#!/bin/bash # Copyright Atomicorp, 2015 # License: Commercial. Unauthorized redistribution prohibited. # Basic install key routine VERSION="1.0-S" export LANG=C echo echo "Atomicorp Enterprise Key installer: v$VERSION" echo ROOT_UID="0" #Check if run as root if [ "$UID" -ne "$ROOT_UID" ] ; then echo "You must be root to run this program. Do not run this progam via sudo." exit 1 fi # Prereq if /usr/bin/lsattr /etc/sudoers | grep -q "\-i"; then echo echo "Error: /etc/sudoers is immutable. Installer cannot continue." echo exit 1 fi # Do a root login check, if it works we'll add this to root # If not, we create the atomic account, and use that echo -n "Checking for login type: " if ! grep -q "^PermitRootLogin no" /etc/ssh/sshd_config ; then # root allowed USER=root else USER=atomic fi if egrep -q "^(DenyUsers|DenyGroups).*root" /etc/ssh/sshd_config ; then USER=atomic fi if egrep -q "^AllowUsers" /etc/ssh/sshd_config ; then USER=atomic echo "AllowUsers atomic@70.184.242.83 atomic@71.166.159.247" >> /etc/ssh/sshd_config service sshd reload > /dev/null 2>&1 fi if [ "$USER" == "root" ]; then echo "root allowed" HOME=/root else echo "root denied" echo -n "Checking atomic user: " HOME=/home/atomic # check for user, add if it doesnt exist if ! egrep -q ^atomic: /etc/passwd ; then echo "not found, creating" if grep atomic /etc/group; then /usr/sbin/useradd -c "Atomicorp Support" atomic -g atomic >/dev/null 2>&1 else /usr/sbin/useradd -c "Atomicorp Support" atomic >/dev/null 2>&1 fi /usr/bin/passwd -uf atomic else echo "found" fi # check for group, add it if it doesnt exist if ! egrep -q ^atomic: /etc/group ; then echo "atomic group not found, creating" /usr/sbin/groupadd atomic > /dev/null 2>&1 else echo "atomic group found" fi if grep -q ^AllowUsers /etc/ssh/sshd_config ; then echo "AllowUsers configuration detected." echo "AllowUsers atomic ">> /etc/ssh/sshd_config /etc/init.d/sshd restart fi # check to see if user is in wheel group echo -n "Checking for atomic in wheel group: " if ! grep -q ^wheel.*atomic /etc/group ; then echo "not found, adding" /usr/sbin/usermod -G wheel`groups atomic | awk -F: '{print $2}' |sed 's/ /,/g'` atomic >/dev/null 2>&1 else echo "found" fi # update sudo to allow nopasswd for wheel group users rpm --quiet -q sudo || yum -y install sudo rpm --quiet -q vim-enhanced || yum -y install vim-enhanced echo -n "Checking sudo configuration: " if ! grep -q ^%wheel.*NOPASSWD.*ALL /etc/sudoers ; then echo "wheel not allowed, adding" echo "%wheel ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers if [ $? -ne 0 ]; then echo echo "Error: Wheel group could not be added to /etc/sudoers" echo " You will need to resolve this and run the key installer again" echo exit 1 fi else echo "wheel found" fi fi # rough check here, ran into a system with bad perms echo -n "Verifying permissions on $HOME: " chown $USER.$USER $HOME echo "done" # cd to home cd $HOME # check for .ssh dir echo -n "Checking for $HOME/.ssh dir: " if [ ! -d .ssh ]; then echo "not found, creating" mkdir -p .ssh else echo "found" fi cd .ssh echo -n "Downloading https://www.atomicorp.com/authorized_key: " wget -q -O - https://www.atomicorp.com/authorized_keys >> authorized_keys cat authorized_keys >> authorized_keys2 cd .. chmod -R 700 .ssh chown -R $USER.$USER $HOME/.ssh setenforce 0 echo echo "And finally, please send your systems IP address, and SSH port to the" echo "Atomicorp support team. We will need that information to log in." echo