File: //c3_cloud-init.sh
#!/bin/bash
LOGGER='logger -t C3_VPS_INIT '
OS_RELEASE='/etc/os-release'
function set_init() {
create_swapfile
start_sshd
update_packages
}
function create_swapfile() {
SWAPFILE_SIZE="2048M"
SWAPFILE_DIRECTORY="/var/spool/swap"
SWAPFILE_NAME="swapfile"
SWAPFILE_PATH="${SWAPFILE_DIRECTORY}/${SWAPFILE_NAME}"
FSTAB_PATH="/etc/fstab"
if [ "$(grep --count "swap" "${FSTAB_PATH}")" -ge 1 ]; then
return 0
else
if [ ! -e ${SWAPFILE_DIRECTORY} ]; then
mkdir -p ${SWAPFILE_DIRECTORY}
fi
if [ ! -e ${SWAPFILE_PATH} ]; then
fallocate -l ${SWAPFILE_SIZE} ${SWAPFILE_PATH}
chmod 600 ${SWAPFILE_PATH}
mkswap ${SWAPFILE_PATH}
swapon ${SWAPFILE_PATH}
echo "${SWAPFILE_PATH} none swap defaults 0 0" >> ${FSTAB_PATH}
fi
fi
return 0
}
function start_sshd() {
systemctl reset-failed sshd
systemctl start sshd
}
function update_packages() {
function failed_to_detect() {
${LOGGER} 'Failed to identify distribution name or version.Updating will be skipped .'
return 1
}
function CVE_2024_6387_RHEL_family(){
${LOGGER} 'Start: Update openssh package.'
dnf --assumeyes --refresh upgrade openssh
systemctl restart sshd.service
${LOGGER} 'Complete: Update openssh package.'
}
function CVE_2024_6387_debian(){
${LOGGER} 'Start: Update openssh package.'
apt-get update && DEBIAN_FRONTEND=noninteractive apt-get upgrade --assume-yes
systemctl restart ssh.service
${LOGGER} 'Complete: Update openssh package.'
}
function CVE_2024_6387_ubuntu(){
${LOGGER} 'Start: Update openssh package.'
systemctl start apt-daily.service && systemctl start apt-daily-upgrade.service
systemctl restart ssh.service
${LOGGER} 'Complete: Update openssh package.'
}
function CVE_2024_6387_archlinux(){
${LOGGER} 'Start: Update openssh package.'
pacman -Sy --noconfirm archlinux-keyring && pacman -Syu --noconfirm "openssh>=9.8p1-1"
systemctl restart sshd.service
${LOGGER} 'Complete: Update openssh package.'
}
if [ -e "${OS_RELEASE}" ]; then
local DISTRIBUTION_NAME
DISTRIBUTION_NAME=$(grep "^ID=" "${OS_RELEASE}" | cut -d '=' -f 2 | sed -e 's/"//g')
local DISTRIBUTION_VERSION
DISTRIBUTION_VERSION=$(grep "^VERSION_ID=" "${OS_RELEASE}" | cut -d "=" -f 2 | sed -e 's/"//g' | sed -e 's/"//g')
case ${DISTRIBUTION_NAME} in
"centos" )
case ${DISTRIBUTION_VERSION} in
"9" )
CVE_2024_6387_RHEL_family
;;
* )
;;
esac
;;
"almalinux" )
CVE_2024_6387_RHEL_family
;;
"rocky" )
CVE_2024_6387_RHEL_family
;;
"ol" )
CVE_2024_6387_RHEL_family
;;
"miraclelinux" )
CVE_2024_6387_RHEL_family
;;
"ubuntu" )
case ${DISTRIBUTION_VERSION} in
"24.04" )
CVE_2024_6387_ubuntu
;;
"22.04" )
;;
"20.04" )
;;
* )
failed_to_detect
;;
esac
;;
"debian" )
case ${DISTRIBUTION_VERSION} in
"12" )
CVE_2024_6387_debian
;;
"11" )
CVE_2024_6387_debian
;;
* )
failed_to_detect
;;
esac
;;
"fedora" )
;;
"opensuse-leap" )
;;
"arch" )
CVE_2024_6387_archlinux
;;
* )
failed_to_detect
;;
esac
return 0
fi
failed_to_detect
}
set_init