Example #1
0
def add_sudoer( ssh_cmdStr, host, sudo_user, remove_user = False, root_services='ALL', pub_key = ''):

    (sc, out) = ssh_cmd( ssh_cmdStr, "id -u " + sudo_user );

    if sc == 0 :
       msg("Sudoer user '" + sudo_user + "' already installed.")
       if remove_user and sudo_user:
		msg("removing currently present user: '******'...")
		ssh_cmd( ssh_cmdStr, "userdel " + sudo_user, sudo=True )
		ssh_cmd( ssh_cmdStr, "rm -rf /home/" + sudo_user, sudo=True )
		ssh_cmd( ssh_cmdStr, "rm -rf /etc/sudoers.d/" + sudo_user, sudo=True )
       else :
		return True

    msg("Installing the '" + sudo_user + "' user on host '" + host + "' ..." )
    dotSSHDir = "/home/" + sudo_user + "/.ssh"

    ssh_cmd( ssh_cmdStr, "adduser " + sudo_user, sudo=True  )
    msg("\t==> user added" )

    ### Construct the sudoer filer
   
    sudoFile = "/tmp/" + sudo_user
    ssh_cmd( ssh_cmdStr, "cp /dev/null " + sudoFile, sudo=True  )
    ssh_cmd( ssh_cmdStr, "chmod 666 " + sudoFile, sudo=True )
    ssh_cmd( ssh_cmdStr, "\"printf 'Defaults: " + sudo_user + " !requiretty\n' >> " 
               + sudoFile + "\"", sudo = True )
    ssh_cmd( ssh_cmdStr, "\"printf '" + sudo_user  + " ALL=(ALL) NOPASSWD: ALL\n' >> "
               + sudoFile + "\"", sudo = True )
    ssh_cmd( ssh_cmdStr, "\"printf '" + sudo_user  + " ALL=(root) NOPASSWD: " 
               + root_services +  "\n' >> " + sudoFile + "\"", sudo = True )
    msg("\t==> sudoer file constructed" )

    ### Validate the sudoer file
    (s, o) = ssh_cmd( ssh_cmdStr, "visudo -c -f " + sudoFile, sudo=True)
    if s == 0 :
           ssh_cmd( ssh_cmdStr, "chmod 440 " + sudoFile, sudo=True )
	   ssh_cmd( ssh_cmdStr, "mv " + sudoFile + " /etc/sudoers.d", sudo=True )
    else :
           ssh_cmd( ssh_cmdStr, "rm -rf " +sudoFile, sudo=True )
	   return False
    msg("\t==> sudoer file '" + sudoFile + "' verified on syntax and generated at: /etc/sudoers.d directory" )

    ssh_cmd( ssh_cmdStr, "rm -rf " + sudo_user + ";ssh-keygen -t rsa -N '' -f " + sudo_user )
    ssh_cmd( ssh_cmdStr, "mkdir -p " + dotSSHDir, sudo = True )
    #ssh_cmd( ssh_cmdStr, "chown " + sudo_user + ":" + sudo_user + " " + sudo_user, sudo = True )
    #ssh_cmd( ssh_cmdStr, "chown " + sudo_user + ":" + sudo_user + " " + sudo_user + ".pub", sudo = True )
    ssh_cmd( ssh_cmdStr, "mv " + sudo_user + " " + dotSSHDir + "/id_rsa", sudo = True )
    ssh_cmd( ssh_cmdStr, "mv " + sudo_user + ".pub " + dotSSHDir + "/id_rsa.pub", sudo = True )
    ssh_cmd( ssh_cmdStr, "chown -R " + sudo_user + ":" + sudo_user + " " + dotSSHDir, sudo = True )
    ssh_cmd( ssh_cmdStr, "chmod 700 -R " + dotSSHDir, sudo = True )
    msg("\t==> RSA key pair generated for user '" + sudo_user + "'" )
    if not pub_key :
	(s, pub_key) = os_cmd("cat ~/.ssh/id_rsa.pub")
	if s != 0 :
		error("Error when reading ~/.ssh/id_rsa.pub - make sure the RSA public key is present?")

    authKeys = "/tmp/authorized_keys"
    ssh_cmd( ssh_cmdStr, "rm -rf " + authKeys, sudo = True )
    ssh_cmd( ssh_cmdStr, "touch " + authKeys, sudo = True )
    ssh_cmd( ssh_cmdStr, "\"bash -c 'echo \\\"" + pub_key + "\n\\\" >> " + authKeys + "'\"", sudo = True )
    ssh_cmd( ssh_cmdStr, "chmod 600 " + authKeys, sudo = True )
    ssh_cmd( ssh_cmdStr, "chown " + sudo_user + ":" + sudo_user + " " + authKeys, sudo = True )
    ssh_cmd( ssh_cmdStr, "mv " + authKeys + " " + dotSSHDir, sudo = True )
    msg("\t==> authorized_keys added to .ssh for user '" + sudo_user + "'" )
    msg("All done. Verifying new account: ")
    (s,o) = os_cmd( "ssh " + sudo_user + "@" + host + " -t 'sudo hostname'", output = True )
    return s == 0
Example #2
0
#!/usr/bin/python
from BaseUtil import msg
from BaseUtil import error
from BaseUtil import os_cmd
from AWS import add_sudoer

import sys
import logging

logging.basicConfig(level=logging.INFO)

(s, o) = os_cmd("checkport.py amazonhost 12345")

if s > 0:
    msg("The amazon VM is not reachable, skipping this part of testing")
    sys.exit(0)

(s, pubKey) = os_cmd("cat ~/.ssh/id_rsa.pub")
pubKey.rstrip('\n')

#print "pubKey: " + pubKey
if s == 0:
    #addSudoer("54.80.11.60", "sudoer", "ALL", pubKey = pubKey )
    add_sudoer(
        'ssh -i /Users/weilwu/ws/bluestorm_file-less/info/vault/TheGreatKeyPair.pem.unlocked ec2-user@amazonhost',
        "amazonhost",
        "sudoer",
        remove_user=True,
        #removeCurrentUser = False,
        root_services="ALL",
        pub_key=pubKey)
Example #3
0
#!/usr/bin/python
from BaseUtil import msg
from BaseUtil import error
from BaseUtil import os_cmd
from AWS import add_sudoer

import sys
import logging

logging.basicConfig( level = logging.INFO )

(s,o) = os_cmd("checkport.py amazonhost 12345")

if s > 0 :
	msg("The amazon VM is not reachable, skipping this part of testing")
	sys.exit(0)

(s, pubKey) = os_cmd("cat ~/.ssh/id_rsa.pub")
pubKey.rstrip('\n')

#print "pubKey: " + pubKey
if s == 0:
    #addSudoer("54.80.11.60", "sudoer", "ALL", pubKey = pubKey )
    add_sudoer( 'ssh -i /Users/weilwu/ws/bluestorm_file-less/info/vault/TheGreatKeyPair.pem.unlocked ec2-user@amazonhost',
               "amazonhost", "sudoer",
               remove_user = True,
               #removeCurrentUser = False,
               root_services = "ALL", pub_key = pubKey )
Example #4
0
def add_sudoer(ssh_cmdStr,
               host,
               sudo_user,
               remove_user=False,
               root_services='ALL',
               pub_key=''):

    (sc, out) = ssh_cmd(ssh_cmdStr, "id -u " + sudo_user)

    if sc == 0:
        msg("Sudoer user '" + sudo_user + "' already installed.")
        if remove_user and sudo_user:
            msg("removing currently present user: '******'...")
            ssh_cmd(ssh_cmdStr, "userdel " + sudo_user, sudo=True)
            ssh_cmd(ssh_cmdStr, "rm -rf /home/" + sudo_user, sudo=True)
            ssh_cmd(ssh_cmdStr,
                    "rm -rf /etc/sudoers.d/" + sudo_user,
                    sudo=True)
        else:
            return True

    msg("Installing the '" + sudo_user + "' user on host '" + host + "' ...")
    dotSSHDir = "/home/" + sudo_user + "/.ssh"

    ssh_cmd(ssh_cmdStr, "adduser " + sudo_user, sudo=True)
    msg("\t==> user added")

    ### Construct the sudoer filer

    sudoFile = "/tmp/" + sudo_user
    ssh_cmd(ssh_cmdStr, "cp /dev/null " + sudoFile, sudo=True)
    ssh_cmd(ssh_cmdStr, "chmod 666 " + sudoFile, sudo=True)
    ssh_cmd(ssh_cmdStr,
            "\"printf 'Defaults: " + sudo_user + " !requiretty\n' >> " +
            sudoFile + "\"",
            sudo=True)
    ssh_cmd(ssh_cmdStr,
            "\"printf '" + sudo_user + " ALL=(ALL) NOPASSWD: ALL\n' >> " +
            sudoFile + "\"",
            sudo=True)
    ssh_cmd(ssh_cmdStr,
            "\"printf '" + sudo_user + " ALL=(root) NOPASSWD: " +
            root_services + "\n' >> " + sudoFile + "\"",
            sudo=True)
    msg("\t==> sudoer file constructed")

