SkylineAutomationToolkit

1.3.2

skyline-sec.ps1

                                function security {

$SSHsecurity = plink -batch root@$SERVERX -no-antispoof -pw "$password" "grep -v '#' /etc/ssh/sshd_config | grep -c '$SEC1 $SEC2'"

if ( $SSHsecurity -lt 1)

{ 

write-output "...set $SEC1..."

plink -batch root@$SERVERX -no-antispoof -pw "$password" "echo '$SEC1 $SEC2' >> /etc/ssh/sshd_config"

} else

 {

 write-output "...$SEC1 has already been set..."

 }

return $security

}

function skyline-sec {

[CmdletBinding()] 

param(

 [string]$CHOICE1,

 [string]$CHOICE2

)

switch ( $CHOICE1 )

{

set-ssh {

write-output "starting to set SSH settings on $CHOICE2..."

$encrypted = ConvertTo-SecureString(read-host "Enter a Password" -AsSecureString | ConvertFrom-SecureString)

$bstr = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($encrypted)

$password = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($bstr)

        #V-239165

    $SERVERX = $CHOICE2

    $SEC1 = "MaxAuthTries"

    $SEC2 = "2"

    security

    #V-239164

        $SERVERX = $CHOICE2

    $SEC1 = "IgnoreUserKnownHosts"

    $SEC2 = "yes"

    security

    #V-239161

        $SERVERX = $CHOICE2

    $SEC1 = "Compression"

    $SEC2 = "no"

    security

    #V-239160

        $SERVERX = $CHOICE2

    $SEC1 = "PermitEmptyPasswords"

    $SEC2 = "no"

    security

    #V-239163

        $SERVERX = $CHOICE2

    $SEC1 = "IgnoreRhosts"

    $SEC2 = "yes"

    security

    #V-239162

        $SERVERX = $CHOICE2

    $SEC1 = "PrintLastLog"

    $SEC2 = "yes"

    security

    #V-239155

        $SERVERX = $CHOICE2

    $SEC1 = "PermitUserEnvironment"

    $SEC2 = "no"

    security

    #V-239156

        $SERVERX = $CHOICE2

    $SEC1 = "X11Forwarding"

    $SEC2 = "no"

    security

    #V-239157

        $SERVERX = $CHOICE2

    $SEC1 = "StrictModes"

    $SEC2 = "yes"

    security

    #V-239158

        $SERVERX = $CHOICE2

    $SEC1 = "KerberosAuthentication"

    $SEC2 = "no"

    security

write-output "...complete set SSH settings on $CHOICE2"

}

set-passwd {

write-output "starting to set password settings on $CHOICE2..."

write-output "...set 90 Days Max Lifetime..."

    plink root@$CHOICE2 -no-antispoof "sed -i s/'PASS_MAX_DAYS 60'/'PASS_MAX_DAYS 90'/g /etc/login.defs"

write-output "...set password history..."

    plink root@$CHOICE2 -no-antispoof "touch /etc/security/opasswd; chown root:root /etc/security/opasswd; chmod 0600 /etc/security/opasswd; echo 'password required pam_pwhistory.so enforce_for_root use_authtok remember=5 retry=3' >> /etc/pam.d/system-password"

write-output "...complete set password settings on $CHOICE2"

}

default { 

    ''

    'USAGE: skyline-sec ARG VARIABLE' 

    '        (arg1): [set-ssh]'

    '        (arg2): [set-passwd]'

    ''

     createsource

    } #set-logging, set-config

}

} #skyline-sec