def add_sudoer( ssh_cmdStr, host, sudo_user, remove_user = False, root_services='ALL', pub_key = ''):
(sc, out) = ssh_cmd( ssh_cmdStr, "id -u " + sudo_user );
if sc == 0 :
msg("Sudoer user '" + sudo_user + "' already installed.")
if remove_user and sudo_user:
msg("removing currently present user: '******'...")
ssh_cmd( ssh_cmdStr, "userdel " + sudo_user, sudo=True )
ssh_cmd( ssh_cmdStr, "rm -rf /home/" + sudo_user, sudo=True )
ssh_cmd( ssh_cmdStr, "rm -rf /etc/sudoers.d/" + sudo_user, sudo=True )
else :
return True
msg("Installing the '" + sudo_user + "' user on host '" + host + "' ..." )
dotSSHDir = "/home/" + sudo_user + "/.ssh"
ssh_cmd( ssh_cmdStr, "adduser " + sudo_user, sudo=True )
msg("\t==> user added" )
### Construct the sudoer filer
sudoFile = "/tmp/" + sudo_user
ssh_cmd( ssh_cmdStr, "cp /dev/null " + sudoFile, sudo=True )
ssh_cmd( ssh_cmdStr, "chmod 666 " + sudoFile, sudo=True )
ssh_cmd( ssh_cmdStr, "\"printf 'Defaults: " + sudo_user + " !requiretty\n' >> "
+ sudoFile + "\"", sudo = True )
ssh_cmd( ssh_cmdStr, "\"printf '" + sudo_user + " ALL=(ALL) NOPASSWD: ALL\n' >> "
+ sudoFile + "\"", sudo = True )
ssh_cmd( ssh_cmdStr, "\"printf '" + sudo_user + " ALL=(root) NOPASSWD: "
+ root_services + "\n' >> " + sudoFile + "\"", sudo = True )
msg("\t==> sudoer file constructed" )
### Validate the sudoer file
(s, o) = ssh_cmd( ssh_cmdStr, "visudo -c -f " + sudoFile, sudo=True)
if s == 0 :
ssh_cmd( ssh_cmdStr, "chmod 440 " + sudoFile, sudo=True )
ssh_cmd( ssh_cmdStr, "mv " + sudoFile + " /etc/sudoers.d", sudo=True )
else :
ssh_cmd( ssh_cmdStr, "rm -rf " +sudoFile, sudo=True )
return False
msg("\t==> sudoer file '" + sudoFile + "' verified on syntax and generated at: /etc/sudoers.d directory" )
ssh_cmd( ssh_cmdStr, "rm -rf " + sudo_user + ";ssh-keygen -t rsa -N '' -f " + sudo_user )
ssh_cmd( ssh_cmdStr, "mkdir -p " + dotSSHDir, sudo = True )
#ssh_cmd( ssh_cmdStr, "chown " + sudo_user + ":" + sudo_user + " " + sudo_user, sudo = True )
#ssh_cmd( ssh_cmdStr, "chown " + sudo_user + ":" + sudo_user + " " + sudo_user + ".pub", sudo = True )
ssh_cmd( ssh_cmdStr, "mv " + sudo_user + " " + dotSSHDir + "/id_rsa", sudo = True )
ssh_cmd( ssh_cmdStr, "mv " + sudo_user + ".pub " + dotSSHDir + "/id_rsa.pub", sudo = True )
ssh_cmd( ssh_cmdStr, "chown -R " + sudo_user + ":" + sudo_user + " " + dotSSHDir, sudo = True )
ssh_cmd( ssh_cmdStr, "chmod 700 -R " + dotSSHDir, sudo = True )
msg("\t==> RSA key pair generated for user '" + sudo_user + "'" )
if not pub_key :
(s, pub_key) = os_cmd("cat ~/.ssh/id_rsa.pub")
if s != 0 :
error("Error when reading ~/.ssh/id_rsa.pub - make sure the RSA public key is present?")