    ### Validate the sudoer file
    (s, o) = ssh_cmd(ssh_cmdStr, "visudo -c -f " + sudoFile, sudo=True)
    if s == 0:
        ssh_cmd(ssh_cmdStr, "chmod 440 " + sudoFile, sudo=True)
        ssh_cmd(ssh_cmdStr, "mv " + sudoFile + " /etc/sudoers.d", sudo=True)
    else:
        ssh_cmd(ssh_cmdStr, "rm -rf " + sudoFile, sudo=True)
        return False
    msg("\t==> sudoer file '" + sudoFile +
        "' verified on syntax and generated at: /etc/sudoers.d directory")

    ssh_cmd(ssh_cmdStr,
            "rm -rf " + sudo_user + ";ssh-keygen -t rsa -N '' -f " + sudo_user)
    ssh_cmd(ssh_cmdStr, "mkdir -p " + dotSSHDir, sudo=True)
    #ssh_cmd( ssh_cmdStr, "chown " + sudo_user + ":" + sudo_user + " " + sudo_user, sudo = True )
    #ssh_cmd( ssh_cmdStr, "chown " + sudo_user + ":" + sudo_user + " " + sudo_user + ".pub", sudo = True )
    ssh_cmd(ssh_cmdStr,
            "mv " + sudo_user + " " + dotSSHDir + "/id_rsa",
            sudo=True)
    ssh_cmd(ssh_cmdStr,
            "mv " + sudo_user + ".pub " + dotSSHDir + "/id_rsa.pub",
            sudo=True)
    ssh_cmd(ssh_cmdStr,
            "chown -R " + sudo_user + ":" + sudo_user + " " + dotSSHDir,
            sudo=True)
    ssh_cmd(ssh_cmdStr, "chmod 700 -R " + dotSSHDir, sudo=True)
    msg("\t==> RSA key pair generated for user '" + sudo_user + "'")
    if not pub_key:
        (s, pub_key) = os_cmd("cat ~/.ssh/id_rsa.pub")
        if s != 0:
            error(
                "Error when reading ~/.ssh/id_rsa.pub - make sure the RSA public key is present?"
            )

    authKeys = "/tmp/authorized_keys"
    ssh_cmd(ssh_cmdStr, "rm -rf " + authKeys, sudo=True)
    ssh_cmd(ssh_cmdStr, "touch " + authKeys, sudo=True)
    ssh_cmd(ssh_cmdStr,
            "\"bash -c 'echo \\\"" + pub_key + "\n\\\" >> " + authKeys + "'\"",
            sudo=True)
    ssh_cmd(ssh_cmdStr, "chmod 600 " + authKeys, sudo=True)
    ssh_cmd(ssh_cmdStr,
            "chown " + sudo_user + ":" + sudo_user + " " + authKeys,
            sudo=True)
    ssh_cmd(ssh_cmdStr, "mv " + authKeys + " " + dotSSHDir, sudo=True)
    msg("\t==> authorized_keys added to .ssh for user '" + sudo_user + "'")
    msg("All done. Verifying new account: ")
    (s, o) = os_cmd("ssh " + sudo_user + "@" + host + " -t 'sudo hostname'",
                    output=True)
    return s == 0
Example #5
0
from BaseUtil import error
from BaseUtil import os_cmd
from AWS import AWSResourceManager
from AWS import add_sudoer

BaseUtil.set_debug(True)

mgr = AWSResourceManager('us-east-1') 

instance = mgr.start_instance('i-ba73ff54')

ip_address = instance.ip_address

while True:

    (s,o) = os_cmd("checkport.py " + ip_address + " 12345")
    if s == 0 :
        break
    BaseUtil.sleep(20)

if s > 0 :
	msg("The amazon VM is not reachable - please make sure AWS instances are running and "
            + "'amazonhost' is configured properly.")
        msg("Skipping this part of testing")
	sys.exit(0)

(s, pubKey) = os_cmd("cat ~/.ssh/id_rsa.pub")
pubKey.rstrip('\n')

#print "pubKey: " + pubKey
if s == 0: