|
1 | 1 | #!/bin/bash |
2 | 2 |
|
3 | 3 | # Debian and Ubuntu Server Hardening Interactive Script |
4 | | -# Version: 0.80.2 | 2026-03-01 |
| 4 | +# Version: 0.80.3 | 2026-03-03 |
5 | 5 | # Changelog: |
| 6 | +# - v0.80.3: Warn about password-less sudo and offer to genrate password/ |
6 | 7 | # - v0.80.2: Added an optional install of netbird (https://netbird.io/) as an alternative to tailscale. |
7 | 8 | # - v0.80.1: Added a safety check to trigger the SSH rollback function if user is disconnected during SSH port change, preventing lockout. |
8 | 9 | # Implement a check for a validated ssh key for the sudo user before revoking root access. |
|
103 | 104 | set -euo pipefail |
104 | 105 |
|
105 | 106 | # --- Update Configuration --- |
106 | | -CURRENT_VERSION="0.80.2" |
| 107 | +CURRENT_VERSION="0.80.3" |
107 | 108 | SCRIPT_URL="https://raw.githubusercontent.com/buildplan/du_setup/refs/heads/main/du_setup.sh" |
108 | 109 | CHECKSUM_URL="${SCRIPT_URL}.sha256" |
109 | 110 |
|
@@ -262,7 +263,7 @@ print_header() { |
262 | 263 | printf '%s\n' "${CYAN}╔═════════════════════════════════════════════════════════════════╗${NC}" |
263 | 264 | printf '%s\n' "${CYAN}║ ║${NC}" |
264 | 265 | printf '%s\n' "${CYAN}║ DEBIAN/UBUNTU SERVER SETUP AND HARDENING SCRIPT ║${NC}" |
265 | | - printf '%s\n' "${CYAN}║ v0.80.2 | 2026-03-01 ║${NC}" |
| 266 | + printf '%s\n' "${CYAN}║ v0.80.3 | 2026-03-03 ║${NC}" |
266 | 267 | printf '%s\n' "${CYAN}║ ║${NC}" |
267 | 268 | printf '%s\n' "${CYAN}╚═════════════════════════════════════════════════════════════════╝${NC}" |
268 | 269 | printf '\n' |
@@ -3101,8 +3102,34 @@ setup_user() { |
3101 | 3102 | printf '\n' |
3102 | 3103 | if [[ -z "$PASS1" && -z "$PASS2" ]]; then |
3103 | 3104 | print_warning "Password skipped. Relying on SSH key authentication." |
3104 | | - log "Password setting skipped for '$USERNAME'." |
3105 | | - break |
| 3105 | + print_warning "Without a password, you will NOT be able to use 'sudo' for administrative tasks." |
| 3106 | + if confirm "Generate a secure random password for you? (Recommended)" "y"; then |
| 3107 | + local RAND_PASS |
| 3108 | + RAND_PASS=$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 24) |
| 3109 | + if echo "$USERNAME:$RAND_PASS" | chpasswd >/dev/null 2>&1; then |
| 3110 | + print_success "Generated random password for '$USERNAME'." |
| 3111 | + printf '\n%s\n' "${YELLOW}⚠ SAVE THIS PASSWORD FOR SUDO ACCESS:${NC}" |
| 3112 | + printf ' %s\n\n' "${BOLD}$RAND_PASS${NC}" |
| 3113 | + log "Generated random password for '$USERNAME'." |
| 3114 | + break |
| 3115 | + else |
| 3116 | + print_error "Failed to set random password. Please try again." |
| 3117 | + continue |
| 3118 | + fi |
| 3119 | + elif confirm "Enable passwordless sudo? (WARNING: Security Risk)" "n"; then |
| 3120 | + echo "$USERNAME ALL=(ALL) NOPASSWD:ALL" > "/etc/sudoers.d/$USERNAME" |
| 3121 | + chmod 0440 "/etc/sudoers.d/$USERNAME" |
| 3122 | + print_warning "Passwordless sudo enabled for '$USERNAME'." |
| 3123 | + log "Passwordless sudo explicitly enabled for '$USERNAME'." |
| 3124 | + break |
| 3125 | + elif confirm "Would you like to manually type a password instead?" "y"; then |
| 3126 | + print_info "Returning to password prompt..." |
| 3127 | + continue |
| 3128 | + else |
| 3129 | + print_warning "Proceeding with NO password and NO sudo rights for '$USERNAME'." |
| 3130 | + log "Password setting skipped, no sudo rights for '$USERNAME'." |
| 3131 | + break |
| 3132 | + fi |
3106 | 3133 | elif [[ "$PASS1" == "$PASS2" ]]; then |
3107 | 3134 | if echo "$USERNAME:$PASS1" | chpasswd >/dev/null 2>&1; then |
3108 | 3135 | print_success "Password for '$USERNAME' updated." |
|
0 commit comments