authKeys = "/tmp/authorized_keys"
ssh_cmd( ssh_cmdStr, "rm -rf " + authKeys, sudo = True )
ssh_cmd( ssh_cmdStr, "touch " + authKeys, sudo = True )
ssh_cmd( ssh_cmdStr, "\"bash -c 'echo \\\"" + pub_key + "\n\\\" >> " + authKeys + "'\"", sudo = True )
ssh_cmd( ssh_cmdStr, "chmod 600 " + authKeys, sudo = True )
ssh_cmd( ssh_cmdStr, "chown " + sudo_user + ":" + sudo_user + " " + authKeys, sudo = True )
ssh_cmd( ssh_cmdStr, "mv " + authKeys + " " + dotSSHDir, sudo = True )
msg("\t==> authorized_keys added to .ssh for user '" + sudo_user + "'" )
msg("All done. Verifying new account: ")
(s,o) = os_cmd( "ssh " + sudo_user + "@" + host + " -t 'sudo hostname'", output = True )
return s == 0
#!/usr/bin/python
from BaseUtil import msg
from BaseUtil import error
from BaseUtil import os_cmd
from AWS import add_sudoer
import sys
import logging
logging.basicConfig(level=logging.INFO)
(s, o) = os_cmd("checkport.py amazonhost 12345")
if s > 0:
msg("The amazon VM is not reachable, skipping this part of testing")
sys.exit(0)
(s, pubKey) = os_cmd("cat ~/.ssh/id_rsa.pub")
pubKey.rstrip('\n')
#print "pubKey: " + pubKey
if s == 0:
#addSudoer("54.80.11.60", "sudoer", "ALL", pubKey = pubKey )
add_sudoer(
'ssh -i /Users/weilwu/ws/bluestorm_file-less/info/vault/TheGreatKeyPair.pem.unlocked ec2-user@amazonhost',
"amazonhost",
"sudoer",
remove_user=True,
#removeCurrentUser = False,
root_services="ALL",
pub_key=pubKey)
#!/usr/bin/python
from BaseUtil import msg
from BaseUtil import error
from BaseUtil import os_cmd
from AWS import add_sudoer
import sys
import logging
logging.basicConfig( level = logging.INFO )
(s,o) = os_cmd("checkport.py amazonhost 12345")
if s > 0 :
msg("The amazon VM is not reachable, skipping this part of testing")
sys.exit(0)
(s, pubKey) = os_cmd("cat ~/.ssh/id_rsa.pub")
pubKey.rstrip('\n')
#print "pubKey: " + pubKey
if s == 0:
#addSudoer("54.80.11.60", "sudoer", "ALL", pubKey = pubKey )
add_sudoer( 'ssh -i /Users/weilwu/ws/bluestorm_file-less/info/vault/TheGreatKeyPair.pem.unlocked ec2-user@amazonhost',
"amazonhost", "sudoer",
remove_user = True,
#removeCurrentUser = False,
root_services = "ALL", pub_key = pubKey )
def add_sudoer(ssh_cmdStr,
host,
sudo_user,
remove_user=False,
root_services='ALL',
pub_key=''):
(sc, out) = ssh_cmd(ssh_cmdStr, "id -u " + sudo_user)
if sc == 0:
msg("Sudoer user '" + sudo_user + "' already installed.")
if remove_user and sudo_user:
msg("removing currently present user: '******'...")
ssh_cmd(ssh_cmdStr, "userdel " + sudo_user, sudo=True)
ssh_cmd(ssh_cmdStr, "rm -rf /home/" + sudo_user, sudo=True)
ssh_cmd(ssh_cmdStr,
"rm -rf /etc/sudoers.d/" + sudo_user,
sudo=True)
else:
return True
msg("Installing the '" + sudo_user + "' user on host '" + host + "' ...")
