nick/RHELSecureSetup
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases 1 Wiki Activity

Add prompt for limited account user. Add prompt for SSH key copy.

Browse Source
This commit is contained in:
Nick Hepler 2024-10-11 18:58:06 -04:00
parent 226d1e292c
commit 34dd7d9344
1 changed files with 51 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

83
setup.sh
View File

@ -1,7 +1,7 @@
#!/bin/bash #!/bin/bash
# Script to update a RHEL-based Linux system, set the timezone, change the hostname, # Script to update a RHEL-based Linux system, set the timezone, change the hostname,
# update /etc/hosts, modify sshd_config settings, and optionally install Docker CE # add a limited user account, modify sshd_config settings, and optionally install Docker CE
# Variables # Variables
timezone="America/New_York" timezone="America/New_York"
@ -12,15 +12,6 @@ prompt_for_hostname() {
read -p "Please enter the desired hostname: " hostname read -p "Please enter the desired hostname: " hostname
} }
# Function to prompt for SSH key
prompt_for_ssh_key() {
read -p "Please enter your public SSH key (or press Enter to skip): " ssh_key
if [ -z "$ssh_key" ]; then
echo "No SSH key provided. Exiting."
exit 1
fi
}
# Function to prompt for Docker installation # Function to prompt for Docker installation
prompt_for_docker_install() { prompt_for_docker_install() {
read -p "Would you like to install Docker CE? (y/n): " install_docker read -p "Would you like to install Docker CE? (y/n): " install_docker
@ -43,18 +34,34 @@ install_docker() {
echo "Docker installation complete." echo "Docker installation complete."
} }
# Function to create a limited user account
create_user_account() {
read -p "Please enter the username for the new user account: " username
read -sp "Please enter the password for the new user account: " password
echo
# Create the user and add to the wheel group
if id "$username" &>/dev/null; then
echo "User $username already exists."
else
useradd -m -G wheel "$username"
echo "$username:$password" | chpasswd
echo "User $username created and added to the wheel group."
# Check if Docker is installed and add the user to the docker group
if command -v docker &> /dev/null; then
usermod -aG docker "$username"
echo "User $username added to the docker group."
fi
fi
}
# Check if the script is run as root # Check if the script is run as root
if [ "$(id -u)" -ne 0 ]; then if [ "$(id -u)" -ne 0 ]; then
echo "This script must be run as root. Please use sudo or switch to root." echo "This script must be run as root. Please use sudo or switch to root."
exit 1 exit 1
fi fi
# Prompt for hostname
prompt_for_hostname
# Prompt for SSH key
prompt_for_ssh_key
# Update the package manager # Update the package manager
echo "Updating package manager..." echo "Updating package manager..."
if command -v dnf &> /dev/null; then if command -v dnf &> /dev/null; then
@ -79,19 +86,12 @@ echo "Setting timezone to $timezone..."
timedatectl set-timezone "$timezone" timedatectl set-timezone "$timezone"
# Change the hostname # Change the hostname
prompt_for_hostname
echo "Setting hostname to $hostname..." echo "Setting hostname to $hostname..."
hostnamectl set-hostname "$hostname" hostnamectl set-hostname "$hostname"
# Get the IP address of the machine # Create a limited user account
ip_address=$(hostname -I | awk '{print $1}') create_user_account
# Add an entry to /etc/hosts
echo "Updating /etc/hosts with IP address $ip_address and hostname $hostname..."
if ! grep -q "$ip_address" /etc/hosts; then
echo "$ip_address $hostname" >> /etc/hosts
else
echo "Entry for $ip_address already exists in /etc/hosts."
fi
# Modify sshd_config # Modify sshd_config
echo "Modifying SSH configuration..." echo "Modifying SSH configuration..."
@ -117,13 +117,22 @@ else
exit 1 exit 1
fi fi
# Clean up # Get the IP address of the machine
echo "Cleaning up..." ip_address=$(hostname -I | awk '{print $1}')
if command -v dnf &> /dev/null; then
dnf -y autoremove # Prompt the user to copy their public key
elif command -v yum &> /dev/null; then echo "Please copy your public SSH key to the server using the following command:"
yum -y autoremove echo "ssh-copy-id $username@$ip_address"
# Wait until the authorized_keys file is no longer empty
echo "Waiting for your public key to be copied..."
while true; do
if [ -s "/home/$username/.ssh/authorized_keys" ]; then
echo "Public key has been successfully copied."
break
fi fi
sleep 2
done
# Restart SSH service to apply changes # Restart SSH service to apply changes
echo "Restarting SSH service..." echo "Restarting SSH service..."
@ -132,4 +141,12 @@ systemctl restart sshd
# Prompt for Docker installation # Prompt for Docker installation
prompt_for_docker_install prompt_for_docker_install
echo "System update complete! Timezone set to $timezone, hostname set to $hostname, /etc/hosts updated, and sshd_config modified." # Clean up
echo "Cleaning up..."
if command -v dnf &> /dev/null; then
dnf -y autoremove
elif command -v yum &> /dev/null; then
yum -y autoremove
fi
echo "System update complete! Timezone set to $timezone, hostname set to $hostname, limited user created, sshd_config modified, and Docker installation completed if selected."