НЕНАВИЖУ
ЭКРАНИРОВАНИЕ
This commit is contained in:
2025-08-24 08:17:31 +03:00
parent cd98f92c77
commit 4d9039a081
+21 -21
View File
@@ -121,43 +121,43 @@ create_user() {
}
configure_ssh() {
run "Configuring SSH access" bash -c '
install -d -m 700 -o "$USERNAME" -g "$USERNAME" "/home/$USERNAME/.ssh"
printf "%s\n" "$SSH_KEY" > "/home/$USERNAME/.ssh/authorized_keys"
chmod 600 "/home/$USERNAME/.ssh/authorized_keys"
chown -R "$USERNAME":"$USERNAME" "/home/$USERNAME/.ssh"
if ! grep -qE "^[[:space:]]*Include[[:space:]]+/etc/ssh/sshd_config.d/\\*.conf" /etc/ssh/sshd_config; then
echo "Include /etc/ssh/sshd_config.d/*.conf" >> /etc/ssh/sshd_config
run "Configuring SSH access" bash -c "
install -d -m 700 -o \"$USERNAME\" -g \"$USERNAME\" \"/home/$USERNAME/.ssh\"
printf \"%s\n\" \"$SSH_KEY\" > \"/home/$USERNAME/.ssh/authorized_keys\"
chmod 600 \"/home/$USERNAME/.ssh/authorized_keys\"
chown -R \"$USERNAME\":\"$USERNAME\" \"/home/$USERNAME/.ssh\"
if ! grep -qE \"^[[:space:]]*Include[[:space:]]+/etc/ssh/sshd_config.d/\\*.conf\" /etc/ssh/sshd_config; then
echo \"Include /etc/ssh/sshd_config.d/*.conf\" >> /etc/ssh/sshd_config
fi
install -d -m 755 /etc/ssh/sshd_config.d
dir=/etc/ssh/sshd_config.d
shopt -s nullglob
for f in "$dir"/*.conf; do
base=$(basename "$f")
case "$base" in
for f in \"\$dir\"/*.conf; do
base=\$(basename \"\$f\")
case \"\$base\" in
[0-9][0-9]-*.conf)
[[ $base == 99-* ]] && mv "$f" "${f%.conf}.disabled"
[[ \$base == 99-* ]] && mv \"\$f\" \"\${f%.conf}.disabled\"
;;
*)
mv "$f" "${f%.conf}.disabled"
mv \"\$f\" \"\${f%.conf}.disabled\"
;;
esac
done
shopt -u nullglob
max=$(find "$dir" -maxdepth 1 -type f -name "[0-9][0-9]-*.conf" | sed -n "s#.*/\\([0-9][0-9]\\)-.*#\\1#p" | sort -n | tail -1)
if [ -z "$max" ]; then
max=\$(find \"\$dir\" -maxdepth 1 -type f -name '[0-9][0-9]-*.conf' | sed -n 's#.*/\\([0-9][0-9]\\)-.*#\\1#p' | sort -n | tail -1)
if [ -z \"\$max\" ]; then
next=10
else
next=$((10#$max + 10))
[ "$next" -gt 99 ] && next=99
next=\$((10#\$max + 10))
[ \"\$next\" -gt 99 ] && next=99
fi
newfile=$(printf "%s/%02d-hardening.conf" "$dir" "$next")
printf "%s\n" "PasswordAuthentication no" "PermitRootLogin no" "KbdInteractiveAuthentication no" > "$newfile"
chown root:root "$newfile"
chmod 0644 "$newfile"
newfile=\$(printf '%s/%02d-hardening.conf' \"\$dir\" \"\$next\")
printf \"%s\n\" 'PasswordAuthentication no' 'PermitRootLogin no' 'KbdInteractiveAuthentication no' > \"\$newfile\"
chown root:root \"\$newfile\"
chmod 0644 \"\$newfile\"
sshd -t
systemctl reload sshd 2>/dev/null || systemctl reload ssh 2>/dev/null || systemctl restart sshd 2>/dev/null || systemctl restart ssh
'
"
run "Checking SSH configuration" bash -c "sshd -T | grep -q '^passwordauthentication no$' && sshd -T | grep -q '^permitrootlogin no$' && sshd -T | grep -q '^kbdinteractiveauthentication no$'"
}