nick/RHELSecureSetup
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases 1 Wiki Activity

Compare commits

merge into: nick:master
Branches Tags
nick:master
nick:enhancement/ux-improvements-system-setup-script
nick:enhancement/user-selectable-timezone
nick:2024.10
...
pull from: nick:enhancement/ux-improvements-system-setup-script
Branches Tags
nick:master
nick:enhancement/ux-improvements-system-setup-script
nick:enhancement/user-selectable-timezone
nick:2024.10

1 Commits
master ... enhancemen

Author SHA1 Message Date
Nick Hepler
27237a866b Enhance UX and add error handling to the system setup script. 2024-11-04 21:48:28 -05:00
1 changed files with 141 additions and 100 deletions
Show Stats Expand all files Collapse all files

167
setup.sh
View File

@ -8,9 +8,16 @@ timezone="America/New_York"
sshd_config="/etc/ssh/sshd_config" sshd_config="/etc/ssh/sshd_config"
docker_installed=false docker_installed=false
# Function to prompt for hostname # Function to prompt for hostname with validation
prompt_for_hostname() { prompt_for_hostname() {
while true; do
read -p "Please enter the desired hostname: " hostname read -p "Please enter the desired hostname: " hostname
if [[ -z "$hostname" ]]; then
echo "Hostname cannot be empty. Please try again."
else
break
fi
done
} }
# Function to add hostname and IP to /etc/hosts # Function to add hostname and IP to /etc/hosts
@ -29,22 +36,33 @@ update_hosts_file() {
fi fi
} }
# Function to prompt for Docker installation # Function to prompt for Docker installation with validation
prompt_for_docker_install() { prompt_for_docker_install() {
while true; do
read -p "Would you like to install Docker CE? (y/n): " install_docker read -p "Would you like to install Docker CE? (y/n): " install_docker
if [[ "$install_docker" =~ ^[Yy]$ ]]; then case "$install_docker" in
install_docker [Yy]*) install_docker ;;
else [Nn]*) echo "Skipping Docker installation."; break ;;
echo "Skipping Docker installation." *) echo "Invalid input. Please enter 'y' or 'n'." ;;
fi esac
done
} }
# Function to install Docker # Function to install Docker
install_docker() { install_docker() {
echo "Installing Docker CE..." echo "Installing Docker CE..."
curl -fsSL https://get.docker.com -o get-docker.sh curl -fsSL https://get.docker.com -o get-docker.sh
if [ $? -ne 0 ]; then
echo "Error downloading Docker installation script."
exit 1
fi
sh get-docker.sh sh get-docker.sh
if [ $? -ne 0 ]; then
echo "Error installing Docker."
exit 1
fi
# Start and enable Docker service # Start and enable Docker service
systemctl start docker systemctl start docker
systemctl enable docker systemctl enable docker
@ -52,12 +70,19 @@ install_docker() {
usermod -aG docker "$username" usermod -aG docker "$username"
echo "User $username added to the docker group." echo "User $username added to the docker group."
} }
# Function to create a limited user account # Function to create a limited user account with validation
create_user_account() { create_user_account() {
while true; do
read -p "Please enter the username for the new user account: " username read -p "Please enter the username for the new user account: " username
if [[ -z "$username" ]]; then
echo "Username cannot be empty. Please try again."
else
break
fi
done
read -sp "Please enter the password for the new user account: " password read -sp "Please enter the password for the new user account: " password
echo echo
@ -71,49 +96,54 @@ create_user_account() {
fi fi
} }
# Check if the script is run as root # Function to check if running as root
if [ "$(id -u)" -ne 0 ]; then check_root() {
if [ "$(id -u)" -ne 0 ]; then
echo "This script must be run as root. Please use sudo or switch to root." echo "This script must be run as root. Please use sudo or switch to root."
exit 1 exit 1
fi fi
}
# Update the package manager # Function to update package manager cache
echo "Updating package manager..." update_package_manager() {
if command -v dnf &> /dev/null; then echo "Updating package manager..."
if command -v dnf &> /dev/null; then
dnf -y makecache dnf -y makecache
