foxpass / foxpass-setup Goto Github PK
View Code? Open in Web Editor NEWScripts for setting up Foxpass integration in common environments
Scripts for setting up Foxpass integration in common environments
Can you update your documentation to include Debian 10 here: https://docs.foxpass.com/docs/debian-9 ?
Also, can you please add support for Debian 11 Bullseye? We were forced to use it because we had a box that was better supported by the newest OS (I know, not officially released yet). I'm going to try the debian-10 script in a docker image first to see how that goes.
foxpass_setup.py fails to run without a pip install urllib3
on ubuntu 16.04 and this is not mentioned in the docs.
Many of the scripts in this repo are not compatible with AWS IMDSv2. This includes the Ubuntu 21.04 and Ubuntu 22.04 scripts.
If you search, you will find many instances of code like the following
aws_instance_id=`curl -s -q -f http://169.254.169.254/latest/meta-data/instance-id`
aws_region_id=`curl -s -q -f http://169.254.169.254/latest/meta-data/placement/availability-zone | sed 's/.$//'`
I suggest replacing the above code with the following code across the repo:
aws_meta_data_token=$(curl -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 60")
aws_instance_id=$(curl -s -q -f -H "X-aws-ec2-metadata-token: $aws_meta_data_token" http://169.254.169.254/latest/meta-data/instance-id)
aws_region_id=$(curl -s -q -f -H "X-aws-ec2-metadata-token: $aws_meta_data_token" http://169.254.169.254/latest/meta-data/placement/region')
Note, shellcheck recommended the use of $(...)
over backticks `...`
The Ubuntu 14.04 install shell script doesn't work, failing with syntax errors.
In Ubuntu/Debian, /bin/sh
is typically the dash shell, which means syntax like
function cache_up_to_date() {
won't work, as well as the local
keyword.
Also here: https://github.com/foxpass/foxpass-setup/blob/master/linux/ubuntu/14.04/foxpass_setup.sh#L47, the variables aren't prefixed with $
, so the shell will try and execute them as commands.
this is more of an fyi thing than a real bug.. because i have a system image with security autoupdates enabled, it will do an apt-get update at first boot. since foxpass-setup also does this, sometimes it will fail with:
E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable)
E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it?
i've added a simple loop to my userdata script as a fix but you may consider incorporating some similar logic into foxpass-setup:
# wait for other apt processes to finish before running foxpass script
while fuser /var/lib/dpkg/lock; do
sleep 1
done
in python backslash
\
is a special character aka escape symbol
when python writes a file with the backslash
the next symbol will be escaped
which mean \\
=> \
Python 3.9.12 (main, Mar 26 2022, 15:52:10)
Type 'copyright', 'credits' or 'license' for more information
IPython 7.31.0 -- An enhanced Interactive Python. Type '?' for help.
In [1]: f = open('a_file', "w")
In [2]: f.write('foo\\bar')
Out[2]: 7
In [3]: f.close()
In [4]: cat a_file
foo\bar
so if grep -q "^${user/./\\.}:" /etc/passwd; then exit; fi
turns to if grep -q "^${user/./\.}:" /etc/passwd; then exit; fi
This means if a user has a dot in the name for example foo.bar
it's not gonna be escaped on the bash side.
test:
cat > passwd_test <<EOF
foo.bar:pwd
foo bar:pwd
foo_bar:pwd
foo-bar:pwd
foo2bar:pwd
EOF
user='foo.bar'
grep "^${user/./\.}:" passwd_test
foo.bar:pwd
foo bar:pwd
foo_bar:pwd
foo-bar:pwd
foo2bar:pwd
grep "^${user/./\\.}:" passwd_test
foo.bar:pwd
When adding to the sudoers file a newline is not added at the end of the file and if you are using amazon userdata scripts to make additional changes to the sudoers file it will break unless you know to prepend the additional changes w/ a newline.
I basically ended up with a sudoers file that ended w/
%foxpass-sudo ALL=(ALL:ALL) NOPASSWD:ALL%Ops ALL = NOPASSWD: ALL
Luckily I caught this on a newly provisioned server before it started to spread to the rest of the infrastructure.
A few takeaways from this:
https://raw.githubusercontent.com/foxpass/foxpass-setup/master/linux/ubuntu/16.04/foxpass_setup.py
which has the possibility of changing between server provisioningA declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.