mirror of
https://github.com/deadcxap/init_scripts.git
synced 2026-07-02 05:43:40 +03:00
Упрощённая обработка drop-in и корректное добавление Include
This commit is contained in:
@@ -126,32 +126,25 @@ configure_ssh() {
|
|||||||
printf \"%s\n\" \"$SSH_KEY\" > \"/home/$USERNAME/.ssh/authorized_keys\"
|
printf \"%s\n\" \"$SSH_KEY\" > \"/home/$USERNAME/.ssh/authorized_keys\"
|
||||||
chmod 600 \"/home/$USERNAME/.ssh/authorized_keys\"
|
chmod 600 \"/home/$USERNAME/.ssh/authorized_keys\"
|
||||||
chown -R \"$USERNAME\":\"$USERNAME\" \"/home/$USERNAME/.ssh\"
|
chown -R \"$USERNAME\":\"$USERNAME\" \"/home/$USERNAME/.ssh\"
|
||||||
if ! grep -qE \"^[[:space:]]*Include[[:space:]]+/etc/ssh/sshd_config.d/\\*.conf\" /etc/ssh/sshd_config; then
|
if grep -qE '^[[:space:]]*Include[[:space:]]+/etc/ssh/sshd_config.d/\\*.conf' /etc/ssh/sshd_config; then
|
||||||
echo \"Include /etc/ssh/sshd_config.d/*.conf\" >> /etc/ssh/sshd_config
|
sed -i '/^[[:space:]]*Include[[:space:]]*\/etc\/ssh\/sshd_config.d\/\*.conf/d' /etc/ssh/sshd_config
|
||||||
|
echo 'Include /etc/ssh/sshd_config.d/*.conf' >> /etc/ssh/sshd_config
|
||||||
|
else
|
||||||
|
sed -i '1i Include /etc/ssh/sshd_config.d/*.conf' /etc/ssh/sshd_config
|
||||||
fi
|
fi
|
||||||
install -d -m 755 /etc/ssh/sshd_config.d
|
install -d -m 755 /etc/ssh/sshd_config.d
|
||||||
dir=/etc/ssh/sshd_config.d
|
dir=/etc/ssh/sshd_config.d
|
||||||
shopt -s nullglob
|
shopt -s nullglob
|
||||||
for f in \"\$dir\"/*.conf; do
|
for f in \"\$dir\"/*.conf; do
|
||||||
base=\$(basename \"\$f\")
|
base=\$(basename \"\$f\")
|
||||||
case \"\$base\" in
|
if [[ \$base == 00-* ]]; then
|
||||||
[0-9][0-9]-*.conf)
|
mv \"\$f\" \"\$dir/01-\$base\"
|
||||||
[[ \$base == 00-* ]] && mv \"\$f\" \"\${f%.conf}.disabled\"
|
elif [[ \$base != [0-9][0-9]-* ]]; then
|
||||||
;;
|
|
||||||
*)
|
|
||||||
mv \"\$f\" \"\${f%.conf}.disabled\"
|
mv \"\$f\" \"\${f%.conf}.disabled\"
|
||||||
;;
|
fi
|
||||||
esac
|
|
||||||
done
|
done
|
||||||
shopt -u nullglob
|
shopt -u nullglob
|
||||||
min=\$(find "\$dir" -maxdepth 1 -type f -name '[0-9][0-9]-*.conf' | sed -n 's#.*/\([0-9][0-9]\)-.*#\1#p' | sort -n | head -1)
|
newfile=\"\$dir/00-hardening.conf\"
|
||||||
if [ -z "\$min" ]; then
|
|
||||||
next=0
|
|
||||||
else
|
|
||||||
next=\$((10#\$min - 10))
|
|
||||||
[ "\$next" -lt 0 ] && next=0
|
|
||||||
fi
|
|
||||||
newfile=\$(printf '%s/%02d-hardening.conf' "\$dir" "\$next")
|
|
||||||
printf \"%s\n\" 'PasswordAuthentication no' 'PermitRootLogin no' 'KbdInteractiveAuthentication no' > \"\$newfile\"
|
printf \"%s\n\" 'PasswordAuthentication no' 'PermitRootLogin no' 'KbdInteractiveAuthentication no' > \"\$newfile\"
|
||||||
chown root:root \"\$newfile\"
|
chown root:root \"\$newfile\"
|
||||||
chmod 0644 \"\$newfile\"
|
chmod 0644 \"\$newfile\"
|
||||||
|
|||||||
Reference in New Issue
Block a user