Preparing First User Boot

Because of the security risks we outlined earlier, we need to have a few tasks performed the first time a user logs in:

  • Re-install OpenSSH if the appliance can be accessed this way.

  • Ask for a new user password.

  • Ask for a new MySQL root password

  • Regenerate the SSL certificate if our application can be accessed through SSL.

To do so we will add a line to the very end of /etc/bash.bashrc:

if [ ! -e /etc/opt/sample-app/initial_config_done ]; then
  /opt/sample-app/bin/initial_config
  sudo touch /etc/opt/sample-app/initial_config_done
fi

Through this line, the script /opt/sample-app/bin/initial_config will be executed upon first login if the file /etc/opt/sample-app/initial_config_done does not exist. So we now need to:

  • Create the directory /etc/opt/sample-app/: sudo mkdir /etc/opt/sample-app/.

  • Create the script /opt/sample-app/bin/initial_config using sudo pasting the script below using your text editor of choice:

#!/bin/bash
# Let's change the user's password
echo "Thank you for choosing our sample-app appliance"
echo "For the security of the appliance, we need you to change this user password now."
passwd

# Now change the MySQL password
echo "We now need you to specify a new MySQL root password"
let done=0
while [ $done -eq 0 ]; do
  read -e -s -r -p "New MySQL root password:" PASS1
  echo ""
  read -e -s -r -p "Retype MySQL root password:" PASS2
  if [[ "$PASS1" == "$PASS2" ]]; then
    let done=1
    #perform the actual change assuming that our initial password is default
    mysqladmin -u root --password='default' password $PASS1
  else
    echo "The 2 passwords did not match, please try again."
  fi
done

#Perform the reinstall of OpenSSH so that the key is regenerated
echo "We are now going to generate your ssh keys."
sudo apt-get --purge -y remove openssh-server
sudo apt-get install -y openssh-server

# You can add here any first user login actions that you require
  • Make it executable: sudo chmod a+x /opt/sample-app/bin/initial_config