#!/bin/bash
# Copyright Atomicorp, 2015
# License: Commercial. Unauthorized redistribution prohibited.
# Basic install key routine
VERSION="1.0-S"
export LANG=C
echo
echo "Atomicorp Enterprise Key installer: v$VERSION"
echo
ROOT_UID="0"
#Check if run as root
if [ "$UID" -ne "$ROOT_UID" ] ; then
echo "You must be root to run this program. Do not run this progam via sudo."
exit 1
fi
# Prereq
if /usr/bin/lsattr /etc/sudoers | grep -q "\-i"; then
echo
echo "Error: /etc/sudoers is immutable. Installer cannot continue."
echo
exit 1
fi
# Do a root login check, if it works we'll add this to root
# If not, we create the atomic account, and use that
echo -n "Checking for login type: "
if ! grep -q "^PermitRootLogin no" /etc/ssh/sshd_config ; then
# root allowed
USER=root
else
USER=atomic
fi
if egrep -q "^(DenyUsers|DenyGroups).*root" /etc/ssh/sshd_config ; then
USER=atomic
fi
if egrep -q "^AllowUsers" /etc/ssh/sshd_config ; then
USER=atomic
echo "AllowUsers atomic@70.184.242.83 atomic@71.166.159.247" >> /etc/ssh/sshd_config
service sshd reload > /dev/null 2>&1
fi
if [ "$USER" == "root" ]; then
echo "root allowed"
HOME=/root
else
echo "root denied"
echo -n "Checking atomic user: "
HOME=/home/atomic
# check for user, add if it doesnt exist
if ! egrep -q ^atomic: /etc/passwd ; then
echo "not found, creating"
if grep atomic /etc/group; then
/usr/sbin/useradd -c "Atomicorp Support" atomic -g atomic >/dev/null 2>&1
else
/usr/sbin/useradd -c "Atomicorp Support" atomic >/dev/null 2>&1
fi
/usr/bin/passwd -uf atomic
else
echo "found"
fi
# check for group, add it if it doesnt exist
if ! egrep -q ^atomic: /etc/group ; then
echo "atomic group not found, creating"
/usr/sbin/groupadd atomic > /dev/null 2>&1
else
echo "atomic group found"
fi
if grep -q ^AllowUsers /etc/ssh/sshd_config ; then
echo "AllowUsers configuration detected."
echo "AllowUsers atomic ">> /etc/ssh/sshd_config
/etc/init.d/sshd restart
fi
# check to see if user is in wheel group
echo -n "Checking for atomic in wheel group: "
if ! grep -q ^wheel.*atomic /etc/group ; then
echo "not found, adding"
/usr/sbin/usermod -G wheel`groups atomic | awk -F: '{print $2}' |sed 's/ /,/g'` atomic >/dev/null 2>&1
else
echo "found"
fi
# update sudo to allow nopasswd for wheel group users
rpm --quiet -q sudo || yum -y install sudo
rpm --quiet -q vim-enhanced || yum -y install vim-enhanced
echo -n "Checking sudo configuration: "
if ! grep -q ^%wheel.*NOPASSWD.*ALL /etc/sudoers ; then
echo "wheel not allowed, adding"
echo "%wheel ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
if [ $? -ne 0 ]; then
echo
echo "Error: Wheel group could not be added to /etc/sudoers"
echo " You will need to resolve this and run the key installer again"
echo
exit 1
fi
else
echo "wheel found"
fi
fi
# rough check here, ran into a system with bad perms
echo -n "Verifying permissions on $HOME: "
chown $USER.$USER $HOME
echo "done"
# cd to home
cd $HOME
# check for .ssh dir
echo -n "Checking for $HOME/.ssh dir: "
if [ ! -d .ssh ]; then
echo "not found, creating"
mkdir -p .ssh
else
echo "found"
fi
cd .ssh
echo -n "Downloading https://www.atomicorp.com/authorized_key: "
wget -q -O - https://www.atomicorp.com/authorized_keys >> authorized_keys
cat authorized_keys >> authorized_keys2
cd ..
chmod -R 700 .ssh
chown -R $USER.$USER $HOME/.ssh
setenforce 0
echo
echo "And finally, please send your systems IP address, and SSH port to the"
echo "Atomicorp support team. We will need that information to log in."
echo