mirror of
https://github.com/telekom-security/tpotce.git
synced 2025-10-24 17:24:44 +00:00
78 lines
1.8 KiB
Bash
78 lines
1.8 KiB
Bash
![]() |
#!/bin/bash
|
||
|
|
||
|
# Make sure script is started as non-root.
|
||
|
myWHOAMI=$(whoami)
|
||
|
if [ "$myWHOAMI" = "root" ]
|
||
|
then
|
||
|
echo "Need to run as non-root ..."
|
||
|
echo ""
|
||
|
exit
|
||
|
fi
|
||
|
|
||
|
# set vars, check deps
|
||
|
myPAM_COCKPIT_FILE="/etc/pam.d/cockpit"
|
||
|
if ! [ -s "$myPAM_COCKPIT_FILE" ];
|
||
|
then
|
||
|
echo "### Cockpit PAM module config does not exist. Something went wrong."
|
||
|
echo ""
|
||
|
exit 1
|
||
|
fi
|
||
|
myPAM_COCKPIT_GA="
|
||
|
|
||
|
# google authenticator for two-factor
|
||
|
auth required pam_google_authenticator.so
|
||
|
"
|
||
|
myAUTHENTICATOR=$(which google-authenticator)
|
||
|
if [ "$myAUTHENTICATOR" == "" ];
|
||
|
then
|
||
|
echo "### Could not locate google-authenticator, trying to install (if asked provide root password)."
|
||
|
echo ""
|
||
|
sudo apt-get update
|
||
|
sudo apt-get install -y libpam-google-authenticator
|
||
|
exec "$1" "$2"
|
||
|
exit 1
|
||
|
fi
|
||
|
|
||
|
|
||
|
# write PAM changes
|
||
|
function fuWRITE_PAM_CHANGES {
|
||
|
myCHECK=$(cat $myPAM_COCKPIT_FILE | grep -c "google")
|
||
|
if ! [ "$myCHECK" == "0" ];
|
||
|
then
|
||
|
echo "### PAM config already enabled. Skipped."
|
||
|
echo ""
|
||
|
else
|
||
|
echo "### Updating PAM config for Cockpit (if asked provide root password)."
|
||
|
echo "$myPAM_COCKPIT_GA" | sudo tee -a $myPAM_COCKPIT_FILE
|
||
|
sudo systemctl restart cockpit
|
||
|
fi
|
||
|
}
|
||
|
|
||
|
# create 2fa
|
||
|
function fuGEN_TOKEN {
|
||
|
echo "### Now generating token for Google Authenticator."
|
||
|
echo ""
|
||
|
google-authenticator -t -d -r 3 -R 30 -w 17
|
||
|
}
|
||
|
|
||
|
|
||
|
# main
|
||
|
echo "### This script will enable Two Factor Authentication for Cockpit."
|
||
|
echo ""
|
||
|
echo "### Please download one of the many authenticator apps from the appstore of your choice."
|
||
|
echo ""
|
||
|
while true;
|
||
|
do
|
||
|
read -p "### Ready to start (y/n)? " myANSWER
|
||
|
case $myANSWER in
|
||
|
[Yy]* ) echo "### OK. Starting ..."; break;;
|
||
|
[Nn]* ) echo "### Exiting."; exit;;
|
||
|
esac
|
||
|
done
|
||
|
|
||
|
fuWRITE_PAM_CHANGES
|
||
|
fuGEN_TOKEN
|
||
|
|
||
|
echo "Done. Re-run this script by every user who needs Cockpit access."
|
||
|
echo ""
|