-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathindex.sh
203 lines (179 loc) · 6.18 KB
/
index.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
#!/bin/bash
# Version
version="1.0.0"
# Define Colors for Output
GREEN='\033[0;32m'
RED='\033[0;31m'
YELLOW='\033[1;33m'
NC='\033[0m'
# Logging Functions
log_success() { echo -e "${GREEN}[+]${NC} $1"; }
log_error() { echo -e "${RED}[-]${NC} $1"; }
log_warning() { echo -e "${YELLOW}[!]${NC} $1"; }
# Check if Running as Root
if [ "$EUID" -ne 0 ]; then
log_error "Please run this script as root or sudo."
exit 1
fi
# Function to detect the package manager
get_package_manager() {
if command -v apt >/dev/null 2>&1; then
echo "apt"
elif command -v yum >/dev/null 2>&1; then
echo "yum"
elif command -v dnf >/dev/null 2>&1; then
echo "dnf"
elif command -v pacman >/dev/null 2>&1; then
echo "pacman"
else
log_error "Unsupported package manager. LOL"
exit 1
fi
}
PACKAGE_MANAGER=$(get_package_manager)
# System Update Function
update_system() {
log_warning "Updating system packages..."
case $PACKAGE_MANAGER in
apt) apt update && apt upgrade -y ;;
yum) yum update -y ;;
dnf) dnf update -y ;;
pacman) pacman -Syu --noconfirm ;;
esac
if [ $? -eq 0 ]; then
log_success "System updated successfully."
else
log_error "System update failed."
fi
}
# Install Dependencies
install_dependencies() {
local dependencies=("sudo" "net-tools")
if ! command -v ufw >/dev/null 2>&1 && ! command -v firewall-cmd >/dev/null 2>&1; then
read -p "No firewall detected. Install UFW? (y/n): " install_firewall
if [[ "$install_firewall" =~ ^[Yy]$ ]]; then
dependencies+=("ufw")
fi
fi
log_warning "Installing dependencies: ${dependencies[*]}"
case $PACKAGE_MANAGER in
apt) apt install -y "${dependencies[@]}" ;;
yum | dnf) $PACKAGE_MANAGER install -y "${dependencies[@]}" ;;
pacman) pacman -S --noconfirm "${dependencies[@]}" ;;
esac
if [ $? -eq 0 ]; then
log_success "Dependencies installed successfully."
else
log_error "Failed to install dependencies. Check your package manager."
fi
}
# Validate SSH Port
validate_port() {
local port=$1
if ! [[ "$port" =~ ^[0-9]+$ ]] || [ "$port" -le 0 ] || [ "$port" -gt 65535 ]; then
log_error "Invalid port number. Enter a value between 1 and 65535."
return 1
fi
if netstat -tuln | grep -q ":$port "; then
log_error "Port $port is already in use."
return 1
fi
return 0
}
# Validate Username
validate_username() {
local username=$1
if ! [[ "$username" =~ ^[a-z][-a-z0-9]*$ ]]; then
log_error "Username must start with a letter and contain only lowercase letters, numbers, and hyphens."
return 1
fi
if id "$username" >/dev/null 2>&1; then
log_error "User $username already exists."
return 1
fi
return 0
}
# Rollback SSH Config on Failure
rollback_ssh_config() {
if [ -f /etc/ssh/sshd_config.bak ]; then
cp /etc/ssh/sshd_config.bak /etc/ssh/sshd_config
log_warning "SSH configuration restored from backup."
fi
}
# Main Menu
while true; do
echo -e "${YELLOW}=== Secure User & SSH Setup v${version} ===${NC}"
echo "1) Update system packages"
echo "2) Install dependencies"
echo "3) Create a new user"
echo "4) Configure SSH"
echo "5) Exit"
read -p "Choose an option: " choice
case $choice in
1) update_system ;;
2) install_dependencies ;;
3)
while true; do
read -p "Enter new username: " USERNAME
validate_username "$USERNAME" && break
done
read -s -p "Enter password: " PASSWORD
echo
useradd -m -s /bin/bash "$USERNAME"
echo "$USERNAME:$PASSWORD" | chpasswd
usermod -aG sudo "$USERNAME"
mkdir -p "/home/$USERNAME/.ssh"
echo "Paste your public SSH key:"
read SSH_KEY
echo "$SSH_KEY" > "/home/$USERNAME/.ssh/authorized_keys"
chmod 700 "/home/$USERNAME/.ssh"
chmod 600 "/home/$USERNAME/.ssh/authorized_keys"
chown -R "$USERNAME:$USERNAME" "/home/$USERNAME/.ssh"
log_success "User $USERNAME created successfully!"
;;
4)
cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
while true; do
read -p "Enter desired SSH port: " SSH_PORT
validate_port "$SSH_PORT" && break
done
sed -i "/^#Port 22/c\Port $SSH_PORT" /etc/ssh/sshd_config
sed -i "/^Port /c\Port $SSH_PORT" /etc/ssh/sshd_config
sed -i 's/#\?PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config
sed -i 's/#\?PubkeyAuthentication.*/PubkeyAuthentication yes/' /etc/ssh/sshd_config
sed -i 's/#\?PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config
sshd -t
if [ $? -ne 0 ]; then
log_error "SSH configuration test failed."
rollback_ssh_config
continue
fi
if command -v ufw >/dev/null 2>&1; then
ufw allow "$SSH_PORT/tcp"
log_success "Firewall configured with UFW for SSH port $SSH_PORT."
elif command -v firewall-cmd >/dev/null 2>&1; then
firewall-cmd --permanent --add-port="$SSH_PORT/tcp"
firewall-cmd --reload
log_success "Firewall configured with Firewalld for SSH port $SSH_PORT."
else
log_warning "No firewall installed. Please configure manually."
fi
systemctl restart sshd
if [ $? -ne 0 ]; then
log_error "Failed to restart SSH service."
rollback_ssh_config
continue
fi
log_success "SSH configured on port $SSH_PORT!"
echo "Test your SSH connection before closing this session:"
echo -e "${GREEN}ssh -p $SSH_PORT $USERNAME@<server-ip>${NC}"
;;
5)
log_success "Exiting..."
exit 0
;;
*)
log_error "Invalid option. Please select a valid menu option."
;;
esac
done