Because of the security risks we outlined earlier, we need to have a few tasks performed the first time a user logs in:
-
Re-install OpenSSH if the appliance can be accessed this way.
-
Ask for a new user password.
-
Ask for a new MySQL root password
-
Regenerate the SSL certificate if our application can be accessed through SSL.
To do so we will add a line to the very end of /etc/bash.bashrc:
if [ ! -e /etc/opt/sample-app/initial_config_done ]; then
/opt/sample-app/bin/initial_config
sudo touch /etc/opt/sample-app/initial_config_done
fi
Through this line, the script /opt/sample-app/bin/initial_config will be executed upon first login if the file
/etc/opt/sample-app/initial_config_done does not exist. So we now need to:
-
Create the directory
/etc/opt/sample-app/: sudo mkdir /etc/opt/sample-app/. -
Create the script
/opt/sample-app/bin/initial_configusing sudo pasting the script below using your text editor of choice:
#!/bin/bash
# Let's change the user's password
echo "Thank you for choosing our sample-app appliance"
echo "For the security of the appliance, we need you to change this user password now."
passwd
# Now change the MySQL password
echo "We now need you to specify a new MySQL root password"
let done=0
while [ $done -eq 0 ]; do
read -e -s -r -p "New MySQL root password:" PASS1
echo ""
read -e -s -r -p "Retype MySQL root password:" PASS2
if [[ "$PASS1" == "$PASS2" ]]; then
let done=1
#perform the actual change assuming that our initial password is default
mysqladmin -u root --password='default' password $PASS1
else
echo "The 2 passwords did not match, please try again."
fi
done
#Perform the reinstall of OpenSSH so that the key is regenerated
echo "We are now going to generate your ssh keys."
sudo apt-get --purge -y remove openssh-server
sudo apt-get install -y openssh-server
# You can add here any first user login actions that you require
-
Make it executable: sudo chmod a+x /opt/sample-app/bin/initial_config