elif command -v yum &> /dev/null; then elif command -v yum &> /dev/null; then
yum -y makecache yum -y makecache
else else
echo "Neither dnf nor yum found. This script only works on RHEL-based distributions." echo "Neither dnf nor yum found. This script only works on RHEL-based distributions."
exit 1 exit 1
fi fi
}
# Upgrade installed packages # Function to upgrade installed packages
echo "Upgrading installed packages..." upgrade_packages() {
if command -v dnf &> /dev/null; then echo "Upgrading installed packages..."
if command -v dnf &> /dev/null; then
dnf -y upgrade dnf -y upgrade
elif command -v yum &> /dev/null; then elif command -v yum &> /dev/null; then
yum -y update yum -y update
fi fi
}
# Change the timezone # Function to change the timezone
echo "Setting timezone to $timezone..." set_timezone() {
timedatectl set-timezone "$timezone" echo "Setting timezone to $timezone..."
timedatectl set-timezone "$timezone"
}
# Change the hostname # Function to change the hostname
prompt_for_hostname set_hostname() {
echo "Setting hostname to $hostname..." prompt_for_hostname
hostnamectl set-hostname "$hostname" echo "Setting hostname to $hostname..."
hostnamectl set-hostname "$hostname"
}
# Update /etc/hosts # Function to modify sshd_config
update_hosts_file modify_sshd_config() {
echo "Modifying SSH configuration..."
# Create a limited user account if [ -f "$sshd_config" ]; then
create_user_account
# Modify sshd_config
echo "Modifying SSH configuration..."
if [ -f "$sshd_config" ]; then
# Set PermitRootLogin to no # Set PermitRootLogin to no
sed -i 's/^PermitRootLogin .*/PermitRootLogin no/' "$sshd_config" || echo "PermitRootLogin no" >> "$sshd_config" sed -i 's/^PermitRootLogin .*/PermitRootLogin no/' "$sshd_config" || echo "PermitRootLogin no" >> "$sshd_config"
@ -130,41 +160,52 @@ if [ -f "$sshd_config" ]; then
else else
sed -i 's/^AddressFamily .*/AddressFamily inet/' "$sshd_config" || echo "AddressFamily inet" >> "$sshd_config" sed -i 's/^AddressFamily .*/AddressFamily inet/' "$sshd_config" || echo "AddressFamily inet" >> "$sshd_config"
fi fi
else else
echo "sshd_config file not found. Exiting." echo "sshd_config file not found. Exiting."
exit 1 exit 1
fi fi
}
# Get the IP address of the machine # Function to restart SSH service
ip_address=$(hostname -I | awk '{print $1}') restart_ssh() {
echo "Restarting SSH service..."
systemctl restart sshd
}
# Prompt the user to copy their public key # Function to wait for SSH key copy
echo "Please copy your public SSH key to the server using the following command:" wait_for_key_copy() {
echo "ssh-copy-id $username@$ip_address" echo "Waiting for your public key to be copied..."
while true; do
# Wait until the authorized_keys file is no longer empty
echo "Waiting for your public key to be copied..."
while true; do
if [ -s "/home/$username/.ssh/authorized_keys" ]; then if [ -s "/home/$username/.ssh/authorized_keys" ]; then
echo "Public key has been successfully copied." echo "Public key has been successfully copied."
break break
fi fi
sleep 2 sleep 2
done done
}
# Restart SSH service to apply changes # Function to clean up unused packages
echo "Restarting SSH service..." cleanup() {
systemctl restart sshd echo "Cleaning up..."
if command -v dnf &> /dev/null; then
# Prompt for Docker installation
prompt_for_docker_install
# Clean up
echo "Cleaning up..."
if command -v dnf &> /dev/null; then
dnf -y autoremove dnf -y autoremove
elif command -v yum &> /dev/null; then elif command -v yum &> /dev/null; then
yum -y autoremove yum -y autoremove
fi fi
}
# Main execution
check_root
update_package_manager
upgrade_packages
set_timezone
set_hostname
update_hosts_file
create_user_account
modify_sshd_config
restart_ssh
wait_for_key_copy
prompt_for_docker_install
cleanup
echo "System update complete! Timezone set to $timezone, hostname set to $hostname, limited user created, sshd_config modified, and Docker installation completed if selected." echo "System update complete! Timezone set to $timezone, hostname set to $hostname, limited user created, sshd_config modified, and Docker installation completed if selected."