System functions used in the Paramore StackScript
#!/bin/bash
#
# System related utilities
# Based on SS123 and SS124
function lower {
# helper function
echo $1 | tr '[:upper:]' '[:lower:]'
}
function system_add_user {
# system_add_user(username, groups, shell=/bin/bash)
USERNAME=`lower $1`
SUDO_GROUP=$2
SHELL=$3
if [ -z "$3" ]; then
SHELL="/bin/bash"
fi
useradd --create-home --shell "$SHELL" --user-group --groups "$SUDO_GROUP" "$USERNAME"
}
function system_add_system_user {
# system_add_system_user(username, home, shell=/bin/bash)
USERNAME=`lower $1`
HOME_DIR=$2
SHELL=$3
if [ -z "$3" ]; then
SHELL="/bin/bash"
fi
useradd --system --create-home --home-dir "$HOME_DIR" --shell "$SHELL" --user-group $USERNAME
}
function system_lock_user {
# system_lock_user(username)
passwd -l "$1"
}
function system_get_user_home {
# system_get_user_home(username)
cat /etc/passwd | grep "^$1:" | cut --delimiter=":" -f6
}
function system_user_add_ssh_key {
# system_user_add_ssh_key(username, ssh_key)
USERNAME=`lower $1`
USER_HOME=`system_get_user_home "$USERNAME"`
sudo -u "$USERNAME" mkdir "$USER_HOME/.ssh"
sudo -u "$USERNAME" touch "$USER_HOME/.ssh/authorized_keys"
sudo -u "$USERNAME" echo "$2" >> "$USER_HOME/.ssh/authorized_keys"
chmod 0700 "$USER_HOME/.ssh"
chmod 0600 "$USER_HOME/.ssh/authorized_keys"
}
function system_sshd_edit_bool {
# system_sshd_edit_bool (param_name, "Yes"|"No")
VALUE=`lower $2`
if [ "$VALUE" == "yes" ] || [ "$VALUE" == "no" ]; then
sed -i "s/^#*\($1\).*/\1 $VALUE/" /etc/ssh/sshd_config
fi
}
function system_sshd_permitrootlogin {
system_sshd_edit_bool "PermitRootLogin" "$1"
}
function system_sshd_passwordauthentication {
system_sshd_edit_bool "PasswordAuthentication" "$1"
}
function system_sshd_port {
sed -i "s/Port 22/Port $1/" /etc/ssh/sshd_config
}
function system_update_hostname {
# system_update_hostname(system hostname)
if [ -z "$1" ]; then
echo "system_update_hostname() requires the system hostname as its first argument"
return 1;
fi
echo $1 > /etc/hostname
hostname -F /etc/hostname
echo -e "\n127.0.0.1 $1 $1.local\n" >> /etc/hosts
}
function system_security_logcheck {
aptitude -y install logcheck logcheck-database
# configure email
# start after setup
}
function system_security_fail2ban {
aptitude -y install fail2ban
}
function system_security_ufw_configure_basic {
# see https://help.ubuntu.com/community/UFW
ufw logging on
ufw default deny
ufw allow ssh/tcp
ufw limit ssh/tcp
ufw allow http/tcp
ufw allow https/tcp
ufw enable
}
function restart_services {
# restarts upstart services that have a file in /tmp/needs-restart/
for service_name in $(ls /tmp/ | grep restart-* | cut -d- -f2-10); do
service $service_name restart
rm -f /tmp/restart-$service_name
done
}
function restart_initd_services {
# restarts upstart services that have a file in /tmp/needs-restart/
for service_name in $(ls /tmp/ | grep restart_initd-* | cut -d- -f2-10); do
/etc/init.d/$service_name restart
rm -f /tmp/restart_initd-$service_name
done
}
function system_install_utils {
aptitude -y install htop iotop bsd-mailx python-software-properties zsh
}
function system_install_build {
aptitude -y install build-essential gcc
}
function system_install_subversion {
aptitude -y install subversion
}
function system_install_git {
aptitude -y install git-core
}
function system_install_mercurial {
aptitude -y install mercurial
}
function system_start_etc_dir_versioning {
hg init /etc
hg add /etc
hg commit -u root -m "Started versioning of /etc directory" /etc
chmod -R go-rwx /etc/.hg
}
function system_record_etc_dir_changes {
if [ ! -n "$1" ];
then MESSAGE="Committed /etc changes"
else MESSAGE="$1"
fi
hg addremove /etc
hg commit -u root -m "$MESSAGE" /etc || echo > /dev/null # catch "nothing changed" return code
}