richbruce/server_setup.sh

## server_setup.sh
#!/bin/bash
# -x used to show output

# create functions --------------------------------------------------------------------------------
function readCredentials() {
    # Needs at least one extra line at the bottom of the
    # file below the last desired line to read correctly

    while IFS=: read -r key value
    do
        if [[ "$key" == "ipaddress"* ]]; then
            IPADDRESS="$value"
        fi

        if [[ "$key" == "rootpassword"* ]]; then
            ROOTPASS="$value"
        fi

        if [[ "$key" == "hostname"* ]]; then
            HOST_NAME="$value"
        fi

        if [[ "$key" == "username"* ]]; then
            USER_NAME="$value"
        fi

        if [[ "$key" == "userpassword"* ]]; then
            USER_PASSWORD="$value"
        fi
    done < ./credentials.txt
}


function set_user() {
# region
cat >> 1_set_user.exp << EOT
#!/usr/bin/expect -f
set timeout -1

spawn ssh root@$IPADDRESS

expect "password"
send "$ROOTPASS\r"

expect ":~# "
send "apt update && apt upgrade -y\r"

expect ":~# "
send "hostnamectl set-hostname $HOST_NAME\r"

expect ":~# "
send "sed -i '2i$IPADDRESS $HOST_NAME' /etc/hosts\r"

expect ":~# "
send "adduser $USER_NAME\r"

expect "Enter new UNIX password: "
send "$USER_PASSWORD\r"

expect "Retype new UNIX password: "
send "$USER_PASSWORD\r"

expect "Full Name"
send "\r"
expect "Room"
send "\r"
expect "Phone"
send "\r"
expect "Phone"
send "\r"
expect "Other"
send "\r"
expect "Is the information correct?"
send "y\r"

expect ":~# "
send "adduser $USER_NAME sudo\r"

expect ":~# "
send "echo '########## 1st is ENDING #####################################################################'\r"

expect ":~# "
send "exit\r"
EOT
# endregion
}


function make_user_ssh_dir() {
# region
cat >> 2_make_user_ssh_dir.exp << EOT
#!/usr/bin/expect -f
set timeout -1

spawn ssh $USER_NAME@$IPADDRESS

expect "password"
send "$USER_PASSWORD\r"

expect "$HOST_NAME"
send "mkdir .ssh\r"

expect "$HOST_NAME"
send "echo '########## 2nd is ENDING #####################################################################'\r"

expect "$HOST_NAME"
send "exit\r"
EOT
# endregion
}


function copy_ssh_key_to_server(){
# region
cat >> 3_copy_ssh_key_to_server.exp << EOT
#!/usr/bin/expect -f
set timeout -1

spawn bash

expect "bash"
send "scp ~/.ssh/id_rsa.pub $USER_NAME@$IPADDRESS:~/.ssh/authorized_keys\r"

expect "password"
send "$USER_PASSWORD\r"

expect "bash"
send "pwd\r"

expect "bash"
send "echo '########## 3rd is ENDING #####################################################################'\r"

expect "bash"
send "exit\r"

EOT
# endregion
}


function change_permissions(){
# region
cat >> 4_change_permissions.exp << EOT
#!/usr/bin/expect -f
set timeout -1

spawn ssh $USER_NAME@$IPADDRESS

expect "$HOST_NAME"
send "sudo chmod 700 ~/.ssh/\r"

expect "password"
send "$USER_PASSWORD\r"

expect "$HOST_NAME"
send "sudo chmod 600 ~/.ssh/*\r"

expect "$HOST_NAME"
send "echo '########## 4th is ENDING #####################################################################'\r"

expect "$HOST_NAME"
send "exit\r"

