From 732876299f4dccb4caa3a915879d2b5945bbdd42 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 2 Apr 2014 11:15:54 +0200 Subject: filehooker is now elchOS --- elchos/root-image/root/.automated_script.sh | 34 +++++++++++ elchos/root-image/root/.zlogin | 1 + elchos/root-image/root/customize_root_image.sh | 82 ++++++++++++++++++++++++++ 3 files changed, 117 insertions(+) create mode 100755 elchos/root-image/root/.automated_script.sh create mode 100644 elchos/root-image/root/.zlogin create mode 100755 elchos/root-image/root/customize_root_image.sh (limited to 'elchos/root-image/root') diff --git a/elchos/root-image/root/.automated_script.sh b/elchos/root-image/root/.automated_script.sh new file mode 100755 index 00000000..fb106dae --- /dev/null +++ b/elchos/root-image/root/.automated_script.sh @@ -0,0 +1,34 @@ +#!/bin/bash + +script_cmdline () +{ + local param + for param in $(< /proc/cmdline); do + case "${param}" in + script=*) echo "${param##*=}" ; return 0 ;; + esac + done +} + +automated_script () +{ + local script rt + script="$(script_cmdline)" + if [[ -n "${script}" && ! -x /tmp/startup_script ]]; then + if [[ "${script}" =~ ^http:// || "${script}" =~ ^ftp:// ]]; then + wget "${script}" --retry-connrefused -q -O /tmp/startup_script >/dev/null + rt=$? + else + cp "${script}" /tmp/startup_script + rt=$? + fi + if [[ ${rt} -eq 0 ]]; then + chmod +x /tmp/startup_script + /tmp/startup_script + fi + fi +} + +if [[ $(tty) == "/dev/tty1" ]]; then + automated_script +fi diff --git a/elchos/root-image/root/.zlogin b/elchos/root-image/root/.zlogin new file mode 100644 index 00000000..f598e43e --- /dev/null +++ b/elchos/root-image/root/.zlogin @@ -0,0 +1 @@ +~/.automated_script.sh diff --git a/elchos/root-image/root/customize_root_image.sh b/elchos/root-image/root/customize_root_image.sh new file mode 100755 index 00000000..ffad251e --- /dev/null +++ b/elchos/root-image/root/customize_root_image.sh @@ -0,0 +1,82 @@ +#!/bin/bash + +set -e -u -f -x +reaktor_user=reaktor +ncdc_user=hooker +rootpw=zahlen8ZaiFe +sed -i 's/#\(en_US\.UTF-8\)/\1/' /etc/locale.gen +locale-gen + +ln -sf /usr/share/zoneinfo/Europe/Berlin /etc/localtime +#timedatectl set-timezone Europe/Berlin + +usermod -s /usr/bin/zsh root +cp -aT /etc/skel/ /root/ + +useradd -m -p "" -g users -G "adm,audio,floppy,log,network,rfkill,scanner,storage,optical,power,wheel" -s /usr/bin/zsh pimp || : + +mkdir -p /home/pimp/.ssh/ /root/.ssh/ +cp /krebs/etc/authorized_keys /home/pimp/.ssh/ +cp /krebs/etc/vsftpd.conf /etc/ +chown pimp -R /home/pimp/.ssh/ +chmod 700 -R /home/pimp/.ssh/ + +cp /krebs/etc/authorized_keys /root/.ssh/ + +useradd -m $ncdc_user ||: + +chown -R root:root /etc /root /krebs +chmod 750 /etc/sudoers.d +chmod 440 /etc/sudoers.d/g_wheel + +sed -i "s/#Server/Server/g" /etc/pacman.d/mirrorlist +sed -i 's/#\(Storage=\)auto/\1volatile/' /etc/systemd/journald.conf + +/krebs/bin/vim_sane_defaults.ship +sudo -u pimp /krebs/bin/vim_sane_defaults.ship + +## load latest ncdc if not available +test -e /usr/bin/ncdc || \ + curl http://dev.yorhel.nl/download/ncdc-linux-x86_64-1.19.tar.gz | \ + tar xz -C "/usr/bin" + +## load latest painload if not available +test ! -e /krebs/painload/Reaktor && \ + curl https://codeload.github.com/krebscode/painload/tar.gz/master | \ + tar xz -C "/krebs" && \ + mv /krebs/painload-master /krebs/painload + +useradd -m $reaktor_user -s /krebs/bin/reaktor-shell.sh || : +## needed to see the hidden service hostname +echo "$reaktor_user ALL=(tor) NOPASSWD: /krebs/bin/tor-get-hidden-service.sh" >> /etc/sudoers.d/reaktor +echo "$reaktor_user ALL=(root) NOPASSWD: /krebs/bin/refresh-shares.ship" >> /etc/sudoers.d/reaktor +echo "$reaktor_user ALL=($ncdc_user) NOPASSWD: ALL" >> /etc/sudoers.d/reaktor +echo "$reaktor_user ALL=(root) NOPASSWD: /usr/bin/reboot" >> /etc/sudoers.d/reaktor +echo +cp /krebs/painload/Reaktor/etc/systemd/system/Reaktor@.service \ + /etc/systemd/system +# add bonus features for elch +cp -a /krebs/etc/Reaktor /krebs/painload +# emergency root passwd +(printf "%s\n%s\n" "$rootpw" "$rootpw" ) | passwd +#sed -i \ +# 's#^root.*#root:$6$OrW0nWn4$w0DYuPz96VYLIEBgRtjjn01Y4lHu/FbbXuZeCqHo81YsYe/IMGxPmLLpPw10JlmA3amemet4VfV6/FSlOxpeK0:16161:15593::::::#' \ +# /etc/shadow +cd /krebs/painload/Reaktor/ +touch auth.lst admin.lst +chown reaktor:reaktor auth.lst admin.lst +for i in multi-user.target \ + pacman-init.service \ + choose-mirror.service \ + tor-configure-hidden.service \ + Reaktor@${reaktor_user}.service \ + elch-hostname.service \ + start-ncdc@${ncdc_user}.service \ + sshd.service \ + collectd.service \ + hddtemp.service \ + vsftpd.service \ + ntpdate.service \ + tor.service ;do + systemctl enable "$i" +done -- cgit v1.2.3 From fe564a5ab91d967441748048513b361e4fce1157 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 2 Apr 2014 13:01:24 +0200 Subject: set random root password --- elchos/root-image/root/customize_root_image.sh | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) (limited to 'elchos/root-image/root') diff --git a/elchos/root-image/root/customize_root_image.sh b/elchos/root-image/root/customize_root_image.sh index ffad251e..ca6a21dd 100755 --- a/elchos/root-image/root/customize_root_image.sh +++ b/elchos/root-image/root/customize_root_image.sh @@ -3,7 +3,7 @@ set -e -u -f -x reaktor_user=reaktor ncdc_user=hooker -rootpw=zahlen8ZaiFe +rootpw=$(dd if=/dev/urandom bs=1 count=100 2>/dev/null |md5sum | awk '{print $1}' | dd bs=1 count=9 2>/dev/null) sed -i 's/#\(en_US\.UTF-8\)/\1/' /etc/locale.gen locale-gen @@ -58,10 +58,8 @@ cp /krebs/painload/Reaktor/etc/systemd/system/Reaktor@.service \ # add bonus features for elch cp -a /krebs/etc/Reaktor /krebs/painload # emergency root passwd +echo "the Root PW is $rootpw" (printf "%s\n%s\n" "$rootpw" "$rootpw" ) | passwd -#sed -i \ -# 's#^root.*#root:$6$OrW0nWn4$w0DYuPz96VYLIEBgRtjjn01Y4lHu/FbbXuZeCqHo81YsYe/IMGxPmLLpPw10JlmA3amemet4VfV6/FSlOxpeK0:16161:15593::::::#' \ -# /etc/shadow cd /krebs/painload/Reaktor/ touch auth.lst admin.lst chown reaktor:reaktor auth.lst admin.lst -- cgit v1.2.3 From c908199996b2ad0cf87ba18eb099dc6071f1f1b1 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 2 Apr 2014 13:22:50 +0200 Subject: make customize_root_image less verbose, highlight root password --- elchos/root-image/root/customize_root_image.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'elchos/root-image/root') diff --git a/elchos/root-image/root/customize_root_image.sh b/elchos/root-image/root/customize_root_image.sh index ca6a21dd..6c5640c3 100755 --- a/elchos/root-image/root/customize_root_image.sh +++ b/elchos/root-image/root/customize_root_image.sh @@ -1,6 +1,6 @@ #!/bin/bash -set -e -u -f -x +set -e -u -f reaktor_user=reaktor ncdc_user=hooker rootpw=$(dd if=/dev/urandom bs=1 count=100 2>/dev/null |md5sum | awk '{print $1}' | dd bs=1 count=9 2>/dev/null) @@ -58,7 +58,8 @@ cp /krebs/painload/Reaktor/etc/systemd/system/Reaktor@.service \ # add bonus features for elch cp -a /krebs/etc/Reaktor /krebs/painload # emergency root passwd -echo "the Root PW is $rootpw" + +printf "!!!!!!\nthe Root PW is '%s'\n!!!!!!\n" "$rootpw" (printf "%s\n%s\n" "$rootpw" "$rootpw" ) | passwd cd /krebs/painload/Reaktor/ touch auth.lst admin.lst -- cgit v1.2.3 From 95fbba75246cf1b5115bc5493d3119f9ea91221e Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 27 Apr 2014 18:18:08 +0200 Subject: update things --- elchos/root-image/root/customize_root_image.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'elchos/root-image/root') diff --git a/elchos/root-image/root/customize_root_image.sh b/elchos/root-image/root/customize_root_image.sh index 6c5640c3..1c6abea0 100755 --- a/elchos/root-image/root/customize_root_image.sh +++ b/elchos/root-image/root/customize_root_image.sh @@ -57,8 +57,8 @@ cp /krebs/painload/Reaktor/etc/systemd/system/Reaktor@.service \ /etc/systemd/system # add bonus features for elch cp -a /krebs/etc/Reaktor /krebs/painload -# emergency root passwd +# emergency root passwd printf "!!!!!!\nthe Root PW is '%s'\n!!!!!!\n" "$rootpw" (printf "%s\n%s\n" "$rootpw" "$rootpw" ) | passwd cd /krebs/painload/Reaktor/ @@ -68,7 +68,7 @@ for i in multi-user.target \ pacman-init.service \ choose-mirror.service \ tor-configure-hidden.service \ - Reaktor@${reaktor_user}.service \ + Reaktor.service \ elch-hostname.service \ start-ncdc@${ncdc_user}.service \ sshd.service \ -- cgit v1.2.3