Skip to content

Instantly share code, notes, and snippets.

@prafulbagai prafulbagai/secure.sh
Last active Mar 26, 2017

Embed
What would you like to do?
secure your CentOS machine
#!/bin/bash
# Script to add a user to Linux system
if [ $(id -u) -eq 0 ]; then
# If user & pass not provided in command line arguments, then ask.
if [[ -z "$1" && -z "$2" ]]; then
read -p "Enter username : " username
read -s -p "Enter password : " password
else
username="$1"
password="$2"
fi
egrep "^$username" /etc/passwd >/dev/null
if [ $? -eq 0 ]; then
echo "$username exists!"
exit 1
else
pass=$(perl -e 'print crypt($ARGV[0], "password")' $password)
useradd -m -p $pass $username
[ $? -eq 0 ] && echo "User has been added to system!" || echo "Failed to add a user!"
fi
else
echo "Only root may add a user to the system"
exit 2
fi
# adding user to sudoers list
echo $username" ALL=(ALL) ALL" >> /etc/sudoers
# Configuring ssh file. Removing root login, allowing only the user to login etc.
sed -i 's/Port 22/Port 17576 /' /etc/ssh/sshd_config
sed -i '0,/.*PermitRootLogin.*/s//PermitRootLogin no /' /etc/ssh/sshd_config
sed -i '0,/.*PasswordAuthentication.*/s//PasswordAuthentication no /' /etc/ssh/sshd_config
echo "AllowUsers "$username >> /etc/ssh/sshd_config
echo "service sshd restart"
# Blocking ssh from other IPs.
echo "sudo iptables -A INPUT -p tcp -s 180.151.30.100 --dport 17576 -j ACCEPT"
echo "sudo iptables -A INPUT -p tcp -s 180.151.30.99 --dport 17576 -j ACCEPT"
echo "sudo iptables -A INPUT -p tcp --dport 22 -j DROP"
echo "sudo iptables -A INPUT -p tcp --dport 17576 -j DROP"
echo "sudo iptables-save"
echo "service sshd restart"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.