From 34186975c6336a4813aea0de7942fa1bb4ea09c9 Mon Sep 17 00:00:00 2001 From: m8in Date: Sun, 19 Apr 2026 22:55:20 +0200 Subject: [PATCH] Improved core scripts --- core/defineAuthorizedKeysOfUser.sh | 8 ++++++++ core/ensureUsageOfDefinitions.sh | 11 +++++++++-- 2 files changed, 17 insertions(+), 2 deletions(-) diff --git a/core/defineAuthorizedKeysOfUser.sh b/core/defineAuthorizedKeysOfUser.sh index fcbbed3..b1ce02e 100755 --- a/core/defineAuthorizedKeysOfUser.sh +++ b/core/defineAuthorizedKeysOfUser.sh @@ -49,6 +49,14 @@ function prepareFolder() { && echo " - '${_SSH_FOLDER}'" \ && return 0 + #The ssh folder already exists but ownership and access rights needs to be repaired + [ -d "${_SSH_FOLDER}" ] \ + && chown "${_USER}:${_USER}" "${_SSH_FOLDER}" \ + && chmod go-rwx "${_SSH_FOLDER}" \ + && echo "SUCCESS: The existing ssh folder was repaired: ("$(readlink -f ${0})")" \ + && echo " - '${_SSH_FOLDER}'" \ + && return 0 + echo "FAIL: The ssh folder could not be prepared: ("$(readlink -f ${0})")" >&2 echo " - '${_SSH_FOLDER}'" >&2 echo " - due to an error or insufficient rights." >&2 diff --git a/core/ensureUsageOfDefinitions.sh b/core/ensureUsageOfDefinitions.sh index 841b9c4..5372435 100755 --- a/core/ensureUsageOfDefinitions.sh +++ b/core/ensureUsageOfDefinitions.sh @@ -53,14 +53,15 @@ function filterInvalidAuthorizedKeysFilesOfRoot() { } function printSelectedDefinition() { - local _DEFINITIONS _CORE_FILE_DEFAULT_ALL_HOSTS _CORE_FILE_DEFINED_ALL_HOSTS _CORE_FILE_DEFINED_THIS_HOST _FILE_DEFINED_ALL_HOSTS _FILE_DEFINED_THIS_HOST + local _DEFINITIONS _CORE_FILE_DEFAULT_ALL_HOSTS _CORE_FILE_DEFINED_ALL_HOSTS _CORE_FILE_DEFINED_THIS_HOST _FILE_DEFAULT_ALL_HOSTS _FILE_DEFINED_ALL_HOSTS _FILE_DEFINED_THIS_HOST _DEFINITIONS="${1:?"Missing CIS_ROOT"}definitions/${2:?"Missing DOMAIN"}/" _CORE_FILE_DEFAULT_ALL_HOSTS="${1:?"Missing CIS_ROOT"}definitions/default/core/all${3:?"Missing CURRENT_FULLFILE"}" _CORE_FILE_DEFINED_ALL_HOSTS="${_DEFINITIONS:?"Missing DEFINITIONS"}core/all${3:?"Missing CURRENT_FULLFILE"}" _CORE_FILE_DEFINED_THIS_HOST="${_DEFINITIONS:?"Missing DEFINITIONS"}core/$(hostname -s)${3:?"Missing CURRENT_FULLFILE"}" + _FILE_DEFAULT_ALL_HOSTS="${1:?"Missing CIS_ROOT"}definitions/default/script/all${3:?"Missing CURRENT_FULLFILE"}" _FILE_DEFINED_ALL_HOSTS="${_DEFINITIONS:?"Missing DEFINITIONS"}hosts/all${3:?"Missing CURRENT_FULLFILE"}" _FILE_DEFINED_THIS_HOST="${_DEFINITIONS:?"Missing DEFINITIONS"}hosts/$(hostname -s)${3:?"Missing CURRENT_FULLFILE"}" - readonly _DEFINITIONS _CORE_FILE_DEFAULT_ALL_HOSTS _CORE_FILE_DEFINED_ALL_HOSTS _CORE_FILE_DEFINED_THIS_HOST _FILE_DEFINED_ALL_HOSTS _FILE_DEFINED_THIS_HOST + readonly _DEFINITIONS _CORE_FILE_DEFAULT_ALL_HOSTS _CORE_FILE_DEFINED_ALL_HOSTS _CORE_FILE_DEFINED_THIS_HOST _FILE_DEFAULT_ALL_HOSTS _FILE_DEFINED_ALL_HOSTS _FILE_DEFINED_THIS_HOST #The following are special definitions that affect the core functionality. #Try this host first because it should be priorized. @@ -92,6 +93,11 @@ function printSelectedDefinition() { && echo "${_FILE_DEFINED_ALL_HOSTS}" \ && return 0 + ! isCoreDefinition "${3:?"Missing CURRENT_FULLFILE"}" \ + && [ -s "${_FILE_DEFAULT_ALL_HOSTS}" ] \ + && echo "${_FILE_DEFAULT_ALL_HOSTS}" \ + && return 0 + return 1 } @@ -155,6 +161,7 @@ function ensureUsageOfDefinitions() { readonly _CIS_ROOT _CURRENT_FILE _CURRENT_FOLDER _CURRENT_FULLFILE _DEFINITIONS _DOMAIN _DEFINED_FULLFILE _NOW _SAVED_FULLFILE [ -z "${_DEFINED_FULLFILE}" ] \ + && isCoreDefinition "${_CURRENT_FULLFILE}" \ && echo \ && echo "URGENT WARNING: If an 'authorized_keys' file of root is replaced by an invalid version," \ && echo " you may lose access to this host!" \