From 572d0ba0a78f8d1ff489ceeb2713dcf1f55c852e Mon Sep 17 00:00:00 2001 From: gashapwn Date: Tue, 2 Mar 2021 16:02:22 +0000 Subject: [PATCH] provision.pl - disable root login... clean up comments... nopass doas.conf... clobber warning --- perl-script/provision.pl | 32 +++++++++++++++++--------------- 1 file changed, 17 insertions(+), 15 deletions(-) diff --git a/perl-script/provision.pl b/perl-script/provision.pl index 747c909..edaab94 100644 --- a/perl-script/provision.pl +++ b/perl-script/provision.pl @@ -53,7 +53,7 @@ sub create(){ printf($p0->[1]); $pub_key = ; chomp $pub_key; - + { # Prompt to make sure the username looks OK my $cmd; @@ -71,7 +71,6 @@ sub create(){ } } - # Make sure we're running as root $pwuid = getpwuid( $< ); @@ -79,19 +78,19 @@ if($pwuid ne "root"){ die "script must be run as root"; } +# Make sure script is provisioning a fresh instance +# and doesn't clobber users existing configs +printf("This script is meant to be run on a fresh install\n"); +printf("Y/N OK to proceed?"); + +if(!( =~ /^y/i)){ + die "provision cancelled..."; +} + unless( ($admin_un) = `tail /etc/passwd | grep -v "nobody:"` =~ /([^:\n]+):[^:]+:[0-9]{4,}/){ printf("to provision the instance there must be a non root user with an authorized_keys file"); printf("creating user...\n"); create(); - - # TODO: Getting rid of this part... - # system("pkg_add p5-JSON"); - - # `wget --quiet https://git.lain.church/gashapwn/lyadmin/raw/branch/gasha-branch/perl-script/create_user.pl -O create_admin.pl`; - - # printf("to provision the instance there must be a non root user with an authorized_keys file"); - # printf("run create_admin.pl to create an admin user\n"); - # die "or add with useradd and add an ssh key to ~/.ssh/authorized_keys\n"; } # install git @@ -115,7 +114,7 @@ system("cp -r ./skel/* /etc/skel/"); # installation if( ($admin_un) = `tail /etc/passwd | grep -v "nobody:"` =~ /([^:\n]+):[^:]+:[0-9]{4,}/){ # grant doas access to admin user - system("echo 'permit $admin_un' > /etc/doas.conf"); + system("echo 'permit nopass $admin_un' > /etc/doas.conf"); # setup admin user system("cp -r ./skel/* /home/$admin_un/"); @@ -169,11 +168,14 @@ system("cp ./perl-script/conf/haproxy.cfg /etc/haproxy/haproxy.cfg"); system("rcctl enable haproxy"); system("rcctl start haproxy"); +# Disable root login +system("sed -i -e 's/^[^#]*PermitRootLogin.+$/PermitRootLogin no/' /etc/apache2/httpd2.conf"); + printf("\n\nInstall complete\n"); printf("==================================================\n"); -printf("Protip: use doas instead of sudoo\n"); +printf("Protip: use doas instead of sudo\n"); -printf("dont forget\n\ncreate yourself an user with: useradd -m\n"); -printf("setup your ssh pub key at ~/.ssh/authorized_keys\n"); +printf("root login is now disabled, so dont forget\nto set a password\n"); +printf("and test your pub key\n");