turtlewolfe / docker-run-it-ubuntu-bin-bash Goto Github PK

haha, i'm sure you meant condensed, but the image of you condescending four chapters into a list is pretty hilarious... "what do you think you are, a book? you'll end up fitting on one page, just wait and see..."

License: MIT License

Dockerfile 9.27% Shell 90.73%

docker-run-it-ubuntu-bin-bash's Introduction

TurtleWolfe.com
Explore the docs »

View Demo · Report Bug · Request Feature

Table of Contents

About The Project
- Built With
Getting Started
- Prerequisites
- Installation
Usage
Roadmap
Contributing
License
Contact
Acknowledgments

About The Project

TurtleWolfe @ ScriptHammer.com

to create from scratch

npx create-react-app . --use-npm
npm i gh-pages --save-dev

or install from this repo

npm i
// to edit package.json
npm init

{
  "name": "project name",
  "scripts": {
    "start": "react-scripts start",
    "deploy": "npm run build && gh-pages -d build",
    "build": "react-scripts build"
  },
  "homepage": "https://UserName.github.io/projectName"
}

// npm run build
npm run deploy

GitHub Pages Deploy & Domain: TraversyMedia

ScriptHammer.com

(back to top)

Built With

(back to top)

Getting Started

This is an example of how you may give instructions on setting up your project locally. To get a local copy up and running follow these simple example steps.

Prerequisites

This is an example of how to list things you need to use the software and how to install them.

npm
```
npm install npm@latest -g
```

Installation

Get a free API Key at https://example.com

Clone the repo

git clone https://github.com/TurtleWolfe/turtlewolfe.git

Install NPM packages
```
npm install
```
Enter your API in config.js
```
const API_KEY = 'ENTER YOUR API';
```

(back to top)

Usage

Use this space to show useful examples of how a project can be used. Additional screenshots, code examples and demos work well in this space. You may also link to more resources.

For more examples, please refer to the Documentation

(back to top)

Roadmap

[] Feature 1
[] Feature 2
[] Feature 3
- [] Nested Feature

See the open issues for a full list of proposed features (and known issues).

(back to top)

Contributing

Contributions are what make the open source community such an amazing place to learn, inspire, and create. Any contributions you make are greatly appreciated.

If you have a suggestion that would make this better, please fork the repo and create a pull request. You can also simply open an issue with the tag "enhancement". Don't forget to give the project a star! Thanks again!

Fork the Project
Create your Feature Branch (git checkout -b feature/AmazingFeature)
Commit your Changes (git commit -m 'Add some AmazingFeature')
Push to the Branch (git push origin feature/AmazingFeature)
Open a Pull Request

(back to top)

License

Distributed under the MIT License. See LICENSE.txt for more information.

(back to top)

Contact

Your Name - @twitter_handle - dev.TurtleWolfe@gmail.co@email_client.com

Project Link: https://github.com/TurtleWolfe/turtlewolfe

(back to top)

Acknowledgments

(back to top)

docker-run-it-ubuntu-bin-bash's People

Contributors

Stargazers

Watchers

docker-run-it-ubuntu-bin-bash's Issues

variables for IP & SSH access

seemed like IP and SSH Port would be good variables to add to my boot script..
I'm setting them on line 12 & 15 respectively and then reference them on lines 85 & 107
but I'm getting something wrong in the syntax.. I think I'm setting them ok, but not referencing them correctly
ufw allow from ${IP_ADDRESS} to any ${SSH_PORT}
returns too many arguments
echo 'Port '"${SSH_PORT}" >> /etc/ssh/sshd_config
hung the terminal after telling me permission denied
I've tried single quotes double quotes no quotes.. ?

#!/bin/bash
set -euo pipefail

########################
### SCRIPT VARIABLES ###
########################

# Name of the user to create and grant sudo privileges
USERNAME=jane_doe

# IP Address for accessing SSH
IP_ADDRESS=xrt.please.set.mee

# Port for accessing SSH
SSH_PORT=22

# Whether to copy root user's `authorized_keys` file to the new sudo user.
COPY_AUTHORIZED_KEYS_FROM_ROOT=true

# Additional public keys to add to the new sudo user
OTHER_PUBLIC_KEYS_TO_ADD=(
"ssh-rsa AAAAB..."
)

####################
### SCRIPT LOGIC ###
####################

# customize TTY prompt
sed -i 's/#force_color_prompt=yes/ force_color_prompt=yes/' /etc/skel/.bashrc
sed -i 's/\\\[\\033\[01;32m\\\]\\u@\\h\\\[\\033\[00m\\\]:\\\[\\033\[01;34m\\\]\\w\\\[\\033\[00m\\\]\\\$ /\\n\\@ \\\[\\e\[32;40m\\\]\\u\\\[\\e\[m\\\] \\\[\\e\[32;40m\\\]@\\\[\\e\[m\\\]\\n \\\[\\e\[32;40m\\\]\\H\\\[\\e\[m\\\] \\\[\\e\[36;40m\\\]\\w\\\[\\e\[m\\\] \\\[\\e\[33m\\\]\\\\\$\\\[\\e\[m\\\] /' /etc/skel/.bashrc
# PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '

