET_ROOT_PWD" == "y" ]]; then
recap "New root Password" "$ChangeRootPwd" "$PASS_ROOT"
fi
line_fill "$CHORIZONTAL" "$CLINESIZE"
recap_file_content "SSH Private Key" "$SSH_DIR"/"$NORM_USER_NAME".pem
recap_file_content "SSH Public Key" "$SSH_DIR"/"$NORM_USER_NAME".pem.pub
line_fill "$CHORIZONTAL" "$CLINESIZE"
center_reg_text "!!! DO NOT LOG OUT JUST YET !!!"
center_reg_text "Use another window to test out the above credentials"
center_reg_text "If you face issue logging in look at the log file to see what went wrong"
center_reg_text "Log file at ${LOGFILE}"
line_fill "$CHORIZONTAL" "$CLINESIZE"
echo
if [[ $ChangeSourceList -eq 3 ]] ||
[[ $InstallReqSoftwares -eq 3 ]] ||
[[ $ConfigureUFW -eq 3 ]] ||
[[ $ConfigureFail2Ban -eq 3 ]]
[[ $ScheduleUpdate -eq 3 ]] &&
[[ $ChangeRootPwd -eq 3 ]]; then
center_err_text "Some operations failed..."
center_err_text "These may NOT be catastrophic"
center_err_text "Please check $LOGFILE file for details"
echo
fi
if [[ $HIDE_CREDENTIALS == "y" ]]; then
center_reg_text "Issue the following command to see all credentials"
center_reg_text "tail -n 20 ${LOGFILE}"
fi
} }
##############################################################
# Error Handling
##############################################################
function revert_changes(){ function revert_changes(){
file_log "Starting revert operation..." file_log "Starting revert operation..."
@@ -568,24 +649,7 @@ function revert_ssh_only_login(){
fi fi
} }
function finally(){ function revert_everything_and_exit() {
if [[ $CreateNonRootUser -eq 2 ]] &&
[[ $CreateSSHKey -eq 2 ]] &&
[[ $SecureAuthkeysfile -eq 2 ]] &&
[[ $ChangeSourceList -le 2 ]] && # Since 0 (NO-OP) is still success
[[ $InstallReqSoftwares -eq 2 ]] &&
[[ $ConfigureUFW -le 2 ]] && # Since 0 (NO-OP) is still success
[[ $ConfigureFail2Ban -le 2 ]] && # Since 0 (NO-OP) is still success
[[ $ScheduleUpdate -eq 2 ]] &&
[[ $EnableSSHOnly -eq 2 ]]; then
echo
line_fill "$CHORIZONTAL" "$CLINESIZE"
line_fill "$CHORIZONTAL" "$CLINESIZE"
center_reg_text "ALL OPERATIONS COMPLETED SUCCESSFULLY"
fi
# If something failed - try to revert things back
if [[ "$#" -gt 0 ]]; then
echo echo
center_err_text "!!! ERROR OCCURED DURING OPERATION !!!" center_err_text "!!! ERROR OCCURED DURING OPERATION !!!"
center_err_text "!!! Reverting changes !!!" center_err_text "!!! Reverting changes !!!"
@@ -593,62 +657,7 @@ function finally(){
echo echo
revert_changes "$1" revert_changes "$1"
# If restoration failed - well you are f**ked exit 1;
fi
#Recap ONLY if NO IMPORTANT operations reverted
if [[ $CreateNonRootUser -eq 3 ]] ||
[[ $CreateSSHKey -eq 3 ]] ||
[[ $SecureAuthkeysfile -eq 3 ]] ||
[[ $EnableSSHOnly -eq 3 ]]; then
return 1
else
file_log ""
file_log ""
file_log ""
file_log ""
line_fill "$CHORIZONTAL" "$CLINESIZE"
recap "User Name" "$CreateNonRootUser" "$NORM_USER_NAME"
recap "User's Password" "$CreateNonRootUser" "$USER_PASS"
recap "SSH Private Key File" "$CreateSSHKey" "$SSH_DIR"/"$NORM_USER_NAME".pem
recap "SSH Public Key File" "$CreateSSHKey" "$SSH_DIR"/"$NORM_USER_NAME".pem.pub
recap "SSH Key Passphrase" "$CreateSSHKey" "$KEY_PASS"
if [[ "$RESET_ROOT_PWD" == "y" ]]; then
recap "New root Password" "$ChangeRootPwd" "$PASS_ROOT"
fi
line_fill "$CHORIZONTAL" "$CLINESIZE"
recap_file_content "SSH Private Key" "$SSH_DIR"/"$NORM_USER_NAME".pem
recap_file_content "SSH Public Key" "$SSH_DIR"/"$NORM_USER_NAME".pem.pub
line_fill "$CHORIZONTAL" "$CLINESIZE"
center_reg_text "!!! DO NOT LOG OUT JUST YET !!!"
