-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathgoogle_auth.py
More file actions
67 lines (62 loc) · 2.35 KB
/
google_auth.py
File metadata and controls
67 lines (62 loc) · 2.35 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
#!/usr/bin/env python
#Script usage:
##python google_auth.py
import subprocess
import os
def replace_line(file_name, line_num, text):
lines = open(file_name, 'r').readlines()
lines[line_num] = text
out = open(file_name, 'w')
out.writelines(lines)
out.close()
#Writes goo.sh
f = open("goo.sh", "a")
f.write('#!/bin/bash\n\n')
f.write('yum install -y expect\n')
f.write('echo "STARTED to Set-up GOOGLE-AUTHENTICATOR"\n')
f.write('GOOGLE_AUTH=$(expect -c "\n')
f.write('spawn google-authenticator\n')
f.write('expect \\"Do you want authentication tokens to be time-based (y/n) \\"\n')
f.write('send \\"y\\r\\"\n')
f.write('expect \\"Do you want me to update your "/root/.google_authenticator" file? (y/n)\\"\n')
f.write('send \\"y\\r\\"\n')
f.write('expect \\"Do you want to disallow multiple uses of the same authentication\n')
f.write('token? This restricts you to one login about every 30s, but it increases\n')
f.write('your chances to notice or even prevent man-in-the-middle attacks (y/n) \\"\n')
f.write('send \\"y\\r\\"\n')
f.write('expect \\"Do you want to do so? (y/n) \\"\n')
f.write('send \\"y\\r\\"\n')
f.write('expect \\"Do you want to enable rate-limiting? (y/n) \\"\n')
f.write('send \\"y\\r\\"\n')
f.write('expect eof\n')
f.write('")\n')
f.write('yum remove -y expect\n')
f.close()
os.chmod("goo.sh", 755)
#Install Google Authenticator
subprocess.run('yum -y install epel-release', shell=True)
subprocess.run('yum -y install google-authenticator', shell=True)
subprocess.run('./goo.sh', shell=True)
#Configuring File
file1 = open("/etc/pam.d/sshd", "a")
file1.write("auth required pam_unix.so try_first_pass\n")
file1.write("auth required pam_google_authenticator.so")
file1.close()
file2 = open("/etc/ssh/sshd_config", "a")
file2.write("Match User administrator\n")
file2.write(" AuthenticationMethods keyboard-interactive")
file2.close()
replace_line('/etc/ssh/sshd_config', 67, 'ChallengeResponseAuthentication yes\n')
replace_line('/etc/ssh/sshd_config', 68, '#ChallengeResponseAuthentication no\n')
subprocess.run('systemctl restart sshd', shell=True)
os.remove("goo.sh")
#Displays Google_Authenticator_Key
f=open('/root/.google_authenticator')
lines=f.readlines()
print ("Your new secret key is: " + lines[0])
print ("Your emergency scratch codes are:")
print (lines[5])
print (lines[6])
print (lines[7])
print (lines[8])
print (lines[9])