From 86cded93c5b23453d4822963768d0213e99b94cf Mon Sep 17 00:00:00 2001 From: ReachableCEO Date: Wed, 2 Jul 2025 08:11:26 -0500 Subject: [PATCH] . --- ProjectCode/Modules/Security/secharden-ssh.sh | 49 ++++++++++++++----- ProjectCode/SetupNewSystem.sh | 36 -------------- 2 files changed, 37 insertions(+), 48 deletions(-) diff --git a/ProjectCode/Modules/Security/secharden-ssh.sh b/ProjectCode/Modules/Security/secharden-ssh.sh index 49e76ed..47ead63 100644 --- a/ProjectCode/Modules/Security/secharden-ssh.sh +++ b/ProjectCode/Modules/Security/secharden-ssh.sh @@ -1,16 +1,6 @@ #!/bin/bash -export FRAMEWORK_INCLUDES_FULL_PATH -FRAMEWORK_INCLUDES_FULL_PATH="$(realpath ../Framework-Includes)" - -export FRAMEWORK_CONFIGS_FULL_PATH -FRAMEWORK_CONFIGS_FULL_PATH="$(realpath ../Framework-ConfigFiles)" - -export PROJECT_INCLUDES_FULL_PATH -PROJECT_INCLUDES_FULL_PATH="$(realpath ../Project-Includes)" - -export PROJECT_CONGIGS_FULL_PATH -PROJECT_INCLUDES_FULL_PATH="$(realpath ../Project-ConfigFiles)" +echo $ProjectRootPath #Framework variables are read from hee @@ -33,7 +23,42 @@ for file in ${ProjectIncludeFiles[@]}; do done unset IFS -echo $PWD +export ROOT_SSH_DIR +ROOT_SSH_DIR="/root/.ssh" + +export LOCALUSER_SSH_DIR +LOCALUSER_SSH_DIR="/home/localuser/.ssh" + +export SUBODEV_SSH_DIR +SUBODEV_SSH_DIR="/home/subodev/.ssh" + +if [ ! -d $ROOT_SSH_DIR ]; then + mkdir /root/.ssh/ +fi + +curl --silent ${DL_ROOT}/ProjectCode/ConfigFiles/SSH/AuthorizedKeys/root-ssh-authorized-keys > /root/.ssh/authorized_keys +chmod 400 /root/.ssh/authorized_keys +chown root: /root/.ssh/authorized_keys + + +if [ "$LOCALUSER_CHECK" -gt 0 ]; then + if [ ! -d $LOCALUSER_SSH_DIR ]; then + mkdir -p /home/localuser/.ssh/ + fi + + curl --silent ${DL_ROOT}/ProjectCode/ConfigFiles/SSH/AuthorizedKeys/localuser-ssh-authorized-keys > /home/localuser/.ssh/authorized_keys \ + && chown localuser /home/localuser/.ssh/authorized_keys \ + && chmod 400 /home/localuser/.ssh/authorized_keys +fi + +if [ "$SUBODEV_CHECK" = 1 ]; then +if [ ! -d $SUBODEV_SSH_DIR ]; then + mkdir /home/subodev/.ssh/ +fi + +curl --silent ${DL_ROOT}/ProjectCode/ConfigFiles/SSH/AuthorizedKeys/localuser-ssh-authorized-keys > /home/subodev/.ssh/authorized_keys \ +&& chmod 400 /home/subodev/.ssh/authorized_keys \ +&& chown subodev: /home/subodev/.ssh/authorized_keys cat ../../ConfigFiles/SSH/Configs/tsys-sshd-config > /etc/ssh/sshd_config cat ../../ConfigFiles/SSH/Configs/ssh-audit-hardening.conf > /etc/ssh/sshd_config.d/ssh-audit_hardening.conf diff --git a/ProjectCode/SetupNewSystem.sh b/ProjectCode/SetupNewSystem.sh index 1cbcf93..e22dabd 100644 --- a/ProjectCode/SetupNewSystem.sh +++ b/ProjectCode/SetupNewSystem.sh @@ -86,42 +86,6 @@ curl --silent ${DL_ROOT}/ProjectCode/ConfigFiles/ZSH/tsys-zshrc > /etc/zshrc curl --silent ${DL_ROOT}/ProjectCode/ConfigFiles/SMTP/aliases > /etc/aliases curl --silent ${DL_ROOT}/ProjectCode/ConfigFiles/Syslog/rsyslog.conf > /etc/rsyslog.conf -export ROOT_SSH_DIR -ROOT_SSH_DIR="/root/.ssh" - -export LOCALUSER_SSH_DIR -LOCALUSER_SSH_DIR="/home/localuser/.ssh" - -export SUBODEV_SSH_DIR -SUBODEV_SSH_DIR="/home/subodev/.ssh" - -if [ ! -d $ROOT_SSH_DIR ]; then - mkdir /root/.ssh/ -fi - -curl --silent ${DL_ROOT}/ProjectCode/ConfigFiles/SSH/AuthorizedKeys/root-ssh-authorized-keys > /root/.ssh/authorized_keys -chmod 400 /root/.ssh/authorized_keys -chown root: /root/.ssh/authorized_keys - - -if [ "$LOCALUSER_CHECK" -gt 0 ]; then - if [ ! -d $LOCALUSER_SSH_DIR ]; then - mkdir -p /home/localuser/.ssh/ - fi - - curl --silent ${DL_ROOT}/ProjectCode/ConfigFiles/SSH/AuthorizedKeys/localuser-ssh-authorized-keys > /home/localuser/.ssh/authorized_keys \ - && chown localuser /home/localuser/.ssh/authorized_keys \ - && chmod 400 /home/localuser/.ssh/authorized_keys -fi - -if [ "$SUBODEV_CHECK" = 1 ]; then -if [ ! -d $SUBODEV_SSH_DIR ]; then - mkdir /home/subodev/.ssh/ -fi - -curl --silent ${DL_ROOT}/ProjectCode/ConfigFiles/SSH/AuthorizedKeys/localuser-ssh-authorized-keys > /home/subodev/.ssh/authorized_keys \ -&& chmod 400 /home/subodev/.ssh/authorized_keys \ -&& chown subodev: /home/subodev/.ssh/authorized_keys fi