# Add sudo user and grant privileges
useradd --create-home --shell "/bin/bash" --groups sudo "${USERNAME}"

# Check whether the root account has a real password set
encrypted_root_pw="$(grep root /etc/shadow | cut --delimiter=: --fields=2)"

if [ "${encrypted_root_pw}" != "*" ]; then
    # Transfer auto-generated root password to user if present
    # and lock the root account to password-based access
    echo "${USERNAME}:${encrypted_root_pw}" | chpasswd --encrypted
    passwd --lock root
else
    # Delete invalid password for user if using keys so that a new password
    # can be set without providing a previous value
    passwd --delete "${USERNAME}"
fi

# Expire the sudo user's password immediately to force a change
chage --lastday 0 "${USERNAME}"

# Create SSH directory for sudo user
home_directory="$(eval echo ~${USERNAME})"
mkdir --parents "${home_directory}/.ssh"

# Copy `authorized_keys` file from root if requested
if [ "${COPY_AUTHORIZED_KEYS_FROM_ROOT}" = true ]; then
    cp /root/.ssh/authorized_keys "${home_directory}/.ssh"
fi

# Add additional provided public keys
for pub_key in "${OTHER_PUBLIC_KEYS_TO_ADD[@]}"; do
    echo "${pub_key}" >> "${home_directory}/.ssh/authorized_keys"
done

# Adjust SSH configuration ownership and permissions
chmod 0700 "${home_directory}/.ssh"
chmod 0600 "${home_directory}/.ssh/authorized_keys"
chown --recursive "${USERNAME}":"${USERNAME}" "${home_directory}/.ssh"

# Disable root SSH login with password (& key)
sed --in-place 's/^PermitRootLogin.*/PermitRootLogin no/g' /etc/ssh/sshd_config
if sshd -t -q; then
    systemctl restart sshd
fi

# Add exception for SSH and then enable UFW firewall
ufw allow OpenSSH
# ufw allow proto tcp from "${IP_ADDRESS}" to any port "${SSH_PORT}"
# ufw allow from "${IP_ADDRESS}" to any port "${SSH_PORT}"/tcp
# ufw allow 80
# ufw allow 443
ufw allow from ${IP_ADDRESS} to any ${SSH_PORT}
ufw --force enable

apt-get update
apt-get -y upgrade
apt-get -y autoremove

# Chapter 2, Users
# install PAM (Pluggable Authentication Modules)
apt-get -y install libpam-cracklib
# module-type	control		module-path	arguments
echo 'password required pam_pwhistory.so remember=99 use_authok' >> /etc/pam.d/common-password
# difference ( at least three characters have to be different )
# difok=3
# obscure ( prevents simple passwords from being used )
# obscure

# Chapter 15, Securing SSH
#sed -i 's/Port 22/Port 65332\nProtocol 2/' /etc/ssh/sshd_config
# sed -i 's/Port 22/Port "${SSH_PORT}"\nProtocol 2/' /etc/ssh/sshd_config
groupadd sshusers
usermod -aG sshusers "${USERNAME}"
echo 'Port '"${SSH_PORT}" >> /etc/ssh/sshd_config
echo 'Protocol 2' >> /etc/ssh/sshd_config
echo 'AllowGroups sudo sshusers' >> /etc/ssh/sshd_config
# sed -i 's/PermitRootLogin prohibit-password/PermitRootLogin no/' /etc/ssh/sshd_config
echo 'PermitRootLogin no' >> /etc/ssh/sshd_config
echo 'PasswordAuthentication no' >> /etc/ssh/sshd_config

# Chapter 15, Fail2Ban
apt-get -y install fail2ban
cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
sed -i 's/#ignoreip = 127.0.0.1\/8 ::1/ignoreip = 127.0.0.1\/8 ::1 "${IP_ADDRESS}"/' /etc/fail2ban/jail.local
# sed -i 's/bantime  = 10m/bantime  = 10m/' /etc/fail2ban/jail.local
sed -i 's/maxretry = 5/maxretry = 7/' /etc/fail2ban/jail.local
# sed -i 's/…/port    = ssh/' /etc/fail2ban/jail.local
# sed -i 's/…/port    = "${SSH_PORT}"/' /etc/fail2ban/jail.local
# sed -i 's/…/enabled = true/' /etc/fail2ban/jail.local
# sed -i "s/$match/$match\n$insert/" $file
sed -i "s/logpath = %(sshd_log)s/logpath = %(sshd_log)s\nenabled = true/" /etc/fail2ban/jail.local
# .....................................................
# sed -i 's/…/enabled = true/' /etc/fail2ban/jail.local
# sed -i 's/…/enabled = true/' /etc/fail2ban/jail.local
# sed -i 's/…/…/' /etc/fail2ban/jail.local
# sed -i 's/…/…/' /etc/fail2ban/jail.local

# AppArmor or Selinix
# sed -i 's/…/…/' /etc/dir/file.txt

# TimeZone
# sed -i 's/…/…/' /etc/dir/file.txt

# MariaDB over or MySQL
# sed -i 's/…/…/' /etc/dir/file.txt

# NginX
# sed -i 's/…/…/' /etc/dir/file.txt

# Apache
# sed -i 's/…/…/' /etc/dir/file.txt

# Update, Upgrade & AutoRemove
apt-get update
apt-get -y upgrade
apt-get -y autoremove

#Reboot
# shutdown -r now
# reboot

2nd column in /etc/shadowfile

2nd column in /etc/shadowfile
root:*:

customize TTY prompt with Automated Scritpting

# customize TTY prompt

sed -i 's/\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ /\n\@ \[\e[32;40m\]\u\[\e[m\] \[\e[32;40m\]@\[\e[m\]\n \[\e[32;40m\]\H\[\e[m\] \[\e[36;40m\]\w\[\e[m\] \[\e[33m\]\\$\[\e[m\] ' /etc/skel.bashrc

the terminal returns

sed: -e expression #1, char 192: unterminated s' command`

so how should I alter it?
I got the code for the PS1 from EZprompt
but they weren't necessarily trying to change it through sed in a shell script..
but when I change it manually it ends up looking like this

moving to AWS

Trying to figure out how to connect Digital Ocean to Google Domain per DNSSEC and found a thread that several people were frustrated with Digital Ocean for not even responding and remembered my one year of free teir was rapidly expiring at AWS.. so I'm trying to make the shift.

I went through the extra hassle of making a security group..
I couldn't change the SSH port from 22
and when I finally do SSH in and check on the UFW it's not even activating the firewall, just to find several more articles on people locking themselves out trying to figure it out.

Digital Ocean gave me a starter script where I could set the name as a variable, Amazon is just setting it to Ubuntu.

persist changes to TTY:Prompt

I've tried to curate a few links on customizing the TTY:prompt and the generator has helped a lot. I've added line returns to a few sample code blocks that work ok per session, but when I try to add it to .bashrc as a #user or to etc/skel as #root it doesn't seem to take effect.
I thought I might need to reboot, but it says that's not an available command
I'm running the docker image, so I had to install sudo and add the first User, 0001 because it never actually goes through an installation, it just comes with root and so other than root it starts with no users.

`customize TTY prompt`

root@u1804:/# echo 'export PS1="[\u@\h \w]\$ "' >> ~/.bash_profile
root@u1804:/# nano ~/.bash_profile
jane_doe@0051cc98e23b:~$ nano .bashrc
root@u1804:/# nano etc/skel.bashrc

function nonzero_return() {
	RETVAL=$?
	[ $RETVAL -ne 0 ] && echo "$RETVAL"
}

PS1='${debian_chroot:+($debian_chroot)}\n\[\e[31m\]\`nonzero_return\`\[\e[m\]\[\e[33m\]:\[\e[m\]\[\e[32;40m\]\@\[\e[m\]\[\e[33m\]:\[\e[m\]\[\e[35;40m\]\H\[\e[m\]\n\[\e[31m\]\u\[\e[m\]\[\e[36m\]@\[\e[m\]\[\e[30m\]-\[\e[m\]\[\e[36m\]u1804\[\e[m\]\[\e[30m\]-\[\e[m\]\[\e[33;40m\]\w\[\e[m\]\[\e[30m\]:\[\e[m\]\[\e[36m\]\\$\[\e[m\]\[\e[30m\]:\[\e[m\] '

PS1='${debian_chroot:+($debian_chroot)}\n\[\e[32;40m\]\@\[\e[m\]\[\e[33m\]:\[\e[m\]\[\e[35;40m\]\H\[\e[m\]\n\[\e[31m\]\u\[\e[m\]\[\e[36m\]@\[\e[m\]\[\e[30m\]-\[\e[m\]\[\e[36m\]u1804\[\e[m\]\[\e[30m\]-\[\e[m\]\[\e[33;40m\]\w\[\e[m\]\[\e[30m\]:\[\e[m\]\[\e[36m\]\\$\[\e[m\]\[\e[30m\]:\[\e[m\] '

export PS1="\n\[\e[32;40m\]\@\[\e[m\]\[\e[33m\]:\[\e[m\]\[\e[35;40m\]\H\[\e[m\]\n\[\e[31m\]\u\[\e[m\]\[\e[36m\]@\[\e[m\]\[\e[30m\]-\[\e[m\]\[\e[36m\]u1804\[\e[m\]\[\e[30m\]-\[\e[m\]\[\e[33;40m\]\w\[\e[m\]\[\e[30m\]:\[\e[m\]\[\e[36m\]\\$\[\e[m\]\[\e[30m\]:\[\e[m\] "

Peer Review

I'm extending the Automated Initial Server Setup from Ubuntu 18.04 on Digital Ocean using the user-data insert to start a new server.

I've added the time zone and variables for IP address and SSH port
I'm installing Fail2Ban & makign use of PAM
I'd like to hide the ip address from social media
but not necessarily the logs, so where is this greeting line being set?

Logged in from IP Adress

UFW `open SSH` gets version 6 by default

and I'd like to add version six ip addresses to UFW

UFW uncomplicated firewall

#!/bin/bash
set -euo pipefail

########################
### SCRIPT VARIABLES ###
########################

# Name of the user to create and grant sudo privileges
USERNAME=jane_doe

# IP Address for accessing SSH
IP_ADDRESS=203.0.113.255

# Port for accessing SSH
SSH_PORT=22222

# Whether to copy root user's `authorized_keys` file to the new sudo user.
COPY_AUTHORIZED_KEYS_FROM_ROOT=true

# Additional public keys to add to the new sudo user
OTHER_PUBLIC_KEYS_TO_ADD=(
"ssh-rsa AAAAB..."
)

# set TimeZone
timedatectl set-timezone America/New_York

####################
### SCRIPT LOGIC ###
####################

# customize TTY prompt

# Add sudo user and grant privileges
useradd --create-home --shell "/bin/bash" --groups sudo "${USERNAME}"

# Check whether the root account has a real password set
encrypted_root_pw="$(grep root /etc/shadow | cut --delimiter=: --fields=2)"

if [ "${encrypted_root_pw}" != "*" ]; then
    # Transfer auto-generated root password to user if present
    # and lock the root account to password-based access
    echo "${USERNAME}:${encrypted_root_pw}" | chpasswd --encrypted
    passwd --lock root
else
    # Delete invalid password for user if using keys so that a new password
    # can be set without providing a previous value
    passwd --delete "${USERNAME}"
fi

# Expire the sudo user's password immediately to force a change
chage --lastday 0 "${USERNAME}"

# Create SSH directory for sudo user
home_directory="$(eval echo ~${USERNAME})"
mkdir --parents "${home_directory}/.ssh"

# Copy `authorized_keys` file from root if requested
if [ "${COPY_AUTHORIZED_KEYS_FROM_ROOT}" = true ]; then
    cp /root/.ssh/authorized_keys "${home_directory}/.ssh"
fi

# Add additional provided public keys
for pub_key in "${OTHER_PUBLIC_KEYS_TO_ADD[@]}"; do
    echo "${pub_key}" >> "${home_directory}/.ssh/authorized_keys"
done

# Adjust SSH configuration ownership and permissions
chmod 0700 "${home_directory}/.ssh"
chmod 0600 "${home_directory}/.ssh/authorized_keys"
chown --recursive "${USERNAME}":"${USERNAME}" "${home_directory}/.ssh"

# Chapter 2, Users
# install PAM (Pluggable Authentication Modules)
apt-get -y install libpam-cracklib
# module-type	control		module-path	arguments
echo 'password required pam_pwhistory.so remember=99 use_authok' >> /etc/pam.d/common-password
# difference ( at least three characters have to be different )
# difok=3
# obscure ( prevents simple passwords from being used )
# obscure

# Chapter 15, Securing SSH
groupadd sshusers
usermod -aG sshusers "${USERNAME}"
echo "Port ${SSH_PORT}" >> /etc/ssh/sshd_config
echo 'Protocol 2' >> /etc/ssh/sshd_config
echo 'AllowGroups sudo sshusers' >> /etc/ssh/sshd_config
# sed -i "s/#Port 22/Port ${SSH_PORT}/" /etc/ssh/sshd_config
# Disable root SSH login with password (& key)
sed --in-place 's/^PermitRootLogin.*/PermitRootLogin no/g' /etc/ssh/sshd_config
if sshd -t -q; then
    systemctl restart sshd
fi

# Add exception for SSH and then enable UFW firewall
# ufw allow from "${IP_ADDRESS}" to any port "${SSH_PORT}"/tcp
# ufw allow from "${IP_ADDRESS}" to any port "${SSH_PORT}"
ufw allow proto tcp from "${IP_ADDRESS}" to any port "${SSH_PORT}"
# ufw allow 80
# ufw allow 443
# ufw allow OpenSSH
ufw --force enable

# Chapter 15, Fail2Ban
apt-get -y install fail2ban
cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
sed -i "s/#ignoreip = 127.0.0.1\/8 ::1/ignoreip = 127.0.0.1\/8 ::1 ${IP_ADDRESS}/" /etc/fail2ban/jail.local
# sed -i 's/bantime  = 10m/bantime  = 10m/' /etc/fail2ban/jail.local
sed -i 's/maxretry = 5/maxretry = 7/' /etc/fail2ban/jail.local
# sed -i 's/…/port    = ssh/' /etc/fail2ban/jail.local
# sed -i 's/…/port    = "${SSH_PORT}"/' /etc/fail2ban/jail.local
# sed -i 's/…/enabled = true/' /etc/fail2ban/jail.local
# sed -i "s/$match/$match\n$insert/" $file
sed -i "s/logpath = %(sshd_log)s/logpath = %(sshd_log)s\nenabled = true/" /etc/fail2ban/jail.local
# .....................................................
# sed -i 's/…/enabled = true/' /etc/fail2ban/jail.local
# sed -i 's/…/enabled = true/' /etc/fail2ban/jail.local
# sed -i 's/…/…/' /etc/fail2ban/jail.local
# sed -i 's/…/…/' /etc/fail2ban/jail.local

# AppArmor
# sed -i 's/…/…/' /etc/dir/file.txt

# MariaDB over or MySQL
# sed -i 's/…/…/' /etc/dir/file.txt

# NginX
# sed -i 's/…/…/' /etc/dir/file.txt

# Apache
# sed -i 's/…/…/' /etc/dir/file.txt

# Update, Upgrade & AutoRemove
apt-get update
apt-get -y upgrade
apt-get -y autoremove

#Reboot
# shutdown -r now
# reboot

Reboot Ubuntu 18.04 Docker Image

I'm using the standard base image for Ubuntu 18.04 from DockerHub
It's really stripped down, almost any command I want to call has had to be installed first.
So far, sudo being the most surprising that I might have assumed would have been in the core.
I'm not able to call reboot, which I'm hoping will pick up systemd next time.
My question is what am I suppose to install or call to be able to reboot?

Enable Fail2Ban jail from bash Script

I'm Automating Initial Server Setup with Ubuntu 18.04 on Digital Ocean using the user-data insert to start a new server.
I've got it to install Fail2Ban, but now I need to add the jails, starting with [sshd]
which is just a matter of adding enabled = true

I've recently learned echo would append to the end of the file,
or I could use sed to edit an existing line..
But how would I add a new line in between existing lines, when there's nothing to be replaced?

starting sample

#
# JAILS
#

#
# SSH servers
#

[sshd]

# To use more aggressive sshd modes set filter parameter "mode" in jail.local:
# normal (default), ddos, extra or aggressive (combines all).
# See "tests/files/logs/sshd" or "filter.d/sshd.conf" for usage example and details.
#mode   = normal
port    = ssh
logpath = %(sshd_log)s
backend = %(sshd_backend)s


[dropbear]

port     = ssh
logpath  = %(dropbear_log)s
backend  = %(dropbear_backend)s


[selinux-ssh]

port     = ssh
logpath  = %(auditd_log)s


#
# HTTP servers
#

I need to add `enabled = true` below the line starting with `backend` and above the stanza for `[dropbear]`

backend = %(sshd_backend)s
enabled = true

[dropbear]

peer review

redacted

netstat optional flags

I've alphabetized a consolidated list of the most common flags I noticed being set for netstat options in introductory tutorials. While I noticed it being used, I couldn't confirm what 'c' was being used for and I'm open to additional input or clarification on the rest of the compilation.

