-
Notifications
You must be signed in to change notification settings - Fork 7
/
Copy pathgenpass.sh
125 lines (111 loc) · 4 KB
/
genpass.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
#!/bin/bash
if [ -z "$(echo $BASH_VERSION$ZSH_VERSION)" ]; then
echo "❌ This script requires Bash or Zsh!" >&2
exit 1
fi
SHARED_PASS=rocky
WEBMIN_USERS_FILE="/etc/webmin/miniserv.users"
BRIDGE_ENV_FILE="/home/bridge/public_html/.env"
WEBMIN_CHANGEPASS=""
for path in /usr/{share,libexec}/webmin/changepass.pl; do
[[ -x "$path" ]] && WEBMIN_CHANGEPASS="$path" && break
done
generate_password() {
openssl rand -base64 24 | tr -dc 'A-Za-z0-9' | head -c 24
}
test_linux() {
echo $SHARED_PASS | sudo -S true 2>/dev/null
[ $? -eq 0 ]
}
test_webmin() {
[[ -f "$WEBMIN_USERS_FILE" ]] || return 1
WEBMIN_HASH=$(grep "^root:" "$WEBMIN_USERS_FILE" | cut -d: -f2)
SALT=$(echo "$WEBMIN_HASH" | cut -d'$' -f3)
GENERATED_HASH=$(openssl passwd -6 -salt "$SALT" "$SHARED_PASS")
[[ "$WEBMIN_HASH" == "$GENERATED_HASH" ]]
}
test_bridge_unix() {
echo "$SHARED_PASS" | sudo -S -u bridge true 2>/dev/null
[ $? -eq 0 ]
}
test_bridge_api() {
curl -sS 'http://localhost:2223/status/ip' --connect-timeout 5 \
--header 'Authorization: Bearer rocky' \
| jq -e '.granted == true' > /dev/null
}
test_valkey() {
echo "AUTH root $SHARED_PASS" | valkey-cli &>/dev/null;
}
echo This script detect if you haven\'t change any password in this OS then perform changes it for you.
echo ""
echo "[ 1 / 5 ] Checking your linux root password..."
if test_linux; then
echo "Insecure! Changing your linux root password..."
NEW_PASS=$(generate_password)
echo -e "$SHARED_PASS\n$NEW_PASS\n$NEW_PASS" | sudo passwd root >/dev/null 2>&1
if [ $? -eq 0 ]; then
echo "Password changed successfully."
echo "New linux root password: $NEW_PASS"
echo KEEP THIS LINUX ROOT PASSWORD OR RISK LOCKED OUT
else
echo "Failed to change linux root password."
exit 1
fi
fi
echo "[ 2 / 5 ] Checking your webmin root password..."
if test_webmin; then
echo "Insecure! Changing your webmin root password..."
NEW_PASS=$(generate_password)
$WEBMIN_CHANGEPASS /etc/webmin root $NEW_PASS
if [ $? -eq 0 ]; then
echo "Password changed successfully."
echo "New webmin root password: $NEW_PASS"
else
echo "Failed to change webmin root password."
exit 1
fi
fi
echo "[ 3 / 5 ] Checking your valkey root password..."
if test_valkey; then
echo "Insecure! Changing your valkey root password..."
NEW_PASS=$(generate_password)
if echo -e "AUTH root $SHARED_PASS\nACL SETUSER root >$NEW_PASS\nACL SAVE" | valkey-cli; then
echo "Password changed successfully."
echo "New valkey root password: $SHARED_PASS"
if [[ -f $BRIDGE_ENV_FILE && -w $BRIDGE_ENV_FILE ]]; then
sed -i '/^REDIS_URL=/d' "$BRIDGE_ENV_FILE"
echo "REDIS_URL=\"redis://root:$NEWPASS@localhost:6379\"" >> "$BRIDGE_ENV_FILE"
echo "Valkey root password has been written to bridge env file"
systemctl restart bridge || true
fi
else
echo "Failed to change valkey root password."
fi
fi
echo "[ 4 / 5 ] Checking your linux bridge password..."
if test_bridge_unix; then
echo "Insecure! Changing your linux bridge password..."
NEW_PASS=$(generate_password)
echo -e "$SHARED_PASS\n$NEW_PASS\n$NEW_PASS" | sudo passwd bridge >/dev/null 2>&1
if [ $? -eq 0 ]; then
echo "Password changed successfully."
echo "New linux bridge password: $NEW_PASS"
else
echo "Failed to change linux bridge password."
exit 1
fi
fi
echo "[ 5 / 5 ] Checking your API bridge password..."
if test_bridge_unix; then
echo "Insecure! Changing your API bridge password..."
NEW_PASS=$(generate_password)
if [[ -f $BRIDGE_ENV_FILE && -w $BRIDGE_ENV_FILE ]]; then
sed -i '/^SECRET=/d' "$BRIDGE_ENV_FILE"
echo "SECRET=$NEW_PASS" >> "$BRIDGE_ENV_FILE"
echo "Password changed successfully."
echo "New API bridge password: $NEW_PASS"
systemctl restart bridge || true
else
echo "Failed to change API bridge password."
fi
fi