iiab/roles/3-base-server/templates/lxde_ssh_warn.sh

#!/bin/bash 
# credit to the folks at raspberry pi foundatioon
check_hash ()
{
   if ! id -u iiab-admin > /dev/null 2>&1 ; then return 0 ; fi
   if grep -q "^PasswordAuthentication\s*no" /etc/ssh/sshd_config ; then return 0 ; fi
   test -x /usr/bin/mkpasswd || return 0
   SHADOW="$(sudo -n grep -E '^iiab-admin:' /etc/shadow 2>/dev/null)"
   test -n "${SHADOW}" || return 0
   if echo $SHADOW | grep -q "iiab-admin:!" ; then return 0 ; fi
   SHADOW_PW=$(echo $SHADOW | cut -d: -f2)
   if [ "$SHADOW_PW" != "\$6\$iiab51\$D.IrrEeLBYIuJkGDmi27pZUGOwPFp98qpl3hxMwWV4hXigFGmdSvy3s/j7tn6OnyTTLmlV7SsN0lCUAFzxSop." ]; then return 0 ; fi

   if echo "${SHADOW}" | grep -q "${HASH}"; then
	zenity --warning --text="SSH is enabled and the default password for the 'iiab-admin' user has not been changed.\nThis is a security risk - please go to the iiab-console and use utilities-> change password   to set a new password."
   fi
}

if service ssh status | grep -q running; then
	check_hash
fi
unset check_hash
initial checkin -- May 27, 2017 2017-05-27 18:09:50 +00:00			`#!/bin/bash`
			`# credit to the folks at raspberry pi foundatioon`
			`check_hash ()`
			`{`
Test (#20) * change apache_data to apache_user in all * no libapach2 in centos. just php. no php-magick in centos * remove redundant vars entries * do not create apache user * missed one pound sign * soft code all references to apache_user * centos requires older setuptools * revert ansible_lsb.id in xsce.yml * try getting recent pip * move pip download to 2prep so that kalite success is not dependent on iiab coming first * still need to replace setuptools in kalite * add curl -- needed in debian * massivly substitue iiab for xsce, and rename files * completed runansible * centos fixes,install pip * appliance means no iptables rules * change to earlier version of setuptools for centos * delete file duplicate, hopefully unnecessary. generate the offline docs * wiki docs errors * create the admin group -- deleted earlier * use the --yes option with pip uninstall * base of repo moved from schoolserver to iiab, unleashkids.org->iiab.io * network detection broken due to tupo 2017-06-09 23:25:56 +00:00			`if ! id -u iiab-admin > /dev/null 2>&1 ; then return 0 ; fi`
initial checkin -- May 27, 2017 2017-05-27 18:09:50 +00:00			`if grep -q "^PasswordAuthentication\s*no" /etc/ssh/sshd_config ; then return 0 ; fi`
			`test -x /usr/bin/mkpasswd \|\| return 0`
Test (#20) * change apache_data to apache_user in all * no libapach2 in centos. just php. no php-magick in centos * remove redundant vars entries * do not create apache user * missed one pound sign * soft code all references to apache_user * centos requires older setuptools * revert ansible_lsb.id in xsce.yml * try getting recent pip * move pip download to 2prep so that kalite success is not dependent on iiab coming first * still need to replace setuptools in kalite * add curl -- needed in debian * massivly substitue iiab for xsce, and rename files * completed runansible * centos fixes,install pip * appliance means no iptables rules * change to earlier version of setuptools for centos * delete file duplicate, hopefully unnecessary. generate the offline docs * wiki docs errors * create the admin group -- deleted earlier * use the --yes option with pip uninstall * base of repo moved from schoolserver to iiab, unleashkids.org->iiab.io * network detection broken due to tupo 2017-06-09 23:25:56 +00:00			`SHADOW="$(sudo -n grep -E '^iiab-admin:' /etc/shadow 2>/dev/null)"`
initial checkin -- May 27, 2017 2017-05-27 18:09:50 +00:00			`test -n "${SHADOW}" \|\| return 0`
Test (#20) * change apache_data to apache_user in all * no libapach2 in centos. just php. no php-magick in centos * remove redundant vars entries * do not create apache user * missed one pound sign * soft code all references to apache_user * centos requires older setuptools * revert ansible_lsb.id in xsce.yml * try getting recent pip * move pip download to 2prep so that kalite success is not dependent on iiab coming first * still need to replace setuptools in kalite * add curl -- needed in debian * massivly substitue iiab for xsce, and rename files * completed runansible * centos fixes,install pip * appliance means no iptables rules * change to earlier version of setuptools for centos * delete file duplicate, hopefully unnecessary. generate the offline docs * wiki docs errors * create the admin group -- deleted earlier * use the --yes option with pip uninstall * base of repo moved from schoolserver to iiab, unleashkids.org->iiab.io * network detection broken due to tupo 2017-06-09 23:25:56 +00:00			`if echo $SHADOW \| grep -q "iiab-admin:!" ; then return 0 ; fi`
initial checkin -- May 27, 2017 2017-05-27 18:09:50 +00:00			`SHADOW_PW=$(echo $SHADOW \| cut -d: -f2)`
Test (#20) * change apache_data to apache_user in all * no libapach2 in centos. just php. no php-magick in centos * remove redundant vars entries * do not create apache user * missed one pound sign * soft code all references to apache_user * centos requires older setuptools * revert ansible_lsb.id in xsce.yml * try getting recent pip * move pip download to 2prep so that kalite success is not dependent on iiab coming first * still need to replace setuptools in kalite * add curl -- needed in debian * massivly substitue iiab for xsce, and rename files * completed runansible * centos fixes,install pip * appliance means no iptables rules * change to earlier version of setuptools for centos * delete file duplicate, hopefully unnecessary. generate the offline docs * wiki docs errors * create the admin group -- deleted earlier * use the --yes option with pip uninstall * base of repo moved from schoolserver to iiab, unleashkids.org->iiab.io * network detection broken due to tupo 2017-06-09 23:25:56 +00:00			`if [ "$SHADOW_PW" != "\$6\$iiab51\$D.IrrEeLBYIuJkGDmi27pZUGOwPFp98qpl3hxMwWV4hXigFGmdSvy3s/j7tn6OnyTTLmlV7SsN0lCUAFzxSop." ]; then return 0 ; fi`
initial checkin -- May 27, 2017 2017-05-27 18:09:50 +00:00
			`if echo "${SHADOW}" \| grep -q "${HASH}"; then`
Test (#20) * change apache_data to apache_user in all * no libapach2 in centos. just php. no php-magick in centos * remove redundant vars entries * do not create apache user * missed one pound sign * soft code all references to apache_user * centos requires older setuptools * revert ansible_lsb.id in xsce.yml * try getting recent pip * move pip download to 2prep so that kalite success is not dependent on iiab coming first * still need to replace setuptools in kalite * add curl -- needed in debian * massivly substitue iiab for xsce, and rename files * completed runansible * centos fixes,install pip * appliance means no iptables rules * change to earlier version of setuptools for centos * delete file duplicate, hopefully unnecessary. generate the offline docs * wiki docs errors * create the admin group -- deleted earlier * use the --yes option with pip uninstall * base of repo moved from schoolserver to iiab, unleashkids.org->iiab.io * network detection broken due to tupo 2017-06-09 23:25:56 +00:00			`zenity --warning --text="SSH is enabled and the default password for the 'iiab-admin' user has not been changed.\nThis is a security risk - please go to the iiab-console and use utilities-> change password to set a new password."`
initial checkin -- May 27, 2017 2017-05-27 18:09:50 +00:00			`fi`
			`}`

			`if service ssh status \| grep -q running; then`
			`check_hash`
			`fi`
			`unset check_hash`