Added only-create-user flag to stop execution after creating the user

Display script execution duration
2019-02-14 03:46:18 +05:30
parent 914ac35cb2
commit 9e2dfc4bd1
2 changed files with 43 additions and 17 deletions
--- a/README.md
+++ b/README.md
@@ -52,15 +52,18 @@ Run the script with below option to see all available options:-
 ```console
 root@host:~# bash <(wget -q https://raw.githubusercontent.com/pratiktri/server_init_harden/master/init-linux-harden.sh -O -) --help

-Usage: sudo bash /dev/fd/63 [-u|--username username] [-r|--resetrootpwd] [--defaultsourcelist]
-  -u,    --username              Username for your server (If omitted script will choose an username for you)
-  -r,    --resetrootpwd          Reset current root password
-  -hide, --hide-credentials      Credentials will hidden from the screen and can ONLY be found in the logfile (tail -n 20 /tmp/logfilename)
-  -d,    --defaultsourcelist     Updates /etc/apt/sources.list to download software from debian.org
+Usage: sudo bash $0 [-u|--username username] [-r|--resetrootpwd] [--defaultsourcelist]
+  -u,     --username              Username for your server (If omitted script will choose an username for you)
+  -r,     --resetrootpwd          Reset current root password
+  -hide,  --hide-credentials      Credentials will hidden from screen and can ONLY be found in the logfile
+                                  eg - tail -n 20 logfile
+  -d,     --defaultsourcelist     Updates /etc/apt/sources.list to download software from debian.org
+  -ou,    --only-create-user      Only creates the user and its SSH authorizations
+                                  NOTE: -r, -d would be ignored

 Example: bash ./linux_init_harden.sh --username myuseraccount --resetrootpwd

-Below restrictions apply to username this script accepts - 
+Below restrictions apply to usernames - 
   - [a-zA-Z0-9] [-] [_] are allowed
   - NO special characters.
   - NO spaces.
@@ -363,7 +366,7 @@ Ans - NO.
 > 
 >    An operation is _idempotent_ if the result of performing it once is exactly the same as the result of performing it repeatedly without any intervening actions.

-Q - How so?
+Q - Why is it not idempotent?

 Ans - We take backup of the file which stays on your server after operations. After taking back up of the file - __script sometimes comments out older configuration__. This is specifically true for [Step 4](https://github.com/pratiktri/init-li-harden#4-optionally-reset-the-url--for-apt-repo-from-vps-provided-cdn-to-os-provided-ones "Goto details of the step") where we comment out older configurations and append new ones to the end of the file. Also, for the SSH configuration file (/etc/ssh/sshd_conf) where we comment out the line of configuration and add the new configuration below the commented out line. So, if we re-run the script multiple times, those changes would compound as listed below. 

@@ -431,7 +434,7 @@ root@host:~# wget -q https://raw.githubusercontent.com/pratiktri/server_init_har
 ## Todo

 ### Bug fixes
- [x] ~~On successful restoration - delete the bkp files~~ (Abandoned - as it could be counter productive)
+- [x] ~~On successful restoration - delete the bkp files~~ (Abandoned - as it could be counter-productive)
 - [x] Investigate Warning - Ignoring file 'hetzner-mirror.list.29_01_2019-19_31_03_bak' in directory '/etc/apt/sources.list.d/' as it has an invalid filename extension
 - [x] What to do if creating .bkp file fails? Ans - fail that entire step
 - [x] Step 6 & 7 - Instead of checking if installation was successful or not - check if the the software we need is installed or not
@@ -441,12 +444,12 @@ root@host:~# wget -q https://raw.githubusercontent.com/pratiktri/server_init_har
 ### Roadmap
 - [x] Update README - provide example of how it can be used from a non-root account.
 - [x] Update README - Warn that - If your connection gets reset during this operation, you WILL loose all access to the server.
- [ ] Update README - Add some screen captures
+- [x] Update README - Add some screen captures
 - [x] Update README - Detail all the locations where backup files would be created
 - [x] Update README - Note that we never uninstall any software during restore operations
 - [x] New - Provide Flag - to NOT display credentials on screen (because - nosy neighbours)
 - [x] New - Schedule daily system update downloads
+- [x] New - Display time taken to complete all operations
+- [x] New - Provide flag to ONLY create a new user (sudo???) - when script is already run and you just want to create another user
 - [ ] New - Enable LUKS (is it even worth it???)