`sudo netstat -tulpn`

a all
c
e elaborate
i interface
l listening
n numbered
p process id
r routing
s statistics
t tcp
u udp
~~~?~ add mores~~

extending script

looking to extend the Automating Initial Server Setup with Ubuntu 18.04 script with copying whole files and appending other files.
for example the /bash.rc file, if I wanted to customize the PS1 variable, I know how to do that manually, but how would I append it to the end of the file by using this script?

#!/bin/bash
set -euo pipefail

########################
### SCRIPT VARIABLES ###
########################

# Name of the user to create and grant sudo privileges
USERNAME=sammy

# Whether to copy over the root user's `authorized_keys` file to the new sudo
# user.
COPY_AUTHORIZED_KEYS_FROM_ROOT=true

# Additional public keys to add to the new sudo user
# OTHER_PUBLIC_KEYS_TO_ADD=(
#     "ssh-rsa AAAAB..."
#     "ssh-rsa AAAAB..."
# )
OTHER_PUBLIC_KEYS_TO_ADD=(
)

####################
### SCRIPT LOGIC ###
####################

# Add sudo user and grant privileges
useradd --create-home --shell "/bin/bash" --groups sudo "${USERNAME}"

# Check whether the root account has a real password set
encrypted_root_pw="$(grep root /etc/shadow | cut --delimiter=: --fields=2)"

if [ "${encrypted_root_pw}" != "*" ]; then
    # Transfer auto-generated root password to user if present
    # and lock the root account to password-based access
    echo "${USERNAME}:${encrypted_root_pw}" | chpasswd --encrypted
    passwd --lock root
else
    # Delete invalid password for user if using keys so that a new password
    # can be set without providing a previous value
    passwd --delete "${USERNAME}"
fi

# Expire the sudo user's password immediately to force a change
chage --lastday 0 "${USERNAME}"

# Create SSH directory for sudo user
home_directory="$(eval echo ~${USERNAME})"
mkdir --parents "${home_directory}/.ssh"

# Copy `authorized_keys` file from root if requested
if [ "${COPY_AUTHORIZED_KEYS_FROM_ROOT}" = true ]; then
    cp /root/.ssh/authorized_keys "${home_directory}/.ssh"
fi

# Add additional provided public keys
for pub_key in "${OTHER_PUBLIC_KEYS_TO_ADD[@]}"; do
    echo "${pub_key}" >> "${home_directory}/.ssh/authorized_keys"
done

# Adjust SSH configuration ownership and permissions
chmod 0700 "${home_directory}/.ssh"
chmod 0600 "${home_directory}/.ssh/authorized_keys"
chown --recursive "${USERNAME}":"${USERNAME}" "${home_directory}/.ssh"

# Disable root SSH login with password
sed --in-place 's/^PermitRootLogin.*/PermitRootLogin prohibit-password/g' /etc/ssh/sshd_config
if sshd -t -q; then
    systemctl restart sshd
fi

# Add an exception for SSH and then enable UFW firewall
ufw allow OpenSSH
ufw --force enable

# customize /bash.rc PS1

# copy a file from to the new server

Customizing PS1 during automated server creation

I'm Automating Initial Server Setup with Ubuntu 18.04 on Digital Ocean using the user-data insert to start a new server.
I want to customize the PS1 prompt in the /etc/skel/.bashrc
and I've moved it up to step one before it even creates the sudo user or copies .bashrc for that user.
Looking at /etc/skel/.bashrc it appears to have the changes on line 60
but when I SSH in as jane_doe her prompt is unchanged
I've considered adding a restart as the final step, but I'm not sure how that would help..
Since the file is being changed before she is created.
So, what should I be trying to do differently?

initial_server_setup.sh

#!/bin/bash
set -euo pipefail

########################
### SCRIPT VARIABLES ###
########################

# Name of the user to create and grant sudo privileges
USERNAME=jane_doe

# Whether to copy over the root user's `authorized_keys` file to the new sudo
# user.
COPY_AUTHORIZED_KEYS_FROM_ROOT=true

# Additional public keys to add to the new sudo user
# OTHER_PUBLIC_KEYS_TO_ADD=(
#     "ssh-rsa AAAAB..."
#     "ssh-rsa AAAAB..."
# )
OTHER_PUBLIC_KEYS_TO_ADD=(
"ssh-rsa AAAAB..."
)

####################
### SCRIPT LOGIC ###
####################

# customize TTY prompt
sed -i 's/\\\[\\033\[01;32m\\\]\\u@\\h\\\[\\033\[00m\\\]:\\\[\\033\[01;34m\\\]\\w\\\[\\033\[00m\\\]\\\$ /\\n\\@ \\\[\\e\[32;40m\\\]\\u\\\[\\e\[m\\\] \\\[\\e\[32;40m\\\]@\\\[\\e\[m\\\]\\n \\\[\\e\[32;40m\\\]\\H\\\[\\e\[m\\\] \\\[\\e\[36;40m\\\]\\w\\\[\\e\[m\\\] \\\[\\e\[33m\\\]\\\\\$\\\[\\e\[m\\\] /' /etc/skel/.bashrc
# PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '

# Add sudo user and grant privileges
useradd --create-home --shell "/bin/bash" --groups sudo "${USERNAME}"

# Check whether the root account has a real password set
encrypted_root_pw="$(grep root /etc/shadow | cut --delimiter=: --fields=2)"

if [ "${encrypted_root_pw}" != "*" ]; then
    # Transfer auto-generated root password to user if present
    # and lock the root account to password-based access
    echo "${USERNAME}:${encrypted_root_pw}" | chpasswd --encrypted
    passwd --lock root
else
    # Delete invalid password for user if using keys so that a new password
    # can be set without providing a previous value
    passwd --delete "${USERNAME}"
fi

# Expire the sudo user's password immediately to force a change
chage --lastday 0 "${USERNAME}"

# Create SSH directory for sudo user
home_directory="$(eval echo ~${USERNAME})"
mkdir --parents "${home_directory}/.ssh"

# Copy `authorized_keys` file from root if requested
if [ "${COPY_AUTHORIZED_KEYS_FROM_ROOT}" = true ]; then
    cp /root/.ssh/authorized_keys "${home_directory}/.ssh"
fi

# Add additional provided public keys
for pub_key in "${OTHER_PUBLIC_KEYS_TO_ADD[@]}"; do
    echo "${pub_key}" >> "${home_directory}/.ssh/authorized_keys"
done

# Adjust SSH configuration ownership and permissions
chmod 0700 "${home_directory}/.ssh"
chmod 0600 "${home_directory}/.ssh/authorized_keys"
chown --recursive "${USERNAME}":"${USERNAME}" "${home_directory}/.ssh"

# Disable root SSH login with password
sed --in-place 's/^PermitRootLogin.*/PermitRootLogin prohibit-password/g' /etc/ssh/sshd_config
if sshd -t -q; then
    systemctl restart sshd
fi

# Add exception for SSH and then enable UFW firewall
ufw allow OpenSSH
ufw --force enable

/etc/skel/.bashrc

# ~/.bashrc: executed by bash(1) for non-login shells.
# see /usr/share/doc/bash/examples/startup-files (in the package bash-doc)
# for examples

# If not running interactively, don't do anything
case $- in
    *i*) ;;
      *) return;;
esac

# don't put duplicate lines or lines starting with space in the history.
# See bash(1) for more options
HISTCONTROL=ignoreboth

# append to the history file, don't overwrite it
shopt -s histappend

# for setting history length see HISTSIZE and HISTFILESIZE in bash(1)
HISTSIZE=1000
HISTFILESIZE=2000

# check the window size after each command and, if necessary,
# update the values of LINES and COLUMNS.
shopt -s checkwinsize

# If set, the pattern "**" used in a pathname expansion context will
# match all files and zero or more directories and subdirectories.
#shopt -s globstar

# make less more friendly for non-text input files, see lesspipe(1)
[ -x /usr/bin/lesspipe ] && eval "$(SHELL=/bin/sh lesspipe)"

# set variable identifying the chroot you work in (used in the prompt below)
if [ -z "${debian_chroot:-}" ] && [ -r /etc/debian_chroot ]; then
    debian_chroot=$(cat /etc/debian_chroot)
fi

# set a fancy prompt (non-color, unless we know we "want" color)
case "$TERM" in
    xterm-color|*-256color) color_prompt=yes;;
esac

# uncomment for a colored prompt, if the terminal has the capability; turned
# off by default to not distract the user: the focus in a terminal window
# should be on the output of commands, not on the prompt
#force_color_prompt=yes

if [ -n "$force_color_prompt" ]; then
    if [ -x /usr/bin/tput ] && tput setaf 1 >&/dev/null; then
        # We have color support; assume it's compliant with Ecma-48
        # (ISO/IEC-6429). (Lack of such support is extremely rare, and such
        # a case would tend to support setf rather than setaf.)
        color_prompt=yes
    else
        color_prompt=
    fi
fi

if [ "$color_prompt" = yes ]; then
    PS1='${debian_chroot:+($debian_chroot)}\n\@ \[\e[32;40m\]\u\[\e[m\] \[\e[32;40m\]@\[\e[m\]\n \[\e[32;40m\]\H\[\e[m\] \[\e[36;40m\]\w\[\e[m\] \[\e[33m\]\\$\[\e[m\] '
else
    PS1='${debian_chroot:+($debian_chroot)}\u@\h:\w\$ '
fi
unset color_prompt force_color_prompt

# If this is an xterm set the title to user@host:dir
case "$TERM" in
xterm*|rxvt*)
    PS1="\[\e]0;${debian_chroot:+($debian_chroot)}\u@\h: \w\a\]$PS1"
    ;;
*)
    ;;
esac

# enable color support of ls and also add handy aliases
if [ -x /usr/bin/dircolors ]; then
    test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)"
    alias ls='ls --color=auto'
    #alias dir='dir --color=auto'
    #alias vdir='vdir --color=auto'

    alias grep='grep --color=auto'
    alias fgrep='fgrep --color=auto'
    alias egrep='egrep --color=auto'
fi

# colored GCC warnings and errors
#export GCC_COLORS='error=01;31:warning=01;35:note=01;36:caret=01;32:locus=01:quote=01'

# some more ls aliases
alias ll='ls -alF'
alias la='ls -A'
alias l='ls -CF'

# Add an "alert" alias for long running commands.  Use like so:
#   sleep 10; alert
alias alert='notify-send --urgency=low -i "$([ $? = 0 ] && echo terminal || echo error)" "$(history|tail -n1|sed -e '\''s/^\s*[0-9]\+\s*//;s/[;&|]\s*alert$//'\'')"'

# Alias definitions.
# You may want to put all your additions into a separate file like
# ~/.bash_aliases, instead of adding them here directly.
# See /usr/share/doc/bash-doc/examples in the bash-doc package.

if [ -f ~/.bash_aliases ]; then
    . ~/.bash_aliases
fi

# enable programmable completion features (you don't need to enable
# this, if it's already enabled in /etc/bash.bashrc and /etc/profile
# sources /etc/bash.bashrc).
if ! shopt -oq posix; then
  if [ -f /usr/share/bash-completion/bash_completion ]; then
    . /usr/share/bash-completion/bash_completion
  elif [ -f /etc/bash_completion ]; then
    . /etc/bash_completion
  fi
fi

Exit Zero, add -dit, bash & all to docker-compose.yml

$ `docker run --name u1804 -dit -p 8080:80 ubuntu:18.04 //bin/bash`

$`docker attach u1804`

Running these 2 commands will get me into the prompt of a Linux system, which is really all I need for now. Most of my time has been on Windows or Mac.. so I really just want a Local Linux to review from first principles.

root@u1804:/# `exit`

It's been much easier to find tutorials about running Docker on Linux rather than Linux in Docker..
Now, I'm trying to move that functionality into docker-compose.yml so with just compose-docker up brings me back to that same Linux prompt. I'm getting as far as an exit zero, it looks like it's pulling the image and building the container, but then it exits with a zero because it's finished.. I'm not sure about the syntax to add

-detached
-interactive
-TTY and the
//bash call?
Also, instead of just adding the usr/local/, could I expose the entire file structure of 18.04 to local development?

docker-compose.yml

version: "3.2"
services:
  bionic:
    image: ubuntu:${DISTRO:-bionic}
    ports:
      - "8080:80"
    volumes:
      - ./usr_local/:/usr/local/
    container_name: u1804

sed can't see

I'm trying to use sed as root to alter the default PS1..
The first 2 lines were just to make sure I had the syntax structured right and to see if the quotation marks made a difference,
running them consecutively allows me to change a comment near the top of the file and then change it back.
Opening the file in nano confirms the changes are effective, which should rule out 'write permissions'.

sed -i 's/If not running interactively,/stringtoreplaceitwith/' /etc/skel/.bashrc

sed -i "s/stringtoreplaceitwith/If not running interactively,/" /etc/skel/.bashrc

sed -i "s/\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ /Replace PS1/" /etc/skel/.bashrc

I'm not sure if it's something else about the string's structure,
but for some reason, it's not finding what I'd like to substitute

\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$

turtlewolfe / docker-run-it-ubuntu-bin-bash Goto Github PK

docker-run-it-ubuntu-bin-bash's Introduction

About The Project

to create from scratch

or install from this repo

Built With

Getting Started

Prerequisites

Installation

Usage

Roadmap

Contributing

License

Contact

Acknowledgments

docker-run-it-ubuntu-bin-bash's People

Contributors

Stargazers

Watchers

docker-run-it-ubuntu-bin-bash's Issues

# customize TTY prompt

I'm extending the Automated Initial Server Setup from Ubuntu 18.04 on Digital Ocean using the user-data insert to start a new server.

Logged in from IP Adress

UFW open SSH gets version 6 by default

UFW uncomplicated firewall

starting sample

I need to add enabled = true below the line starting with backend and above the stanza for [dropbear]

$ docker run --name u1804 -dit -p 8080:80 ubuntu:18.04 //bin/bash

$docker attach u1804

root@u1804:/# exit

docker-compose.yml

Recommend Projects

Recommend Topics

Recommend Org

UFW `open SSH` gets version 6 by default

I need to add `enabled = true` below the line starting with `backend` and above the stanza for `[dropbear]`

$ `docker run --name u1804 -dit -p 8080:80 ubuntu:18.04 //bin/bash`

$`docker attach u1804`

root@u1804:/# `exit`