This commit is contained in:
2025-07-14 10:55:54 -05:00
parent 24c10b6f35
commit f585f90b7f
10 changed files with 23 additions and 23 deletions

View File

@@ -36,19 +36,19 @@ function backup_configs() {
# Backup SSH configuration # Backup SSH configuration
if [[ -f "$SSH_CONFIG" ]]; then if [[ -f "$SSH_CONFIG" ]]; then
cp "$SSH_CONFIG" "$BACKUP_DIR/sshd_config.bak" cp "$SSH_CONFIG" "$BACKUP_DIR/sshd_config.bak"
print_success "SSH config backed up" print_info "SSH config backed up"
fi fi
# Backup PAM configurations # Backup PAM configurations
if [[ -d "$PAM_CONFIG_DIR" ]]; then if [[ -d "$PAM_CONFIG_DIR" ]]; then
cp -r "$PAM_CONFIG_DIR" "$BACKUP_DIR/pam.d.bak" cp -r "$PAM_CONFIG_DIR" "$BACKUP_DIR/pam.d.bak"
print_success "PAM configs backed up" print_info "PAM configs backed up"
fi fi
# Backup Cockpit configuration if exists # Backup Cockpit configuration if exists
if [[ -f "$COCKPIT_CONFIG" ]]; then if [[ -f "$COCKPIT_CONFIG" ]]; then
cp "$COCKPIT_CONFIG" "$BACKUP_DIR/cockpit.conf.bak" cp "$COCKPIT_CONFIG" "$BACKUP_DIR/cockpit.conf.bak"
print_success "Cockpit config backed up" print_info "Cockpit config backed up"
fi fi
print_info "Backup completed: $BACKUP_DIR" print_info "Backup completed: $BACKUP_DIR"
@@ -65,7 +65,7 @@ function install_2fa_packages() {
# Install QR code generator for terminal display # Install QR code generator for terminal display
apt-get install -y libpam-google-authenticator qrencode apt-get install -y libpam-google-authenticator qrencode
print_success "2FA packages installed successfully" print_info "2FA packages installed successfully"
} }
# Configure SSH for 2FA # Configure SSH for 2FA
@@ -94,7 +94,7 @@ function configure_ssh_2fa() {
sed -i 's/^AuthenticationMethods.*/AuthenticationMethods publickey,keyboard-interactive/' "$SSH_CONFIG" sed -i 's/^AuthenticationMethods.*/AuthenticationMethods publickey,keyboard-interactive/' "$SSH_CONFIG"
fi fi
print_success "SSH configuration updated" print_info "SSH configuration updated"
} }
# Configure PAM for 2FA # Configure PAM for 2FA
@@ -140,7 +140,7 @@ session required pam_selinux.so open
@include common-password @include common-password
EOF EOF
print_success "PAM configuration updated for SSH 2FA" print_info "PAM configuration updated for SSH 2FA"
} }
# Configure Cockpit for 2FA # Configure Cockpit for 2FA
@@ -187,7 +187,7 @@ session required pam_selinux.so open
session optional pam_motd.so session optional pam_motd.so
EOF EOF
print_success "Cockpit 2FA configuration completed" print_info "Cockpit 2FA configuration completed"
} }
# Configure Webmin for 2FA (if installed) # Configure Webmin for 2FA (if installed)
@@ -213,7 +213,7 @@ function configure_webmin_2fa() {
# Start webmin service # Start webmin service
systemctl start webmin || true systemctl start webmin || true
print_success "Webmin 2FA configuration completed" print_info "Webmin 2FA configuration completed"
else else
print_info "Webmin not found, skipping configuration" print_info "Webmin not found, skipping configuration"
fi fi
@@ -275,9 +275,9 @@ For support, contact your system administrator.
