#!/bin/bash
# Copyright Atomicorp, 2015-2021
# License: Commercial. Unauthorized redistribution prohibited.
# Basic install key routine

VERSION="1.0"

export LANG=C

echo 
echo "#################################################################"
echo "Atomicorp Support Key installer: v$VERSION"
echo "#################################################################"
echo 
echo

ROOT_UID="0"

#Check if run as root
if [ "$UID" -ne "$ROOT_UID" ] ; then
        echo "You must be root to run this program. Do not run this progam via sudo."
        exit 1
fi


cat << EOF | less -e -Ps"Press the space bar to view the next page"
Release of Liability:

BY INSTALLING THIS SOFWARE YOU (HEREAFTER KNOWN AS "CLIENT") AGREE TO RELEASE
AND HOLD HARMLESS ATOMICORP LIMITED FROM ANY AND ALL LIABILITY ASSOCIATED WITH 
THE PERFORMANCE OF ANY SERVICES OR THE PROVISION, INSTALLATION, REMOVAL, 
MODIFICATION OR CONFIGURATION OF CLIENTS COMPUTER, SOFTWARE OR ANY OPERATING
SYSTEM COMPONENT, AND ACKNOWLEDGE ATOMICORP LIMITED OFFERS NO EXPLICIT OR 
IMPLIED WARRANTY OR GUARANTEE ON SERVICES PERFORMED OR SOFTWARE PROVIDED. 

IN NO EVENT SHALL ATOMICORP LIMITED, BE LIABLE FOR ANY DIRECT, INDIRECT, 
INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 
LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE SERVICES PROVIDED OR 
FROM THE USE OF ANY SOFTWARE INSTALLED, REPAIRED, CONFIGURED, REMOVED OR 
OTHERWISE MODIFIED BY ATOMICORP LIMITED, EVEN IF ADVISED OF THE POSSIBILITY 
OF SUCH DAMAGE.

FURTHER:

1. CLIENT acknowledges that due to the nature of the service being performed, there is potential risk of damage or loss including, but not limited to, damage to Client's computer, routers, firewalls, switches, peripherals, and accessories, as well as potential risk of damage, corruption, or loss of computer software, applications, data, and data storage media.

2. CLIENT agrees to release and hold harmless Atomicorp Limited from any and all liability for damage or loss as well as any incidental or consequential material or financial damage or loss that may result from the actions of Atomicorp Limited, its agents, employees, contractors or service representatives.

3. CLIENT grants Atomicorp Limited, its agents and service representative's access and permission to access and modify any and all computer systems, software, applications, databases, components, networks, routers, firewalls, switches, peripherals, and accessories.

4. CLIENT grants Atomicorp Limited, its agents, employees, contractors and service representatives full access, security rights, and permission to open, view, and modify, edit, delete, or otherwise manipulate CLIENTs computer operating system, databases, software, applications, settings, configuration, data, and data storage media including, but not limited to the computer Operating System, databases, services, workflow, graphics, kernel, system drivers and libraries, and any other type of software, setting, configuration, hardware or data that may be contained on CLIENTs computer system or network.

5. CLIENT grants Atomicorp Limited, its agents, employees, contractors and service representatives, permission to download and/or install software on CLIENTs computer and/or network, including but not limited to, malware scanners, diagnosis and repair utilities, drivers, libraries, kernels, software updates, daemons, tools and software requested to be installed, repaired, modified, removed or diagnosed by CLIENT or Atomicorp Limited or both.

Atomicorp Limited strongly advises that CLIENT safeguard critical data by backing up said data prior to any services performed by Atomicorp Limited. Unless specifically requested and provided in advance as a paid service by Atomicorp Limited CLIENT is entirely responsible for any backup, archiving, or protective storage as well as restoration if required, of CLIENTs data, storage, operating system and any other data that may be lost or damaged because of these services. Neither the signing of this agreement nor the performance of services by Atomicorp Limited implies ongoing support once these services are completed, availability of technical support or support for any software installed or modified on CLIENT systems. This document constitutes the entire agreement between CLIENT and Atomicorp Limited. No other agreement whether verbal or written shall be in effect except if agreed to and authorized in writing by both parties.

By reading this document, CLIENT indicates that he/she has read and understands, and agrees to the terms of this Release of Liability form.

EOF

echo -n "Do you agree to these terms (yes/no): "
read query </dev/tty

if [ "$query" == "yes" ]; then
	echo
elif [ "$query" == "no" ]; then
  	echo "Exiting"
  	echo
  	exit 1
else
  	echo "Please enter yes or no"
  	echo
  	exit
fi

echo 
echo "Atomicorp Key installer: v$VERSION"
echo 


# Prereq
if /usr/bin/lsattr /etc/sudoers | grep -q "\-i"; then
	echo 
	echo "Error: /etc/sudoers is immutable. Installer cannot continue."
	echo
	exit 1
	
fi

# Do a root login check, if it works we'll add this to root
# If not, we create the atomic account, and use that

echo -n "Checking for login type: "

if  ! grep -q "^PermitRootLogin no" /etc/ssh/sshd_config ; then
	# root allowed
	USER=root
else 
	USER=atomic
fi

if egrep -q "^(DenyUsers|DenyGroups).*root" /etc/ssh/sshd_config ; then
	USER=atomic
fi

if egrep -q "^AllowUsers" /etc/ssh/sshd_config ; then
	USER=atomic
	echo "AllowUsers atomic@98.175.234.114" >> /etc/ssh/sshd_config
	service sshd reload > /dev/null 2>&1
fi

if  [ "$USER" == "root" ]; then
  	echo "root allowed"
  	HOME=/root
else
  echo "root denied"
  echo -n "Checking atomic user: "
  HOME=/home/atomic

  # check for user, add if it doesnt exist
  if  ! egrep -q ^atomic: /etc/passwd ; then
    	echo "not found, creating"
	if grep atomic /etc/group; then
    		/usr/sbin/useradd -s /bin/bash -m -c "Atomicorp Support" atomic -g atomic >/dev/null 2>&1
	else
    		/usr/sbin/useradd -s /bin/bash -m -c "Atomicorp Support" atomic >/dev/null 2>&1
	fi
	#/usr/bin/passwd -uf atomic
	/usr/bin/passwd -u atomic
  else
    	echo "found"
  fi

  # check for group, add it if it doesnt exist
  echo -n "Checking for atomic group: "
  if ! egrep -q ^atomic: /etc/group ; then
    echo "creating"
    /usr/sbin/groupadd atomic > /dev/null 2>&1
  else
    echo "found"
  fi

  if  grep -q ^AllowUsers /etc/ssh/sshd_config  ; then
    echo "AllowUsers configuration detected."
    echo "AllowUsers atomic ">> /etc/ssh/sshd_config
    /etc/init.d/sshd restart
  fi
  
  if ! grep -q wheel /etc/group; then
	  addgroup wheel
  fi
  
  # check to see if user is in wheel group
  echo -n "Checking for atomic in wheel group: "
  if ! grep -q ^wheel.*atomic /etc/group ; then
    echo "not found, adding"
    /usr/sbin/usermod -G wheel`groups atomic | awk -F: '{print $2}' |sed 's/ /,/g'` atomic  >/dev/null 2>&1
  else
    echo "found"
  fi
  
  # update sudo to allow nopasswd for wheel group users
  if [ -f /etc/redhat-release ]; then
  	rpm --quiet -q sudo  || yum -y install sudo
  	rpm --quiet -q vim-enhanced || yum -y install vim-enhanced
  fi

  echo -n "Checking sudo configuration: "
  if ! grep -q ^%wheel.*NOPASSWD.*ALL /etc/sudoers ; then
    echo "wheel not allowed, adding"
    echo "%wheel        ALL=(ALL)       NOPASSWD: ALL" >> /etc/sudoers

	if [ $? -ne 0 ]; then
		echo
		echo "Error: Wheel group could not be added to /etc/sudoers"
		echo "   You will need to resolve this and run the key installer again"
		echo
	
		exit 1
	fi
  else
    echo "wheel found"
  fi
fi


# rough check here, ran into a system with bad perms
echo -n "Verifying permissions on $HOME: "
chown $USER.$USER $HOME
echo "done"

# cd to home
cd $HOME

# check for .ssh dir
echo -n "Checking for $HOME/.ssh dir: "
if [ ! -d .ssh ]; then
  echo "not found, creating"
  mkdir -p .ssh
else
  echo "found"
fi

cd .ssh
echo -n "Downloading https://www.atomicorp.com/authorized_key: "
curl -s https://www.atomicorp.com/authorized_keys >> authorized_keys
cat authorized_keys >> authorized_keys2
echo "done"
cd ..

chmod -R 700 .ssh
chown -R $USER.$USER $HOME/.ssh
if [ -f /usr/sbin/setenforce ] ; then
	setenforce 0
fi



echo
echo "#################################################################"
echo "Pease send your systems IP address, and SSH port to the"
echo "Atomicorp support team.  We will need that information to log in."
echo "#################################################################"
echo
echo