twb
/
neatoDeploy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

init

Browse Source
main
Robert 2 years ago
commit 42be566b9b
49 changed files with 3119 additions and 0 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 5
      .gitignore
  2. 12
      README.md
  3. 118
      app/OS/neato_Alpine.php
  4. 120
      app/OS/neato_Ubuntu.php
  5. 123
      app/auto_loader.php
  6. 102
      app/neato.php
  7. 99
      app/neato_Configure.php
  8. 111
      app/neato_Logger.php
  9. 65
      app/neato_colors.php
  10. 179
      app/neato_common.php
  11. 217
      app/neato_danger_checker.php
  12. 120
      app/neato_enc.php
  13. 212
      app/neato_fns.php
  14. 74
      app/neato_init.php
  15. 69
      app/registry.php
  16. 68
      app/utils/apache.php
  17. 17
      app/utils/curl.php
  18. 43
      app/utils/mysql.php
  19. 36
      app/utils/npm.php
  20. 60
      app/utils/php.php
  21. 25
      app/utils/sed.php
  22. 49
      app/utils/ufw.php
  23. 14
      app/utils/wget.php
  24. 40
      compile-phar.php
  25. 48
      config_files/deploy_example.php
  26. 31
      config_files/deploy_mysql_ex1.php
  27. 19
      config_files/deploy_test1.php
  28. 44
      install_neato.sh
  29. 2
      neato_deploy.sh
  30. 35
      neato_deploy_php_cli.ini
  31. 34
      neato_php_cli_phar.ini
  32. 18
      selftar.sh
  33. 6
      templates/Ubuntu/apache2/000-default.conf
  34. 9
      templates/Ubuntu/apache2/allsites.conf
  35. 36
      templates/Ubuntu/apache2/default-ssl.conf
  36. 87
      templates/Ubuntu/apache2/security.conf
  37. 4
      templates/Ubuntu/apt.conf.d/10periodic
  38. 58
      templates/Ubuntu/keys/api.sh
  39. 1
      templates/Ubuntu/keys/bobs.pub
  40. 45
      templates/Ubuntu/keys/ca.sh
  41. 1
      templates/Ubuntu/keys/chrisa.pub
  42. 10
      templates/Ubuntu/keys/how_to_move_certs.txt
  43. 166
      templates/Ubuntu/keys/workers.sh
  44. 67
      templates/Ubuntu/mysql.conf.d/mysqld.cnf
  45. 25
      templates/Ubuntu/notice.txt
  46. 247
      templates/Ubuntu/php/php.ini
  47. 94
      templates/Ubuntu/ssh/sshd_config
  48. 45
      templates/Ubuntu/ufw/sysctl.conf
  49. 9
      templates/podman_install.sh

5
.gitignore vendored
Unescape View File

@ -0,0 +1,5 @@
run/*.lck
log/*.txt
neato_deploy.tar.gz
neatoDeploy.phar
neato_deploy.tar.gz.self

12
README.md
Unescape View File

@ -0,0 +1,12 @@
# neatoDeploy
$ ./selftar.sh
Then scp over the neato_deploy.tar.gz.self to your sever.
on the server: $ ./neato_deploy.tar.gz.self
## Clean up
$ rm neato_deploy.tar.gz.self
$ rm install_neato.sh
## Run $ neato_deploy http://site.com/deployment.txt

118
app/OS/neato_Alpine.php
Unescape View File

@ -0,0 +1,118 @@
<?php
final class neato {
const get_opt = '/opt/';
const get_etc = '/etc/';
const get_bin = '/bin/';
const get_user_bin = '/usr/bin/';
const get_super_user_bin = '/usr/sbin/';
const get_user_local_bin = '/usr/local/bin/';
protected function __construct() {
}
public static function is_installed($prog) {
exec(self::get_user_bin . 'apk -e info ' . safe_cmd($prog), $out, $exit_code);
return ($exit_code == 0) ? ['installed' => true, 'version' => $out] : ['installed' => false];
}
public static function service($name, $action = 'restart') {
exec(self::get_super_user_bin . 'rc-service ' . safe_cmd($name, $action), $output, $exit_code);
display($output);
check_for_error($exit_code, "Unable to {$action} Service called: {$name}");
return $exit_code;
}
public static function systemctl($name, $action = 'enable') {
// exec(self::get_bin . 'systemctl ' . safe_cmd($action, $name), $output, $exit_code);
// check_for_error($exit_code, "Unable to {$action} Service called: {$name}");
// return $exit_code;
}
public static function upgrade($prog) {
exec(self::get_user_bin . 'apk upgrade -y ' . safe_cmd_quotes($prog) . stderr(), $output, $exit_code);
display($output);
check_for_error($exit_code, "Unable to upgrade: {$prog}");
return $exit_code;
}
public static function install($prog) {
exec(self::get_user_bin . 'apk add -y ' . safe_cmd_quotes($prog) . stderr(), $output, $exit_code);
display($output);
check_for_error($exit_code, "Unable to install: {$prog}");
return $exit_code;
}
public static function uninstall($prog) {
exec(self::get_user_bin . 'apk del -y ' . safe_cmd_quotes($prog) . stderr(), $output, $exit_code);
display($output);
check_for_error($exit_code, "Unable to uninstall: {$prog}");
return $exit_code;
}
public static function add_repo($repo) {
// exec(self::get_user_bin . 'add-apt-repository -y -u ' . safe_cmd_quotes($repo) . stderr(), $output, $exit_code);
// display($output); // -u = DO UPDATE once done...
// check_for_error($exit_code, "Unable to uninstall: {$repo}");
// return $exit_code;
}
public static function update() {
exec(self::get_user_bin . 'apk update -y ' . stderr(), $output, $exit_code);
display($output);
return $exit_code;
}
public static function full_update() {
exec(self::get_user_bin . 'apk update -y && ' . self::get_user_bin . 'apk upgrade -y' . stderr(), $output, $exit_code);
display($output);
return $exit_code;
}
public static function chmod_on_folders($dir, $kind) {
if (!is_dir($dir)) {
$exit_code = false;
} else {
$perm = get_perms($kind);
exec(self::get_user_bin . 'find ' . safe_cmd($dir) . ' -type d -exec '. self::get_bin . 'chmod ' . $perm . ' {} \;', $output, $exit_code);
}
check_for_error($exit_code, "Unable to chmod folders in: {$dir}");
return $exit_code;
}
public static function chmod_on_files($dir, $kind) {
if (!is_dir($dir)) {
$exit_code = false;
} else {
$perm = get_perms($kind);
exec(self::get_user_bin . 'find ' . safe_cmd($dir) . ' -type f -exec '. self::get_bin . 'chmod ' . $perm . ' {} \;', $output, $exit_code);
}
check_for_error($exit_code, "Unable to chmod files in: {$dir}");
return $exit_code;
}
public static function write_protect_file($file) {
if (!is_file($file)) {
$exit_code = false;
} else {
exec(self::get_user_bin . 'chattr +i ' . safe_cmd($file), $output, $exit_code);
}
check_for_error($exit_code, "Unable to write protect: {$file}");
return $exit_code;
}
public static function unwrite_protect_file($file) {
if (!is_file($file)) {
$exit_code = false;
} else {
exec(self::get_user_bin . 'chattr -i ' . safe_cmd($file), $output, $exit_code);
}
check_for_error($exit_code, "Unable to un-write protect: {$file}");
return $exit_code;
}
}
// end of neato installer commands

120
app/OS/neato_Ubuntu.php
Unescape View File

@ -0,0 +1,120 @@
<?php
final class neato {
const get_opt = '/opt/';
const get_etc = '/etc/';
const get_bin = '/bin/';
const get_user_bin = '/usr/bin/';
const get_super_user_bin = '/usr/sbin/';
const get_user_local_bin = '/usr/local/bin/';
protected function __construct() {
}
public static function is_installed($prog) {
exec(self::get_user_bin . 'dpkg -s ' . safe_cmd($prog) . ' | ' . self::get_bin . 'grep "install ok installed"', $out, $exit_code);
exec(self::get_user_bin . 'dpkg -s ' . safe_cmd($prog) . ' | ' . self::get_bin . 'grep ^Version', $output, $code);
$version = str_replace('Version: ', '', $output[0]);
return ($exit_code == 0) ? ['installed' => true, 'version' => $version] : ['installed' => false];
}
public static function service($name, $action = 'restart') {
exec(self::get_super_user_bin . 'service ' . safe_cmd($name, $action), $output, $exit_code);
display($output);
check_for_error($exit_code, "Unable to {$action} Service called: {$name}");
return $exit_code;
}
public static function systemctl($name, $action = 'enable') {
exec(self::get_bin . 'systemctl ' . safe_cmd($action, $name), $output, $exit_code);
check_for_error($exit_code, "Unable to {$action} Service called: {$name}");
return $exit_code;
}
public static function upgrade($prog) {
exec(self::get_user_bin . 'apt-get upgrade -y ' . safe_cmd_quotes($prog) . stderr(), $output, $exit_code);
display($output);
check_for_error($exit_code, "Unable to upgrade: {$prog}");
return $exit_code;
}
public static function install($prog) {
exec(self::get_user_bin . 'apt-get install -y ' . safe_cmd_quotes($prog) . stderr(), $output, $exit_code);
display($output);
check_for_error($exit_code, "Unable to install: {$prog}");
return $exit_code;
}
public static function uninstall($prog) {
exec(self::get_user_bin . 'apt-get remove -y ' . safe_cmd_quotes($prog) . stderr(), $output, $exit_code);
display($output);
check_for_error($exit_code, "Unable to uninstall: {$prog}");
return $exit_code;
}
public static function add_repo($repo) {
exec(self::get_user_bin . 'add-apt-repository -y -u ' . safe_cmd_quotes($repo) . stderr(), $output, $exit_code);
display($output); // -u = DO UPDATE once done...
check_for_error($exit_code, "Unable to uninstall: {$repo}");
return $exit_code;
}
public static function update() {
exec(self::get_user_bin . 'apt-get update -y ' . stderr(), $output, $exit_code);
display($output);
return $exit_code;
}
public static function full_update() {
exec(self::get_user_bin . 'apt-get update -y && '. self::get_user_bin . 'apt-get upgrade -y && ' . self::get_user_bin . 'apt-get autoremove -y && ' . self::get_user_bin . 'apt-get autoclean -y' . stderr(), $output, $exit_code);
display($output);
return $exit_code;
}
public static function chmod_on_folders($dir, $kind) {
if (!is_dir($dir)) {
$exit_code = false;
} else {
$perm = get_perms($kind);
exec(self::get_user_bin . 'find ' . safe_cmd($dir) . ' -type d -exec ' . self::get_bin . 'chmod ' . $perm . ' {} \;', $output, $exit_code);
}
check_for_error($exit_code, "Unable to chmod folders in: {$dir}");
return $exit_code;
}
public static function chmod_on_files($dir, $kind) {
if (!is_dir($dir)) {
$exit_code = false;
} else {
$perm = get_perms($kind);
exec(self::get_user_bin . 'find ' . safe_cmd($dir) . ' -type f -exec ' . self::get_bin . 'chmod ' . $perm . ' {} \;', $output, $exit_code);
}
check_for_error($exit_code, "Unable to chmod files in: {$dir}");
return $exit_code;
}
public static function write_protect_file($file) {
if (!is_file($file)) {
$exit_code = false;
} else {
exec(self::get_user_bin . 'chattr +i ' . safe_cmd($file), $output, $exit_code);
}
check_for_error($exit_code, "Unable to write protect: {$file}");
return $exit_code;
}
public static function unwrite_protect_file($file) {
if (!is_file($file)) {
$exit_code = false;
} else {
exec(self::get_user_bin . 'chattr -i ' . safe_cmd($file), $output, $exit_code);
}
check_for_error($exit_code, "Unable to un-write protect: {$file}");
return $exit_code;
}
}
// end of neato installer commands

123
app/auto_loader.php
Unescape View File

@ -0,0 +1,123 @@
<?php
/**
* @author http://php-fig.org/ <info@php-fig.org>
* @site https://github.com/php-fig/fig-standards/blob/master/accepted/PSR-4-autoloader-examples.md
*/
class Psr4AutoloaderClass {
/**
* An associative array where the key is a namespace prefix and the value
* is an array of base directories for classes in that namespace.
*
* @var array
*/
protected $prefixes = [];
/**
* Register loader with SPL autoloader stack.
*
* @return void
*/
public function register() {
spl_autoload_register(array($this, 'load_class'));
}
public function is_loaded(string $prefix): bool {
$prefix = trim($prefix, '\\') . '\\';
return (isset($this->prefixes[$prefix])) ? true : false;
}
public function get_list(): array {
return $this->prefixes;
}
/**
* Adds a base directory for a namespace prefix.
*
* @param string $prefix The namespace prefix.
* @param string $base_dir A base directory for class files in the
* namespace.
* @param bool $prepend If true, prepend the base directory to the stack
* instead of appending it; this causes it to be searched first rather
* than last.
* @return void
*/
public function add_namespace(string $prefix, string $base_dir, bool $prepend = false): void {
$prefix = trim($prefix, '\\') . '\\';
$base_dir = rtrim($base_dir, DIRECTORY_SEPARATOR) . '/';
if (isset($this->prefixes[$prefix]) === false) {
$this->prefixes[$prefix] = array();
}
if ($prepend) {
array_unshift($this->prefixes[$prefix], $base_dir);
} else {
array_push($this->prefixes[$prefix], $base_dir);
}
}
/**
* Loads the class file for a given class name.
*
* @param string $class The fully-qualified class name.
* @return mixed The mapped file name on success, or boolean false on
* failure.
*/
public function load_class(string $class) {
/**
* Semi-Fix for non-namespaced classes
*/
if (! strrpos($class, '\\')) {
return ($this->load_mapped_file($class . '\\', $class));
}
$prefix = $class;
while (false !== $pos = strrpos($prefix, '\\')) {
$prefix = substr($class, 0, $pos + 1);
$relative_class = substr($class, $pos + 1);
$mapped_file = $this->load_mapped_file($prefix, $relative_class);
if ($mapped_file) {
return $mapped_file;
}
$prefix = rtrim($prefix, '\\');
}
return false;
}
/**
* Load the mapped file for a namespace prefix and relative class.
*
* @param string $prefix The namespace prefix.
* @param string $relative_class The relative class name.
* @return mixed Boolean false if no mapped file can be loaded, or the
* name of the mapped file that was loaded.
*/
protected function load_mapped_file(string $prefix, string $relative_class) {
if (isset($this->prefixes[$prefix]) === false) {
return false;
}
foreach ($this->prefixes[$prefix] as $base_dir) {
$file = $base_dir
. str_replace('\\', '/', $relative_class)
. '.php';
if ($this->require_file($file)) {
return $file;
}
}
return false;
}
/**
* If a file exists, require it from the file system.
*
* @param string $file The file to require.
* @return bool True if the file exists, false if not.
*/
protected function require_file(string $file): bool {
if (file_exists($file)) {
require $file;
return true;
}
return false;
}
}

102
app/neato.php
Unescape View File

@ -0,0 +1,102 @@
<?php
ini_set('display_errors', 1);
error_reporting(E_ALL);
$cwd = getcwd();
$pk = "@ghsP4JAuhCUxEGpk2y;mP"; // XOR for sha256sum, CHANGE ME!!
if (!isset($argv[1])) {
echo 'Please give Script to run, example: neatoDeploy apache' . PHP_EOL;
echo "Note: deploy_ is added to the beginning of the filename and .php is added to the end!" . PHP_EOL;
echo "Also, the deployment file must be in the same path if local file." . PHP_EOL;
echo "Insecure: you may pass a http web site text file: IE http://mysite.com/apache.txt" . PHP_EOL;
exit(1);
}
define('CONFIG_FILE', basename($argv[1]) );
require "neato_common.php";
if (! isset($os['id'])) {
echo 'Unknown OS';
exit(1);
}
if ($os_like == 'debian') {
putenv("DEBIAN_FRONTEND=noninteractive");
}
require 'OS/neato_' . ucfirst($os['id']) . '.php';
$auto = false;
foreach($argv as $arg) {
if ($arg == "-y") {
$auto = true;
}
}
$file = $argv[1];
if (is_string_found($argv[1], 'http://') || is_string_found($argv[1], 'https://')) {
if ( isset($argv[2]) && $argv[2] !== "-y" ) {
$file = $argv[2];
} else {
$pos = strrpos($argv[1], '/');
$file = substr($argv[1], $pos + 1);
$file = str_replace(".txt", "", $file);
}
\utils\curl::save($argv[1], "deploy_{$file}.php");
}
function save_sha($shasum) {
$xor = xor_encrypt($shasum, $GLOBALS['pk']);
file_put_contents($GLOBALS['cwd'] . '/deploy_' . $GLOBALS['file'].'.sum', $xor);
}
function do_harm_checker($shasum) {
require 'neato_danger_checker.php';
if ( is_file_dangerious($GLOBALS['cwd'] . '/deploy_' . $GLOBALS['file'].'.php') ) {
if (! $GLOBALS['auto']) {
$answer = readline("Do you wish to execute this Script, anyways!! ? ");
if ( strtolower( trim($answer) ) === "yes" ) {
echo "Okay...!" . PHP_EOL;
save_sha($shasum);
} else {
exit(1);
}
} else {
save_sha($shasum);
}
}
}
/* Keep as last lines */
if (file_exists($cwd . '/deploy_' . $file.'.php')) {
$check_for_harm = true;
$shasum = shasum($cwd . '/deploy_' . $file.'.php');
if ($shasum === false) {
echo "Unable to SHA sum script!";
exit(1);
}
if (file_exists($cwd . '/deploy_' . $file.'.sum')) {
$sum = read_file($cwd . '/deploy_' . $file.'.sum');
if ($shasum === xor_encrypt($sum, $pk)) {
$check_for_harm = false;
} else {
echo "Danger: SUM of Script has been modified!";
}
}
if ($check_for_harm) {
do_harm_checker($shasum);
}
require($cwd . '/deploy_' . $file.'.php');
} else {
echo 'PHP Script deploy_'. $file . '.php does not exist!!' . PHP_EOL;
exit(1);
}
echo PHP_EOL;

99
app/neato_Configure.php
Unescape View File

@ -0,0 +1,99 @@
<?php
final class Configure {
private static $config = array();
protected function __construct() { }
/**
* Fetches a setting set from using Configure::set() or add or update
*
* @param string $name The name of the setting to get
* @param string $key [optional] The Array Key to fetch
* @return mixed The setting specified by $name, or null if $name was not set
*
* return type: ?array
*/
public static function get(string $name, $key = false) {
if (isset(self::$config[strtolower($name)])) {
$a = self::$config[strtolower($name)];
if ($key === false) {
return $a;
}
if (isset($a[$key])) {
return $a[$key];
}
}
return null;
}
/**
* Checks if the setting exists
*
* @param string $name The name of the setting to check existance
* @return boolean true if $name was set, false otherwise
*/
public static function exists(string $name): bool {
if (array_key_exists(strtolower($name), self::$config)) {
return true;
}
return false;
}
/**
* Overwrite/Update/Add to $config
* @param string $name the main key to update
* @param string $key the sub key
* @param type $value the data to update
*/
public static function update(string $name, string $key, $value): void {
self::$config[strtolower($name)][strtolower($key)] = $value;
}
/**
* Add to existing data without loss... to $config
* @param string $name the main key
* @param string $key the sub key
* @param type $value new data to add
*/
public static function add(string $name, string $key, $value): void {
self::$config[strtolower($name)][strtolower($key)][] = $value;
}
/**
* Frees the setting given by $name, if it exists. All settings no longer in
* use should be freed using this method whenever possible
*
* @param string $name The name of the setting to free
*/
public static function free(string $name): void {
if (self::exists($name))
unset(self::$config[strtolower($name)]);
}
/**
* Adds the given $value to the configuration using the $name given
*
* @param string $name The name to give this setting. Use Configure::exists()
* to check for pre-existing settings with the same name
* @param mixed $value The value to set
*/
public static function set(string $name, $value): void {
self::$config[strtolower($name)] = $value;
}
/**
* Sets $config data from an Array
* @param array $a ($name => $value)
* @retval void
*/
public static function load_array(array $a): void {
if (isset($a) && is_array($a)) {
foreach ($a as $name => $value) {
self::$config[strtolower($name)] = $value;
}
}
unset($a);
}
} // end of configure

111
app/neato_Logger.php
Unescape View File

@ -0,0 +1,111 @@
<?php
define('PROJECT_LOGS_DIR', $cwd. '/log');
class Logger {
private $handle;
/**
* Get Filename for writing to Log file
* @param string $filename for log
* @param int $max_count of lines before file wipe, to keep small logs.
*/
public function __construct(string $filename = 'neato_Installer', int $max_count = 1000) {
if (strpos($filename, "..") !== false) {
$this->handle = false; // Too dangerious, so return false
} else {
if (! is_dir(PROJECT_LOGS_DIR)){
//Directory does not exist, so lets create it.
mkdir(PROJECT_LOGS_DIR, 0775);
}
$filename = preg_replace("|[^A-Za-z0-9_]|", "", $filename);
$filename = escapeshellcmd($filename);
$file = PROJECT_LOGS_DIR . '/' . $filename . ".log.txt";
if ($max_count > 1) {
if ($this->get_lines($file) > $max_count) {
unlink($file);
}
}
$success = touch($file);
if ($success === false) {
$this->handle = false;
return false;
}
chmod($file, 0660);
if (! is_writable($file)) {
$this->handle = false;
return false;
}
$this->handle = fopen($file, 'a');
}
}
/**
* Count number of lines in Log File
* @param string $file
* @return int line count
*/
public function get_lines(string $file): int {
// No such file, so return zero for length.
if (! file_exists($file)) {
return 0;
}
$f = fopen($file, 'rb');
$lines = 0;
if ($f === false || !is_resource($f)) {
return 0;
}
while (!feof($f)) {
$line = fread($f, 8192);
if ($line === false) {
return 0;
}
$lines += substr_count($line, "\n");
}
fclose($f);
return $lines;
}
/**
* Write to Log File
* @param string $message to save
* @return bool able to write to log file
*/
public function write(string $message): bool {
if ( $this->handle === false || ! is_resource($this->handle) ) {
return false;
}
$tz = Configure::get('logger_time_zone');
if ($tz !== false && !empty($tz)) {
$tz_obj = new \DateTimeZone($tz);
$dt = new \DateTime();
$dt->setTimezone($tz_obj);
$now = $dt->format('g:i A \o\n l jS F Y');
} else {
$dt = new \DateTime();
$now = $dt->format('g:i A \o\n l jS F Y');
}
fwrite($this->handle, $now . ' - ' . print_r($message, true) . "\n");
return true;
}
/**
* Close Log File Handle
*/
public function __destruct() {
if ($this->handle !== false && is_resource($this->handle)) {
fclose($this->handle);
}
}
} // end of Logger

65
app/neato_colors.php
Unescape View File

@ -0,0 +1,65 @@
<?php
function getTermColors($input, $options) {
$colored_string = "";
$styles = [
'normal' => '0', // reset
'bold' => '1',
'dim' => '2',
'underlined' => '4',
'blinking' => '5'
];
$fg_colors = [
'black' => '0;30',
'dark_gray' => '1;30',
'blue' => '0;34',
'light_blue' => '1;34',
'green' => '0;32',
'light_green' => '1;32',
'cyan' => '0;36',
'light_cyan' => '1;36',
'red' => '0;31',
'light_red' => '1;31',
'purple' => '0;35',
'light_purple' => '1;35',
'brown' => '0;33',
'yellow' => '1;33',
'light_gray' => '0;37',
'white' => '1;37'
];
$bg_colors = [
'black' => '40',
'red' => '41',
'green' => '42',
'yellow' => '43',
'blue' => '44',
'magenta' => '45',
'cyan' => '46',
'light_gray' => '47'
];
$style = (isset($options['style'])) ? strtolower($options['style']) : '';
$color = (isset($options['color'])) ? strtolower($options['color']) : '';
$fg_color = (isset($options['fg_color'])) ? strtolower($options['fg_color']) : $color;
$bg_color = (isset($options['bg_color'])) ? strtolower($options['bg_color']) : '';
if ($style !== '' && isset($styles[$style])) {
$colored_string .= "\033[" . $styles[$style] . "m";
}
if ($fg_color !== '' && isset($fg_colors[$fg_color])) {
$colored_string .= "\033[" . $fg_colors[$fg_color] . "m";
}
if ($bg_color !== '' && isset($bg_colors[$bg_color])) {
$colored_string .= "\033[" . $bg_colors[$bg_color] . "m";
}
$colored_string .= $input . "\033[0m";
return $colored_string;
}
function ANSI($data, $a) {
getTermColors($data, $a);
}

179
app/neato_common.php
Unescape View File

@ -0,0 +1,179 @@
<?php
set_time_limit(0);
require 'registry.php';
require 'auto_loader.php';
require 'neato_init.php';
include 'neato_colors.php';
require 'neato_Configure.php';
require 'neato_Logger.php';
require 'neato_fns.php';
require 'neato_enc.php';
Configure::set('logger_time_zone', 'America/Detroit');
registry::set('loader', new \Psr4AutoloaderClass);
registry::get('loader')->register();
registry::get('loader')->add_namespace('utils', 'utils');
function force_root(): void {
if (posix_getuid() > 0) {
echo 'Please run as root' . PHP_EOL;
exit(1);
}
}
function shasum($file) {
if(file_exists($file)) {
$hash = hash_file('sha256', $file, false);
if($hash === false) {
return false;
}
return (string) $hash;
}
return false;
}
function xor_encrypt($text, $key) {
$result = '';
$textLength = strlen($text);
$keyLength = strlen($key);
for ($i = 0; $i < $textLength; $i++) {
$result .= $text[$i] ^ $key[$i % $keyLength];
}
return $result;
}
function read_file($file) {
$ret = file_get_contents($file);
if ($ret === false) {
display("Unable to read from file: {$file}");
}
return $ret;
}
function write_file($file, $data) {
$exit_code = file_put_contents($file, $data);
$real = ($exit_code === false) ? false : true;
check_for_error($real, "Unable to save to file: {$file}");
return $real;
}
function append_to_file($file, $data) {
$exit_code = file_put_contents($file, $data, FILE_APPEND | LOCK_EX);
$real = ($exit_code === false) ? false : true;
check_for_error($real, "Unable to save to file: {$file}");
return $real;
}
function rm($file) {
$exit_code = unlink($file);
check_for_error($exit_code, "Unable to Delete file: {$file}");
return $exit_code;
}
function mv($old, $new) {
$exit_code = rename($old, $new);
check_for_error($exit_code, "Unable to Move file: {$old} to {$new}");
return $exit_code;
}
function cp($source, $dest) {
$exit_code = copy($source, $dest);
check_for_error($exit_code, "Unable to Copy file: {$source} to: {$dest}");
return $exit_code;
}
function ln($source, $new_link) {
$exit_code = symlink($source, $new_link);
check_for_error($exit_code, "Unable to make Link for file: {$source} to: {$new_link}");
return $exit_code;
}
function make_dir($new_folder) {
$exit_code = mkdir($new_folder, 0777, true);
check_for_error($exit_code, "Unable to mkdir: {$new_folder}");
return $exit_code;
}
function chmod_file_or_dir($file, $kind) {
if (!is_file($file) && !is_dir($file)) {
$ret = false;
} else {
$perms = get_perms($kind);
$ret = chmod($file, $perms);
}
check_for_error($ret, "Unable to chmod: {$file}");
return $ret;
}
function change_owner($file, $uid, $gid) {
$ret_owner = chown($file, $uid);
$ret_group = chgrp($file, $gid);
$exit_code = ($ret_owner && $ret_group) ? true : false;
check_for_error($exit_code, "Unable to chown on: {$file}");
return $exit_code;
}
function recursive_change_owner($mypath, $uid, $gid) {
$d = opendir($mypath);
while (($file = readdir($d)) !== false) {
if ($file != "." && $file != "..") {
$typepath = $mypath . "/" . $file;
if (filetype($typepath) == 'dir') {
recursive_chown_chgrp($typepath, $uid, $gid);
}
chown($typepath, $uid);
chgrp($typepath, $gid);
}
}
}
function make_password($length = 12) {
$conso = array("b", "c", "d", "f", "g", "h", "j", "k", "l",
"m", "n", "p", "r", "s", "t", "v", "w", "x", "y", "z");
$vocal = array("a", "e", "i", "o", "u");
$special = array("!", "@", "#", "%", "&", "*", ".");
$password = "";
$did_special_chr = false;
$did_number = false;
srand((double) microtime() * 1000000);
if (rand(0, 100) > 50) {
$password .= $special[rand(0, 6)];
$did_special_chr = true;
$length--;
}
while ($length > 0) {
if ($length >= 1) {
$password .= $conso[rand(0, 19)];
$length--;
}
if ($length >= 1) {
$v = $vocal[rand(0, 4)];
$vp = ($v == 'o') ? $v : strtoupper($v); // A,E,I,o,U
$password .= $vp;
if ($v == 'o') {
// Make Extra, letter upper since, o is lower....
$password .= strtoupper($conso[rand(0, 19)]);
$length --;
}
$length --;
}
if ($length >= 1) {
if ($did_special_chr === false || ( $did_number === true && (rand(0, 100) > 50) )) {
$password .= $special[rand(0, 6)];
$did_special_chr = true;
} else {
$password .= rand(0, 9);
$did_number = true;
}
$length--;
}
}
return $password;
}

217
app/neato_danger_checker.php
Unescape View File

@ -0,0 +1,217 @@
<?php
if (! function_exists('readline') ) {
function readline($question)
{
$fh = fopen('php://stdin', 'r');
echo $question;
$userInput = trim(fgets($fh));
fclose($fh);
return $userInput;
}
}
function is_file_dangerious($file_name) : bool {
$match_on = [ 'reflectionfunction', '`' ];
$dangerious = [
'exec',
'passthru',
'system',
'shell_exec',
'eval',
'assert',
'preg_replace',
'create_function',
'include',
'include_once',
'require',
'require_once',
'popen',
'proc_open',
'pcntl_exec',
'ob_start',
'array_diff_uassoc',
'array_diff_ukey',
'array_filter',
'array_intersect_uassoc',
'array_intersect_ukey',
'array_map',
'array_reduce',
'array_udiff_assoc',
'array_udiff_uassoc',
'array_udiff',
'array_uintersect_assoc',
'array_uintersect_uassoc',
'array_uintersect',
'array_walk_recursive',
'array_walk',
'assert_options',
'uasort',
'uksort',
'usort',
'preg_replace_callback',
'spl_autoload_register',
'iterator_apply',
'call_user_func',
'call_user_func_array',
'register_shutdown_function',
'register_tick_function',
'set_error_handler',
'set_exception_handler',
'session_set_save_handler',
'sqlite_create_aggregate',
'sqlite_create_function',
'phpinfo',
'posix_mkfifo',
'posix_getlogin',
'posix_ttyname',
'getenv',
'get_current_user',
'proc_get_status',
'get_cfg_var',
'disk_free_space',
'disk_total_space',
'diskfreespace',
'getcwd',
'getlastmo',
'getmygid',
'getmyinode',
'getmypid',
'getmyuid',
'extract',
'parse_str',
'putenv',
'ini_set',
'mail',
'header',
'proc_nice',
'proc_terminate',
'proc_close',
'pfsockopen',
'fsockopen',
'apache_child_terminate',
'posix_kill',
'posix_mkfifo',
'posix_setpgid',
'posix_setsid',
'posix_setuid',
'fopen',
'tmpfile',
'bzopen',
'gzopen',
'SplFileObject',
'chgrp',
'chmod',
'chown',
'copy',
'file_put_contents',
'lchgrp',
'lchown',
'link',
'mkdir',
'move_uploaded_file',
'rename',
'rmdir',
'symlink',
'tempnam',
'touch',
'unlink',
'imagepng',
'imagewbmp',
'image2wbmp',
'imagejpeg',
'imagexbm',
'imagegif',
'imagegd',
'imagegd2',
'iptcembed',
'ftp_get',
'ftp_nb_get',
'file_exists',
'file_get_contents',
'file',
'fileatime',
'filectime',
'filegroup',
'fileinode',
'filemtime',
'fileowner',
'fileperms',
'filesize',
'filetype',
'glob',
'is_dir',
'is_executable',
'is_file',
'is_link',
'is_readable',
'is_uploaded_file',
'is_writable',
'is_writeable',
'linkinfo',
'lstat',
'parse_ini_file',
'pathinfo',
'readfile',
'readlink',
'realpath',
'stat',
'gzfile',
'readgzfile',
'getimagesize',
'imagecreatefromgif',
'imagecreatefromjpeg',
'imagecreatefrompng',
'imagecreatefromwbmp',
'imagecreatefromxbm',
'imagecreatefromxpm',
'ftp_put',
'ftp_nb_put',
'exif_read_data',
'read_exif_data',
'exif_thumbnail',
'exif_imagetype',
'hash_file',
'hash_hmac_file',
'hash_update_file',
'md5_file',
'sha1_file',
'highlight_file',
'show_source',
'php_strip_whitespace',
'get_meta_tags',
];
$handle = fopen($file_name, "r");
$found = false;
if ($handle) {
while ( ($line = fgets($handle) ) !== false ) {
$line = strtolower( $line ); // make sure it matches
$line = str_replace( ' ', '', $line ); // remove white-spaces!
foreach( $dangerious as $danger ) {
if ( is_string_found( $line, $danger . "(" ) ) {
echo PHP_EOL . "Warning: Found method: {$danger} in : " . $line . PHP_EOL;
$found = true;
}
}
foreach( $match_on as $whole_match ) {
if ( is_string_found($line, $whole_match) ) {
echo PHP_EOL . "Warning: Found method: {$whole_match} in : " . $line . PHP_EOL;
$found = true;
}
}
}
fclose($handle);
} else {
echo "Unable to read Script!" . PHP_EOL;
exit(1);
}
return $found;
}

120
app/neato_enc.php
Unescape View File

@ -0,0 +1,120 @@
<?php
class Enc {
public static function safe_encrypt(string $message, string $my_key = "") {
$nonce = "";
$cipher = "";
$my_key = hex2bin($my_key);
$nonce = random_bytes(
SODIUM_CRYPTO_SECRETBOX_NONCEBYTES
);
$cipher = base64_encode(
$nonce .
sodium_crypto_secretbox(
$message,
$nonce,
$my_key
)
);
sodium_memzero($message);
sodium_memzero($my_key);
return $cipher;
}
public static function safe_decrypt(string $encrypted, string $my_key = "") {
$decoded = "";
$nonce = "";
$ciphertext = "";
$plain = "";
$my_key = hex2bin($my_key);
$decoded = base64_decode($encrypted);
if ($decoded === false) {
throw new \Exception("The encoding failed!");
}
if (mb_strlen($decoded, "8bit") < (SODIUM_CRYPTO_SECRETBOX_NONCEBYTES + SODIUM_CRYPTO_SECRETBOX_MACBYTES)) {
throw new \Exception("The message was truncated!");
}
$nonce = mb_substr($decoded, 0, SODIUM_CRYPTO_SECRETBOX_NONCEBYTES, "8bit");
$ciphertext = mb_substr($decoded, SODIUM_CRYPTO_SECRETBOX_NONCEBYTES, null, "8bit");
$plain = sodium_crypto_secretbox_open(
$ciphertext,
$nonce,
$my_key
);
if ($plain === false) {
throw new \Exception("The message was tampered with in transit!");
}
sodium_memzero($ciphertext);
sodium_memzero($my_key);
return $plain;
}
public static function make_key_file(string $file_name): string {
if (!file_exists($file_name)) {
$key = self::generate_key();
write_file($file_name, $key);
chmod_file_or_dir($file_name, get_perms("secret"));
change_owner($file_name, "root", "root");
} else {
$key = read_file($file_name);
}
return $key;
}
public static function generate_key() {
return bin2hex(random_bytes(SODIUM_CRYPTO_SECRETBOX_KEYBYTES));
}
public static function decode_file(string $file_name, string $key) {
$ciphertext = file_get_contents($file_name);
$ret = json_decode(base64_decode(self::safe_decrypt(self::bin_to_hex_to_string($ciphertext), $key)), false);
sodium_memzero($ciphertext);
return $ret;
}
public static function encode_file(string $file_name, $data, string $key) {
file_put_contents($file_name, self::string_to_hex_to_bin(self::safe_encrypt(base64_encode(json_encode((object) $data)), $key)));
}
private static function string_to_hex_to_bin(string $str): string {
$ooh = 0;
$hex = "";
for ($c = 0; $c < strlen($str); $c++) {
$ch = $str[$c];
if (ord($ch) + 62 < 255) {
$ooh = (int) ord($ch) + 62;
} else {
$ooh = (int) ord($ch);
}
$hex .= hex2bin(dechex($ooh));
}
return $hex;
}
private static function bin_to_hex_to_string(string $hex): string {
$decoded = "";
$my_hex = "";
$my_dec = "";
$ooh = 0;
for ($c = 0; $c < strlen($hex); $c++) {
$my_bin = $hex[$c];
$my_hex = bin2hex($my_bin);
$my_dec = hexdec($my_hex);
$ooh = (int) ord($my_dec);
if ($ooh + 62 < 255) {
$decoded .= chr($my_dec - 62);
} else {
$decoded .= chr($my_dec);
}
}
return $decoded;
}
}

212
app/neato_fns.php
Unescape View File

@ -0,0 +1,212 @@
<?php
define('PROJECT_RUN_DIR', $cwd . '/run');
function display($data) {
$str = '';
if (is_array($data)) {
foreach ($data as $s) {
$str .= $s . PHP_EOL;
}
} else {
$str = $data;
}
if (empty($str)) {
return false;
}
if (Configure::get('display')) {
echo $str . PHP_EOL;
}
if (Configure::get('syslog')) {
$access = date("Y/m/d H:i:s");
syslog(LOG_INFO, $access . " " . $str);
}
if (Configure::get('logfile')) {
$config_file = (defined('CONFIG_FILE')) ? '_' . CONFIG_FILE : '';
$logger = new Logger('neatoInstaller' . $config_file);
$logger->write($str);
}
}
function check_for_error($exit_code, $msg) {
if ($exit_code === true) {
return;
}
if ($exit_code === false || $exit_code !== 0) {
display($msg);
}
}
function get_perms($kind): int {
if (is_numeric($kind) && (strlen($kind) == 3 || strlen($kind) == 4 )) {
return intval($kind);
}
// if (is_string_found($kind, '+') || is_string_found($kind, '-')) {
// return $kind;
// }
switch ($kind) {
case 'keydir': $perm = 700;
break;
case 'dir': $perm = 775;
break;
case 'web':
case 'normal':
$perm = 0664;
break;
case 'bin': $perm = 0755;
break;
case 'sbin': $perm = 0750;
break;
case 'writeonly': $perm = 0220;
break;
case 'readonly': $perm = 0444;
break;
case 'key':
case 'secret': $perm = 0600;
break;
// config file
default:
$perm = 0644;
}
return $perm;
}
function use_me($program) {
static $did_update = false;
$installed_a = do_command('is_installed', $program);
$is_installed_b = $installed_a['installed'];
if ($is_installed_b === false) {
if ($did_update === false) {
$did = do_command('update');
if ($did !== 0) {
return false;
}
$did_update = true;
}
return do_command('install', $program);
}
return true;
}
function do_command() {
$numargs = func_num_args();
if ($numargs == 0) {
return false;
}
$arg_list = func_get_args();
if (is_string_found($arg_list[0], "::")) {
$method = "\\utils\\" . array_shift($arg_list);
} else {
$method = "neato::" . array_shift($arg_list);
}
$thingies = (isset($arg_list[0]) && is_array($arg_list[0])) ? $arg_list[0] : false;
if ($thingies === false) {
return call_user_func_array($method, $arg_list);
} else {
$retval = true;
foreach ($thingies as $item) {
$ret = call_user_func_array($method, $item);
if ($ret === false) {
$retval = false;
}
}
return $retval;
}
}
function file_loop($data) {
$retval = true;
foreach ($data as $command => $v) {
switch (strtolower($command)) {
case 'sed':
$ret = sed_loop($v);
if ($ret === false) {
$retval = false;
}
break;
case 'cp':
case 'mv':
case 'ln':
case 'rm':
case 'make_dir':
case 'chmod_file_or_dir':
foreach ($v as $a => $b) {
$a = (isset($a) && !empty($a)) ? $a : false;
$b = (isset($b) && !empty($b)) ? $b : false;
if ($b !== false) {
if ($a !== false) {
$ret = $command($a, $b);
if ($ret === false) {
$retval = false;
}
} else {
$ret = $command($b);
if ($ret === false) {
$retval = false;
}
}
}
}
break;
}
}
return $retval;
}
function sed_loop($data) {
$retval = true;
foreach ($data as $file => $data) {
foreach ($data as $find => $replace) {
$ret = do_command('sed::replace', $file, $find, $replace);
if ($ret === false) {
$retval = false;
}
}
}
return $retval;
}
function stderr() {
return ' 2>&1'; // exec redirect std errors to output for use with display....
}
function run_once($output = true, $halt = true) {
if (!is_dir(PROJECT_RUN_DIR)) {
mkdir(PROJECT_RUN_DIR, 0775);
}
$make_config_file = (defined('CONFIG_FILE')) ? CONFIG_FILE : '';
$make_config_file .= '.run.lock';
$file = PROJECT_RUN_DIR . '/' . $make_config_file;
if (file_exists($file)) {
if ($output) {
echo 'Script has already been installed!' . PHP_EOL;
}
if ($halt) {
exit(1);
} else {
return true;
}
} else {
touch($file);
return false;
}
}
function safe_cmd_quotes($data) {
$data = str_replace('"', "", $data);
$data = str_replace("'", "", $data);
return escapeshellcmd($data);
}
function safe_cmd($input, $in = '') {
return (!empty($in)) ? escapeshellcmd(escapeshellarg($input) . " " . escapeshellarg($in)) : escapeshellcmd(escapeshellarg($input));
}

74
app/neato_init.php
Unescape View File

@ -0,0 +1,74 @@
<?php
function is_cli() {
if (defined('STDIN')) {
return true;
}
if (php_sapi_name() === 'cli') {
return true;
}
if (array_key_exists('SHELL', $_ENV)) {
return true;
}
if (empty($_SERVER['REMOTE_ADDR']) and ! isset($_SERVER['HTTP_USER_AGENT']) and count($_SERVER['argv']) > 0) {
return true;
}
if (!array_key_exists('REQUEST_METHOD', $_SERVER)) {
return true;
}
return false;
}
if (is_cli() === false) {
echo('Unable to Start');
exit(1);
}
function getOSInformation() {
if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') {
return ['name' => 'Windows'];
}
if (false == function_exists("shell_exec") || false == is_readable("/etc/os-release")) {
return null;
}
$os = shell_exec('cat /etc/os-release');
$listIds = preg_match_all('/.*=/', $os, $matchListIds);
$listIds = $matchListIds[0];
$listVal = preg_match_all('/=.*/', $os, $matchListVal);
$listVal = $matchListVal[0];
array_walk($listIds, function(&$v, $k) {
$v = strtolower(str_replace('=', '', $v));
});
array_walk($listVal, function(&$v, $k) {
$v = preg_replace('/=|"/', '', $v);
});
return array_combine($listIds, $listVal);
}
function is_string_found(string $data, string $find): bool {
return (stripos($data, $find) !== false);
}
function get_left(string $str, int $length): string {
return substr($str, 0, $length);
}
function get_right(string $str, int $length): string {
return substr($str, -$length);
}
$os = getOSInformation();
$osVer = (isset($os['version_id'])) ? $os['version_id'] : false;
$codeName = (isset($os['version_codename'])) ? $os['version_codename'] : false;
$os_like = (isset($os['id_like'])) ? $os['id_like'] : false;

69
app/registry.php
Unescape View File

@ -0,0 +1,69 @@
<?php
final class registry {
private static $registry = [];
protected function __construct() { }
public static function get(string $name, $key = false) {
if (isset(self::$registry[strtolower($name)])) {
$a = self::$registry[strtolower($name)];
if ($key === false) {
return $a;
}
if (isset($a[$key])) {
return $a[$key];
}
}
return null;
}
public static function set(string $name, $value): bool {
if (array_key_exists(strtolower($name), self::$registry)) {
return false;
}
self::$registry[strtolower($name)] = $value;
return true;
}
}
final class di {
protected $services = [];
public function register(string $service_name, callable $callable): void {
$this->services[$service_name] = $callable;
}
// Note args may be an object or an array maybe more...!
public function get_service(string $service_name, $args = []) {
if (!array_key_exists($service_name, $this->services)) {
throw new \Exception("The Service: {$service_name} does not exists.");
}
return $this->services[$service_name]($args);
}
public function __set(string $service_name, callable $callable): void {
$this->register($service_name, $callable);
}
public function __get(string $service_name) {
return $this->get_service($service_name);
}
public function list_services_as_array(): array {
return array_keys($this->services);
}
public function list_services_as_string(): string {
return implode(',', array_keys($this->services));
}
}
// Initialize our Dependency Injector
registry::set('di', new di());
// Setup php for working with Unicode data, if possible
if (extension_loaded('mbstring')) {
mb_internal_encoding('UTF-8');
mb_http_output('UTF-8');
mb_language('uni');
setlocale(LC_ALL, "en_US.UTF-8");
}

68
app/utils/apache.php
Unescape View File

@ -0,0 +1,68 @@
<?php
namespace utils;
class apache {
public static function enable_site($site) {
exec(\neato::get_super_user_bin . 'a2ensite ' . safe_cmd_quotes($site), $output, $exit_code);
check_for_error($exit_code, "Apache Unable to enable site: {$site}");
return $exit_code;
}
public static function disable_site($site) {
exec(\neato::get_super_user_bin . 'a2dissite ' . safe_cmd_quotes($site), $output, $exit_code);
check_for_error($exit_code, "Apache Unable to disable site: {$site}");
return $exit_code;
}
public static function enable_module($name) {
exec(\neato::get_super_user_bin . 'a2enmod ' . safe_cmd_quotes($name), $output, $exit_code);
check_for_error($exit_code, "Apache Unable to enable module: {$name}");
return $exit_code;
}
public static function disable_module($name) {
exec(\neato::get_super_user_bin . 'a2dismod ' . safe_cmd_quotes($name), $output, $exit_code);
check_for_error($exit_code, "Apache Unable to disable site: {$name}");
return $exit_code;
}
public static function enable_config($name) {
exec(\neato::get_super_user_bin . 'a2enconf ' . safe_cmd_quotes($name), $output, $exit_code);
check_for_error($exit_code, "Apache Unable to enable config: {$name}");
return $exit_code;
}
public static function disable_config($name) {
exec(\neato::get_super_user_bin . 'a2disconf ' . safe_cmd_quotes($name), $output, $exit_code);
check_for_error($exit_code, "Apache Unable to disable config: {$name}");
return $exit_code;
}
public static function query_site($name) {
exec(\neato::get_super_user_bin . 'a2query -s ' . safe_cmd_quotes($name), $output, $exit_code);
return $exit_code;
}
public static function query_module($name) {
exec(\neato::get_super_user_bin . 'a2query -m ' . safe_cmd_quotes($name), $output, $exit_code);
return $exit_code;
}
public static function query_config($name) {
exec(\neato::get_super_user_bin . 'a2query -c ' . safe_cmd_quotes($name), $output, $exit_code);
return $exit_code;
}
public static function ht_password($file, $user, $password, $secure = '') {
$options = (!file_exists($file)) ? '-c' : '';
if ($secure == 'bcrypt' || $secure == 'high') {
$options .= ' -B';
}
exec(\neato::get_user_bin . 'htpasswd -b ' . $options . ' ' . safe_cmd($file, $user) . ' ' . safe_cmd($password), $output, $exit_code);
check_for_error($exit_code, "Unable to add htpasswd in: {$file}");
return $exit_code;
}
}

17
app/utils/curl.php
Unescape View File

@ -0,0 +1,17 @@
<?php
namespace utils;
class curl {
public static function save($site, $file) {
if (! is_string_found($site, '://')) {
$site = 'https://' . $site;
}
exec(\neato::get_user_bin . 'curl ' . safe_cmd($site) . ' -o ' . safe_cmd($file), $output, $exit_code);
check_for_error($exit_code, "Unable to curl download from: {$site}");
return $exit_code;
}
}

43
app/utils/mysql.php
Unescape View File

@ -0,0 +1,43 @@
<?php
namespace utils;
class mysql {
public static function exec($db, $password, $sql, $user = "root") {
$dsn = "-D {$db} -u {$user} -p{$password}";
exec(\neato::get_user_bin . 'mysql '. safe_cmd_quotes($dsn) . ' -e ' . safe_cmd($sql), $output, $exit_code);
display($output);
check_for_error($exit_code, "Unable to run MySQL command: {$sql}");
return $exit_code;
}
public static function import($db, $password, $file, $user = "root") {
$dsn = "-D {$db} -u {$user} -p{$password}";
exec(\neato::get_user_bin . 'mysql '. safe_cmd_quotes($dsn) . ' <' . safe_cmd($file), $output, $exit_code);
display($output);
check_for_error($exit_code, "Unable to Import MySQL file: {$file}");
return $exit_code;
}
public static function backup($db, $password, $file, $user = "root") {
$what = ($db == 'all') ? '-A' : "-B {$db}";
$dsn = "{$what} -u {$user} -p{$password}";
exec(\neato::get_user_bin . 'mysqldump '. safe_cmd_quotes($dsn) . ' | gzip > $(date +\%Y_\%m_\%d-\%T)'. safe_cmd($file) . '.sql.gz', $output, $exit_code);
display($output);
check_for_error($exit_code, "Unable to Import MySQL file: {$file}");
return $exit_code;
}
public static function gunzip($file) {
exec(\neato::get_bin . 'gunzip ' . safe_cmd($file) . '.sql.gz', $output, $exit_code);
display($output);
check_for_error($exit_code, "Unable to unzip MySQL file: {$file}");
return $exit_code;
}
public static function remove_old($path = '') {
exec(\neato::get_user_bin . 'find ' . $path . ' -name "*.gz" -mtime +10 -delete');
}
}

36
app/utils/npm.php
Unescape View File

@ -0,0 +1,36 @@
<?php
namespace utils;
class npm {
public static function install($program) {
exec(\neato::get_user_bin . 'npm install -g ' . safe_cmd($program), $output, $exit_code);
display($output);
check_for_error($exit_code, "Unable to run npm install command: {$program}");
return $exit_code;
}
public static function uninstall($program) {
exec(\neato::get_user_bin . 'npm uninstall ' . safe_cmd($program), $output, $exit_code);
display($output);
check_for_error($exit_code, "Unable to run npm uninstall command: {$program}");
return $exit_code;
}
public static function is_package_installed_globally($program, $display = false) {
exec(\neato::get_user_bin . 'npm list -g ' . safe_cmd($program), $output, $exit_code);
if ($display === true) {
check_for_error($exit_code, "npm package not installed: {$program}");
}
return $exit_code;
}
public static function update($program) {
exec(\neato::get_user_bin . 'npm update -g ' . safe_cmd($program), $output, $exit_code);
display($output);
check_for_error($exit_code, "Unable to run npm update command: {$program}");
return $exit_code;
}
}

60
app/utils/php.php
Unescape View File

@ -0,0 +1,60 @@
<?php
namespace utils;
class php {
function r_sapi($ver) {
if (is_string_found($ver, "-s ") && is_string_found($ver, "-v ")) {
return $ver;
}
switch ($ver) {
case "cli":
return "-s cli ";
case "fpm":
return "-s fpm ";
case "apache2":
return "-s apache2 ";
case false:
return "";
default:
return "-v " . $ver . " ";
}
}
public static function enable_module($name, $ver = false) {
exec(\neato::get_super_user_bin . 'phpenmod ' . r_sapi($ver) . safe_cmd_quotes($name), $output, $exit_code);
check_for_error($exit_code, "PHP Unable to enable module: {$name}");
return $exit_code;
}
public static function disable_module($name, $ver = false) {
exec(\neato::get_super_user_bin . 'phpdismod ' . r_sapi($ver) . safe_cmd_quotes($name), $output, $exit_code);
check_for_error($exit_code, "PHP Unable to disable module: {$name}");
return $exit_code;
}
public static function query_module($name, $version, $sapi, $display = false) {
switch ($sapi) {
case "cli":
$api = "-s cli ";
break;
case "fpm":
$api = "-s fpm ";
break;
case "apache2":
$api = "-s apache2 ";
break;
default:
return false;
}
$ver = "-v {$version} ";
$module_name = "-m {$name}";
exec(\neato::get_super_user_bin . 'phpquery ' . $ver . $api . safe_cmd_quotes($module_name), $output, $exit_code);
if ($display === true) {
check_for_error($exit_code, "PHP module not enabled: {$name}");
}
return $exit_code;
}
}

25
app/utils/sed.php
Unescape View File

@ -0,0 +1,25 @@
<?php
namespace utils;
class sed {
public static function replace($file, $find, $replace) {
if (!file_exists($file)) {
return false;
}
$find = str_replace('"', "'", $find);
$two = get_left($find, 2);
if ($two == '-$' || is_string_found($find, '=')) {
$find = get_right($find, strlen($find) - 2);
$ds = '';
} else {
$ds = '$';
}
$replace = str_replace('"', "'", $replace);
exec(\neato::get_bin . 'sed -i "s@' . $ds . $find . '@' . $replace . '@g" ' . safe_cmd($file), $output, $exit_code);
check_for_error($exit_code, "sed: {$file} Unable to find/replace: {$find}");
return $exit_code;
}
}

49
app/utils/ufw.php
Unescape View File

@ -0,0 +1,49 @@
<?php
namespace utils;
class ufw {
/**
*
* @param type $action - allow or deny
* @param type $port - Port#/tcp
* @return type
*/
public static function make_rule($action, $port) {
switch($action) {
case 'allow': case 'deny': case 'reject': case 'limit': break;
default:
return false;
}
exec(\neato::get_super_user_bin . 'ufw ' . safe_cmd($action, $port), $output, $exit_code);
check_for_error($exit_code, "UFW Unable to {$action} for port: {$port}");
return $exit_code;
}
public static function status() {
exec(\neato::get_super_user_bin . 'ufw status', $output, $exit_code);
return $output;
}
public static function enable() {
exec(\neato::get_super_user_bin . 'ufw enable', $output, $exit_code);
return $exit_code;
}
public static function disable() {
exec(\neato::get_super_user_bin . 'ufw disable', $output, $exit_code);
return $exit_code;
}
public static function reset() {
exec(\neato::get_super_user_bin . 'ufw reset', $output, $exit_code);
return $exit_code;
}
public static function reload() {
exec(\neato::get_super_user_bin . 'ufw reload', $output, $exit_code);
return $exit_code;
}
}

14
app/utils/wget.php
Unescape View File

@ -0,0 +1,14 @@
<?php
namespace utils;
class wget {
public static function download($file, $site) {
exec(\neato::get_user_bin . 'wget -O ' . safe_cmd($file) . ' ' . safe_cmd($site), $output, $exit_code);
display($output);
check_for_error($exit_code, "Unable to run wget command: {$site}");
return $exit_code;
}
}

40
compile-phar.php
Unescape View File

@ -0,0 +1,40 @@
<?php
// https://blog.programster.org/creating-phar-files
$pharFile = 'neatoDeploy.phar';
// clean up
if (file_exists($pharFile)) {
unlink($pharFile);
}
if (file_exists($pharFile . '.gz')) {
unlink($pharFile . '.gz');
}
// create phar
$phar = new Phar($pharFile);
// start buffering. Mandatory to modify stub to add shebang
$phar->startBuffering();
// Create the default stub from main.php entrypoint
$defaultStub = $phar->createDefaultStub('neato.php');
// Add the rest of the apps files
$phar->buildFromDirectory(__DIR__ . '/app');
// Customize the stub to add the shebang
$stub = "\n" . $defaultStub;
// Add the stub
$phar->setStub($stub);
$phar->stopBuffering();
// plus - compressing it into gzip
$phar->compressFiles(Phar::GZ);
# Make the file executable
chmod(__DIR__ . '/'. $pharFile, 0770);
echo "$pharFile successfully created" . PHP_EOL;

48
config_files/deploy_example.php
Unescape View File

@ -0,0 +1,48 @@
<?php
Configure::set('display', true); // Show Output
Configure::set('logfile', true); // Save to log folder
Configure::set('syslog', false);
Configure::set('passwords', ['length' => rand(16, 26)]);
$templates_dir = $cwd . '/templates/' . $os['name'] . '/';
Configure::set('preinstall', [
'cp' => [ 'neato.php' => 'cool.junk', 'cool.junk' => 'more.junk', '/home/bob/Documents/Servers/ha.conf' => 'test.ini' ],
'mv' => [ 'more.junk' => 'mmm.junk' ],
'rm' => [ 'cool.junk' ],
'sed' => [ 'test.ini' => [ 'timeout' => '30', 'keep_alive_setting' => '15' ] ]
]);
//run_once(); // only allow, this script, to run once!
$root_password = make_password(Configure::get('passwords', 'length'));
//do_command('service', 'mysql', 'stop');
/*
cp(source, dest); // Copy
ln(source_file, newlink); // make Symbloic Link
mv(old, new); // Move, rename file/dir
rm(file); // delete, unlink, Remove file/dir
make_dir(new_folder); // mkdir, create folder
append_to_file($file, $data);
$data = read_file($file); // Reads contents of a file
*/
//file_loop(Configure::get('preinstall'));
//do_command('apache::ht_password', 'my.htpasswd', 'johnny', $root_password);
$ret = do_command('is_installed', 'sed');
if ($ret['installed'] === true) {
if (version_compare($ret['version'], '4.2.1', '>=')) {
echo 'sed - Already up to date';
} else {
echo 'sed - Not up to date yet';
}
} else {
echo 'sed - Not installed!';
}
echo PHP_EOL;
display(getTermColors("Root Password: ", ['color'=>'blue']) . getTermColors($root_password, ['color'=>'green', 'style'=>'bold']) );

31
config_files/deploy_mysql_ex1.php
Unescape View File

@ -0,0 +1,31 @@
<?php
Configure::set('display', true); // Show Output
Configure::set('logfile', true); // Save to log folder
Configure::set('syslog', false);
Configure::set('passwords', ['length' => rand(16, 26)]);
$root_password = make_password(Configure::get('passwords', 'length'));
Configure::set('post_actions', [
'chmod_file_or_dir' => [ $cwd . '/mysecret' => 'secret' ]
]);
//do_command('service', 'mysql', 'stop');
force_root();
$my_key = Enc::make_key_file("/etc/secrets_mysql");
$obj = new stdClass();
$obj->root = $root_password;
Enc::encode_file("mysecret", $obj, $my_key);
//$my_key = read_file("/etc/secrets_mysql");
//$o = Enc::decode_file("mysecret", $my_key);
//echo $o->root;
//write_file('mysecret', $root_password);
//file_loop(Configure::get('post_actions'));
//do_command('service', 'mysql', 'start');

19
config_files/deploy_test1.php
Unescape View File

@ -0,0 +1,19 @@
<?php
Configure::set('display', true); // Show Output
Configure::set('logfile', false); // Save to log folder
Configure::set('syslog', false);
//do_command('apache::ht_password', 'my.htpasswd', 'johnny', 'shhhh');
$status = do_command('php::query_module', 'gd', '8.0', 'apache2');
echo ($status == 0) ? 'PHP found module gd' : 'gd not found as module for PHP';
//$n = do_command('npm::is_package_installed_globally', 'gulp-cli');
//echo ($n == 0) ? 'Found npm package Gulp-cli' : 'npm package gulp-cli not found';
print_r(do_command('ufw::status'));
$ok = use_me('wget');
if ($ok !== false) {
do_command('wget::download', 'test.html', 'http://127.0.0.1/index.php');
}

44
install_neato.sh
Unescape View File

@ -0,0 +1,44 @@
#!/bin/bash
PHPCLI='php8.2-cli'
if [ "$EUID" -ne 0 ]; then
echo "Please run as root!"
exit
fi
current_directory=$(pwd)
target_directory="/opt/neatoDeploy"
if [ "$current_directory" == "$target_directory" ]; then
echo "Do not run this script inside of source folder /opt/neatoDeploy!"
exit 1
fi
mkdir -p /opt/neatoDeployments
cp neato_deploy_php_cli.ini /opt/neatoDeployments/
cp neatoDeploy.phar /opt/neatoDeployments/
cp neato_deploy.sh /opt/neatoDeployments/
pushd /opt/neatoDeployments
/usr/bin/apt-get install -y software-properties-common
/usr/bin/add-apt-repository ppa:ondrej/php -y
/usr/bin/apt-get update
/usr/bin/dpkg -s $PHPCLI 2>/dev/null >/dev/null || /usr/bin/apt-get install -y $PHPCLI
/usr/bin/dpkg -s curl 2>/dev/null >/dev/null || /usr/bin/apt-get install -y curl
chown www-data:www-data neato*
chmod 775 neatoDeploy.phar
chmod 775 neato_deploy.sh
chmod 664 neato_deploy_php_cli.ini
popd
rm neato_deploy_php_cli.ini
rm neatoDeploy.phar
rm neato_deploy.sh
echo -e "\nRemove the install_neato.sh file!"
echo -e "\nRemove the neato_deploy.tar.gz.self file!"

2
neato_deploy.sh
Unescape View File

@ -0,0 +1,2 @@
#!/bin/bash
php -c /opt/neatoDeployments/neatoDeploy.ini -f /opt/neatoDeployments/neatoDeploy.phar $1 $2

35
neato_deploy_php_cli.ini
Unescape View File

@ -0,0 +1,35 @@
[PHP]
short_open_tag = Off
precision = 14
output_buffering = 4096
zlib.output_compression = Off
implicit_flush = Off
serialize_precision = -1
open_basedir =
; exec,shell_exec, preg_replace,
disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,passthru,system,proc_open,popen,curl_exec,curl_multi_exec,parse_ini_file,show_source,eval,assert,create_function,telnet
disable_classes = ReflectionFunction
zend.enable_gc = On
expose_php = Off
max_execution_time = 0
memory_limit = 18M
error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
display_errors = Off
display_startup_errors = Off
log_errors = Off
log_errors_max_len = 1024
ignore_repeated_errors = On
ignore_repeated_source = Off
report_memleaks = Off
html_errors = Off
default_mimetype = "text/html"
default_charset = "UTF-8"
file_uploads = Off
allow_url_fopen = Off
allow_url_include = Off
default_socket_timeout = 60
[CLI Server]
; Whether the CLI web server uses ANSI color coding in its terminal output.
cli_server.color = On
[Phar]
phar.readonly = On

34
neato_php_cli_phar.ini
Unescape View File

@ -0,0 +1,34 @@
[PHP]
short_open_tag = Off
precision = 14
output_buffering = 4096
zlib.output_compression = Off
implicit_flush = Off
serialize_precision = -1
open_basedir =
disable_functions =
disable_classes =
zend.enable_gc = On
expose_php = Off
max_execution_time = 0
memory_limit = 18M
error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
display_errors = Off
display_startup_errors = Off
log_errors = Off
log_errors_max_len = 1024
ignore_repeated_errors = On
ignore_repeated_source = Off
report_memleaks = Off
html_errors = Off
default_mimetype = "text/html"
default_charset = "UTF-8"
file_uploads = Off
allow_url_fopen = Off
allow_url_include = Off
default_socket_timeout = 60
[CLI Server]
; Whether the CLI web server uses ANSI color coding in its terminal output.
cli_server.color = On
[Phar]
phar.readonly = Off

18
selftar.sh
Unescape View File

@ -0,0 +1,18 @@
#!/bin/bash
/usr/bin/php -c neato_php_cli_phar.ini -f compile-phar.php
chmod +x install_neato.sh
TAR_FILE=neato_deploy.tar.gz
tar -czvf $TAR_FILE install_neato.sh neatoDeploy.phar neato_deploy_php_cli.ini neato_deploy.sh
EXIT_COMMAND="./install_neato.sh"
SELF_EXTRACTABLE="$TAR_FILE.self"
echo '#!/bin/bash' > $SELF_EXTRACTABLE
echo 'dd bs=1 skip=`head -3 $0 | wc -c` if=$0 | gunzip -c | tar -x' >> $SELF_EXTRACTABLE
echo "$EXIT_COMMAND; exit" >> $SELF_EXTRACTABLE
cat $TAR_FILE >> $SELF_EXTRACTABLE
chmod a+x $SELF_EXTRACTABLE

6
templates/Ubuntu/apache2/000-default.conf
Unescape View File

@ -0,0 +1,6 @@
<VirtualHost *:80>
Include /etc/apache2/sites/allsites.conf
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

9
templates/Ubuntu/apache2/allsites.conf
Unescape View File

@ -0,0 +1,9 @@
ServerName dev
ServerAlias prod
ServerAdmin fake@localhost
Alias /www /var/www/html
Alias /tests /var/www/tests
DocumentRoot /var/www/toolz

36
templates/Ubuntu/apache2/default-ssl.conf
Unescape View File

@ -0,0 +1,36 @@
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerAdmin webmaster@localhost
Include /etc/apache2/sites/allsites.conf
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /etc/ssl/certs/mainsite.crt
SSLCertificateKeyFile /etc/ssl/private/mainsite.key
SSLCACertificateFile /etc/apache2/ssl/mainsite_bundle.crt
#SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt
#SSLCACertificatePath /etc/ssl/certs/
#SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt
#SSLCARevocationPath /etc/apache2/ssl.crl/
#SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl
#SSLVerifyClient require
#SSLVerifyDepth 10
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
</VirtualHost>
</IfModule>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

87
templates/Ubuntu/apache2/security.conf
Unescape View File

@ -0,0 +1,87 @@
LimitRequestBody 204800
ServerTokens Prod
ServerSignature Off
TraceEnable Off
MaxClients 150
TimeOut 200
KeepAliveTimeout 3
LimitRequestFields 60
LimitRequestFieldSize 4094
Options -Includes
Options -ExecCGI
#Options -FollowSymLinks
HostnameLookups off
# <LimitExcept POST GET PUT UPDATE DELETE>
# deny from all
# </LimitExcept>
RewriteEngine ON
RewriteCond %{THE_REQUEST} !HTTP/1.1$
RewriteRule .* - [F]
# Forbid access to version control directories
#
# If you use version control systems in your document root, you should
# probably deny access to their directories. For example, for GIT:
#
<DirectoryMatch "^/.*/\.git">
Order deny,allow
Deny from all
</DirectoryMatch>
<FilesMatch "php_error_log">
Order deny,allow
Deny from all
</FilesMatch>
<Location /server-status>
SetHandler server-status
#AuthType basic
#AuthName "Apache status"
#AuthUserFile /etc/apache2/conf/server-status_htpasswd
#Require valid-user
Order deny,allow
Deny from all
Allow from none
</Location>
#
# Setting this header will prevent MSIE from interpreting files as something
# else than declared by the content type in the HTTP headers.
# Requires mod_headers to be enabled.
#
#Header set X-Content-Type-Options: "nosniff"
#
# Setting this header will prevent other sites from embedding pages from this
# site as frames. This defends against clickjacking attacks.
# Requires mod_headers to be enabled.
#
#Header set X-Frame-Options: "sameorigin"
ExtendedStatus Off
Header unset ETag
Header always unset X-Powered-By
FileETag None
Header always append X-Frame-Options SAMEORIGIN
#Header set X-XSS-Protection "1; mode=block"
Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure
Header set Feature-Policy: "geolocation 'none'; microphone 'none'; camera 'self';"
Header set Referer-Policy: "strict-origin"
SSLProtocol -ALL +TLSv1.2
# +TLSv1.3
SSLOpenSSLConfCmd Protocol "-ALL, TLSv1.2"
# , TLSv1.3
SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
Header set Strict-Transport-Security: "max-age=31536000; includeSubDomains; preload;"
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

4
templates/Ubuntu/apt.conf.d/10periodic
Unescape View File

@ -0,0 +1,4 @@
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "7";
APT::Periodic::Unattended-Upgrade "1";

58
templates/Ubuntu/keys/api.sh
Unescape View File

@ -0,0 +1,58 @@
#!/bin/bash
CERT_HOSTNAME=10.32.0.1,<controller node 1 Private IP>,<controller node 1 hostname>,<controller node 2 Private IP>,<controller node 2 hostname>,<API load balancer Private IP>,<API load balancer hostname>,127.0.0.1,localhost,kubernetes.default
cd ~/kthw
cat > kubernetes-csr.json << EOF
{
"CN": "kubernetes",
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "US",
"L": "Flint",
"O": "Kubernetes",
"OU": "Kubernetes The Hard Way",
"ST": "Michigan"
}
]
}
EOF
cfssl gencert \
-ca=ca.pem \
-ca-key=ca-key.pem \
-config=ca-config.json \
-hostname=${CERT_HOSTNAME} \
-profile=kubernetes \
kubernetes-csr.json | cfssljson -bare kubernetes
cat > service-account-csr.json << EOF
{
"CN": "service-accounts",
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "US",
"L": "Flint",
"O": "Kubernetes",
"OU": "Kubernetes The Hard Way",
"ST": "Michigan"
}
]
}
EOF
cfssl gencert \
-ca=ca.pem \
-ca-key=ca-key.pem \
-config=ca-config.json \
-profile=kubernetes \
service-account-csr.json | cfssljson -bare service-account

1
templates/Ubuntu/keys/bobs.pub
Unescape View File

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCzLprd7GLE7thLefiDCpLO3AYRgiBybDVmj9Ijf5SuN2VZLzSVEDN+6nwW37y15vgborMPchbusSP3V0CetN01WZybUubsaWallRP2vLdTetuuEu16KzARIfsxFDcLKRotYfsgkmOuKMv7PZU+p1XSjrQUKiyKrbA5BRQHNHmmVysx1qBTRIPduA8QMd0r7sXw3CoQ4Y/NCpBMJOQDBiTFpOpzzFUvw/Rul8XEyeniYYiRQ6JVl7pp9zVrk0zLUTDj4AqC6miq1vlZTI1cIdw5hc+/GmUXiYoc7hSX3b2kDBGa5ODE787wzWbHVJWv7It3+mRsUroNCm6VQrmJ7eFh bob@ubuntu

45
templates/Ubuntu/keys/ca.sh
Unescape View File

@ -0,0 +1,45 @@
#!/bin/bash
cd ~/
mkdir kthw
cd kthw
sudo curl -s -L -o /bin/cfssl https://pkg.cfssl.org/R1.2/cfssl_linux-amd64
sudo curl -s -L -o /bin/cfssljson https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64
sudo curl -s -L -o /bin/cfssl-certinfo https://pkg.cfssl.org/R1.2/cfssl-certinfo_linux-amd64
sudo chmod +x /bin/cfssl*
cat > ca-config.json << EOF
{
"signing": {
"default": {
"expiry": "8760h"
},
"profiles": {
"kubernetes": {
"usages": ["signing", "key encipherment", "server auth", "client auth"],
"expiry": "8760h"
}
}
}
}
EOF
cat > ca-csr.json << EOF
{
"CN": "Kubernetes",
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "US",
"L": "Flint",
"O": "Kubernetes",
"OU": "CA",
"ST": "Michigan"
}
]
}
EOF
cfssl gencert -initca ca-csr.json | cfssljson -bare ca

1
templates/Ubuntu/keys/chrisa.pub
Unescape View File

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCz1YKOb4TsvcZbXrWgHKl4Mo8LMjNsuSUNmW/Vvp00yU0zoJLA14Xj848zWMWcKkkYJjlqfkC3G97KhBMexiASjWUYmfuAz5U/sISiBBmgfRW64gTDC3UcPAGSIRDTWTcsobK4FZ4bf/TlIoiJI3K2YtapdyHzaQqc6CJWcKnUXBl/sIELf3Q3I6yWEfBdM8/hjbaGSANaZUP2C4M6wwKzDIEnsKdEdiDupSfwKMhHByB2pFiDHf6gAVMv/ek4nUKlU/QQnHvf4oC4yGYKau08on6guuiJqtYuI5pNhouLwbtbp9waRI1GFz7jwHx5M3GFg5cRYkfDQW2O/+L6qQ45 chrisa@ubuntu

10
templates/Ubuntu/keys/how_to_move_certs.txt
Unescape View File

@ -0,0 +1,10 @@
Move certificate files to the worker nodes:
scp ca.pem <worker 1 hostname>-key.pem <worker 1 hostname>.pem user@<worker 1 public IP>:~/
scp ca.pem <worker 2 hostname>-key.pem <worker 2 hostname>.pem user@<worker 2 public IP>:~/
Move certificate files to the controller nodes:
scp ca.pem ca-key.pem kubernetes-key.pem kubernetes.pem \
service-account-key.pem service-account.pem user@<controller 1 public IP>:~/
scp ca.pem ca-key.pem kubernetes-key.pem kubernetes.pem \
service-account-key.pem service-account.pem user@<controller 2 public IP>:~/

166
templates/Ubuntu/keys/workers.sh
Unescape View File

@ -0,0 +1,166 @@
#!/bin/bash
#WORKER0_HOST=<Public hostname of your first worker node cloud server>
#WORKER0_IP=<Private IP of your first worker node cloud server>
#WORKER1_HOST=<Public hostname of your second worker node cloud server>
#WORKER1_IP=<Private IP of your second worker node cloud server>
cd ~/kthw
cat > admin-csr.json << EOF
{
"CN": "admin",
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "US",
"L": "Flint",
"O": "system:masters",
"OU": "Kubernetes The Hard Way",
"ST": "Michigan"
}
]
}
EOF
cfssl gencert \
-ca=ca.pem \
-ca-key=ca-key.pem \
-config=ca-config.json \
-profile=kubernetes \
admin-csr.json | cfssljson -bare admin
cat > ${WORKER0_HOST}-csr.json << EOF
{
"CN": "system:node:${WORKER0_HOST}",
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "US",
"L": "Flint",
"O": "system:nodes",
"OU": "Kubernetes The Hard Way",
"ST": "Oregon"
}
]
}
EOF
cfssl gencert \
-ca=ca.pem \
-ca-key=ca-key.pem \
-config=ca-config.json \
-hostname=${WORKER0_IP},${WORKER0_HOST} \
-profile=kubernetes \
${WORKER0_HOST}-csr.json | cfssljson -bare ${WORKER0_HOST}
cat > ${WORKER1_HOST}-csr.json << EOF
{
"CN": "system:node:${WORKER1_HOST}",
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "US",
"L": "Flint",
"O": "system:nodes",
"OU": "Kubernetes The Hard Way",
"ST": "Michigan"
}
]
}
EOF
cfssl gencert \
-ca=ca.pem \
-ca-key=ca-key.pem \
-config=ca-config.json \
-hostname=${WORKER1_IP},${WORKER1_HOST} \
-profile=kubernetes \
${WORKER1_HOST}-csr.json | cfssljson -bare ${WORKER1_HOST}
cat > kube-controller-manager-csr.json << EOF
{
"CN": "system:kube-controller-manager",
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "US",
"L": "Flint",
"O": "system:kube-controller-manager",
"OU": "Kubernetes The Hard Way",
"ST": "Michigan"
}
]
}
EOF
cfssl gencert \
-ca=ca.pem \
-ca-key=ca-key.pem \
-config=ca-config.json \
-profile=kubernetes \
kube-controller-manager-csr.json | cfssljson -bare kube-controller-manager
cat > kube-proxy-csr.json << EOF
{
"CN": "system:kube-proxy",
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "US",
"L": "Flint",
"O": "system:node-proxier",
"OU": "Kubernetes The Hard Way",
"ST": "Michigan"
}
]
}
EOF
cfssl gencert \
-ca=ca.pem \
-ca-key=ca-key.pem \
-config=ca-config.json \
-profile=kubernetes \
kube-proxy-csr.json | cfssljson -bare kube-proxy
cat > kube-scheduler-csr.json << EOF
{
"CN": "system:kube-scheduler",
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "US",
"L": "Flint",
"O": "system:kube-scheduler",
"OU": "Kubernetes The Hard Way",
"ST": "Michigan"
}
]
}
EOF
cfssl gencert \
-ca=ca.pem \
-ca-key=ca-key.pem \
-config=ca-config.json \
-profile=kubernetes \
kube-scheduler-csr.json | cfssljson -bare kube-scheduler

67
templates/Ubuntu/mysql.conf.d/mysqld.cnf
Unescape View File

@ -0,0 +1,67 @@
[mysqld_safe]
socket = /var/run/mysqld/mysqld.sock
nice = 0
[mysqld]
user = mysql
basedir = /usr
tmpdir = /tmp
skip-external-locking
default-authentication-plugin = mysql_native_password
pid-file = /var/run/mysqld/mysqld.pid
socket = /var/run/mysqld/mysqld.sock
port = 3306
bind-address = 127.0.0.1
datadir = /var/lib/mysql
innodb_log_file_size = 128MB
max_connect_errors = 5
local-infile=0
skip-show-database
#
# * Fine Tuning
#
key_buffer_size = 16M
max_allowed_packet = 16M
thread_stack = 192K
thread_cache_size = 8
# This replaces the startup script and checks MyISAM tables if needed
# the first time they are touched
myisam-recover-options = BACKUP
#max_connections = 100
#table_open_cache = 64
#thread_concurrency = 10
#
#
# * Logging and Replication
#
# Both location gets rotated by the cronjob.
# Be aware that this log type is a performance killer.
# As of 5.1 you can enable the log at runtime!
#general_log_file = /var/log/mysql/mysql.log
#general_log = 1
#
# Error log - should be very few entries.
#
log_error = /var/log/mysql/error.log
#
# Here you can see queries with especially long duration
#slow_query_log = 1
#slow_query_log_file = /var/log/mysql/mysql-slow.log
#long_query_time = 2
#log-queries-not-using-indexes
#
# The following can be used as easy to replay backup logs or for replication.
# note: if you are setting up a replication slave, see README.Debian about
# other settings you may need to change.
#server-id = 1
#log_bin = /var/log/mysql/mysql-bin.log
max_binlog_size = 100M
#binlog_do_db = include_database_name
#binlog_ignore_db = include_database_name
# * Security Features
#
# Read the manual, too, if you want chroot!
# chroot = /var/lib/mysql/

25
templates/Ubuntu/notice.txt
Unescape View File

@ -0,0 +1,25 @@
***************************************************************************
NOTICE TO USERS
This computer system is the private property of its owner, whether
individual, corporate or government. It is for authorized use only.
Users (authorized or unauthorized) have no explicit or implicit
expectation of privacy.
Any or all uses of this system and all files on this system may be
intercepted, monitored, recorded, copied, audited, inspected, and
disclosed to your employer, to authorized site, government, and law
enforcement personnel, as well as authorized officials of government
agencies, both domestic and foreign.
By using this system, the user consents to such interception, monitoring,
recording, copying, auditing, inspection, and disclosure at the
discretion of such personnel or officials. Unauthorized or improper use
of this system may result in civil and criminal penalties and
administrative or disciplinary action, as appropriate. By continuing to
use this system you indicate your awareness of and consent to these terms
and conditions of use. LOG OFF IMMEDIATELY if you do not agree to the
conditions stated in this warning.
****************************************************************************

247
templates/Ubuntu/php/php.ini
Unescape View File

@ -0,0 +1,247 @@
[PHP]
engine = On
short_open_tag = Off
precision = 14
output_buffering = 4096
zlib.output_compression = Off
implicit_flush = Off
unserialize_callback_func =
serialize_precision = -1
open_basedir = "/var/www:/var/lib/php/tmp_upload:/var/lib/php/sessions:/usr/share/phpmyadmin:/etc/phpmyadmin:/usr/share/php/php-php-gettext"
disable_functions = ini_set,php_uname,getmyuid,getmypid,passthru,leak,listen,diskfreespace,tmpfile,link,ignore_user_abord,shell_exec,dl,set_time_limit,exec,system,highlight_file,source,show_source,fpaththru,virtual,posix_ctermid,posix_getcwd,posix_getegid,posix_geteuid,posix_getgid,posix_getgrgid,posix_getgrnam,posix_getgroups,posix_getlogin,posix_getpgid,posix_getpgrp,posix_getpid,posix,_getppid,posix_getpwnam,posix_getpwuid,posix_getrlimit,posix_getsid,posix_getuid,posix_isatty,posix_kill,posix_mkfifo,posix_setegid,posix_seteuid,posix_setgid,posix_setpgid,posix_setsid,posix_setuid,posix_times,posix_ttyname,posix_uname,proc_open,proc_close,proc_get_status,proc_nice,proc_terminate,phpinfo,popen,curl_exec,curl_multi_exec,parse_ini_file,allow_url_fopen,allow_url_include,pcntl_exec,chgrp,chmod,chown,lchgrp,lchown,putenv
disable_classes =
zend.enable_gc = On
expose_php = Off
max_execution_time = 30
max_input_time = 60
memory_limit = 128M
error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
display_errors = Off
display_startup_errors = Off
log_errors = On
log_errors_max_len = 1024
ignore_repeated_errors = Off
ignore_repeated_source = Off
report_memleaks = On
track_errors = Off
html_errors = On
variables_order = "GPCS"
request_order = "GP"
register_argc_argv = Off
auto_globals_jit = On
post_max_size = 8M
auto_prepend_file =
auto_append_file =
default_mimetype = "text/html"
default_charset = "UTF-8"
doc_root =
user_dir =
enable_dl = Off
file_uploads = On
upload_max_filesize = 20M
max_file_uploads = 20
post_max_size = 20M
; 256K if no uploading files
max_input_vars = 100
allow_url_fopen = Off
allow_url_include = Off
default_socket_timeout = 60
error_log = /var/www/php_error_log
upload_tmp_dir = /var/lib/php/tmp_upload
[Session]
session.save_handler = files
session.hash_function = sha512
session.bug_compat_42 = 0
session.bug_compat_warn = 0
session.save_path = "/var/lib/php/sessions"
session.use_strict_mode = 1
session.use_cookies = 1
session.cookie_secure = 1
session.use_only_cookies = 1
session.name = ToolzID
session.auto_start = 0
session.cookie_lifetime = 0
session.cookie_path = /
session.cookie_domain =
session.cookie_httponly =
session.serialize_handler = php
session.gc_probability = 0
session.gc_divisor = 1000
session.gc_maxlifetime = 1440
session.referer_check =
session.cache_limiter = nocache
session.cache_expire = 180
session.use_trans_sid = 0
session.sid_length = 26
session.trans_sid_tags = "a=href,area=href,frame=src,form="
session.sid_bits_per_character = 5
[CLI Server]
cli_server.color = On
[Date]
date.timezone = UTC
;date.default_latitude = 31.7667
;date.default_longitude = 35.2333
;date.sunrise_zenith = 90.583333
;date.sunset_zenith = 90.583333
[filter]
;filter.default = unsafe_raw
;filter.default_flags =
[intl]
;intl.default_locale =
; This directive allows you to produce PHP errors when some error
; happens within intl functions. The value is the level of the error produced.
; Default is 0, which does not produce any errors.
;intl.error_level = E_WARNING
;intl.use_exceptions = 0
[sqlite3]
;sqlite3.extension_dir =
[Pcre]
;PCRE library backtracking limit.
; http://php.net/pcre.backtrack-limit
;pcre.backtrack_limit=100000
;PCRE library recursion limit.
;Please note that if you set this value to a high number you may consume all
;the available process stack and eventually crash PHP (due to reaching the
;stack size limit imposed by the Operating System).
; http://php.net/pcre.recursion-limit
;pcre.recursion_limit=100000
;Enables or disables JIT compilation of patterns. This requires the PCRE
;library to be compiled with JIT support.
;pcre.jit=1
[Pdo]
; Whether to pool ODBC connections. Can be one of "strict", "relaxed" or "off"
; http://php.net/pdo-odbc.connection-pooling
;pdo_odbc.connection_pooling=strict
;pdo_odbc.db2_instance_name
[Pdo_mysql]
pdo_mysql.cache_size = 2000
pdo_mysql.default_socket=
[Phar]
; http://php.net/phar.readonly
;phar.readonly = On
; http://php.net/phar.require-hash
;phar.require_hash = On
;phar.cache_list =
[mail function]
; For Win32 only.
; http://php.net/smtp
SMTP = localhost
; http://php.net/smtp-port
smtp_port = 25
; For Unix only. You may supply arguments as well (default: "sendmail -t -i").
; http://php.net/sendmail-path
;sendmail_path =
; Add X-PHP-Originating-Script: that will include uid of the script followed by the filename
mail.add_x_header = On
[SQL]
; http://php.net/sql.safe-mode
sql.safe_mode = Off
[ODBC]
odbc.allow_persistent = On
odbc.check_persistent = On
odbc.max_persistent = -1
odbc.max_links = -1
odbc.defaultlrl = 4096
odbc.defaultbinmode = 1
[MySQLi]
mysqli.max_persistent = -1
;mysqli.allow_local_infile = On
mysqli.allow_persistent = On
mysqli.max_links = -1
mysqli.cache_size = 2000
mysqli.default_port = 3306
mysqli.default_socket =
mysqli.default_host =
mysqli.default_user =
mysqli.default_pw =
mysqli.reconnect = Off
[mysqlnd]
mysqlnd.collect_statistics = On
mysqlnd.collect_memory_statistics = Off
[bcmath]
bcmath.scale = 0
[Assertion]
zend.assertions = -1
[Tidy]
;tidy.default_config = /usr/local/lib/php/default.tcfg
tidy.clean_output = Off
[soap]
soap.wsdl_cache_enabled=1
soap.wsdl_cache_dir="/var/lib/php/soap_cache"
soap.wsdl_cache_ttl=86400
soap.wsdl_cache_limit = 5
[ldap]
; Sets the maximum number of open links or -1 for unlimited.
ldap.max_links = -1
[opcache]
;opcache.enable=1
;opcache.enable_cli=0
;opcache.memory_consumption=128
;opcache.interned_strings_buffer=8
;opcache.max_accelerated_files=10000
;opcache.max_wasted_percentage=5
;opcache.use_cwd=1
;opcache.validate_timestamps=1
;opcache.revalidate_freq=2
;opcache.revalidate_path=0
;opcache.save_comments=1
;opcache.fast_shutdown=0
;opcache.enable_file_override=0
;opcache.optimization_level=0xffffffff
;opcache.inherited_hack=1
;opcache.dups_fix=0
;opcache.blacklist_filename=
;opcache.max_file_size=0
;opcache.consistency_checks=0
;opcache.force_restart_timeout=180
;opcache.error_log=
;opcache.log_verbosity_level=1
;opcache.preferred_memory_model=
;opcache.protect_memory=0
;opcache.restrict_api=
;opcache.mmap_base=
;opcache.file_cache=
;opcache.file_cache_only=0
;opcache.file_cache_consistency_checks=1
;opcache.file_cache_fallback=1
;opcache.huge_code_pages=1
;opcache.validate_permission=0
;opcache.validate_root=0
[curl]
;curl.cainfo =
[openssl]
;openssl.cafile=
;openssl.capath=
; Local Variables:
; tab-width: 4
; End:

94
templates/Ubuntu/ssh/sshd_config
Unescape View File

@ -0,0 +1,94 @@
# Package generated configuration file
# See the sshd_config(5) manpage for details
# What ports, IPs and protocols we listen for
Port 2299
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes
# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 1024
# Logging
SyslogFacility AUTH
LogLevel INFO
# Authentication:
LoginGraceTime 120
PermitRootLogin no
StrictModes yes
AllowUsers bobs chrisa robot git
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile %h/.ssh/authorized_keys
# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes
# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords no
# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no
# Change to no to disable tunnelled clear text passwords
PasswordAuthentication no
# Kerberos options
#KerberosAuthentication no
#KerberosGetAFSToken no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
X11Forwarding no
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
AllowTcpForwarding no
AllowStreamLocalForwarding no
GatewayPorts no
PermitTunnel no
#UseLogin no
#MaxStartups 10:30:60
DebianBanner no
Banner /etc/issue.net
# Allow client to pass locale environment variables
AcceptEnv LANG LC_*
Subsystem sftp /bin/sh -c 'umask 0002; /usr/lib/openssh/sftp-server'
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes

45
templates/Ubuntu/ufw/sysctl.conf
Unescape View File

@ -0,0 +1,45 @@
#
# Configuration file for setting network variables. Please note these settings
# override /etc/sysctl.conf and /etc/sysctl.d. If you prefer to use
# /etc/sysctl.conf, please adjust IPT_SYSCTL in /etc/default/ufw. See
# Documentation/networking/ip-sysctl.txt in the kernel source code for more
# information.
#
# Disable ICMP redirects. ICMP redirects are rarely used but can be used in
# MITM (man-in-the-middle) attacks. Disabling ICMP may disrupt legitimate
# traffic to those sites.
net/ipv4/conf/all/accept_redirects=0
net/ipv4/conf/default/accept_redirects=0
net/ipv6/conf/all/accept_redirects=0
net/ipv6/conf/default/accept_redirects=0
# Ignore bogus ICMP errors
net/ipv4/icmp_echo_ignore_broadcasts=1
net/ipv4/icmp_ignore_bogus_error_responses=1
net/ipv4/icmp_echo_ignore_all=0
# Don't log Martian Packets (impossible addresses)
# packets
net/ipv4/conf/all/log_martians=0
net/ipv4/conf/default/log_martians=0
net/ipv4/tcp/syncookies=1 # Enable syn flood protection
net/ipv4/conf/all/accept_source_route=0 # Ignore source-routed packets
net/ipv6/conf/all/accept_source_route=0 # IPv6 - Ignore ICMP redirects
net/ipv4/conf/default/accept_source_route=0 # Ignore source-routed packets
net/ipv6/conf/default/accept_source_route=0 # IPv6 - Ignore source-routed packets
net/ipv4/conf/all/secure_redirects=1 # Ignore ICMP redirects from non-GW hosts
net/ipv4/conf/default/secure_redirects=1 # Ignore ICMP redirects from non-GW hosts
net/ipv4/ip_forward=0 # Do not allow traffic between networks or act as a router
net/ipv6/conf/all/forwarding=0 # IPv6 - Do not allow traffic between networks or act as a router
net/ipv4/conf/all/send_redirects=0 # Don't allow traffic between networks or act as a router
net/ipv4/conf/default/send_redirects=0 # Don't allow traffic between networks or act as a router
net/ipv4/conf/all/rp_filter=1 # Reverse path filtering - IP spoofing protection
net/ipv4/conf/default/rp_filter=1 # Reverse path filtering - IP spoofing protection
net/ipv4/tcp_rfc1337=1 # Implement RFC 1337 fix
kernel/randomize_va_space=2 # Randomize addresses of mmap base, heap, stack and VDSO page
fs/protected_hardlinks=1 # Provide protection from ToCToU races
fs/protected_symlinks=1 # Provide protection from ToCToU races
kernel/kptr_restrict=1 # Make locating kernel addresses more difficult
kernel/perf_event_paranoid=2 # Set perf only available to root

9
templates/podman_install.sh
Unescape View File

@ -0,0 +1,9 @@
#!/bin/bash
sudo apt update
sudo apt -y install software-properties-common
sudo add-apt-repository -y ppa:projectatomic/ppa
sudo apt update
sudo apt -y install podman
sudo mkdir -p /etc/containers
sudo curl https://raw.githubusercontent.com/projectatomic/registries/master/registries.fedora -o /etc/containers/registries.conf
sudo curl https://raw.githubusercontent.com/containers/skopeo/master/default-policy.json -o /etc/containers/policy.json
Write Preview
Loading…
Cancel
Save