387 lines
17 KiB
Bash
Executable File
387 lines
17 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
if [ "$EUID" -ne 0 ]
|
|
then
|
|
echo "Please run as root"
|
|
exit
|
|
fi
|
|
|
|
export TZ='America/Chicago'
|
|
export DEBIAN_FRONTEND=noninteractive
|
|
|
|
# disable restart prompt for services during an update
|
|
if [[ ! -f /etc/needrestart/conf.d/no-prompt.conf ]] ; then
|
|
echo "\$nrconf{restart} = 'a';" >> /etc/needrestart/conf.d/no-prompt.conf
|
|
fi
|
|
|
|
# remove os prober
|
|
apt-get remove os-prober -y
|
|
|
|
# symlink python3 to python
|
|
if [[ ! -f /usr/bin/python ]]
|
|
then
|
|
ln /usr/bin/python3 /usr/bin/python
|
|
fi
|
|
|
|
# update and upgrade
|
|
apt-get update
|
|
apt-get upgrade -y
|
|
|
|
if [[ -f /dev/.lxc-boot-id ]]
|
|
then
|
|
apt-get remove -y qemu-guest-agent
|
|
else
|
|
apt-get install -y qemu-guest-agent
|
|
fi
|
|
|
|
# download and install packages
|
|
apt-get install -y whiptail bind9-dnsutils restic hstr htop ncdu pwgen sudo nano curl wget zip unzip git rsync man-db cifs-utils nfs-common parted libtalloc2 libwbclient0 net-tools gnupg apt-transport-https tmux gdisk bash-completion
|
|
|
|
# add akanealw user if not existing
|
|
isInFile=$(cat /etc/passwd | grep -c "akanealw")
|
|
if [ $isInFile -eq 0 ]
|
|
then
|
|
echo "Set password for akanealw"
|
|
useradd -m -p '$y$j9T$NB7zOwLzhMgtxiCGjzwvf.$YGAIpv6m/DIlgNT5IU5H.K.QSNMCG5/TKY9sYlfGsGB' -s /bin/bash -d /home/akanealw akanealw
|
|
mkdir /home/akanealw/.ssh
|
|
chown akanealw:akanealw /home/akanealw/.ssh
|
|
chmod 700 /home/akanealw/.ssh
|
|
cp /root/.ssh/authorized_keys /home/akanealw/.ssh > /dev/null 2>&1
|
|
chown akanealw:akanealw /home/akanealw/.ssh/authorized_keys > /dev/null 2>&1
|
|
chmod 600 /home/akanealw/.ssh/authorized_keys > /dev/null 2>&1
|
|
fi
|
|
|
|
# create akanealw file in /etc/sudoers.d
|
|
if [[ ! -f /etc/sudoers.d/akanealw ]]
|
|
then
|
|
echo "akanealw ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers.d/akanealw
|
|
fi
|
|
usermod -a -G sudo akanealw
|
|
|
|
# enable ping for all users
|
|
setcap 'cap_net_admin,cap_net_raw+ep' $(which ping)
|
|
|
|
# remove all motd
|
|
apt-get remove --purge update-motd > /dev/null 2>&1
|
|
rm /etc/default/motd-news > /dev/null 2>&1
|
|
rm -r /etc/update-motd.d > /dev/null 2>&1
|
|
rm /etc/motd > /dev/null 2>&1
|
|
|
|
# git config
|
|
git config --global credential.helper store
|
|
git config --global user.name "akanealw"
|
|
git config --global user.email "akanealw@gmail.com"
|
|
git config --global init.defaultBranch main
|
|
|
|
# show ip in /etc/issue
|
|
if [[ ! -f /etc/issue.default ]]
|
|
then wget -qO /etc/issue.default http://192.168.1.50/files/ubuntu/issue.default
|
|
fi
|
|
rm /etc/issue > /dev/null 2>&1
|
|
cp /etc/issue.default /etc/issue
|
|
name=$(basename /sys/class/net/e*)
|
|
echo "" >> /etc/issue
|
|
echo "$name: \4{$name}" >> /etc/issue
|
|
echo "" >> /etc/issue
|
|
|
|
# set input preferences
|
|
if [[ ! -f /etc/inputrc.default ]]
|
|
then wget -qO /etc/inputrc.default http://192.168.1.50/files/ubuntu/inputrc.default
|
|
fi
|
|
rm /etc/inputrc > /dev/null 2>&1
|
|
cp /etc/inputrc.default /etc/inputrc
|
|
echo "" >> /etc/inputrc
|
|
echo "set completion-ignore-case On" >> /etc/inputrc
|
|
|
|
# set bash preferences and aliases
|
|
if [[ ! -f /etc/bash.bashrc.default ]]
|
|
then wget -qO /etc/bash.bashrc.default http://192.168.1.50/files/ubuntu/bash.bashrc.default
|
|
fi
|
|
rm /etc/bash.bashrc > /dev/null 2>&1
|
|
cp /etc/bash.bashrc.default /etc/bash.bashrc
|
|
echo "" >> /etc/bash.bashrc
|
|
echo "# custom settings and aliases" >> /etc/bash.bashrc
|
|
echo "set -o noclobber" >> /etc/bash.bashrc
|
|
echo "alias lsa='ls -alhvF'" >> /etc/bash.bashrc
|
|
echo "alias cd..='cd ..'" >> /etc/bash.bashrc
|
|
echo "alias grep='grep --color'" >> /etc/bash.bashrc
|
|
echo "alias si='sudo -i'" >> /etc/bash.bashrc
|
|
echo "alias mkdir='mkdir -pv'" >> /etc/bash.bashrc
|
|
echo "alias du='sudo du -h'" >> /etc/bash.bashrc
|
|
echo "alias df='sudo df -h'" >> /etc/bash.bashrc
|
|
echo "alias ports='sudo netstat -tulpna'" >> /etc/bash.bashrc
|
|
echo "alias start='sudo systemctl start'" >> /etc/bash.bashrc
|
|
echo "alias stop='sudo systemctl stop'" >> /etc/bash.bashrc
|
|
echo "alias restart='sudo systemctl restart'" >> /etc/bash.bashrc
|
|
echo "alias status='sudo systemctl status'" >> /etc/bash.bashrc
|
|
echo "alias sdr='sudo systemctl daemon-reload'" >> /etc/bash.bashrc
|
|
echo "alias senable='sudo systemctl enable'" >> /etc/bash.bashrc
|
|
echo "alias sdisable='sudo systemctl disable'" >> /etc/bash.bashrc
|
|
echo "alias snano='sudo nano'" >> /etc/bash.bashrc
|
|
echo "alias sreboot='sudo reboot'" >> /etc/bash.bashrc
|
|
echo "alias spoweroff='sudo poweroff'" >> /etc/bash.bashrc
|
|
echo "alias tf='sudo tail -f'" >> /etc/bash.bashrc
|
|
echo "alias aptupy='sudo apt update && sudo apt upgrade -y'" >> /etc/bash.bashrc
|
|
echo "alias aptiy='sudo apt install -y'" >> /etc/bash.bashrc
|
|
echo "alias aptry='sudo apt remove -y'" >> /etc/bash.bashrc
|
|
echo "alias aptrpy='sudo apt remove --purge -y'" >> /etc/bash.bashrc
|
|
echo "alias aptary='sudo apt autoremove -y'" >> /etc/bash.bashrc
|
|
echo "alias apts='sudo apt search'" >> /etc/bash.bashrc
|
|
echo "alias aptl='sudo apt list --installed'" >> /etc/bash.bashrc
|
|
echo "alias aptsh='sudo apt show'" >> /etc/bash.bashrc
|
|
echo "alias aptac='sudo apt autoclean'" >> /etc/bash.bashrc
|
|
echo "alias dpkgi='sudo dpkg -i'" >> /etc/bash.bashrc
|
|
echo "alias tmuxls='tmux ls'" >> /etc/bash.bashrc
|
|
echo "alias tmuxa='tmux attach -t'" >> /etc/bash.bashrc
|
|
echo "alias gitconfig='git config --global credential.helper store && git config --global user.name "akanealw" && git config --global user.email "akanealw@gmail.com" && git config --global init.defaultBranch main && git config --global credential.helper store'" >> /etc/bash.bashrc
|
|
echo "alias gp='git pull'" >> /etc/bash.bashrc
|
|
echo "alias hh='hstr'" >> /etc/bash.bashrc
|
|
echo "export HSTR_CONFIG=hide-help,hicolor,prompt-bottom,ignorespace,raw-history-view" >> /etc/bash.bashrc
|
|
|
|
# docker aliases
|
|
if [[ -f /etc/apt/keyrings/docker.gpg ]]
|
|
then
|
|
echo "alias dc='docker compose'" >> /etc/bash.bashrc
|
|
echo "alias dcup='docker compose up -d'" >> /etc/bash.bashrc
|
|
echo "alias dcdown='docker compose down'" >> /etc/bash.bashrc
|
|
echo "alias dcpull='docker compose pull'" >> /etc/bash.bashrc
|
|
echo "alias dps='docker ps'" >> /etc/bash.bashrc
|
|
echo "alias dstart='docker start'" >> /etc/bash.bashrc
|
|
echo "alias dstop='docker stop'" >> /etc/bash.bashrc
|
|
echo "alias drestart='docker restart'" >> /etc/bash.bashrc
|
|
echo "alias dlf='docker logs -f'" >> /etc/bash.bashrc
|
|
echo "alias dclf='docker compose logs -f'" >> /etc/bash.bashrc
|
|
echo "alias dipaf='docker image prune -a -f'" >> /etc/bash.bashrc
|
|
echo "alias deit='docker exec -it'" >> /etc/bash.bashrc
|
|
echo "alias di='docker inspect'" >> /etc/bash.bashrc
|
|
echo "alias dnls='docker network ls'" >> /etc/bash.bashrc
|
|
echo "alias dnc='docker network create'" >> /etc/bash.bashrc
|
|
echo "alias dnrm='docker network rm'" >> /etc/bash.bashrc
|
|
echo "alias dni='docker network inspect'" >> /etc/bash.bashrc
|
|
echo "alias dclf='docker compose up -d && docker logs -f'" >> /etc/bash.bashrc
|
|
echo "alias lzd='lazydocker'" >> /etc/bash.bashrc
|
|
fi
|
|
|
|
# create copy of file before editing
|
|
if [[ ! -f /usr/local/bin/cpb ]]; then
|
|
cat <<'EOF' >> /usr/local/bin/cpb
|
|
#!/bin/bash
|
|
|
|
if [ $# -eq 1 ]
|
|
then
|
|
cp -pvi "$1" "${1}.bak"
|
|
else
|
|
echo "Info: $0 copies to a backup file"
|
|
echo "Usage: $0 <file to be backed up with .bak extension>"
|
|
fi
|
|
EOF
|
|
chmod +x /usr/local/bin/cpb
|
|
fi
|
|
|
|
# create tmux config
|
|
rm /etc/tmux.conf* > /dev/null 2>&1
|
|
echo "unbind C-b" >> /etc/tmux.conf
|
|
echo "set-option -g prefix C-a" >> /etc/tmux.conf
|
|
echo "bind-key C-a send-prefix" >> /etc/tmux.conf
|
|
|
|
# configure email for sending notifications
|
|
isInFile=$(cat /etc/postfix/main.cf | grep -c "gmail")
|
|
if [ $isInFile -eq 0 ]
|
|
then
|
|
DEBIAN_FRONTEND=noninteractive apt-get install -y libsasl2-modules mailutils postfix postfix-pcre
|
|
echo "smtp.gmail.com notify.akanealw@gmail.com:leawkqqpthbwacrf" > /etc/postfix/sasl_passwd
|
|
echo "/^From:.*/ REPLACE From: $(hostname) <notify.akanealw@gmail.com>" > /etc/postfix/smtp_header_checks
|
|
chmod 600 /etc/postfix/sasl_passwd
|
|
postmap hash:/etc/postfix/sasl_passwd
|
|
postmap hash:/etc/postfix/smtp_header_checks
|
|
sed -i 's@relayhost =@#relayhost = @g' /etc/postfix/main.cf
|
|
sed -i 's@smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache@#smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache@g' /etc/postfix/main.cf
|
|
echo "" >> /etc/postfix/main.cf
|
|
echo "# google mail configuration" >> /etc/postfix/main.cf
|
|
echo "relayhost = smtp.gmail.com:587" >> /etc/postfix/main.cf
|
|
echo "smtp_use_tls = yes" >> /etc/postfix/main.cf
|
|
echo "smtp_sasl_auth_enable = yes" >> /etc/postfix/main.cf
|
|
echo "smtp_sasl_security_options =" >> /etc/postfix/main.cf
|
|
echo "smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd" >> /etc/postfix/main.cf
|
|
echo "smtp_tls_CAfile = /etc/ssl/certs/Entrust_Root_Certification_Authority.pem" >> /etc/postfix/main.cf
|
|
echo "smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_tls_session_cache" >> /etc/postfix/main.cf
|
|
echo "smtp_tls_session_cache_timeout = 3600s" >> /etc/postfix/main.cf
|
|
echo "smtp_header_checks = pcre:/etc/postfix/smtp_header_checks" >> /etc/postfix/main.cf
|
|
echo "" >> /etc/postfix/main.cf
|
|
postfix reload
|
|
echo "This is a test message sent from postfix on $(hostname)" | mail -s "Test Email from $(hostname)" akanealw@gmail.com
|
|
else
|
|
echo "Email already configured."
|
|
fi
|
|
|
|
# configure unattended upgrades
|
|
isInFile=$(cat /etc/apt/apt.conf.d/20auto-upgrades | grep -c 'APT::Periodic::Unattended-Upgrade "1";')
|
|
if [ $isInFile -eq 0 ]
|
|
then
|
|
apt install -y apt-listchanges unattended-upgrades
|
|
sed -i 's@// "origin=ubuntu,codename=${distro_codename}-updates";@ "origin=ubuntu,codename=${distro_codename}-updates";@g' /etc/apt/apt.conf.d/50unattended-upgrades
|
|
sed -i 's!//Unattended-Upgrade::Mail "";!Unattended-Upgrade::Mail "akanealw@gmail.com";!g' /etc/apt/apt.conf.d/50unattended-upgrades
|
|
sed -i 's@//Unattended-Upgrade::MailReport "on-change";@Unattended-Upgrade::MailReport "on-change";@g' /etc/apt/apt.conf.d/50unattended-upgrades
|
|
sed -i 's@//Unattended-Upgrade::Remove-Unused-Dependencies "false";@Unattended-Upgrade::Remove-Unused-Dependencies "true";@g' /etc/apt/apt.conf.d/50unattended-upgrades
|
|
echo "APT::Periodic::Update-Package-Lists \"1\";" > /etc/apt/apt.conf.d/20auto-upgrades
|
|
echo "APT::Periodic::Unattended-Upgrade \"1\";" >> /etc/apt/apt.conf.d/20auto-upgrades
|
|
systemctl enable unattended-upgrades
|
|
systemctl start unattended-upgrades
|
|
systemctl status unattended-upgrades
|
|
echo "Unattended upgrades configured successfully."
|
|
else
|
|
echo "Unattended upgrades already configured."
|
|
fi
|
|
|
|
# sshd config
|
|
cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak > /dev/null 2>&1
|
|
isInFile=$(cat /etc/hostname | grep -c "proxmox")
|
|
if [ $isInFile -eq 0 ]
|
|
then
|
|
isInFile=$(cat /etc/ssh/sshd_config | grep -c "#PermitRootLogin prohibit-password")
|
|
if [ $isInFile -eq 0 ]
|
|
then
|
|
sed -i 's/PermitRootLogin no/#PermitRootLogin prohibit-password/g' /etc/ssh/sshd_config
|
|
sed -i 's/PermitRootLogin yes/#PermitRootLogin prohibit-password/g' /etc/ssh/sshd_config
|
|
sed -i 's/PermitRootLogin prohibit-password/#PermitRootLogin prohibit-password/g' /etc/ssh/sshd_config
|
|
fi
|
|
fi
|
|
|
|
isInFile=$(cat /etc/hostname | grep -c "proxmox")
|
|
if [ $isInFile -eq 0 ]
|
|
then
|
|
# isInFile=$(cat /etc/ssh/sshd_config | grep -c "#PasswordAuthentication no")
|
|
# if [ $isInFile -eq 0 ]
|
|
# then
|
|
sed -i 's/#PasswordAuthentication no/PasswordAuthentication no/g' /etc/ssh/sshd_config
|
|
sed -i 's/PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config
|
|
sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config
|
|
rm /etc/ssh/sshd_config.d/* > /dev/null 2>&1
|
|
# fi
|
|
fi
|
|
|
|
# authorized_keys akanealw
|
|
cp /home/akanealw/.ssh/authorized_keys /home/akanealw/.ssh/authorized_keys.bak > /dev/null 2>&1
|
|
isInFile=$(cat /home/akanealw/.ssh/authorized_keys | grep -c "winpc-akanealw")
|
|
if [ $isInFile -eq 0 ]
|
|
then
|
|
echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBKYj+eRQsvdLvrJNoqugb9A7iQT+BEPb6LI9BseyhWR winpc-akanealw" >> /home/akanealw/.ssh/authorized_keys
|
|
chown akanealw:akanealw /home/akanealw/.ssh/*
|
|
chmod 600 /home/akanealw/.ssh/*
|
|
fi
|
|
|
|
isInFile=$(cat /home/akanealw/.ssh/authorized_keys | grep -c "server-akanealw")
|
|
if [ $isInFile -eq 0 ]
|
|
then
|
|
echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGAiw0sQxxTg/zBm/Hz4LLjtiuGfefF2vogGkYcWox4S server-akanealw" >> /home/akanealw/.ssh/authorized_keys
|
|
chown akanealw:akanealw /home/akanealw/.ssh/*
|
|
chmod 600 /home/akanealw/.ssh/*
|
|
fi
|
|
|
|
# authorized_keys root
|
|
cp /root/.ssh/authorized_keys /root/.ssh/authorized_keys.bak
|
|
isInFile=$(cat /root/.ssh/authorized_keys | grep -c "winpc-root")
|
|
if [ $isInFile -eq 0 ]
|
|
then
|
|
echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBI/kuy/SVCxShVBNtWtNREX9cpWrlsthV3z15ky+bPy winpc-root" >> /root/.ssh/authorized_keys
|
|
chmod 600 /root/.ssh/authorized_keys
|
|
fi
|
|
|
|
isInFile=$(cat /root/.ssh/authorized_keys | grep -c "server-root")
|
|
if [ $isInFile -eq 0 ]
|
|
then
|
|
echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHWiw5lVzQIZiZc1SPphvHhdSpFl9UN6Xm4znFqq5xs4 server-root" >> /root/.ssh/authorized_keys
|
|
chmod 600 /root/.ssh/authorized_keys
|
|
fi
|
|
|
|
# config /home/akanealw/.ssh/
|
|
isInFile=$(cat /home/akanealw/.ssh/config | grep -c "*-root")
|
|
if [ $isInFile -eq 0 ]
|
|
then
|
|
cp /home/akanealw/.ssh/config /home/akanealw/.ssh/config.bak > /dev/null 2>&1
|
|
mv /home/akanealw/.ssh/known_hosts /home/akanealw/.ssh/known_hosts.old > /dev/null 2>&1
|
|
echo "" >> /home/akanealw/.ssh/config
|
|
echo "" >> /home/akanealw/.ssh/config
|
|
echo "Port 22" >> /home/akanealw/.ssh/config
|
|
echo "Host *-root" >> /home/akanealw/.ssh/config
|
|
echo "User root" >> /home/akanealw/.ssh/config
|
|
echo "IdentityFile /root/.ssh/server-root" >> /home/akanealw/.ssh/config
|
|
echo "" >> /home/akanealw/.ssh/config
|
|
echo "Host *" >> /home/akanealw/.ssh/config
|
|
echo "User akanealw" >> /home/akanealw/.ssh/config
|
|
echo "IdentityFile /home/akanealw/.ssh/server-akanealw" >> /home/akanealw/.ssh/config
|
|
chown akanealw:akanealw /home/akanealw/.ssh/*
|
|
chmod 600 /home/akanealw/.ssh/*
|
|
fi
|
|
|
|
# config /root/.ssh/
|
|
isInFile=$(cat /root/.ssh/config | grep -c "*-root")
|
|
if [ $isInFile -eq 0 ]
|
|
then
|
|
cp /root/.ssh/config /root/.ssh/config.bak > /dev/null 2>&1
|
|
mv /root/.ssh/known_hosts /root/.ssh/known_hosts.old > /dev/null 2>&1
|
|
echo "" >> /root/.ssh/config
|
|
