msw/CISS.debian.installer
SHA256
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
81bcb407fdf9f52552d447482130ce1bd3aefcf010c2bbc48bcd92ca782e845a
CISS.debian.installer/source/func/3.8.3.functions_installation_setup_accounts.sh
Marc S. Weidner e8d85a39ae
All checks were successful
🛡️ Retrieve DNSSEC status of coresecret.dev. / 🛡️ Retrieve DNSSEC status of coresecret.dev. (push) Successful in 34s
Details
🔁 Render Graphviz Diagrams. / 🔁 Render Graphviz Diagrams. (push) Successful in 24s
Details
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m35s
Details
V8.00.000.2025.06.17 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
2025-06-25 10:10:41 +02:00

132 lines
5.1 KiB
Bash
Raw Blame History

#!/bin/bash
# SPDX-Version: 3.0
# SPDX-CreationInfo: 2025-02-13; WEIDNER, Marc S.; <cendev@coresecret.eu>
# SPDX-ExternalRef: GIT https://cendev.eu/marc.weidner/CISS.2025.debian.installer.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <cendev@coresecret.eu>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.2025.hardened.installer framework.
# SPDX-PackageName: CISS.2025.hardened.installer
# SPDX-Security-Contact: security@coresecret.eu
###########################################################################################
# 3.8.3. Functions - installation - setup accounts #
###########################################################################################
###########################################################################################
# Updating user accounts
# Globals:
# MODULE_ERR
# MODULE_TXT
# TARGET
# accounts_root_login
# accounts_root_password_crypted
# accounts_root_ssh_pub_key
# accounts_user_login
# accounts_user_name
# accounts_user_password_crypted
# accounts_user_ssh_pub_key
# Arguments:
# None
###########################################################################################
3_8_3_functions_installation_setup_accounts() {
declare -g -x MODULE_ERR="3_8_3_functions_installation_setup_accounts"
declare -g -x MODULE_TXT="Setup user account"
do_show_header "${MODULE_TXT}"
if [[ ${accounts_root_login,,} == "true" ]]; then
do_in_target "${TARGET}" /bin/bash -c "echo 'root:${accounts_root_password_crypted}' | chpasswd -e"
do_log "info" "false" "Account 'root' password inserted."
if [[ ! -d ${TARGET}/root/.ssh ]]; then
mkdir "${TARGET}"/root/.ssh
chown root:root "${TARGET}"/root/.ssh
chmod 0700 "${TARGET}"/root/.ssh
else
chown root:root "${TARGET}"/root/.ssh
chmod 0700 "${TARGET}"/root/.ssh
fi
if [[ ! -f ${TARGET}/root/.ssh/authorized_keys ]]; then
touch "${TARGET}"/root/.ssh/authorized_keys
chown root:root "${TARGET}"/root/.ssh/authorized_keys
chmod 0600 "${TARGET}"/root/.ssh/authorized_keys
printf "%s\n" "$accounts_root_ssh_pub_key" >> "${TARGET}"/root/.ssh/authorized_keys
do_log "info" "false" "Account 'root' SSH public key '/root/.ssh/authorized_keys' inserted."
else
chown root:root "${TARGET}"/root/.ssh/authorized_keys
chmod 0600 "${TARGET}"/root/.ssh/authorized_keys
printf "%s\n" "$accounts_root_ssh_pub_key" >> "${TARGET}"/root/.ssh/authorized_keys
do_log "info" "false" "Account 'root' SSH public key '/root/.ssh/authorized_keys' inserted."
fi
elif [[ ${accounts_root_login,,} == "false" ]]; then
do_log "info" "false" "Skipped creation of 'root' password."
else
do_log "error" "true" "Invalid value for 'accounts_root_login': '${accounts_root_login}'. Expected value: 'true' or 'false'."
fi
if [[ ${accounts_user_login,,} == "true" ]]; then
echo "${accounts_user_name}:${accounts_user_password_crypted}" | chpasswd -e
do_log "info" "false" "Account '${accounts_user_name}' password inserted."
if [[ ! -d ${TARGET}/home/${accounts_user_name}/.ssh ]]; then
mkdir "${TARGET}"/home/"${accounts_user_name}"/.ssh
chown "${accounts_user_name}":"${accounts_user_name}" "${TARGET}"/home/"${accounts_user_name}"/.ssh
chmod 0700 "${TARGET}"/home/"${accounts_user_name}"/.ssh
else
chown "${accounts_user_name}":"${accounts_user_name}" "${TARGET}"/home/"${accounts_user_name}"/.ssh
chmod 0700 "${TARGET}"/home/"${accounts_user_name}"/.ssh
fi
if [[ ! -f ${TARGET}/home/${accounts_user_name}/.ssh/authorized_keys ]]; then
touch "${TARGET}"/home/"${accounts_user_name}"/.ssh/authorized_keys
chown "${accounts_user_name}":"${accounts_user_name}" "${TARGET}"/home/"${accounts_user_name}"/.ssh/authorized_keys
chmod 0600 "${TARGET}"/home/"${accounts_user_name}"/.ssh/authorized_keys
printf "%s\n" "$accounts_user_ssh_pub_key" >> "${TARGET}"/home/"${accounts_user_name}"/.ssh/authorized_keys
do_log "info" "false" "Account '${accounts_user_name}' SSH public key '${TARGET}/home/${accounts_user_name}/.ssh/authorized_keys' inserted."
else
chown "${accounts_user_name}":"${accounts_user_name}" "${TARGET}"/home/"${accounts_user_name}"/.ssh/authorized_keys
chmod 0600 "${TARGET}"/home/"${accounts_user_name}"/.ssh/authorized_keys
printf "%s\n" "$accounts_user_ssh_pub_key" >> "${TARGET}"/home/"${accounts_user_name}"/.ssh/authorized_keys
do_log "info" "false" "Account '${accounts_user_name}' SSH public key '${TARGET}/home/${accounts_user_name}/.ssh/authorized_keys' inserted."
fi
elif [[ ${accounts_user_login,,} == "false" ]]; then
do_log "info" "false" "Skipped creation of account '${accounts_user_name}'."
else
do_log "error" "true" "Invalid value for 'accounts_user_login': '${accounts_user_login}'. Expected 'true' or 'false'."
fi
do_show_footer "${MODULE_TXT}"
}
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh:
Reference in New Issue View Git Blame Copy Permalink