Created
September 19, 2020 17:42
-
-
Save richbruce/c83664d9468583bc7be2a13403b8945d to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# -x used to show output | |
# create functions -------------------------------------------------------------------------------- | |
function readCredentials() { | |
# Needs at least one extra line at the bottom of the | |
# file below the last desired line to read correctly | |
while IFS=: read -r key value | |
do | |
if [[ "$key" == "ipaddress"* ]]; then | |
IPADDRESS="$value" | |
fi | |
if [[ "$key" == "rootpassword"* ]]; then | |
ROOTPASS="$value" | |
fi | |
if [[ "$key" == "hostname"* ]]; then | |
HOST_NAME="$value" | |
fi | |
if [[ "$key" == "username"* ]]; then | |
USER_NAME="$value" | |
fi | |
if [[ "$key" == "userpassword"* ]]; then | |
USER_PASSWORD="$value" | |
fi | |
done < ./credentials.txt | |
} | |
function set_user() { | |
# region | |
cat >> 1_set_user.exp << EOT | |
#!/usr/bin/expect -f | |
set timeout -1 | |
spawn ssh root@$IPADDRESS | |
expect "password" | |
send "$ROOTPASS\r" | |
expect ":~# " | |
send "apt update && apt upgrade -y\r" | |
expect ":~# " | |
send "hostnamectl set-hostname $HOST_NAME\r" | |
expect ":~# " | |
send "sed -i '2i$IPADDRESS $HOST_NAME' /etc/hosts\r" | |
expect ":~# " | |
send "adduser $USER_NAME\r" | |
expect "Enter new UNIX password: " | |
send "$USER_PASSWORD\r" | |
expect "Retype new UNIX password: " | |
send "$USER_PASSWORD\r" | |
expect "Full Name" | |
send "\r" | |
expect "Room" | |
send "\r" | |
expect "Phone" | |
send "\r" | |
expect "Phone" | |
send "\r" | |
expect "Other" | |
send "\r" | |
expect "Is the information correct?" | |
send "y\r" | |
expect ":~# " | |
send "adduser $USER_NAME sudo\r" | |
expect ":~# " | |
send "echo '########## 1st is ENDING #####################################################################'\r" | |
expect ":~# " | |
send "exit\r" | |
EOT | |
# endregion | |
} | |
function make_user_ssh_dir() { | |
# region | |
cat >> 2_make_user_ssh_dir.exp << EOT | |
#!/usr/bin/expect -f | |
set timeout -1 | |
spawn ssh $USER_NAME@$IPADDRESS | |
expect "password" | |
send "$USER_PASSWORD\r" | |
expect "$HOST_NAME" | |
send "mkdir .ssh\r" | |
expect "$HOST_NAME" | |
send "echo '########## 2nd is ENDING #####################################################################'\r" | |
expect "$HOST_NAME" | |
send "exit\r" | |
EOT | |
# endregion | |
} | |
function copy_ssh_key_to_server(){ | |
# region | |
cat >> 3_copy_ssh_key_to_server.exp << EOT | |
#!/usr/bin/expect -f | |
set timeout -1 | |
spawn bash | |
expect "bash" | |
send "scp ~/.ssh/id_rsa.pub $USER_NAME@$IPADDRESS:~/.ssh/authorized_keys\r" | |
expect "password" | |
send "$USER_PASSWORD\r" | |
expect "bash" | |
send "pwd\r" | |
expect "bash" | |
send "echo '########## 3rd is ENDING #####################################################################'\r" | |
expect "bash" | |
send "exit\r" | |
EOT | |
# endregion | |
} | |
function change_permissions(){ | |
# region | |
cat >> 4_change_permissions.exp << EOT | |
#!/usr/bin/expect -f | |
set timeout -1 | |
spawn ssh $USER_NAME@$IPADDRESS | |
expect "$HOST_NAME" | |
send "sudo chmod 700 ~/.ssh/\r" | |
expect "password" | |
send "$USER_PASSWORD\r" | |
expect "$HOST_NAME" | |
send "sudo chmod 600 ~/.ssh/*\r" | |
expect "$HOST_NAME" | |
send "echo '########## 4th is ENDING #####################################################################'\r" | |
expect "$HOST_NAME" | |
send "exit\r" | |
EOT | |
# endregion | |
} | |
function disable_root_login(){ | |
# region | |
cat >> 5_disable_root_login.exp << EOT | |
#!/usr/bin/expect -f | |
set timeout -1 | |
spawn ssh $USER_NAME@$IPADDRESS | |
expect "$HOST_NAME" | |
send "sudo sed -i 's/PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config\r" | |
expect "password" | |
send "$USER_PASSWORD\r" | |
expect "$HOST_NAME" | |
send "sudo sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config\r" | |
expect "$HOST_NAME" | |
send "sudo systemctl restart sshd\r" | |
expect "$HOST_NAME" | |
send "echo '########## 5th is ENDING #####################################################################'\r" | |
expect "$HOST_NAME" | |
send "exit\r" | |
EOT | |
# endregion | |
} | |
function firewall_setup(){ | |
# region | |
cat >> 6_firewall_setup.exp << EOT | |
#!/usr/bin/expect -f | |
set timeout -1 | |
spawn ssh $USER_NAME@$IPADDRESS | |
expect "$HOST_NAME" | |
send "sudo apt install ufw\r" | |
expect "password" | |
send "$USER_PASSWORD\r" | |
expect "$HOST_NAME" | |
send "sudo ufw default allow outgoing\r" | |
expect "$HOST_NAME" | |
send "sudo ufw default deny incoming\r" | |
expect "$HOST_NAME" | |
send "sudo ufw allow ssh\r" | |
expect "$HOST_NAME" | |
send "sudo ufw allow http/tcp\r" | |
expect "$HOST_NAME" | |
send "sudo ufw allow 2376/tcp\r" | |
expect "$HOST_NAME" | |
send "sudo ufw allow 2377/tcp\r" | |
expect "$HOST_NAME" | |
send "sudo ufw allow 7946/tcp\r" | |
expect "$HOST_NAME" | |
send "sudo ufw allow 7946/udp\r" | |
expect "$HOST_NAME" | |
send "sudo ufw allow 4789/udp\r" | |
expect "$HOST_NAME" | |
send "sudo ufw enable\r" | |
expect "Proceed" | |
send "y\r" | |
expect "$HOST_NAME" | |
send "sudo ufw status\r" | |
expect "$HOST_NAME" | |
send "echo '########## 6th is ENDING #####################################################################'\r" | |
expect "$HOST_NAME" | |
send "exit\r" | |
EOT | |
# endregion | |
} | |
# # call functions -------------------------------------------------------------------------------- | |
readCredentials | |
# # create expect scripts | |
set_user | |
make_user_ssh_dir | |
copy_ssh_key_to_server | |
change_permissions | |
disable_root_login | |
firewall_setup | |
# # change .exp permissions ----------------------------------------------------------------------- | |
chmod +x 1_set_user.exp | |
chmod +x 2_make_user_ssh_dir.exp | |
chmod +x 3_copy_ssh_key_to_server.exp | |
chmod +x 4_change_permissions.exp | |
chmod +x 5_disable_root_login.exp | |
chmod +x 6_firewall_setup.exp | |
# # call expect script ---------------------------------------------------------------------------- | |
echo "\n\n####################### 1st IS STARTING #######################" | |
./1_set_user.exp | |
echo "\n\n####################### 1st IS DONE ###########################\n#\n#" | |
sleep 2 | |
echo "\n\n####################### 2nd IS STARTING #######################" | |
./2_make_user_ssh_dir.exp | |
echo "\n\n####################### 2nd IS DONE ###########################\n#\n#" | |
sleep 2 | |
echo "\n\n####################### 3rd IS STARTING #######################" | |
./3_copy_ssh_key_to_server.exp | |
echo "\n\n####################### 3rd IS DONE ###########################\n#\n#" | |
sleep 2 | |
echo "\n\n####################### 4th IS STARTING #######################" | |
./4_change_permissions.exp | |
echo "\n\n####################### 4th IS DONE ###########################\n#\n#" | |
sleep 2 | |
echo "\n\n####################### 5th IS STARTING #######################" | |
./5_disable_root_login.exp | |
echo "\n\n####################### 5th IS DONE ###########################\n#\n#" | |
echo "sleeping for 10" | |
sleep 10 | |
echo "\n\n####################### 6th IS STARTING #######################" | |
./6_firewall_setup.exp | |
echo "\n\n####################### 6th IS DONE #######################" | |
# # # remove .exp's --------------------------------------------------------------------------------- | |
rm 1_set_user.exp | |
rm 2_make_user_ssh_dir.exp | |
rm 3_copy_ssh_key_to_server.exp | |
rm 4_change_permissions.exp | |
rm 5_disable_root_login.exp | |
rm 6_firewall_setup.exp |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment