twb
/
neatoDeploy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

getting their...

Browse Source
main
Robert 2 years ago
parent 0acb2c038c
commit a6c5bb1cc5
11 changed files with 193 additions and 53 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 13
      app/neato.php
  2. 183
      app/neato_common.php
  3. 8
      app/neato_enc.php
  4. 4
      deploy_files/deploy_example.php
  5. 4
      deploy_files/deploy_mysql_ex1.php
  6. 4
      deploy_files/deploy_mysql_ex2.php
  7. 10
      deploy_files/deploy_podman.php
  8. 2
      deploy_files/deploy_security_audit.php
  9. 6
      deploy_files/deploy_ssh_client.php
  10. 10
      deploy_files/deploy_sshd.php
  11. 2
      deploy_files/deploy_test1.php

13
app/neato.php
Unescape View File

@ -94,7 +94,7 @@ if (isStringFound($argv[1], 'http://') || isStringFound($argv[1], 'https://')) {
*/
function Save_sha($shasum): void
{
$xor = xor_encrypt($shasum, $GLOBALS['pk']);
$xor = xorEncrypt($shasum, $GLOBALS['pk']);
file_put_contents($GLOBALS['cwd'] . '/sums/deploy_' . $GLOBALS['file'].'.sum', $xor);
}
/**
@ -121,7 +121,7 @@ function Do_Harm_checker(): void
/* Keep as last lines */
if (file_exists($cwd . '/deploy_files/deploy_' . $file.'.php')) {
$check_for_harm = true;
$shasum = shasum($cwd . '/deploy_files/deploy_' . $file.'.php');
$shasum = shaSum($cwd . '/deploy_files/deploy_' . $file.'.php');
if ($shasum === false) {
echo "Unable to SHA sum script!";
exit(1);
@ -131,8 +131,13 @@ if (file_exists($cwd . '/deploy_files/deploy_' . $file.'.php')) {
if ($skipdeploy) {
unlink($cwd . '/sums/deploy_' . $file.'.sum');
} else {
$sum = read_file($cwd . '/sums/deploy_' . $file.'.sum');
if ($shasum === xor_encrypt($sum, $pk)) {
$sum = readMyFile($cwd . '/sums/deploy_' . $file.'.sum');
if ($sum === false) {
echo "Bad sum file, Aborting...";
exit(1);
}
$xor = xorEncrypt($sum, $pk);
if ($shasum === $xor) {
$check_for_harm = false;
} else {
echo "Danger: SUM of Script has been modified!";

183
app/neato_common.php
Unescape View File

@ -16,7 +16,7 @@ set_time_limit(0);
require 'neato_registry.php';
require 'neato_auto_loader.php';
require 'neato_init.php';
include 'neato_colors.php';
require 'neato_colors.php';
require 'neato_configure.php';
require 'neato_logger.php';
require 'neato_fns.php';
@ -31,24 +31,44 @@ Neato_Registry::get('loader')->addNamespace('traits', 'traits');
Neato_Registry::get('loader')->addNamespace('package_managers', 'package_managers');
Neato_Registry::get('loader')->addNamespace('init_systems', 'init_systems');
function force_root(): void {
/**
* Force script to require being root to run
*
* @return void not ah
*/
function forceRoot(): void
{
if (posix_getuid() > 0) {
echo 'Please run as root' . PHP_EOL;
exit(1);
}
}
function force_normal(): void {
/**
* Force script to require being a Regular user to run
*
* @return void not ah
*/
function forceNormal(): void
{
if (posix_getuid() === 0) {
echo 'Please run as a normal user' . PHP_EOL;
exit(1);
}
}
function shasum($file) {
if(file_exists($file)) {
/**
* SHA Sum on a file. Make a hash on file.
*
* @param string $file filename to give a SHA256 hash on.
*
* @return string|false Hash Value of File
*/
function shaSum(string $file): string|false
{
if (file_exists($file)) {
$hash = hash_file('sha256', $file, false);
if($hash === false) {
if ($hash === false) {
return false;
}
return (string) $hash;
@ -56,7 +76,16 @@ function shasum($file) {
return false;
}
function xor_encrypt($text, $key) {
/**
* XOR Encrypt/Decrypt, weak encoding...
*
* @param string $text Message
* @param string $key Password
*
* @return string Results
*/
function xorEncrypt(string $text, string $key): string
{
$result = '';
$textLength = strlen($text);
$keyLength = strlen($key);
@ -66,7 +95,15 @@ function xor_encrypt($text, $key) {
return $result;
}
function read_file($file) {
/**
* Get the contents of a file.
*
* @param string $file file to open and read...
*
* @return string|false Contents of the file are returned
*/
function readMyFile(string $file): string|false
{
$ret = file_get_contents($file);
if ($ret === false) {
display("Unable to read from file: {$file}");
@ -74,45 +111,107 @@ function read_file($file) {
return $ret;
}
function write_file($file, $data) {
/**
* Write text to a new file.
*
* @param string $file Filename to save to
* @param string $data What to put in the file.
*
* @return bool Success?
*/
function writeFile(string $file, string $data): bool
{
$exit_code = file_put_contents($file, $data);
$real = ($exit_code === false) ? false : true;
checkForError($real, "Unable to save to file: {$file}");
return $real;
}
function append_to_file($file, $data) {
/**
* Append text to a existing file.
*
* @param string $file Filename to save to
* @param string $data What to add to the file.
*
* @return bool Success?
*/
function appendToFile(string $file, string $data): bool
{
$exit_code = file_put_contents($file, $data, FILE_APPEND | LOCK_EX);
$real = ($exit_code === false) ? false : true;
checkForError($real, "Unable to save to file: {$file}");
return $real;
}
function rm($file) {
/**
* Remove/Delete file
*
* @param string $file Filename to erase
*
* @return bool Success?
*/
function rm(string $file): bool
{
$exit_code = unlink($file);
checkForError($exit_code, "Unable to Delete file: {$file}");
return $exit_code;
}
function mv($old, $new) {
/**
* Renames a file or directory.
*
* @param string $old Existing file
* @param string $new Rename it to this new filename
*
* @return bool Success?
*/
function mv(string $old, string $new): bool
{
$exit_code = rename($old, $new);
checkForError($exit_code, "Unable to Move file: {$old} to {$new}");
return $exit_code;
}
function cp($source, $dest) {
/**
* Copies a file
*
* @param string $source Existing file
* @param string $dest To make cloned file
*
* @return bool Success?
*/
function cp(string $source, string $dest): bool
{
$exit_code = copy($source, $dest);
checkForError($exit_code, "Unable to Copy file: {$source} to: {$dest}");
return $exit_code;
}
function ln($source, $new_link) {
/**
* Make a symbolic-Link
*
* @param string $source Existing file
* @param string $new_link Create new linked file
*
* @return bool Success?
*/
function ln(string $source, string $new_link): bool
{
$exit_code = symlink($source, $new_link);
checkForError($exit_code, "Unable to make Link for file: {$source} to: {$new_link}");
return $exit_code;
}
function make_dir($new_folder, $perms=0775) {
/**
* Make a new Directory
*
* @param string $new_folder Create the new folder here
* @param int $perms Set permissions
*
* @return bool Success?
*/
function makeDir(string $new_folder, int $perms=0775): bool
{
if (!is_dir($new_folder)) {
$exit_code = mkdir($new_folder, $perms, true);
checkForError($exit_code, "Unable to mkdir: {$new_folder}");
@ -122,7 +221,16 @@ function make_dir($new_folder, $perms=0775) {
}
}
function chmod_file_or_dir($file, $kind) {
/**
* Chmod Change Permissions on File or Directory.
*
* @param string $file filename to change permissions on
* @param string|int $kind Set new permissions
*
* @return bool Success?
*/
function chmodFileOrDir(string $file, string|int $kind): bool
{
if (!is_file($file) && !is_dir($file)) {
$ret = false;
} else {
@ -133,7 +241,17 @@ function chmod_file_or_dir($file, $kind) {
return $ret;
}
function change_owner($file, $uid, $gid) {
/**
* Change User-ownership and Group-ownership of a file
*
* @param string $file Filename to change
* @param string|int $uid New User ID
* @param string|int $gid New Group ID
*
* @return bool Success?
*/
function changeOwner(string $file, string|int $uid, string|int $gid): bool
{
$ret_owner = chown($file, $uid);
$ret_group = chgrp($file, $gid);
$exit_code = ($ret_owner && $ret_group) ? true : false;
@ -141,13 +259,23 @@ function change_owner($file, $uid, $gid) {
return $exit_code;
}
function recursive_change_owner($mypath, $uid, $gid) {
/**
* Recursive change ownership on files
*
* @param string $mypath Directory path
* @param string|int $uid New User ID
* @param string|int $gid New Group ID
*
* @return void IDK
*/
function recursiveChangeOwner(string $mypath, string|int $uid, string|int $gid): void
{
$d = opendir($mypath);
while (($file = readdir($d)) !== false) {
if ($file != "." && $file != "..") {
$typepath = $mypath . "/" . $file;
if (filetype($typepath) == 'dir') {
recursive_change_owner($typepath, $uid, $gid);
recursiveChangeOwner($typepath, $uid, $gid);
}
chown($typepath, $uid);
@ -156,7 +284,15 @@ function recursive_change_owner($mypath, $uid, $gid) {
}
}
function make_password($length = 12) {
/**
* Make a random Password
*
* @param int $length Give max length
*
* @return string New Password Assigned
*/
function makePassword(int $length = 12): string
{
$conso = array("b", "c", "d", "f", "g", "h", "j", "k", "l",
"m", "n", "p", "r", "s", "t", "v", "w", "x", "y", "z");
$vocal = array("a", "e", "i", "o", "u");
@ -174,10 +310,9 @@ function make_password($length = 12) {
}
while ($length > 0) {
if ($length >= 1) {
$password .= $conso[rand(0, 19)];
$length--;
}
$password .= $conso[rand(0, 19)];
$length--;
if ($length >= 1) {
$v = $vocal[rand(0, 4)];
$vp = ($v == 'o') ? $v : strtoupper($v); // A,E,I,o,U

