From 93e846e775c97af17c0e4f74c07957ae1eb5eab4 Mon Sep 17 00:00:00 2001 From: darksider3 Date: Mon, 23 Sep 2019 23:15:28 +0200 Subject: [PATCH] Big restructure of all directories: config regarding ssh-reg into ssh-reg repository, config regarding ssh and logins itself into config/etc administrate.py to private/ userapplications.py to public/ scripts to private/scripts/ --- config/applicationsconfig.ini | 23 ++++++++++++ config/etc/login.defs | 29 +++++++++++++++ config/etc/ssh/sshd_config | 10 ++++++ {admin => private}/administrate.py | 0 private/scripts/delusers.sh | 11 ++++++ private/scripts/make-tilde-user.sh | 23 ++++++++++++ private/scripts/testinput.sh | 35 +++++++++++++++++++ .../useerapplication.py | 0 8 files changed, 131 insertions(+) create mode 100755 config/applicationsconfig.ini create mode 100644 config/etc/login.defs create mode 100644 config/etc/ssh/sshd_config rename {admin => private}/administrate.py (100%) create mode 100755 private/scripts/delusers.sh create mode 100755 private/scripts/make-tilde-user.sh create mode 100755 private/scripts/testinput.sh rename application/userapplication.py => public/useerapplication.py (100%) diff --git a/config/applicationsconfig.ini b/config/applicationsconfig.ini new file mode 100755 index 0000000..6b0f826 --- /dev/null +++ b/config/applicationsconfig.ini @@ -0,0 +1,23 @@ +[DEFAULT] +base_path=/application/ +applications_db=%(base_path)sapplications.sqlite +log_dir=/application/ +log_file=%(log_dir)sapplications.log +user_creationscript=%(base_path)smake-tilde-user.sh + +[USERS] +UserGroup=tilde +userPWLock=yes +chmodPerms=0o700 +chmodParams=-Rv +chownParams=%(chmodParams)s +chownGroups=%(UserGroup)s:%(UserGroup)s + +[LOG_LEVEL] +log_level=%(log_debug)s +log_notset=0 +log_debug=10 +log_info=20 +log_warning=30 +log_error=40 +lo0g_critical=50 diff --git a/config/etc/login.defs b/config/etc/login.defs new file mode 100644 index 0000000..7c810f4 --- /dev/null +++ b/config/etc/login.defs @@ -0,0 +1,29 @@ +MAIL_DIR /var/mail +FAILLOG_ENAB yes +LOG_UNKFAIL_ENAB no +LOG_OK_LOGINS no +SYSLOG_SU_ENAB yes +SYSLOG_SG_ENAB yes +FTMP_FILE /var/log/btmp +SU_NAME su +HUSHLOGIN_FILE .hushlogin +ENV_SUPATH PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin +ENV_PATH PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games +TTYGROUP tty +TTYPERM 0600 +ERASECHAR 0177 +KILLCHAR 025 +UMASK 022 +PASS_MAX_DAYS 99999 +PASS_MIN_DAYS 0 +PASS_WARN_AGE 7 +UID_MIN 100000 +UID_MAX 165536 +GID_MIN 100000 +GID_MAX 165536 +LOGIN_RETRIES 5 +LOGIN_TIMEOUT 60 +CHFN_RESTRICT rwh +DEFAULT_HOME yes +USERGROUPS_ENAB yes +ENCRYPT_METHOD SHA512 diff --git a/config/etc/ssh/sshd_config b/config/etc/ssh/sshd_config new file mode 100644 index 0000000..385ab46 --- /dev/null +++ b/config/etc/ssh/sshd_config @@ -0,0 +1,10 @@ +UseDNS no +Protocol 2 +SyslogFacility AUTHPRIV +PermitRootLogin no +PubkeyAuthentication yes +ChallengeResponseAuthentication no +Subsystem sftp /usr/lib/openssh/sftp-server + +Match User tilde + PermitEmptyPasswords yes diff --git a/admin/administrate.py b/private/administrate.py similarity index 100% rename from admin/administrate.py rename to private/administrate.py diff --git a/private/scripts/delusers.sh b/private/scripts/delusers.sh new file mode 100755 index 0000000..b734589 --- /dev/null +++ b/private/scripts/delusers.sh @@ -0,0 +1,11 @@ +#!/bin/bash +cut -d: -f1 /etc/passwd | grep test > deltest.txt +while read name; do + userdel "$name" + rm -rf /home/$name + if [ "$#" -eq 1 ]; then + sqlite3 -batch $1 "DELETE FROM applications WHERE username = '$name'" + fi +done < deltest.txt + +rm -f deltest.txt diff --git a/private/scripts/make-tilde-user.sh b/private/scripts/make-tilde-user.sh new file mode 100755 index 0000000..1569b45 --- /dev/null +++ b/private/scripts/make-tilde-user.sh @@ -0,0 +1,23 @@ +#!/bin/env bash +USERNAME=$1 +REALNAME=$2 +EMAIL=$3 +PUBKEY=$4 + +adduser $USERNAME + +# empty password +usermod --lock $USERNAME + +# add to tilde group +usermod -a -G tilde $USERNAME + +# paste ssh key +mkdir /home/$USERNAME/.ssh +echo $PUBKEY >/home/$USERNAME/.ssh/authorized_keys + +# fix perms +chmod -Rv 700 /home/$USERNAME/.ssh/ +chown -Rv $USERNAME:$USERNAME /home/$USERNAME/.ssh/ +echo "user created." +return 0 diff --git a/private/scripts/testinput.sh b/private/scripts/testinput.sh new file mode 100755 index 0000000..fdfef7b --- /dev/null +++ b/private/scripts/testinput.sh @@ -0,0 +1,35 @@ +#!/usr/bin/expect +expr {srand([clock seconds])} ;# initialize RNG +set username "testuser" +set mail "test@testmail.com" +set name "test Name" +set sshkey "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Tob2HvgKL5yns9BQpb/EJENR3UurMdhM9oc7tQ/USw/nIiisRDp4qmwqZM3kyl1RfkGoSiEALCogM693jl/2RO2MFLW/Da9WFuXwBmV4wMbQZQiZJCvqyMBW7uPHgfCXJ2E8T707Ixwv9S9gtmwgAqg/+x12C0fF7P45MpO3Mvc+6ZPdP5qg/GCaej67KHqfVTb4/OMrvHkRTlETFYVNj4B/uwuA7NxTi8YkCSKH+BGCLYDl95uISrHOxaKbeDb6OgkgdYS9ygg2F7r3S36n8woLdSXqJNpxx2zLgO8Ow9KE0paezyeQqPPjbYu6l8y2IAkKCWTHKTAQ6DFgcvAD darksider3@prism" +set y "y" +set random "[expr {int(rand() * 1000)}]" +spawn ./userapplication.py + +expect "allowed:" +send "$username$random\r" +expect "full name:" +send "$name\r" +expect "email address:" +send "$random$mail\r" +expect "ssh public key:" +send "$sshkey\r" +expect "correct?*" +send "$y\r" +interact + +spawn ./administrate.py + +expect -glob "*-> " +send "1\r" +expect -glob "*->" +send "\r" +expect -glob "*-> " +send "A\r" +expect -glob "*..." +send "\r" +expect -glob "*-> " +send "4\r" +interact diff --git a/application/userapplication.py b/public/useerapplication.py similarity index 100% rename from application/userapplication.py rename to public/useerapplication.py