Created
November 13, 2019 21:56
-
-
Save dmitriysafronov/4a43da26a16ab9f6c7ef50b32d3bb887 to your computer and use it in GitHub Desktop.
CyberBrain initial setup
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
export ACCOUNT_ROOT='ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAgEAh0nhE6s0TpO7peXsDEl/kRJ8afzOfp8NAcDD32jTXf8RuRDb90P6T1wfpo4w1zonr5UPdlTxCezO5IwlA4KZOF5DOoYgOSsBM8uJZ2iD0YPM7isc/7oVX1MyipMlDnenoMsLUNvogO9hGgiJKs42AQyl+7TMTeAPQJinxjd2b9IJEVOb7YpxkJKBKQwwCEU0LrfyW8d8YeGmDZtbPj5UFFwtAAhM9zbwCyB/pbpvapL8Xtnhr0EOLif0luLRVTIFY5Y+DSeMldDl95IKWtUY7g/1e9pwLGo9wXC0KBJQJ4qdkbg9k5tNU0w6YSrs0Wi5q4MW7Us8Xe0o3JK3mYzqDv8Dejun4HThJlBCNS1AU84+UpJargQrjAg1sGxyiYs0fg7Jz7I1LqG9GDPFG1LTEbSzt6fdmF/JvNw4nY3+krjpYL72LLNARLEHeRI+pItnZl/2R8BPyue5XbOITW08tcf6tVY8qARXCfGN1whfjLRqzn3MvXqFLRQwVKb9I4qp4EhqfpGaxeFE3mehCl72fNSgyb8WFwrBi3yHPsh64WN1Tfyqk1+NHWCkpJk8eo2SHhSPqw7prpRp+ILb/g5S6iLYlSnHvsCTtKQ4q5jci2fFNSQX0PZmEWjEVe7YALqfJ4Z7dzaziX2YKpih7SJ2fUaIu25h679FeX5hx/A6KqE= Emergency account' | |
####### | |
export ACCOUNT_MAINTENANCE='ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAgEAgP64MdanvFbH3oc2oPLWfJmHYFkJKyvmh7GKxMa9PHHfPVC4ybePTJ0YXNpb0VO+RiBMFGPIs20R6TGT81hgnzxL0M7w2D1+LRcBGj2cU36QAq499VjXvRw6F/4/da7x4O6ZioQ+ZNpwWKfrzXH1EQqtwjydjnFqqwwiNywiFOBkIfslWJQcBibBf8QDbRsH9WtvuYq7iKwY9wNWeutV2AfHefEGZdEm0k8guf3gs6UfIdVNoTH5ulzbKdt6HeEycpHqxCPQJZJKqtlHBZbsQONuAA8UbjyEV+S4HMh2UTZn8sWG5K89f1mpBiKGPs2H4sUqSrnzHmaMbcqPOF65l3xlXDa0OMmO5vCWEzeMTuehN8JeKqpxqHpUELSeGJs5GoJHpUdCPvnzmKCqehpFUeI8vmAwbFhkiGZJBuAufs59PnpxQd8Ee4i6s7vdPsWCYi5mQTsjUpZlseuUYJJAtw62tnl8YqUhw1fgKwNfZ1LHsrAXoWLrophk4XpKWrsZ32bL0JBrzQs2SKNDbxP4btxr4sw3s7wSFCl2JLmL7WCf1mTTxXXWhNvn3bTEOYF/sc/CD03P6qWNtgsb4q/mBdO13mu70eMs8qMeC6UGFATxOFAipAcXw0iyirtCv09FaEaabZuMHAsf4PG8jQJCqB2Mm8yU1rOulX2sznLfCAk= Maintenance account' | |
export MAINTENANCE_HOME='/var/opt/maintenance' | |
################################################# | |
chattr -i /root/.ssh 2> /dev/null | |
chattr -i /root/.ssh/authorized_keys 2> /dev/null | |
rm -rf /root/* /root/.* 2> /dev/null | |
cp -rT /etc/skel /root | |
mkdir -p /root/.ssh | |
echo "${ACCOUNT_ROOT}" > /root/.ssh/authorized_keys | |
chown -R root:root /root | |
chmod 0700 /root/.ssh | |
chmod 0600 /root/.ssh/authorized_keys | |
if [[ -n "$(which restorecon)" ]]; then restorecon -Rv /root/.ssh; fi | |
#chattr +i /root/.ssh/authorized_keys | |
####### | |
chattr -i "${MAINTENANCE_HOME}/.ssh" 2> /dev/null | |
chattr -i "${MAINTENANCE_HOME}/.ssh/authorized_keys" 2> /dev/null | |
userdel -rf maintenance 2> /dev/null | |
useradd --system -d "${MAINTENANCE_HOME}" -m -g nogroup -s /bin/bash -c "Maintenance account" -N maintenance 2> /dev/null | |
mkdir -p "${MAINTENANCE_HOME}/.ssh" | |
echo "${ACCOUNT_MAINTENANCE}" > "${MAINTENANCE_HOME}/.ssh/authorized_keys" | |
chown -R maintenance:nogroup "${MAINTENANCE_HOME}" | |
chmod -R 0700 "${MAINTENANCE_HOME}" | |
chmod 0600 "${MAINTENANCE_HOME}/.ssh/authorized_keys" | |
if [[ -n "$(which restorecon)" ]]; then restorecon -Rv "${MAINTENANCE_HOME}/.ssh"; fi | |
#chattr +i "${MAINTENANCE_HOME}/.ssh/authorized_keys" | |
if [[ -z "$(which sudo)" ]]; then (apt-get update -y && apt-get install sudo -y); fi | |
chattr -i /etc/sudoers.d/maintenance 2> /dev/null | |
echo 'maintenance ALL=(ALL:ALL) NOPASSWD:ALL' > /etc/sudoers.d/maintenance | |
#chattr +i /etc/sudoers.d/maintenance | |
################################################# | |
echo "Done!" |
Author
dmitriysafronov
commented
Nov 13, 2019
via email
Why?
Sincerely yours, Dmitriy Safronov
чт, 14 нояб. 2019 г. в 01:00, Tal Koren <notifications@github.com>:
… err.... I'm not sure you want this to be public.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<https://gist.github.com/4a43da26a16ab9f6c7ef50b32d3bb887?email_source=notifications&email_token=AAGQKI6NHZAIPR2QUB77VULQTR2HDA5CNFSM4JNCHCSKYY3PNVWWK3TUL52HS4DFVNDWS43UINXW23LFNZ2KUY3PNVWWK3TUL5UWJTQAF4EYE#gistcomment-3082626>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAGQKIYDF64D32CGGDFPGVLQTR2HDANCNFSM4JNCHCSA>
.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment