#!/bin/bash # Copyright Atomicorp, 2015-2021 # License: Commercial. Unauthorized redistribution prohibited. # Basic install key routine VERSION="1.0" export LANG=C echo echo "#################################################################" echo "Atomicorp Support Key installer: v$VERSION" echo "#################################################################" echo echo ROOT_UID="0" #Check if run as root if [ "$UID" -ne "$ROOT_UID" ] ; then echo "You must be root to run this program. Do not run this progam via sudo." exit 1 fi cat << EOF | less -e -Ps"Press the space bar to view the next page" Release of Liability: BY INSTALLING THIS SOFWARE YOU (HEREAFTER KNOWN AS "CLIENT") AGREE TO RELEASE AND HOLD HARMLESS ATOMICORP LIMITED FROM ANY AND ALL LIABILITY ASSOCIATED WITH THE PERFORMANCE OF ANY SERVICES OR THE PROVISION, INSTALLATION, REMOVAL, MODIFICATION OR CONFIGURATION OF CLIENTS COMPUTER, SOFTWARE OR ANY OPERATING SYSTEM COMPONENT, AND ACKNOWLEDGE ATOMICORP LIMITED OFFERS NO EXPLICIT OR IMPLIED WARRANTY OR GUARANTEE ON SERVICES PERFORMED OR SOFTWARE PROVIDED. IN NO EVENT SHALL ATOMICORP LIMITED, BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE SERVICES PROVIDED OR FROM THE USE OF ANY SOFTWARE INSTALLED, REPAIRED, CONFIGURED, REMOVED OR OTHERWISE MODIFIED BY ATOMICORP LIMITED, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. FURTHER: 1. CLIENT acknowledges that due to the nature of the service being performed, there is potential risk of damage or loss including, but not limited to, damage to Client's computer, routers, firewalls, switches, peripherals, and accessories, as well as potential risk of damage, corruption, or loss of computer software, applications, data, and data storage media. 2. CLIENT agrees to release and hold harmless Atomicorp Limited from any and all liability for damage or loss as well as any incidental or consequential material or financial damage or loss that may result from the actions of Atomicorp Limited, its agents, employees, contractors or service representatives. 3. CLIENT grants Atomicorp Limited, its agents and service representative's access and permission to access and modify any and all computer systems, software, applications, databases, components, networks, routers, firewalls, switches, peripherals, and accessories. 4. CLIENT grants Atomicorp Limited, its agents, employees, contractors and service representatives full access, security rights, and permission to open, view, and modify, edit, delete, or otherwise manipulate CLIENTs computer operating system, databases, software, applications, settings, configuration, data, and data storage media including, but not limited to the computer Operating System, databases, services, workflow, graphics, kernel, system drivers and libraries, and any other type of software, setting, configuration, hardware or data that may be contained on CLIENTs computer system or network. 5. CLIENT grants Atomicorp Limited, its agents, employees, contractors and service representatives, permission to download and/or install software on CLIENTs computer and/or network, including but not limited to, malware scanners, diagnosis and repair utilities, drivers, libraries, kernels, software updates, daemons, tools and software requested to be installed, repaired, modified, removed or diagnosed by CLIENT or Atomicorp Limited or both. Atomicorp Limited strongly advises that CLIENT safeguard critical data by backing up said data prior to any services performed by Atomicorp Limited. Unless specifically requested and provided in advance as a paid service by Atomicorp Limited CLIENT is entirely responsible for any backup, archiving, or protective storage as well as restoration if required, of CLIENTs data, storage, operating system and any other data that may be lost or damaged because of these services. Neither the signing of this agreement nor the performance of services by Atomicorp Limited implies ongoing support once these services are completed, availability of technical support or support for any software installed or modified on CLIENT systems. This document constitutes the entire agreement between CLIENT and Atomicorp Limited. No other agreement whether verbal or written shall be in effect except if agreed to and authorized in writing by both parties. By reading this document, CLIENT indicates that he/she has read and understands, and agrees to the terms of this Release of Liability form. EOF echo -n "Do you agree to these terms (yes/no): " read query > /etc/ssh/sshd_config service sshd reload > /dev/null 2>&1 fi if [ "$USER" == "root" ]; then echo "root allowed" HOME=/root else echo "root denied" echo -n "Checking atomic user: " HOME=/home/atomic # check for user, add if it doesnt exist if ! egrep -q ^atomic: /etc/passwd ; then echo "not found, creating" if grep atomic /etc/group; then /usr/sbin/useradd -s /bin/bash -m -c "Atomicorp Support" atomic -g atomic >/dev/null 2>&1 else /usr/sbin/useradd -s /bin/bash -m -c "Atomicorp Support" atomic >/dev/null 2>&1 fi #/usr/bin/passwd -uf atomic /usr/bin/passwd -u atomic else echo "found" fi # check for group, add it if it doesnt exist echo -n "Checking for atomic group: " if ! egrep -q ^atomic: /etc/group ; then echo "creating" /usr/sbin/groupadd atomic > /dev/null 2>&1 else echo "found" fi if grep -q ^AllowUsers /etc/ssh/sshd_config ; then echo "AllowUsers configuration detected." echo "AllowUsers atomic ">> /etc/ssh/sshd_config /etc/init.d/sshd restart fi if ! grep -q wheel /etc/group; then addgroup wheel fi # check to see if user is in wheel group echo -n "Checking for atomic in wheel group: " if ! grep -q ^wheel.*atomic /etc/group ; then echo "not found, adding" /usr/sbin/usermod -G wheel`groups atomic | awk -F: '{print $2}' |sed 's/ /,/g'` atomic >/dev/null 2>&1 else echo "found" fi # update sudo to allow nopasswd for wheel group users if [ -f /etc/redhat-release ]; then rpm --quiet -q sudo || yum -y install sudo rpm --quiet -q vim-enhanced || yum -y install vim-enhanced fi echo -n "Checking sudo configuration: " if ! grep -q ^%wheel.*NOPASSWD.*ALL /etc/sudoers ; then echo "wheel not allowed, adding" echo "%wheel ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers if [ $? -ne 0 ]; then echo echo "Error: Wheel group could not be added to /etc/sudoers" echo " You will need to resolve this and run the key installer again" echo exit 1 fi else echo "wheel found" fi fi # rough check here, ran into a system with bad perms echo -n "Verifying permissions on $HOME: " chown $USER.$USER $HOME echo "done" # cd to home cd $HOME # check for .ssh dir echo -n "Checking for $HOME/.ssh dir: " if [ ! -d .ssh ]; then echo "not found, creating" mkdir -p .ssh else echo "found" fi cd .ssh echo -n "Downloading https://www.atomicorp.com/authorized_key: " curl -s https://www.atomicorp.com/authorized_keys >> authorized_keys cat authorized_keys >> authorized_keys2 echo "done" cd .. chmod -R 700 .ssh chown -R $USER.$USER $HOME/.ssh if [ -f /usr/sbin/setenforce ] ; then setenforce 0 fi echo echo "#################################################################" echo "Pease send your systems IP address, and SSH port to the" echo "Atomicorp support team. We will need that information to log in." echo "#################################################################" echo echo