8
app/neato_enc.php
Unescape View File

@ -116,11 +116,11 @@ class Enc
{
if (!file_exists($file_name)) {
$key = self::generateKey();
write_file($file_name, $key);
chmod_file_or_dir($file_name, getPerms("secret"));
change_owner($file_name, "root", "root");
writeFile($file_name, $key);
chmodFileOrDir($file_name, getPerms("secret"));
changeOwner($file_name, "root", "root");
} else {
$key = read_file($file_name);
$key = readMyFile($file_name);
}
return $key;
}

4
deploy_files/deploy_example.php
Unescape View File

@ -14,11 +14,11 @@ Configure::set('preinstall', [
'sed' => [ 'test.ini' => [ 'timeout' => '30', 'keep_alive_setting' => '15' ] ]
]);
force_normal();
forceNormal();
//run_once(); // only allow, this script, to run once!
$root_password = make_password(Configure::get('passwords', 'length'));
$root_password = makePassword(Configure::get('passwords', 'length'));
//do_command('service', 'mysql', 'stop');

4
deploy_files/deploy_mysql_ex1.php
Unescape View File

@ -12,7 +12,7 @@ Configure::set('pre_actions', [
[ $cwd . '/my_vaults' => 'keydir', '/etc/neato_secrets' => 'keydir' ],
]);
force_root();
forceRoot();
//doCommand('service', 'mysql', 'stop');
@ -22,7 +22,7 @@ $my_key = Enc::makeKeyFile("/etc/neato_secrets/mysql_key");
/** @phpstan-ignore-next-line Variable $cwd might not be defined */
if (!file_exists($cwd . "/my_vaults/mysql_secrets")) {
$root_password = make_password(Configure::get('passwords', 'length'));
$root_password = makePassword(Configure::get('passwords', 'length'));
$obj = new stdClass();
$obj->root = $root_password;

4
deploy_files/deploy_mysql_ex2.php
Unescape View File

@ -5,9 +5,9 @@ Configure::set('syslog', false);
//doCommand('service', 'mysql', 'stop');
force_root();
forceRoot();
$my_key = read_file("/etc/neato_secrets/mysql_key");
$my_key = readMyFile("/etc/neato_secrets/mysql_key");
/** @phpstan-ignore-next-line Variable $cwd might not be defined */
$o = Enc::decodeFile($cwd . "/my_vaults/mysql_secrets", $my_key);

10
deploy_files/deploy_podman.php
Unescape View File

@ -9,7 +9,7 @@ Configure::set('pre_actions', [
['/etc/containers' => 'dir'],
]);
force_root();
forceRoot();
fileLoop(Configure::get('pre_actions'));
@ -37,8 +37,8 @@ $policy = '
}
}';
if (! file_exists("/etc/containers/policy.json")) {
append_to_file("/etc/containers/policy.json", $policy);
chmod_file_or_dir("/etc/containers/policy.json", "config");
appendToFile("/etc/containers/policy.json", $policy);
chmodFileOrDir("/etc/containers/policy.json", "config");
}
$reg = "# This is a system-wide configuration file used to
@ -67,6 +67,6 @@ registries = []
[registries.block]
registries = []";
if (! file_exists("/etc/containers/registries.conf")) {
append_to_file("/etc/containers/registries.conf", $reg);
chmod_file_or_dir("/etc/containers/registries.conf", "config");
appendToFile("/etc/containers/registries.conf", $reg);
chmodFileOrDir("/etc/containers/registries.conf", "config");
}

2
deploy_files/deploy_security_audit.php
Unescape View File

@ -11,7 +11,7 @@ Configure::set('remove_users', [
'ftp', 'news', 'gopher',
]);
force_root();
forceRoot();
display(getTermColors("Deleteing unused user accounts", ['color'=>'blue']));
$remove_users = Configure::get('remove_users');

6
deploy_files/deploy_ssh_client.php
Unescape View File

@ -1,6 +1,6 @@
<?php
force_normal();
forceNormal();
$host = "Host *
Protocol 2
@ -29,8 +29,8 @@ if ($home === false) {
}
if (! file_exists("$home/.ssh/config")) {
append_to_file("$home/.ssh/config", $host);
chmod_file_or_dir("$home/.ssh/config", "config");
appendToFile("$home/.ssh/config", $host);
chmodFileOrDir("$home/.ssh/config", "config");
} else {
echo "$home/.ssh/config exists! \r\n";
echo $host;

10
deploy_files/deploy_sshd.php
Unescape View File

@ -33,7 +33,7 @@ enum INet: string {
}
$allowedInet = $inet ?? INet::any->getValue(); // any, IPv4, or IPv6
force_root();
forceRoot();
runOnce();
if ($rekey == "yes") {
@ -172,8 +172,8 @@ if (file_exists("/etc/ssh/sshd_config")) {
mv("/etc/ssh/sshd_config", "/etc/ssh/sshd_config.old");
}
append_to_file("/etc/ssh/sshd_config", $sshd);
chmod_file_or_dir("/etc/ssh/sshd_config", "config");
appendToFile("/etc/ssh/sshd_config", $sshd);
chmodFileOrDir("/etc/ssh/sshd_config", "config");
$banner = "***************************************************************************
NOTICE TO USERS
@ -202,6 +202,6 @@ conditions stated in this warning.
****************************************************************************";
if (! file_exists("/etc/notice.txt")) {
append_to_file("/etc/notice.txt", $banner);
chmod_file_or_dir("/etc/notice.txt", "normal");
appendToFile("/etc/notice.txt", $banner);
chmodFileOrDir("/etc/notice.txt", "normal");
}

2
deploy_files/deploy_test1.php
Unescape View File

@ -3,7 +3,7 @@ Configure::set('display', true); // Show Output
Configure::set('logfile', false); // Save to log folder
Configure::set('syslog', false);
force_root();
forceRoot();
doCommand('apache::ht_password', '.htpasswd', 'johnny', 'shhhh');

Write Preview
Loading…
Cancel
Save