.
This commit is contained in:
@@ -36,19 +36,19 @@ function backup_configs() {
|
|||||||
# Backup SSH configuration
|
# Backup SSH configuration
|
||||||
if [[ -f "$SSH_CONFIG" ]]; then
|
if [[ -f "$SSH_CONFIG" ]]; then
|
||||||
cp "$SSH_CONFIG" "$BACKUP_DIR/sshd_config.bak"
|
cp "$SSH_CONFIG" "$BACKUP_DIR/sshd_config.bak"
|
||||||
print_success "SSH config backed up"
|
print_info "SSH config backed up"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Backup PAM configurations
|
# Backup PAM configurations
|
||||||
if [[ -d "$PAM_CONFIG_DIR" ]]; then
|
if [[ -d "$PAM_CONFIG_DIR" ]]; then
|
||||||
cp -r "$PAM_CONFIG_DIR" "$BACKUP_DIR/pam.d.bak"
|
cp -r "$PAM_CONFIG_DIR" "$BACKUP_DIR/pam.d.bak"
|
||||||
print_success "PAM configs backed up"
|
print_info "PAM configs backed up"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Backup Cockpit configuration if exists
|
# Backup Cockpit configuration if exists
|
||||||
if [[ -f "$COCKPIT_CONFIG" ]]; then
|
if [[ -f "$COCKPIT_CONFIG" ]]; then
|
||||||
cp "$COCKPIT_CONFIG" "$BACKUP_DIR/cockpit.conf.bak"
|
cp "$COCKPIT_CONFIG" "$BACKUP_DIR/cockpit.conf.bak"
|
||||||
print_success "Cockpit config backed up"
|
print_info "Cockpit config backed up"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
print_info "Backup completed: $BACKUP_DIR"
|
print_info "Backup completed: $BACKUP_DIR"
|
||||||
@@ -65,7 +65,7 @@ function install_2fa_packages() {
|
|||||||
# Install QR code generator for terminal display
|
# Install QR code generator for terminal display
|
||||||
apt-get install -y libpam-google-authenticator qrencode
|
apt-get install -y libpam-google-authenticator qrencode
|
||||||
|
|
||||||
print_success "2FA packages installed successfully"
|
print_info "2FA packages installed successfully"
|
||||||
}
|
}
|
||||||
|
|
||||||
# Configure SSH for 2FA
|
# Configure SSH for 2FA
|
||||||
@@ -94,7 +94,7 @@ function configure_ssh_2fa() {
|
|||||||
sed -i 's/^AuthenticationMethods.*/AuthenticationMethods publickey,keyboard-interactive/' "$SSH_CONFIG"
|
sed -i 's/^AuthenticationMethods.*/AuthenticationMethods publickey,keyboard-interactive/' "$SSH_CONFIG"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
print_success "SSH configuration updated"
|
print_info "SSH configuration updated"
|
||||||
}
|
}
|
||||||
|
|
||||||
# Configure PAM for 2FA
|
# Configure PAM for 2FA
|
||||||
@@ -140,7 +140,7 @@ session required pam_selinux.so open
|
|||||||
@include common-password
|
@include common-password
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
print_success "PAM configuration updated for SSH 2FA"
|
print_info "PAM configuration updated for SSH 2FA"
|
||||||
}
|
}
|
||||||
|
|
||||||
# Configure Cockpit for 2FA
|
# Configure Cockpit for 2FA
|
||||||
@@ -187,7 +187,7 @@ session required pam_selinux.so open
|
|||||||
session optional pam_motd.so
|
session optional pam_motd.so
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
print_success "Cockpit 2FA configuration completed"
|
print_info "Cockpit 2FA configuration completed"
|
||||||
}
|
}
|
||||||
|
|
||||||
# Configure Webmin for 2FA (if installed)
|
# Configure Webmin for 2FA (if installed)
|
||||||
@@ -213,7 +213,7 @@ function configure_webmin_2fa() {
|
|||||||
# Start webmin service
|
# Start webmin service
|
||||||
systemctl start webmin || true
|
systemctl start webmin || true
|
||||||
|
|
||||||
print_success "Webmin 2FA configuration completed"
|
print_info "Webmin 2FA configuration completed"
|
||||||
else
|
else
|
||||||
print_info "Webmin not found, skipping configuration"
|
print_info "Webmin not found, skipping configuration"
|
||||||
fi
|
fi
|
||||||
@@ -275,9 +275,9 @@ For support, contact your system administrator.