center_reg_text "Use another window to test out the above credentials"
center_reg_text "If you face issue logging in look at the log file to see what went wrong"
center_reg_text "Log file at ${LOGFILE}"
line_fill "$CHORIZONTAL" "$CLINESIZE"
echo
fi
if [[ $ChangeSourceList -eq 3 ]] ||
[[ $InstallReqSoftwares -eq 3 ]] ||
[[ $ConfigureUFW -eq 3 ]] ||
[[ $ConfigureFail2Ban -eq 3 ]]
[[ $ScheduleUpdate -eq 3 ]] &&
[[ $ChangeRootPwd -eq 3 ]]; then
center_err_text "Some operations failed..."
center_err_text "These may NOT be catastrophic"
center_err_text "Please check $LOGFILE file for details"
revert_changes "$1"
echo
fi
if [[ $HIDE_CREDENTIALS == "y" ]]; then
center_reg_text "Issue the following command to see all credentials"
center_reg_text "tail -n 20 ${LOGFILE}"
fi
} }
@@ -760,27 +769,29 @@ function recap_file_content(){
fi fi
} }
OP_TEXT=(
"Creating new user" #0
"Creating SSH Key for new user" #1
"Securing 'authorized_keys' file" #2
"Enabling SSH-only login" #3
"Reset sources.list to defaults" #4
"Installing required softwares" #5
"Configure UFW" #6
"Configure Fail2Ban" #7
"Changing root password" #8
"Scheduling daily update download" #9
)
############################################################## ##############################################################
# Step 1 - Create non-root user # Step 1 - Create non-root user
############################################################## ##############################################################
function op_start() {
reset_op_code reset_op_code
update_event_status "${OP_TEXT[0]}" 1 update_event_status "$1" 1
op_log "${OP_TEXT[0]}" op_log "$1"
}
function op_end() {
if [[ $1 -eq 0 ]]; then
update_event_status "$2" 2
op_log "$2" "SUCCESSFUL"
else
reset_op_code
update_event_status "$2" 3
op_log "$2" "FAILED"
fi
}
op_start "${OP_TEXT[0]}"
{ {
if [[ $AUTO_GEN_USERNAME == 'y' ]]; then if [[ $AUTO_GEN_USERNAME == 'y' ]]; then
NORM_USER_NAME="$(< /dev/urandom tr -cd 'a-z' | head -c 6)""$(< /dev/urandom tr -cd '0-9' | head -c 2)" || exit 1 NORM_USER_NAME="$(< /dev/urandom tr -cd 'a-z' | head -c 6)""$(< /dev/urandom tr -cd '0-9' | head -c 2)" || exit 1
@@ -800,15 +811,9 @@ op_log "${OP_TEXT[0]}"
set_op_code $? set_op_code $?
} 2>> "$LOGFILE" >&2 } 2>> "$LOGFILE" >&2
if [[ $OP_CODE -eq 0 ]]; then op_end $OP_CODE "${OP_TEXT[0]}"
update_event_status "${OP_TEXT[0]}" 2 if [[ $OP_CODE -eq 3 ]]; then
op_log "${OP_TEXT[0]}" "SUCCESSFUL" revert_everything_and_exit "${OP_TEXT[0]}"
else
reset_op_code
update_event_status "${OP_TEXT[0]}" 3
op_log "${OP_TEXT[0]}" "FAILED"
finally "${OP_TEXT[0]}"
exit 1;
fi fi
@@ -816,9 +821,7 @@ fi
# Step 2 - Create SSH Key for the above new user # Step 2 - Create SSH Key for the above new user
############################################################## ##############################################################
reset_op_code op_start "${OP_TEXT[1]}"
update_event_status "${OP_TEXT[1]}" 1
op_log "${OP_TEXT[1]}"
{ {
SSH_DIR=/home/"$NORM_USER_NAME"/.ssh SSH_DIR=/home/"$NORM_USER_NAME"/.ssh
file_log "Creating SSH directory - $SSH_DIR" file_log "Creating SSH directory - $SSH_DIR"
@@ -840,16 +843,10 @@ op_log "${OP_TEXT[1]}"
set_op_code $? set_op_code $?
} 2>> "$LOGFILE" >&2 } 2>> "$LOGFILE" >&2
if [[ $OP_CODE -eq 0 ]]; then op_end $OP_CODE "${OP_TEXT[1]}"
update_event_status "${OP_TEXT[1]}" 2 if [[ $OP_CODE -eq 3 ]]; then
op_log "${OP_TEXT[1]}" "SUCCESSFUL"
else
reset_op_code
file_log "Creating SSH Key for new user failed." file_log "Creating SSH Key for new user failed."
update_event_status "${OP_TEXT[1]}" 3 revert_everything_and_exit "${OP_TEXT[1]}"
op_log "${OP_TEXT[1]}" "FAILED"
finally "${OP_TEXT[1]}"
exit 1;
fi fi
@@ -857,9 +854,7 @@ fi
# Step 3 - Secure authorized_keys file # Step 3 - Secure authorized_keys file
############################################################## ##############################################################
reset_op_code op_start "${OP_TEXT[2]}"
update_event_status "${OP_TEXT[2]}" 1
op_log "${OP_TEXT[2]}"
{ {
# Set appropriate permissions for ".ssh" dir and "authorized_key" file # Set appropriate permissions for ".ssh" dir and "authorized_key" file
file_log "Setting appropriate permissions for $SSH_DIR dir and $SSH_DIR/authorized_keys file" file_log "Setting appropriate permissions for $SSH_DIR dir and $SSH_DIR/authorized_keys file"
@@ -881,17 +876,11 @@ op_log "${OP_TEXT[2]}"
done done
} 2>> "$LOGFILE" >&2 } 2>> "$LOGFILE" >&2
if [[ $OP_CODE -eq 0 ]]; then op_end $OP_CODE "${OP_TEXT[2]}"
update_event_status "${OP_TEXT[2]}" 2 if [[ $OP_CODE -eq 3 ]]; then
op_log "${OP_TEXT[2]}" "SUCCESSFUL"
else
reset_op_code
file_log "Setting restrictive permissions for '~/.ssh/' directory failed" file_log "Setting restrictive permissions for '~/.ssh/' directory failed"
file_log "Please do 'ls -lAh ~/.ssh/' and check manually to see what went wrong." file_log "Please do 'ls -lAh ~/.ssh/' and check manually to see what went wrong."
update_event_status "${OP_TEXT[2]}" 3 revert_everything_and_exit "${OP_TEXT[2]}"
op_log "${OP_TEXT[2]}" "FAILED"
finally "${OP_TEXT[2]}"
exit 1
fi fi
@@ -901,9 +890,7 @@ fi
if [[ $DEFAULT_SOURCE_LIST = "y" ]]; then if [[ $DEFAULT_SOURCE_LIST = "y" ]]; then
# Low priority - But what to do if it fails??? # Low priority - But what to do if it fails???
reset_op_code op_start "${OP_TEXT[4]}"
update_event_status "${OP_TEXT[5]}" 1
op_log "${OP_TEXT[4]}"
{ {
file_log "Backing up /etc/apt/sources.list file to /etc/apt/sources.list${BACKUP_EXTENSION}" file_log "Backing up /etc/apt/sources.list file to /etc/apt/sources.list${BACKUP_EXTENSION}"
cp /etc/apt/sources.list /etc/apt/sources.list"${BACKUP_EXTENSION}" cp /etc/apt/sources.list /etc/apt/sources.list"${BACKUP_EXTENSION}"
@@ -978,13 +965,8 @@ UBUNTU
fi fi
} 2>> "$LOGFILE" >&2 } 2>> "$LOGFILE" >&2
if [[ $OP_CODE -eq 0 ]]; then op_end $OP_CODE "${OP_TEXT[4]}"
update_event_status "${OP_TEXT[4]}" 2 if [[ $OP_CODE -eq 3 ]]; then
op_log "${OP_TEXT[4]}" "SUCCESSFUL"
else
reset_op_code
update_event_status "${OP_TEXT[4]}" 3
op_log "${OP_TEXT[4]}" "FAILED"
revert_source_list_changes revert_source_list_changes
fi fi
fi fi
@@ -994,9 +976,7 @@ fi
# Step 5 - Install required softwares # Step 5 - Install required softwares
############################################################## ##############################################################
reset_op_code op_start "${OP_TEXT[5]}"
update_event_status "${OP_TEXT[5]}" 1
op_log "${OP_TEXT[5]}"
{ {
apt-get update apt-get update
export DEBIAN_FRONTEND=noninteractive ; apt-get upgrade -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" export DEBIAN_FRONTEND=noninteractive ; apt-get upgrade -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold"
@@ -1004,17 +984,11 @@ op_log "${OP_TEXT[5]}"
set_op_code $? set_op_code $?