- [ ] New - DNSCrypt
- [ ] New - Display time taken to complete all operations
- [ ] New - Provide flag to ONLY create a new user (sudo???) - when script is already run and you just want to create another user
+- [ ] New - DNSCrypt
--- a/init-linux-harden.sh
+++ b/init-linux-harden.sh
@@ -34,12 +34,15 @@ function usage() {
    echo "Usage: sudo bash $0 [-u|--username username] [-r|--resetrootpwd] [--defaultsourcelist]"
    echo "  -u,     --username              Username for your server (If omitted script will choose an username for you)"
    echo "  -r,     --resetrootpwd          Reset current root password"
-    echo "  -hide,  --hide-credentials      Credentials will hidden from the screen and can ONLY be found in the logfile (tail -n 20 logfile)"
+    echo "  -hide,  --hide-credentials      Credentials will hidden from screen and can ONLY be found in the logfile"
+    echo "                                  eg - tail -n 20 logfile"
    echo "  -d,     --defaultsourcelist     Updates /etc/apt/sources.list to download software from debian.org"
+    echo "  -ou,    --only-create-user      Only creates the user and its SSH authorizations"
+    echo "                                  NOTE: -r, -d would be ignored"

    echo ""
    echo "Example: bash ./$SCRIPT_NAME.sh --username myuseraccount --resetrootpwd"
-    printf "\\nBelow restrictions apply to username this script accepts - \\n"
+    printf "\\nBelow restrictions apply to usernames - \\n"
    printf "%2s - [a-zA-Z0-9] [-] [_] are allowed\\n%2s - NO special characters.\\n%2s - NO spaces.\\n" " " " " " "
 }

@@ -114,6 +117,7 @@ RESET_ROOT_PWD="n"
 DEFAULT_SOURCE_LIST="n"
 QUIET="n"
 HIDE_CREDENTIALS="n"
+USER_CREATION_ALONE="n"

 while [[ "$#" -gt 0 ]]; do
    case $1 in
@@ -134,6 +138,10 @@ while [[ "$#" -gt 0 ]]; do
            shift
            shift
            ;;
+        -ou|--only-create-user)
+            USER_CREATION_ALONE="y"
+            shift
+            ;;
        -r|--resetrootpwd)
            RESET_ROOT_PWD="y"
            shift
@@ -199,10 +207,10 @@ if [[ "$AUTO_GEN_USERNAME" == "y" ]]; then
 else
    printf "%3s Username you opted = %s\\n" " -" "$NORM_USER_NAME" | tee -a "$LOGFILE"
 fi
-if [[ "$DEFAULT_SOURCE_LIST" == "y" ]]; then
+if [[ "$DEFAULT_SOURCE_LIST" == "y" && "$USER_CREATION_ALONE" == "n" ]]; then
    printf "%3s Reset the url for apt repo from VPS provided CDN to OS provided ones\\n" " -" | tee -a "$LOGFILE"
 fi
-if [[ "$RESET_ROOT_PWD" == "y" ]]; then
+if [[ "$RESET_ROOT_PWD" == "y" && "$USER_CREATION_ALONE" == "n" ]]; then
    printf "%3s Reset root password\\n" " -" | tee -a "$LOGFILE"
 fi
 if [[ $HIDE_CREDENTIALS == "y" ]]; then
@@ -224,6 +232,10 @@ if [[ $QUIET == "n" ]]; then
 fi


+# Start recording execution time from now on
+SECONDS=0
+
+
 ##############################################################
 # Log - Cosmetics
 ##############################################################
@@ -606,6 +618,8 @@ function revert_everything_and_exit() {
        revert_ssh_only_login
    fi

+    center_reg_text "Total execution time - ${SECONDS}s"
+
    exit 1;
 }

@@ -743,7 +757,7 @@ function recap() {
    log_ops_finish "SSH Private Key File" "$CreateSSHKey" "$SSH_DIR"/"$NORM_USER_NAME".pem
    log_ops_finish "SSH Public Key File" "$CreateSSHKey" "$SSH_DIR"/"$NORM_USER_NAME".pem.pub
    log_ops_finish "SSH Key Passphrase" "$CreateSSHKey" "$KEY_PASS"    
-    if [[ "$RESET_ROOT_PWD" == "y" ]]; then
+    if [[ "$RESET_ROOT_PWD" == "y" && "$USER_CREATION_ALONE" == "n" ]]; then
        log_ops_finish "New root Password" "$ChangeRootPwd" "$PASS_ROOT"
    fi
    line_fill "$CHORIZONTAL" "$CLINESIZE"
@@ -776,6 +790,11 @@ function recap() {
        center_reg_text "Issue the following command to see all credentials"
        center_reg_text "tail -n 20 ${LOGFILE}"
    fi
+
+    file_log "Total execution time in seconds - ${SECONDS}"
+    center_reg_text "Total execution time - ${SECONDS}s"
+
+    exit
 }

 function setup_step_start() {
@@ -903,6 +922,10 @@ if [[ $exit_code -gt 0 ]]; then
    revert_everything_and_exit "${STEP_TEXT[2]}"
 fi

+if [[ "$USER_CREATION_ALONE" == "y" ]]; then
+    recap
+fi
+

 ##############################################################
 # Step 4 - Change default source-list