|
|||||||
EOF
|
EOF
|
||||||
|
|
||||||
chown "$user:$user" "/home/$user/2fa-setup-instructions.txt"
|
chown "$user:$user" "/home/$user/2fa-setup-instructions.txt"
|
||||||
print_success "2FA setup prepared for user: $user"
|
print_info "2FA setup prepared for user: $user"
|
||||||
else
|
else
|
||||||
print_warning "User $user not found, skipping"
|
print_info "User $user not found, skipping"
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
}
|
}
|
||||||
@@ -289,7 +289,7 @@ function restart_services() {
|
|||||||
# Test SSH configuration
|
# Test SSH configuration
|
||||||
if sshd -t; then
|
if sshd -t; then
|
||||||
systemctl restart sshd
|
systemctl restart sshd
|
||||||
print_success "SSH service restarted"
|
print_info "SSH service restarted"
|
||||||
else
|
else
|
||||||
print_error "SSH configuration test failed"
|
print_error "SSH configuration test failed"
|
||||||
return 1
|
return 1
|
||||||
@@ -298,13 +298,13 @@ function restart_services() {
|
|||||||
# Restart Cockpit if installed
|
# Restart Cockpit if installed
|
||||||
if systemctl is-enabled cockpit.socket &>/dev/null; then
|
if systemctl is-enabled cockpit.socket &>/dev/null; then
|
||||||
systemctl restart cockpit.socket
|
systemctl restart cockpit.socket
|
||||||
print_success "Cockpit service restarted"
|
print_info "Cockpit service restarted"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Restart Webmin if installed
|
# Restart Webmin if installed
|
||||||
if systemctl is-enabled webmin &>/dev/null; then
|
if systemctl is-enabled webmin &>/dev/null; then
|
||||||
systemctl restart webmin
|
systemctl restart webmin
|
||||||
print_success "Webmin service restarted"
|
print_info "Webmin service restarted"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -314,7 +314,7 @@ function validate_2fa_setup() {
|
|||||||
|
|
||||||
# Check if Google Authenticator is installed
|
# Check if Google Authenticator is installed
|
||||||
if command -v google-authenticator &>/dev/null; then
|
if command -v google-authenticator &>/dev/null; then
|
||||||
print_success "Google Authenticator installed"
|
print_info "Google Authenticator installed"
|
||||||
else
|
else
|
||||||
print_error "Google Authenticator not found"
|
print_error "Google Authenticator not found"
|
||||||
return 1
|
return 1
|
||||||
@@ -322,7 +322,7 @@ function validate_2fa_setup() {
|
|||||||
|
|
||||||
# Check SSH configuration
|
# Check SSH configuration
|
||||||
if grep -q "AuthenticationMethods publickey,keyboard-interactive" "$SSH_CONFIG"; then
|
if grep -q "AuthenticationMethods publickey,keyboard-interactive" "$SSH_CONFIG"; then
|
||||||
print_success "SSH 2FA configuration valid"
|
print_info "SSH 2FA configuration valid"
|
||||||
else
|
else
|
||||||
print_error "SSH 2FA configuration invalid"
|
print_error "SSH 2FA configuration invalid"
|
||||||
return 1
|
return 1
|
||||||
@@ -330,7 +330,7 @@ function validate_2fa_setup() {
|
|||||||
|
|
||||||
# Check PAM configuration
|
# Check PAM configuration
|
||||||
if grep -q "pam_google_authenticator.so" "$PAM_CONFIG_DIR/sshd"; then
|
if grep -q "pam_google_authenticator.so" "$PAM_CONFIG_DIR/sshd"; then
|
||||||
print_success "PAM 2FA configuration valid"
|
print_info "PAM 2FA configuration valid"
|
||||||
else
|
else
|
||||||
print_error "PAM 2FA configuration invalid"
|
print_error "PAM 2FA configuration invalid"
|
||||||
return 1
|
return 1
|
||||||
@@ -338,13 +338,13 @@ function validate_2fa_setup() {
|
|||||||
|
|
||||||
# Check service status
|
# Check service status
|
||||||
if systemctl is-active sshd &>/dev/null; then
|
if systemctl is-active sshd &>/dev/null; then
|
||||||
print_success "SSH service is running"
|
print_info "SSH service is running"
|
||||||
else
|
else
|
||||||
print_error "SSH service is not running"
|
print_error "SSH service is not running"
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
print_success "2FA validation completed successfully"
|
print_info "2FA validation completed successfully"
|
||||||
}
|
}
|
||||||
|
|
||||||
# Display final instructions
|
# Display final instructions
|
||||||
@@ -358,15 +358,15 @@ function show_final_instructions() {
|
|||||||
print_info "- Webmin administration panel"
|
print_info "- Webmin administration panel"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
print_warning "IMPORTANT: Complete user setup immediately!"
|
print_info "IMPORTANT: Complete user setup immediately!"
|
||||||
print_warning "1. Check /home/*/2fa-setup-instructions.txt for user setup"
|
print_info "1. Check /home/*/2fa-setup-instructions.txt for user setup"
|
||||||
print_warning "2. Run setup scripts for each user"
|
print_info "2. Run setup scripts for each user"
|
||||||
print_warning "3. Test 2FA before logging out"
|
print_info "3. Test 2FA before logging out"
|
||||||
|
|
||||||
print_info "Backup location: $BACKUP_DIR"
|
print_info "Backup location: $BACKUP_DIR"
|
||||||
print_info "To disable 2FA, restore configurations from backup"
|
print_info "To disable 2FA, restore configurations from backup"
|
||||||
|
|
||||||
print_success "2FA setup completed successfully!"
|
print_info "2FA setup completed successfully!"
|
||||||
}
|
}
|
||||||
|
|
||||||
# Main execution
|
# Main execution
|
||||||
|
Reference in New Issue
Block a user