} 2>> "$LOGFILE" >&2 } 2>> "$LOGFILE" >&2
if [[ $OP_CODE -eq 0 ]]; then op_end $OP_CODE "${OP_TEXT[5]}"
update_event_status "${OP_TEXT[5]}" 2 if [[ $OP_CODE -eq 3 ]]; then
op_log "${OP_TEXT[5]}" "SUCCESSFUL"
else
reset_op_code
update_event_status "${OP_TEXT[5]}" 3
op_log "${OP_TEXT[5]}" "FAILED"
revert_software_installs revert_software_installs
fi fi
############################################################## ##############################################################
# Step 6 - Configure UFW # Step 6 - Configure UFW
############################################################## ##############################################################
@@ -1024,9 +998,7 @@ ufw status 2>> /dev/null >&2
# Proceed only when UFW is installed # Proceed only when UFW is installed
if [[ $? -eq 0 ]]; then if [[ $? -eq 0 ]]; then
reset_op_code op_start "${OP_TEXT[6]}"
update_event_status "${OP_TEXT[6]}" 1
op_log "${OP_TEXT[6]}"
{ {
file_log "Setting ufw for ssh, http, https" file_log "Setting ufw for ssh, http, https"
ufw allow ssh && ufw allow http && ufw allow https ufw allow ssh && ufw allow http && ufw allow https
@@ -1037,13 +1009,8 @@ if [[ $? -eq 0 ]]; then
set_op_code $? set_op_code $?
} 2>> "$LOGFILE" >&2 } 2>> "$LOGFILE" >&2
if [[ $OP_CODE -eq 0 ]]; then op_end $OP_CODE "${OP_TEXT[6]}"
update_event_status "${OP_TEXT[6]}" 2 if [[ $OP_CODE -eq 3 ]]; then
op_log "${OP_TEXT[6]}" "SUCCESSFUL"
else
reset_op_code
update_event_status "${OP_TEXT[6]}" 3
op_log "${OP_TEXT[6]}" "FAILED"
revert_config_UFW revert_config_UFW
fi fi
else else
@@ -1058,9 +1025,7 @@ fi
# Proceed only when Fail2ban is installed # Proceed only when Fail2ban is installed
if [[ $(dpkg -l | grep -c fail2ban) -gt 0 ]]; then if [[ $(dpkg -l | grep -c fail2ban) -gt 0 ]]; then
reset_op_code op_start "${OP_TEXT[7]}"
update_event_status "${OP_TEXT[7]}" 1
op_log "${OP_TEXT[7]}"
{ {
if [[ -f /etc/fail2ban/jail.local ]]; then if [[ -f /etc/fail2ban/jail.local ]]; then
file_log "Backing up /etc/fail2ban/jail.local to /etc/fail2ban/jail.local${BACKUP_EXTENSION}" file_log "Backing up /etc/fail2ban/jail.local to /etc/fail2ban/jail.local${BACKUP_EXTENSION}"
@@ -1129,13 +1094,8 @@ FAIL2BAN
set_op_code $(service_action_and_chk_error "fail2ban" "start") set_op_code $(service_action_and_chk_error "fail2ban" "start")
} 2>> "$LOGFILE" >&2 } 2>> "$LOGFILE" >&2
if [[ $OP_CODE -eq 0 ]]; then op_end $OP_CODE "${OP_TEXT[7]}"
update_event_status "${OP_TEXT[7]}" 2 if [[ $OP_CODE -eq 3 ]]; then
op_log "${OP_TEXT[7]}" "SUCCESSFUL"
else
reset_op_code
update_event_status "${OP_TEXT[7]}" 3
op_log "${OP_TEXT[7]}" "FAILED"
revert_config_fail2ban revert_config_fail2ban
fi fi
else else
@@ -1148,10 +1108,7 @@ fi
# Step 8 - Schedule cron for daily system update # Step 8 - Schedule cron for daily system update
############################################################## ##############################################################
reset_op_code op_start "${OP_TEXT[9]}"
update_event_status "${OP_TEXT[9]}" 1
op_log "${OP_TEXT[9]}"
{ {
dailycron_filename=/etc/cron.daily/linux_init_harden_apt_update.sh dailycron_filename=/etc/cron.daily/linux_init_harden_apt_update.sh
@@ -1171,15 +1128,8 @@ op_log "${OP_TEXT[9]}"
fi fi
} 2>> "$LOGFILE" >&2 } 2>> "$LOGFILE" >&2
if [[ $OP_CODE -eq 0 ]]; then op_end $OP_CODE "${OP_TEXT[9]}"
update_event_status "${OP_TEXT[9]}" 2 if [[ $OP_CODE -eq 3 ]]; then
op_log "${OP_TEXT[9]}" "SUCCESSFUL"
file_log "NOTE - we only DOWNLOAD the updates"
file_log "\\t - to install use \"apt-get dist-upgrade\""
else
reset_op_code
update_event_status "${OP_TEXT[9]}" 3
op_log "${OP_TEXT[9]}" "FAILED"
revert_schedule_updates revert_schedule_updates
fi fi
@@ -1189,10 +1139,7 @@ fi
############################################################## ##############################################################
if [[ $RESET_ROOT_PWD == 'y' ]]; then if [[ $RESET_ROOT_PWD == 'y' ]]; then
op_start "${OP_TEXT[8]}"
reset_op_code
update_event_status "${OP_TEXT[8]}" 1
op_log "${OP_TEXT[8]}"
{ {
# Generate a 15 character random password # Generate a 15 character random password
file_log "Generating roots new password..." file_log "Generating roots new password..."
@@ -1207,13 +1154,8 @@ if [[ $RESET_ROOT_PWD == 'y' ]]; then
set_op_code $? set_op_code $?
} 2>> "$LOGFILE" >&2 } 2>> "$LOGFILE" >&2
if [[ $OP_CODE -eq 0 ]]; then op_end $OP_CODE "${OP_TEXT[8]}"
update_event_status "${OP_TEXT[8]}" 2 if [[ $OP_CODE -eq 3 ]]; then
op_log "${OP_TEXT[8]}" "SUCCESSFUL"
else
reset_op_code
update_event_status "${OP_TEXT[8]}" 3
op_log "${OP_TEXT[8]}" "FAILED"
revert_root_pass_change revert_root_pass_change
fi fi
fi fi
@@ -1300,9 +1242,7 @@ function set_config_key(){
fi fi
} }
reset_op_code op_start "${OP_TEXT[3]}"
update_event_status "${OP_TEXT[3]}" 1
op_log "${OP_TEXT[3]}"
{ {
# Backup the sshd_config file # Backup the sshd_config file
file_log "Backing up /etc/ssh/sshd_config file to /etc/ssh/sshd_config$BACKUP_EXTENSION" file_log "Backing up /etc/ssh/sshd_config file to /etc/ssh/sshd_config$BACKUP_EXTENSION"
@@ -1336,16 +1276,10 @@ op_log "${OP_TEXT[3]}"
} }
} 2>> "$LOGFILE" >&2 } 2>> "$LOGFILE" >&2
if [[ $OP_CODE -eq 0 ]]; then op_end $OP_CODE "${OP_TEXT[3]}"
update_event_status "${OP_TEXT[3]}" 2 if [[ $OP_CODE -eq 3 ]]; then
op_log "${OP_TEXT[3]}" "SUCCESSFUL"
else
reset_op_code
file_log "Enabling SSH-only login failed." file_log "Enabling SSH-only login failed."
update_event_status "${OP_TEXT[3]}" 3 revert_everything_and_exit "${OP_TEXT[3]}"
op_log "${OP_TEXT[3]}" "FAILED"
finally "${OP_TEXT[3]}"
exit 1;
fi fi