echo "" >> /root/.ssh/config
|
|
echo "Port 22" >> /root/.ssh/config
|
|
echo "Host *-root" >> /root/.ssh/config
|
|
echo "User root" >> /root/.ssh/config
|
|
echo "IdentityFile /root/.ssh/server-root" >> /root/.ssh/config
|
|
echo "" >> /root/.ssh/config
|
|
echo "Host *" >> /root/.ssh/config
|
|
echo "User akanealw" >> /root/.ssh/config
|
|
echo "IdentityFile /home/akanealw/.ssh/server-akanealw" >> /root/.ssh/config
|
|
chmod 600 /root/.ssh/*
|
|
fi
|
|
|
|
# server-akanealw
|
|
if [[ ! -f /home/akanealw/.ssh/server-akanealw ]]
|
|
then
|
|
echo "-----BEGIN OPENSSH PRIVATE KEY-----" > /home/akanealw/.ssh/server-akanealw
|
|
echo "b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW" >> /home/akanealw/.ssh/server-akanealw
|
|
echo "QyNTUxOQAAACBgIsNLEMcU4P8wZvx8+Cy47Yrhn3nxdr6IBpGHFqMeEgAAAJgPgcu8D4HL" >> /home/akanealw/.ssh/server-akanealw
|
|
echo "vAAAAAtzc2gtZWQyNTUxOQAAACBgIsNLEMcU4P8wZvx8+Cy47Yrhn3nxdr6IBpGHFqMeEg" >> /home/akanealw/.ssh/server-akanealw
|
|
echo "AAAEDalS9Q+0KRMMqOXnie/d0uckbLIePYYY7DOqs8cJ7UF2Aiw0sQxxTg/zBm/Hz4LLjt" >> /home/akanealw/.ssh/server-akanealw
|
|
echo "iuGfefF2vogGkYcWox4SAAAAD3NlcnZlci1ha2FuZWFsdwECAwQFBg==" >> /home/akanealw/.ssh/server-akanealw
|
|
echo "-----END OPENSSH PRIVATE KEY-----" >> /home/akanealw/.ssh/server-akanealw
|
|
chown akanealw:akanealw /home/akanealw/.ssh/*
|
|
chmod 600 /home/akanealw/.ssh/*
|
|
fi
|
|
|
|
# server-root
|
|
if [[ ! -f /root/.ssh/server-root ]]
|
|
then
|
|
echo "-----BEGIN OPENSSH PRIVATE KEY-----" > /root/.ssh/server-root
|
|
echo "b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW" >> /root/.ssh/server-root
|
|
echo "QyNTUxOQAAACB1osOZVc0CGYmXNUj6Ybx4XUqRZfVDel5uM5xaqucbOAAAAJAnxfYyJ8X2" >> /root/.ssh/server-root
|
|
echo "MgAAAAtzc2gtZWQyNTUxOQAAACB1osOZVc0CGYmXNUj6Ybx4XUqRZfVDel5uM5xaqucbOA" >> /root/.ssh/server-root
|
|
echo "AAAEBUjm9GcUvXzKnpiw0aYd+Ca7+LAWuq0u6l0FjPQyQjd3Wiw5lVzQIZiZc1SPphvHhd" >> /root/.ssh/server-root
|
|
echo "SpFl9UN6Xm4znFqq5xs4AAAAC3NlcnZlci1yb290AQI=" >> /root/.ssh/server-root
|
|
echo "-----END OPENSSH PRIVATE KEY-----" >> /root/.ssh/server-root
|
|
chmod 600 /root/.ssh/*
|
|
fi
|
|
|
|
# restart sshd
|
|
systemctl restart ssh
|
|
systemctl restart sshd
|
|
|
|
# lock root
|
|
isInFile=$(cat /etc/hostname | grep -c "BackupServer")
|
|
if [ $isInFile -eq 0 ]
|
|
then
|
|
if [[ -d /home/akanealw ]]
|
|
then
|
|
isInFile=$(cat /etc/shadow | grep -c 'root:!')
|
|
if [ $isInFile -eq 0 ]
|
|
then
|
|
passwd -l root
|
|
skill -KILL -u root
|
|
exit
|
|
else
|
|
echo "root account already locked."
|
|
exit
|
|
fi
|
|
else
|
|
echo "akanealw account not found, not locking root."
|
|
fi
|
|
fi
|