V8.00.000.2025.06.17

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
2025-06-25 10:10:41 +02:00
parent 9c19212c00
commit e8d85a39ae
134 changed files with 13933 additions and 41 deletions
--- a/source/func/3.8.3.functions_installation_setup_accounts.sh
+++ b/source/func/3.8.3.functions_installation_setup_accounts.sh
@@ -0,0 +1,131 @@
+#!/bin/bash
+# SPDX-Version: 3.0
+# SPDX-CreationInfo: 2025-02-13; WEIDNER, Marc S.; <cendev@coresecret.eu>
+# SPDX-ExternalRef: GIT https://cendev.eu/marc.weidner/CISS.2025.debian.installer.git
+# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
+# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <cendev@coresecret.eu>
+# SPDX-FileType: SOURCE
+# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
+# SPDX-LicenseComment: This file is part of the CISS.2025.hardened.installer framework.
+# SPDX-PackageName: CISS.2025.hardened.installer
+# SPDX-Security-Contact: security@coresecret.eu
+
+###########################################################################################
+# 3.8.3. Functions - installation - setup accounts                                        #
+###########################################################################################
+
+###########################################################################################
+# Updating user accounts
+# Globals:
+#   MODULE_ERR
+#   MODULE_TXT
+#   TARGET
+#   accounts_root_login
+#   accounts_root_password_crypted
+#   accounts_root_ssh_pub_key
+#   accounts_user_login
+#   accounts_user_name
+#   accounts_user_password_crypted
+#   accounts_user_ssh_pub_key
+# Arguments:
+#   None
+###########################################################################################
+3_8_3_functions_installation_setup_accounts() {
+  declare -g -x MODULE_ERR="3_8_3_functions_installation_setup_accounts"
+  declare -g -x MODULE_TXT="Setup user account"
+  do_show_header "${MODULE_TXT}"
+
+  if [[ ${accounts_root_login,,} == "true" ]]; then
+
+    do_in_target "${TARGET}" /bin/bash -c "echo 'root:${accounts_root_password_crypted}' | chpasswd -e"
+    do_log "info" "false" "Account 'root' password inserted."
+
+    if [[ ! -d ${TARGET}/root/.ssh ]]; then
+
+      mkdir "${TARGET}"/root/.ssh
+      chown root:root "${TARGET}"/root/.ssh
+      chmod 0700 "${TARGET}"/root/.ssh
+
+    else
+
+      chown root:root "${TARGET}"/root/.ssh
+      chmod 0700 "${TARGET}"/root/.ssh
+
+    fi
+
+    if [[ ! -f ${TARGET}/root/.ssh/authorized_keys ]]; then
+
+      touch "${TARGET}"/root/.ssh/authorized_keys
+      chown root:root "${TARGET}"/root/.ssh/authorized_keys
+      chmod 0600 "${TARGET}"/root/.ssh/authorized_keys
+      printf "%s\n" "$accounts_root_ssh_pub_key" >> "${TARGET}"/root/.ssh/authorized_keys
+      do_log "info" "false" "Account 'root' SSH public key '/root/.ssh/authorized_keys' inserted."
+
+    else
+
+      chown root:root "${TARGET}"/root/.ssh/authorized_keys
+      chmod 0600 "${TARGET}"/root/.ssh/authorized_keys
+      printf "%s\n" "$accounts_root_ssh_pub_key" >> "${TARGET}"/root/.ssh/authorized_keys
+      do_log "info" "false" "Account 'root' SSH public key '/root/.ssh/authorized_keys' inserted."
+
+    fi
+
+
+  elif [[ ${accounts_root_login,,} == "false" ]]; then
+
+    do_log "info" "false" "Skipped creation of 'root' password."
+
+  else
+
+    do_log "error" "true" "Invalid value for 'accounts_root_login': '${accounts_root_login}'. Expected value: 'true' or 'false'."
+
+  fi
+
+  if [[ ${accounts_user_login,,} == "true" ]]; then
+
+    echo "${accounts_user_name}:${accounts_user_password_crypted}" | chpasswd -e
+    do_log "info" "false" "Account '${accounts_user_name}' password inserted."
+
+    if [[ ! -d ${TARGET}/home/${accounts_user_name}/.ssh ]]; then
+
+      mkdir "${TARGET}"/home/"${accounts_user_name}"/.ssh
+      chown "${accounts_user_name}":"${accounts_user_name}" "${TARGET}"/home/"${accounts_user_name}"/.ssh
+      chmod 0700 "${TARGET}"/home/"${accounts_user_name}"/.ssh
+
+    else
+
+      chown "${accounts_user_name}":"${accounts_user_name}" "${TARGET}"/home/"${accounts_user_name}"/.ssh
+      chmod 0700 "${TARGET}"/home/"${accounts_user_name}"/.ssh
+
+    fi
+
+    if [[ ! -f ${TARGET}/home/${accounts_user_name}/.ssh/authorized_keys ]]; then
+
+      touch "${TARGET}"/home/"${accounts_user_name}"/.ssh/authorized_keys
+      chown "${accounts_user_name}":"${accounts_user_name}" "${TARGET}"/home/"${accounts_user_name}"/.ssh/authorized_keys
+      chmod 0600 "${TARGET}"/home/"${accounts_user_name}"/.ssh/authorized_keys
+      printf "%s\n" "$accounts_user_ssh_pub_key" >> "${TARGET}"/home/"${accounts_user_name}"/.ssh/authorized_keys
+      do_log "info" "false" "Account '${accounts_user_name}' SSH public key '${TARGET}/home/${accounts_user_name}/.ssh/authorized_keys' inserted."
+
+    else
+
+      chown "${accounts_user_name}":"${accounts_user_name}" "${TARGET}"/home/"${accounts_user_name}"/.ssh/authorized_keys
+      chmod 0600 "${TARGET}"/home/"${accounts_user_name}"/.ssh/authorized_keys
+      printf "%s\n" "$accounts_user_ssh_pub_key" >> "${TARGET}"/home/"${accounts_user_name}"/.ssh/authorized_keys
+      do_log "info" "false" "Account '${accounts_user_name}' SSH public key '${TARGET}/home/${accounts_user_name}/.ssh/authorized_keys' inserted."
+
+    fi
+
+  elif [[ ${accounts_user_login,,} == "false" ]]; then
+
+    do_log "info" "false" "Skipped creation of account '${accounts_user_name}'."
+
+  else
+
+    do_log "error" "true" "Invalid value for 'accounts_user_login': '${accounts_user_login}'. Expected 'true' or 'false'."
+
+  fi
+
+  do_show_footer "${MODULE_TXT}"
+}
+# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh: