sudo yum install -y epel-release
sudo yum install -y snapd
sudo systemctl enable --now snapd.socket
sudo ln -s /var/lib/snapd/snap /snapUsage
sudo snap install lsdexport PATH=$PATH:/snap/bin/
Last active
September 24, 2021 11:15
-
-
Save nhahv/150081a7f3630600366b6365dbc9be92 to your computer and use it in GitHub Desktop.
[Centos] Centos bash libraries #centos #bash #zsh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Usage | |
| # bash <(cat sshd_config.sh) | |
| # bash <(cat sshd_config.sh) 2022 | |
| SSHD_CONFIG_PATH=/etc/ssh/sshd_config | |
| PERMIT_ROOT_LOGIN=without-password | |
| SSHD_PORT=${1:-2022} | |
| # Check Sudoer right | |
| if ! sudo -v >/dev/null 2>&1; then | |
| echo "⛔ Need to be run in sudo ⛔" | |
| exit | |
| fi | |
| # Final Check | |
| success() { | |
| echo -e "\e[30;48;5;82m OK \e[0m $1" | |
| } | |
| error() { | |
| echo -e "\e[97;48;5;124m ER \e[0m $1" | |
| } | |
| checkSum() { | |
| if grep -qe "$1" $SSHD_CONFIG_PATH; then | |
| success "$2" | |
| else | |
| error "$2" | |
| fi | |
| } | |
| FWDZ=$(firewall-cmd --get-default-zone) | |
| firewall-cmd --quiet --zone=$FWDZ --permanent --add-forward-port=port=$SSHD_PORT:proto=tcp:toport=22 | |
| firewall-cmd --quiet --zone=$FWDZ --permanent --remove-service=ssh | |
| firewall-cmd --quiet --zone=$FWDZ --permanent --add-masquerade --panic-off | |
| firewall-cmd --quiet --reload | |
| if firewall-cmd --zone=public --list-services | grep "ssh"; then | |
| error "Port 22 - still opened" | |
| else | |
| success "Port 22 - Closed" | |
| fi | |
| if firewall-cmd --quiet --zone=$FWDZ --query-forward-port=port=$SSHD_PORT:proto=tcp:toport=22; then | |
| success "Port 2022 - Forward to 22" | |
| else | |
| error "Port 2022 - Forward to 22" | |
| fi | |
| # Change default Port 2022 | |
| # if grep -qe "^Port" $SSHD_CONFIG_PATH; then | |
| # if ! grep -qe "^Port $SSHD_PORT" $SSHD_CONFIG_PATH; then | |
| # sed -i -E "s/Port [0-9]+/Port 2022/" $SSHD_CONFIG_PATH | |
| # echo "Replaced Port" | |
| # firewall-cmd --zone=public --permanent --add-forward-port=port=2022:proto=tcp:toport=22 | |
| # firewall-cmd --zone=public --permanent --add-masquerade | |
| # fire | |
| # fi | |
| # else | |
| # echo "No Port" | |
| # fi | |
| # checkSum "^Port $SSHD_PORT" "SSH Port default $SSHD_PORT" | |
| # PermitRootLogin false | |
| if grep -qe "^PermitRootLogin" $SSHD_CONFIG_PATH; then | |
| sed -i "s/PermitRootLogin .*$/PermitRootLogin $PERMIT_ROOT_LOGIN/" $SSHD_CONFIG_PATH | |
| else | |
| echo "PermitRootLogin no" >>$SSHD_CONFIG_PATH | |
| fi | |
| # Deny User root | |
| if grep -qe "^DenyUsers" $SSHD_CONFIG_PATH; then | |
| if ! grep -qe "^DenyUsers.*root" $SSHD_CONFIG_PATH; then | |
| sed -i 's/DenyUsers.*/& root/g' $SSHD_CONFIG_PATH | |
| fi | |
| else | |
| echo "DenyUsers root" >>$SSHD_CONFIG_PATH | |
| fi | |
| # Disable GSSAPIAuthentication | |
| if grep -qe "^GSSAPIAuthentication" $SSHD_CONFIG_PATH; then | |
| sed -i "s/GSSAPIAuthentication .*$/GSSAPIAuthentication no/" $SSHD_CONFIG_PATH | |
| else | |
| echo "GSSAPIAuthentication no" >>$SSHD_CONFIG_PATH | |
| fi | |
| checkSum "^DenyUsers.*root" "DenyUsers root" | |
| checkSum "^GSSAPIAuthentication no" "Disabled GSSAPIAuthentication" | |
| checkSum "^PermitRootLogin $PERMIT_ROOT_LOGIN" "PermitRootLogin $PERMIT_ROOT_LOGIN" | |
| if cat /etc/shadow | grep '^[^:]*:[^\*!]' | grep -qv "root:"; then | |
| success "Other SSH users: $(cat /etc/shadow | grep '^[^:]*:[^\*!]' | grep -v "root:" | awk -F: '{print $1}' | tr '\n' ',' | sed 's/,$//')" | |
| systemctl restart sshd | |
| else | |
| error "Warning! No other users" | |
| echo -e " \e[210;48;5;124m !!! Do not restart SSHD before add an valid ssh user !!! \e[0m | |
| Use command to check: \e[93;48;5;104m cat /etc/shadow | grep '^[^:]*:[^\*!]' | grep -qv \"root:\"\e[0m" | |
| fi | |
| # grep -e "^DenyUsers" $SSHD_CONFIG_PATH |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment