#!/usr/bin/ksh #////////////////////////////////////////////////// # # rootbox.sh # prepare a package to grant ssh root user access # based on file changes of: # /etc/default/login # /etc/ssh/sshd_config # and # ${HOME}/${LOGNAME}/.ssh/authorized_keys # #\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ # # author: Marcin Wisnios # #////////////////////////////////////////////////// PKGNAME="rootbox" PKGVENDOR="MMW" PKG="${PKGVENDOR}${PKGNAME}" PKGVERSION="1.0" PKGPATH="/tmp" PKGARCH="`uname -p`" PKGFILE="${PKG}.${PKGVERSION}.${PKGARCH}.pkg" # .ssh template account KEYUSER="wisnios" ROOTUSER="root" KEYPATH="`getent passwd ${KEYUSER} | cut -d : -f 6`" # change to relevant ROOTPATH if differ on target system ROOTPATH="`getent passwd ${ROOTUSER} | cut -d : -f 6`" echo "Generating package files" [ -d /tmp/${PKGNAME} ] || mkdir /tmp/${PKGNAME} echo "prototype" echo "i pkginfo" > ${PKGPATH}/${PKGNAME}/prototype echo "i checkinstall" >> ${PKGPATH}/${PKGNAME}/prototype echo "i postinstall" >> ${PKGPATH}/${PKGNAME}/prototype echo "i postremove" >> ${PKGPATH}/${PKGNAME}/prototype echo "e sed /etc/default/login=${PKGPATH}/${PKGNAME}/login.sed ? ? ?" >> ${PKGPATH}/${PKGNAME}/prototype echo "e sed /etc/ssh/sshd_config=${PKGPATH}/${PKGNAME}/sshd_config.sed ? ? ?" >> ${PKGPATH}/${PKGNAME}/prototype pkgproto ${KEYPATH}/.ssh=${ROOTPATH}/.ssh >> ${PKGPATH}/${PKGNAME}/prototype echo "pkginfo" cat << EOF > ${PKGPATH}/${PKGNAME}/pkginfo PKG="${PKG}" NAME="Root box" CATEGORY="system" ARCH="${PKGARCH}" VERSION="${PKGVERSION}" BASEDIR="/" VENDOR="Marcin Marian Wisnios" DESC="Methods and keys to allow remote root user access" EMAIL="wisnios@gmail.com" CLASSES="none sed" PSTAMP=$(date +"%Y%m%d%H%M%S") EOF echo "checkinstall" cat << EOF > ${PKGPATH}/${PKGNAME}/checkinstall #!/usr/bin/ksh pkginfo -q ${PKG} if [ \$? -eq 0 ]; then echo "Package ${PKG} has been already installed." exit 3; fi EOF chmod 755 ${PKGPATH}/${PKGNAME}/checkinstall echo "postinstall" cat << EOF > ${PKGPATH}/${PKGNAME}/postinstall #!/usr/bin/ksh ROOTUSER="${ROOTUSER}" ROOTGROUP=$(getent group `/usr/xpg4/bin/id -g \${ROOTUSER}` | cut -d : -f 1) ROOTPATH="${ROOTPATH}" chown -R \${ROOTUSER}:\${ROOTGROUP} \${ROOTPATH}/.ssh svcadm refresh ssh EOF chmod 755 ${PKGPATH}/${PKGNAME}/postinstall echo "postremove" cat << EOF > ${PKGPATH}/${PKGNAME}/postremove #!/usr/bin/ksh svcadm refresh ssh EOF chmod 755 ${PKGPATH}/${PKGNAME}/postremove echo "login.sed" cat << EOF > ${PKGPATH}/${PKGNAME}/login.sed !install s/^CONSOLE.*/#&/ !remove s/^#CONSOLE/CONSOLE/ EOF echo "sshd_config.sed" cat << EOF > ${PKGPATH}/${PKGNAME}/sshd_config.sed !install s/^\(PermitRootLogin\ \).*/\1without-password/ !remove s/^\(PermitRootLogin\ \).*/\1no/ EOF echo "Making package ${PKGFILE} [${PKGPATH}]" pkgmk -o -r / -d ${PKGPATH} -f ${PKGPATH}/${PKGNAME}/prototype > /dev/null 2>&1 [ $? -eq 0 ] && echo "success" || echo "failure" echo "Translating package format to a datastream" pkgtrans -s ${PKGPATH} ${PKGFILE} ${PKG} > /dev/null 2>&1 [ $? -eq 0 ] && echo "success" || echo "failure" rm -rf ${PKGPATH}/${PKGNAME} rm -rf ${PKGPATH}/${PKG}