EOT
# endregion
}


function disable_root_login(){
# region
cat >> 5_disable_root_login.exp << EOT
#!/usr/bin/expect -f
set timeout -1

spawn ssh $USER_NAME@$IPADDRESS

expect "$HOST_NAME"
send "sudo sed -i 's/PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config\r"

expect "password"
send "$USER_PASSWORD\r"

expect "$HOST_NAME"
send "sudo sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config\r"

expect "$HOST_NAME"
send "sudo systemctl restart sshd\r"

expect "$HOST_NAME"
send "echo '########## 5th is ENDING #####################################################################'\r"

expect "$HOST_NAME"
send "exit\r"
EOT
# endregion
}


function firewall_setup(){
# region
cat >> 6_firewall_setup.exp << EOT
#!/usr/bin/expect -f
set timeout -1

spawn ssh $USER_NAME@$IPADDRESS

expect "$HOST_NAME"
send "sudo apt install ufw\r"

expect "password"
send "$USER_PASSWORD\r"

expect "$HOST_NAME"
send "sudo ufw default allow outgoing\r"

expect "$HOST_NAME"
send "sudo ufw default deny incoming\r"

expect "$HOST_NAME"
send "sudo ufw allow ssh\r"

expect "$HOST_NAME"
send "sudo ufw allow http/tcp\r"

expect "$HOST_NAME"
send "sudo ufw allow 2376/tcp\r"

expect "$HOST_NAME"
send "sudo ufw allow 2377/tcp\r"

expect "$HOST_NAME"
send "sudo ufw allow 7946/tcp\r"

expect "$HOST_NAME"
send "sudo ufw allow 7946/udp\r"

expect "$HOST_NAME"
send "sudo ufw allow 4789/udp\r"

expect "$HOST_NAME"
send "sudo ufw enable\r"

expect "Proceed"
send "y\r"

expect "$HOST_NAME"
send "sudo ufw status\r"

expect "$HOST_NAME"
send "echo '########## 6th is ENDING #####################################################################'\r"

expect "$HOST_NAME"
send "exit\r"
EOT
# endregion
}


# # call functions --------------------------------------------------------------------------------
readCredentials

# # create expect scripts
set_user
make_user_ssh_dir
copy_ssh_key_to_server
change_permissions
disable_root_login
firewall_setup

# # change .exp permissions -----------------------------------------------------------------------
chmod +x 1_set_user.exp
chmod +x 2_make_user_ssh_dir.exp
chmod +x 3_copy_ssh_key_to_server.exp
chmod +x 4_change_permissions.exp
chmod +x 5_disable_root_login.exp
chmod +x 6_firewall_setup.exp

# # call expect script ----------------------------------------------------------------------------
echo "\n\n####################### 1st IS STARTING #######################"
./1_set_user.exp
echo "\n\n####################### 1st IS DONE ###########################\n#\n#"
sleep 2
echo "\n\n####################### 2nd IS STARTING #######################"
./2_make_user_ssh_dir.exp
echo "\n\n####################### 2nd IS DONE ###########################\n#\n#"
sleep 2
echo "\n\n####################### 3rd IS STARTING #######################"
./3_copy_ssh_key_to_server.exp
echo "\n\n####################### 3rd IS DONE ###########################\n#\n#"
sleep 2
echo "\n\n####################### 4th IS STARTING #######################"
./4_change_permissions.exp
echo "\n\n####################### 4th IS DONE ###########################\n#\n#"
sleep 2
echo "\n\n####################### 5th IS STARTING #######################"
./5_disable_root_login.exp
echo "\n\n####################### 5th IS DONE ###########################\n#\n#"
echo "sleeping for 10"
sleep 10
echo "\n\n####################### 6th IS STARTING #######################"
./6_firewall_setup.exp
echo "\n\n####################### 6th IS DONE #######################"

# # # remove .exp's ---------------------------------------------------------------------------------
rm 1_set_user.exp
rm 2_make_user_ssh_dir.exp
rm 3_copy_ssh_key_to_server.exp
rm 4_change_permissions.exp
rm 5_disable_root_login.exp
rm 6_firewall_setup.exp
	#!/bin/bash
	# -x used to show output

	# create functions --------------------------------------------------------------------------------
	function readCredentials() {
	# Needs at least one extra line at the bottom of the
	# file below the last desired line to read correctly

	while IFS=: read -r key value
	do
	if [[ "$key" == "ipaddress"* ]]; then
	IPADDRESS="$value"
	fi

	if [[ "$key" == "rootpassword"* ]]; then
	ROOTPASS="$value"
	fi

	if [[ "$key" == "hostname"* ]]; then
	HOST_NAME="$value"
	fi

	if [[ "$key" == "username"* ]]; then
	USER_NAME="$value"
	fi

	if [[ "$key" == "userpassword"* ]]; then
	USER_PASSWORD="$value"
	fi
	done < ./credentials.txt
	}


	function set_user() {
	# region
	cat >> 1_set_user.exp << EOT
	#!/usr/bin/expect -f
	set timeout -1

	spawn ssh root@$IPADDRESS

	expect "password"
	send "$ROOTPASS\r"

	expect ":~# "
	send "apt update && apt upgrade -y\r"

	expect ":~# "
	send "hostnamectl set-hostname $HOST_NAME\r"

	expect ":~# "
	send "sed -i '2i$IPADDRESS $HOST_NAME' /etc/hosts\r"

	expect ":~# "
	send "adduser $USER_NAME\r"

	expect "Enter new UNIX password: "
	send "$USER_PASSWORD\r"

	expect "Retype new UNIX password: "
	send "$USER_PASSWORD\r"

	expect "Full Name"
	send "\r"
	expect "Room"
	send "\r"
	expect "Phone"
	send "\r"
	expect "Phone"
	send "\r"
	expect "Other"
	send "\r"
	expect "Is the information correct?"
	send "y\r"

	expect ":~# "
	send "adduser $USER_NAME sudo\r"

	expect ":~# "
	send "echo '########## 1st is ENDING #####################################################################'\r"

	expect ":~# "
	send "exit\r"
	EOT
	# endregion
	}


	function make_user_ssh_dir() {
	# region
	cat >> 2_make_user_ssh_dir.exp << EOT
	#!/usr/bin/expect -f
	set timeout -1

	spawn ssh $USER_NAME@$IPADDRESS

	expect "password"
	send "$USER_PASSWORD\r"

	expect "$HOST_NAME"
	send "mkdir .ssh\r"

	expect "$HOST_NAME"
	send "echo '########## 2nd is ENDING #####################################################################'\r"

	expect "$HOST_NAME"
	send "exit\r"
	EOT
	# endregion
	}


	function copy_ssh_key_to_server(){
	# region
	cat >> 3_copy_ssh_key_to_server.exp << EOT
	#!/usr/bin/expect -f
	set timeout -1

	spawn bash

	expect "bash"
	send "scp ~/.ssh/id_rsa.pub $USER_NAME@$IPADDRESS:~/.ssh/authorized_keys\r"

	expect "password"
	send "$USER_PASSWORD\r"

	expect "bash"
	send "pwd\r"

	expect "bash"
	send "echo '########## 3rd is ENDING #####################################################################'\r"

	expect "bash"
	send "exit\r"

	EOT
	# endregion
	}


	function change_permissions(){
	# region
	cat >> 4_change_permissions.exp << EOT
	#!/usr/bin/expect -f
	set timeout -1

	spawn ssh $USER_NAME@$IPADDRESS

	expect "$HOST_NAME"
	send "sudo chmod 700 ~/.ssh/\r"

	expect "password"
	send "$USER_PASSWORD\r"

	expect "$HOST_NAME"
	send "sudo chmod 600 ~/.ssh/*\r"

	expect "$HOST_NAME"
	send "echo '########## 4th is ENDING #####################################################################'\r"

	expect "$HOST_NAME"
	send "exit\r"

	EOT
	# endregion
	}


	function disable_root_login(){
	# region
	cat >> 5_disable_root_login.exp << EOT
	#!/usr/bin/expect -f
	set timeout -1

	spawn ssh $USER_NAME@$IPADDRESS

	expect "$HOST_NAME"
	send "sudo sed -i 's/PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config\r"

	expect "password"
	send "$USER_PASSWORD\r"

	expect "$HOST_NAME"
	send "sudo sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config\r"

	expect "$HOST_NAME"
	send "sudo systemctl restart sshd\r"

	expect "$HOST_NAME"
	send "echo '########## 5th is ENDING #####################################################################'\r"

	expect "$HOST_NAME"
	send "exit\r"
	EOT
	# endregion
	}



	function firewall_setup(){
	# region
	cat >> 6_firewall_setup.exp << EOT
	#!/usr/bin/expect -f
	set timeout -1

	spawn ssh $USER_NAME@$IPADDRESS

	expect "$HOST_NAME"
	send "sudo apt install ufw\r"

	expect "password"
	send "$USER_PASSWORD\r"

	expect "$HOST_NAME"
	send "sudo ufw default allow outgoing\r"

	expect "$HOST_NAME"
	send "sudo ufw default deny incoming\r"

	expect "$HOST_NAME"
	send "sudo ufw allow ssh\r"

	expect "$HOST_NAME"
	send "sudo ufw allow http/tcp\r"

	expect "$HOST_NAME"
	send "sudo ufw allow 2376/tcp\r"

	expect "$HOST_NAME"
	send "sudo ufw allow 2377/tcp\r"

	expect "$HOST_NAME"
	send "sudo ufw allow 7946/tcp\r"

	expect "$HOST_NAME"
	send "sudo ufw allow 7946/udp\r"

	expect "$HOST_NAME"
	send "sudo ufw allow 4789/udp\r"

	expect "$HOST_NAME"
	send "sudo ufw enable\r"

	expect "Proceed"
	send "y\r"

	expect "$HOST_NAME"
	send "sudo ufw status\r"

	expect "$HOST_NAME"
	send "echo '########## 6th is ENDING #####################################################################'\r"

	expect "$HOST_NAME"
	send "exit\r"
	EOT
	# endregion
	}




	# # call functions --------------------------------------------------------------------------------
	readCredentials

	# # create expect scripts
	set_user
	make_user_ssh_dir
	copy_ssh_key_to_server
	change_permissions
	disable_root_login
	firewall_setup

	# # change .exp permissions -----------------------------------------------------------------------
	chmod +x 1_set_user.exp
	chmod +x 2_make_user_ssh_dir.exp
	chmod +x 3_copy_ssh_key_to_server.exp
	chmod +x 4_change_permissions.exp
	chmod +x 5_disable_root_login.exp
	chmod +x 6_firewall_setup.exp

	# # call expect script ----------------------------------------------------------------------------
	echo "\n\n####################### 1st IS STARTING #######################"
	./1_set_user.exp
	echo "\n\n####################### 1st IS DONE ###########################\n#\n#"
	sleep 2
	echo "\n\n####################### 2nd IS STARTING #######################"
	./2_make_user_ssh_dir.exp
	echo "\n\n####################### 2nd IS DONE ###########################\n#\n#"
	sleep 2
	echo "\n\n####################### 3rd IS STARTING #######################"
	./3_copy_ssh_key_to_server.exp
	echo "\n\n####################### 3rd IS DONE ###########################\n#\n#"
	sleep 2
	echo "\n\n####################### 4th IS STARTING #######################"
	./4_change_permissions.exp
	echo "\n\n####################### 4th IS DONE ###########################\n#\n#"
	sleep 2
	echo "\n\n####################### 5th IS STARTING #######################"
	./5_disable_root_login.exp
	echo "\n\n####################### 5th IS DONE ###########################\n#\n#"
	echo "sleeping for 10"
	sleep 10
	echo "\n\n####################### 6th IS STARTING #######################"
	./6_firewall_setup.exp
	echo "\n\n####################### 6th IS DONE #######################"

	# # # remove .exp's ---------------------------------------------------------------------------------
	rm 1_set_user.exp
	rm 2_make_user_ssh_dir.exp
	rm 3_copy_ssh_key_to_server.exp
	rm 4_change_permissions.exp
	rm 5_disable_root_login.exp
	rm 6_firewall_setup.exp