dotSSHDir = "/home/" + sudo_user + "/.ssh"
ssh_cmd(ssh_cmdStr, "adduser " + sudo_user, sudo=True)
msg("\t==> user added")
### Construct the sudoer filer
sudoFile = "/tmp/" + sudo_user
ssh_cmd(ssh_cmdStr, "cp /dev/null " + sudoFile, sudo=True)
ssh_cmd(ssh_cmdStr, "chmod 666 " + sudoFile, sudo=True)
ssh_cmd(ssh_cmdStr,
"\"printf 'Defaults: " + sudo_user + " !requiretty\n' >> " +
sudoFile + "\"",
sudo=True)
ssh_cmd(ssh_cmdStr,
"\"printf '" + sudo_user + " ALL=(ALL) NOPASSWD: ALL\n' >> " +
sudoFile + "\"",
sudo=True)
ssh_cmd(ssh_cmdStr,
"\"printf '" + sudo_user + " ALL=(root) NOPASSWD: " +
root_services + "\n' >> " + sudoFile + "\"",
sudo=True)
msg("\t==> sudoer file constructed")
### Validate the sudoer file
(s, o) = ssh_cmd(ssh_cmdStr, "visudo -c -f " + sudoFile, sudo=True)
if s == 0:
ssh_cmd(ssh_cmdStr, "chmod 440 " + sudoFile, sudo=True)
ssh_cmd(ssh_cmdStr, "mv " + sudoFile + " /etc/sudoers.d", sudo=True)
else:
ssh_cmd(ssh_cmdStr, "rm -rf " + sudoFile, sudo=True)
return False
msg("\t==> sudoer file '" + sudoFile +
"' verified on syntax and generated at: /etc/sudoers.d directory")
ssh_cmd(ssh_cmdStr,
"rm -rf " + sudo_user + ";ssh-keygen -t rsa -N '' -f " + sudo_user)
ssh_cmd(ssh_cmdStr, "mkdir -p " + dotSSHDir, sudo=True)
#ssh_cmd( ssh_cmdStr, "chown " + sudo_user + ":" + sudo_user + " " + sudo_user, sudo = True )
#ssh_cmd( ssh_cmdStr, "chown " + sudo_user + ":" + sudo_user + " " + sudo_user + ".pub", sudo = True )
ssh_cmd(ssh_cmdStr,
"mv " + sudo_user + " " + dotSSHDir + "/id_rsa",
sudo=True)
ssh_cmd(ssh_cmdStr,
"mv " + sudo_user + ".pub " + dotSSHDir + "/id_rsa.pub",
sudo=True)
ssh_cmd(ssh_cmdStr,
"chown -R " + sudo_user + ":" + sudo_user + " " + dotSSHDir,
sudo=True)
ssh_cmd(ssh_cmdStr, "chmod 700 -R " + dotSSHDir, sudo=True)
msg("\t==> RSA key pair generated for user '" + sudo_user + "'")
if not pub_key:
(s, pub_key) = os_cmd("cat ~/.ssh/id_rsa.pub")
if s != 0:
error(
"Error when reading ~/.ssh/id_rsa.pub - make sure the RSA public key is present?"
)
authKeys = "/tmp/authorized_keys"
ssh_cmd(ssh_cmdStr, "rm -rf " + authKeys, sudo=True)
ssh_cmd(ssh_cmdStr, "touch " + authKeys, sudo=True)
ssh_cmd(ssh_cmdStr,
"\"bash -c 'echo \\\"" + pub_key + "\n\\\" >> " + authKeys + "'\"",
sudo=True)
ssh_cmd(ssh_cmdStr, "chmod 600 " + authKeys, sudo=True)
ssh_cmd(ssh_cmdStr,
"chown " + sudo_user + ":" + sudo_user + " " + authKeys,
sudo=True)
ssh_cmd(ssh_cmdStr, "mv " + authKeys + " " + dotSSHDir, sudo=True)
msg("\t==> authorized_keys added to .ssh for user '" + sudo_user + "'")
msg("All done. Verifying new account: ")
(s, o) = os_cmd("ssh " + sudo_user + "@" + host + " -t 'sudo hostname'",
output=True)
return s == 0
from BaseUtil import error
from BaseUtil import os_cmd
from AWS import AWSResourceManager
from AWS import add_sudoer
BaseUtil.set_debug(True)
mgr = AWSResourceManager('us-east-1')
instance = mgr.start_instance('i-ba73ff54')
ip_address = instance.ip_address
while True:
(s,o) = os_cmd("checkport.py " + ip_address + " 12345")
if s == 0 :
break
BaseUtil.sleep(20)
if s > 0 :
msg("The amazon VM is not reachable - please make sure AWS instances are running and "
+ "'amazonhost' is configured properly.")
msg("Skipping this part of testing")
sys.exit(0)
(s, pubKey) = os_cmd("cat ~/.ssh/id_rsa.pub")
pubKey.rstrip('\n')
#print "pubKey: " + pubKey
if s == 0:
