Hardening-Linux-Debian-Ubuntu/test/modules/custom_prompt.sh

#!/bin/bash
# =============================================================================
# Custom prompt configuration module
# =============================================================================

# Set script directory
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"

# Source common functions and variables
source "./common.sh"

# Function to configure custom banner
configure_custom_banner() {
  log_message "INFO" "Configuring custom banner"

  # Create custom banner file
  local banner_file="/etc/banner"

  log_message "INFO" "Creating custom banner file"

  cat > "$banner_file" << 'EOF'

  _______ _                ____   __     __  __ _
 |__   __(_)              / __ \ / _|   |  \/  (_)
    | |   _ _ __  ___ ___| |  | | |_ ___| \  / |_ _ __   ___
    | |  | | '_ \/ __|___| |  | |  _|___| |\/| | | '_ \ / _ \
    | |  | | |_) \__ \   | |__| | |     | |  | | | | | |  __/
    |_|  |_| .__/|___/    \____/|_|     |_|  |_|_|_| |_|\___|
           | |
           |_|

AVERTISSEMENT : L'accès à ce système est réservé aux utilisateurs
dûment autorisés.

Toute tentative d'accès, d'accès à ce système sans autorisation ou
de maintien frauduleux dans ce système fera l'objet de poursuites
conformément à la politique de Tips-Of-Mine.

Tout utilisateur autorisé est informé et reconnaît que ses actions
peuvent être enregistrées, conservées et auditées conformément aux
chartes/politiques internes de aux chartes/politiques internes de
Tips-Of-Mine.
EOF

  chmod +x "$banner_file"

  local file="/etc/ssh/sshd_config"
  local line=`grep -n "#Banner none" $file | cut -d ":" -f 1`

  #echo $line

  # Vérification de la présence de la ligne AuthorizedKeysFile
  if [ -z "$line" ]; then
      echo "#Banner none" | tee -a $file
  else
      sed -i ''$line'c\Banner /etc/banner' $file > /dev/null || handle_error "Échec de "
  fi

  #
  line=`grep -n "#Banner none" $file | cut -d ":" -f 1` || handle_error "Échec de "

  log_message "SUCCESS" "Custom banner file created at $banner_file"

  # Source the prompt file to apply immediately
  source "$banner_file"
}

# Function to configure custom profile
configure_custom_profile() {
  log_message "INFO" "Configuring custom profile"

  # Create custom profile file
  local profile_file="/etc/profile.d/custom-profile.sh"

  log_message "INFO" "Creating custom profile file"

  cat > "$profile_file" << 'EOF'
#!/bin/bash
# Custom secure server profile
# Generated by security hardening script

# Check if the terminal supports colors
if [ -x /usr/bin/tput ] && tput setaf 1 >&/dev/null; then
  # Color definitions
  BLUE="\[\033[01;34m\]"
  GREEN="\[\033[01;32m\]"
  RED="\[\033[01;31m\]"
  YELLOW="\[\033[01;33m\]"
  PURPLE="\[\033[01;35m\]"
  CYAN="\[\033[01;36m\]"
  WHITE="\[\033[01;37m\]"
  RESET="\[\033[00m\]"
  BOLD="\[\033[01m\]"

  # Get server IP
  SERVER_IP=$(hostname -I | awk '{print $1}')

  # Define symbols based on privilege
  if [ "$(id -u)" -eq 0 ]; then
    # Root user - red prompt
    USER_COLOR=$RED
    PROMPT_SYMBOL="#"
  else
    # Regular user - green prompt
    USER_COLOR=$GREEN
    PROMPT_SYMBOL="$"
  fi

  # Set the prompt
  PS1="${BOLD}[${USER_COLOR}\u${RESET}${BOLD}@${CYAN}\h${RESET}${BOLD} ${YELLOW}\w${RESET}${BOLD}]${RESET}\\n${USER_COLOR}${PROMPT_SYMBOL}${RESET} "

  # Show additional security information for root users
  if [ "$(id -u)" -eq 0 ]; then
    # Display system information
    echo -e "\n${RED}ATTENTION: ROOT LOGIN${RESET}"
    echo -e "${YELLOW}System Info:${RESET}"
    echo -e "  ${CYAN}Hostname:${RESET} $(hostname)"
    echo -e "  ${CYAN}IP Address:${RESET} ${SERVER_IP}"
    echo -e "  ${CYAN}Kernel:${RESET} $(uname -r)"
    echo -e "  ${CYAN}Uptime:${RESET} $(uptime -p | sed 's/up //')"
    echo -e "  ${CYAN}Load:${RESET} $(cat /proc/loadavg | awk '{print $1 ", " $2 ", " $3}')"

    # Show recent failed login attempts
    FAILED_LOGINS=$(grep "Failed password" /var/log/auth.log | tail -5)
    if [ ! -z "$FAILED_LOGINS" ]; then
      echo -e "\n${YELLOW}Recent Failed Login Attempts:${RESET}"
      echo -e "${RED}$(grep "Failed password" /var/log/auth.log | tail -5)${RESET}"
    fi

    echo -e "\n${RED}THIS IS A SECURED SERVER - ALL ACTIONS ARE LOGGED${RESET}\n"
  fi
else
  # Simple prompt for terminals without color support
  PS1="[\u@\h \W]\\$ "
fi

# Set some useful aliases
alias ll='ls -la'
alias l='ls -l'
alias rm='rm -i'
alias cp='cp -i'
alias mv='mv -i'
alias grep='grep --color=auto'
EOF

  chmod +x "$profile_file"

  log_message "SUCCESS" "Custom profile file created at $profile_file"

  # Source the profile file to apply immediately
  source "$profile_file"
}

# Function to configure custom prompt
configure_custom_prompt() {
  log_message "INFO" "Configuring custom prompt"

  # Create custom prompt file
  local prompt_file="/etc/update-motd.d/00-basic"

  log_message "INFO" "Creating custom prompt file"

  cat > "$prompt_file" << 'EOF'
#!/bin/bash

# get load averages
IFS=" " read LOAD1 LOAD5 LOAD15 <<<$(awk '{ print $1,$2,$3 }' /proc/loadavg)
# get free memory
IFS=" " read USED AVAIL TOTAL <<<$(free -htm | awk '/Mem/ { print $3,$7,$2 }')
# get processes
PROCESS=$(ps -eo user=|sort|uniq -c | awk '{ print $2 " " $1 }')
PROCESS_ALL=$(echo "$PROCESS"| awk {'print $2'} | awk '{ SUM += $1} END { print SUM }')
PROCESS_ROOT=$(echo "$PROCESS" | awk '/root/ { print $2}')
PROCESS_USER=$(echo "$PROCESS" | awk '!/root/ { SUM += $2} END { print SUM }')
# get processors
PROCESSOR_NAME=$(awk -F": " '/model name/ { print $2 }' /proc/cpuinfo | head -1)
PROCESSOR_COUNT=$(grep -ioPc 'processor\t:' /proc/cpuinfo)

# colors
W="\e[0;39m"
G="\e[1;32m"
R="\e[1;31m"
dim="\e[2m"
undim="\e[0m"

echo -e "${W}System info:
$W  Hostname$dim····$undim: $W${HOSTNAME}
$W  Distro$dim······$undim: $W$(grep "PRETTY_NAME" /etc/*release | cut -d "=" -f 2- | sed 's/"//g')
$W  Kernel$dim······$undim: $W$(uname -sr)
$W  Uptime$dim······$undim: $W$(uptime -p)
$W  Load$dim········$undim: $G$LOAD1$W (1m), $G$LOAD5$W (5m), $G$LOAD15$W (15m)
$W  Processes$dim···$undim: $G$PROCESS_ROOT$W (root), $G$PROCESS_USER$W (user), $G$PROCESS_ALL$W (total)
$W  CPU$dim·········$undim: $W$PROCESSOR_NAME ($G$PROCESSOR_COUNT$W vCPU)
$W  Memory$dim······$undim: $G$USED$W used, $G$AVAIL$W avail, $G$TOTAL$W total"

# config
max_usage=90
bar_width=50

# disk usage: ignore zfs, squashfs & tmpfs
printf "\nDisk usage:\n"

while read line; do
    # get disk usage
    usage=$(echo "$line" | awk '{print $2}' | sed 's/%//')
    used_width=$((($usage*$bar_width)/100))
    # color is green if usage < max_usage, else red
    if [ "${usage}" -ge "${max_usage}" ]; then
        color=$R
    else
        color=$G
    fi
    # print green/red bar until used_width
    bar="[${color}"
    for ((i=0; i<$used_width; i++)); do
        bar+="="
    done
    # print dimmmed bar until end
    bar+="${W}${dim}"
    for ((i=$used_width; i<$bar_width; i++)); do
        bar+="·"
    done
    bar+="${undim}]"
    # print usage line & bar
    echo "${line}" | awk '{ printf("%-31s%+3s used out of %+4s\n", $1, $2, $3); }' | sed -e 's/^/  /'
    echo -e "${bar}" | sed -e 's/^/  /'
done < <(df -H -x zfs -x squashfs -x tmpfs -x devtmpfs -x overlay -x nfs -x nfs4 -x cifs --output=target,pcent,size | tail -n+2)

printf "\n"
EOF

  chmod +x "$prompt_file"

  log_message "SUCCESS" "Custom prompt file created at $prompt_file"

  # Source the prompt file to apply immediately
    source "$prompt_file"
}

# Main execution for custom prompt
configure_custom_banner
configure_custom_profile
configure_custom_prompt

log_message "SUCCESS" "Custom prompt configuration completed"