EOF EOF
chown "$user:$user" "/home/$user/2fa-setup-instructions.txt" chown "$user:$user" "/home/$user/2fa-setup-instructions.txt"
print_success "2FA setup prepared for user: $user" print_info "2FA setup prepared for user: $user"
else else
print_warning "User $user not found, skipping" print_info "User $user not found, skipping"
fi fi
done done
} }
@@ -289,7 +289,7 @@ function restart_services() {
# Test SSH configuration # Test SSH configuration
if sshd -t; then if sshd -t; then
systemctl restart sshd systemctl restart sshd
print_success "SSH service restarted" print_info "SSH service restarted"
else else
print_error "SSH configuration test failed" print_error "SSH configuration test failed"
return 1 return 1
@@ -298,13 +298,13 @@ function restart_services() {
# Restart Cockpit if installed # Restart Cockpit if installed
if systemctl is-enabled cockpit.socket &>/dev/null; then if systemctl is-enabled cockpit.socket &>/dev/null; then
systemctl restart cockpit.socket systemctl restart cockpit.socket
print_success "Cockpit service restarted" print_info "Cockpit service restarted"
fi fi
# Restart Webmin if installed # Restart Webmin if installed
if systemctl is-enabled webmin &>/dev/null; then if systemctl is-enabled webmin &>/dev/null; then
systemctl restart webmin systemctl restart webmin
print_success "Webmin service restarted" print_info "Webmin service restarted"
fi fi
} }
@@ -314,7 +314,7 @@ function validate_2fa_setup() {
# Check if Google Authenticator is installed # Check if Google Authenticator is installed
if command -v google-authenticator &>/dev/null; then if command -v google-authenticator &>/dev/null; then
print_success "Google Authenticator installed" print_info "Google Authenticator installed"
else else
print_error "Google Authenticator not found" print_error "Google Authenticator not found"
return 1 return 1
@@ -322,7 +322,7 @@ function validate_2fa_setup() {
# Check SSH configuration # Check SSH configuration
if grep -q "AuthenticationMethods publickey,keyboard-interactive" "$SSH_CONFIG"; then if grep -q "AuthenticationMethods publickey,keyboard-interactive" "$SSH_CONFIG"; then
print_success "SSH 2FA configuration valid" print_info "SSH 2FA configuration valid"
else else
print_error "SSH 2FA configuration invalid" print_error "SSH 2FA configuration invalid"
return 1 return 1
@@ -330,7 +330,7 @@ function validate_2fa_setup() {
# Check PAM configuration # Check PAM configuration
if grep -q "pam_google_authenticator.so" "$PAM_CONFIG_DIR/sshd"; then if grep -q "pam_google_authenticator.so" "$PAM_CONFIG_DIR/sshd"; then
print_success "PAM 2FA configuration valid" print_info "PAM 2FA configuration valid"
else else
print_error "PAM 2FA configuration invalid" print_error "PAM 2FA configuration invalid"
return 1 return 1
@@ -338,13 +338,13 @@ function validate_2fa_setup() {
# Check service status # Check service status
if systemctl is-active sshd &>/dev/null; then if systemctl is-active sshd &>/dev/null; then
print_success "SSH service is running" print_info "SSH service is running"
else else
print_error "SSH service is not running" print_error "SSH service is not running"
return 1 return 1
fi fi
print_success "2FA validation completed successfully" print_info "2FA validation completed successfully"
} }
# Display final instructions # Display final instructions
@@ -358,15 +358,15 @@ function show_final_instructions() {
print_info "- Webmin administration panel" print_info "- Webmin administration panel"
fi fi
print_warning "IMPORTANT: Complete user setup immediately!" print_info "IMPORTANT: Complete user setup immediately!"
print_warning "1. Check /home/*/2fa-setup-instructions.txt for user setup" print_info "1. Check /home/*/2fa-setup-instructions.txt for user setup"
print_warning "2. Run setup scripts for each user" print_info "2. Run setup scripts for each user"
print_warning "3. Test 2FA before logging out" print_info "3. Test 2FA before logging out"
print_info "Backup location: $BACKUP_DIR" print_info "Backup location: $BACKUP_DIR"
print_info "To disable 2FA, restore configurations from backup" print_info "To disable 2FA, restore configurations from backup"
print_success "2FA setup completed successfully!" print_info "2FA setup completed successfully!"
} }
# Main execution # Main execution