Because of the security risks we outlined earlier, we need to have a few tasks performed the first time a user logs in:
-
Re-install OpenSSH if the appliance can be accessed this way.
-
Ask for a new user password.
-
Ask for a new MySQL root password
-
Regenerate the SSL certificate if our application can be accessed through SSL.
To do so we will add a line to the very end of /etc/bash.bashrc
:
if [ ! -e /etc/opt/sample-app/initial_config_done ]; then /opt/sample-app/bin/initial_config sudo touch /etc/opt/sample-app/initial_config_done fi
Through this line, the script /opt/sample-app/bin/initial_config
will be executed upon first login if the file
/etc/opt/sample-app/initial_config_done
does not exist. So we now need to:
-
Create the directory
/etc/opt/sample-app/
: sudo mkdir /etc/opt/sample-app/. -
Create the script
/opt/sample-app/bin/initial_config
using sudo pasting the script below using your text editor of choice:
#!/bin/bash # Let's change the user's password echo "Thank you for choosing our sample-app appliance" echo "For the security of the appliance, we need you to change this user password now." passwd # Now change the MySQL password echo "We now need you to specify a new MySQL root password" let done=0 while [ $done -eq 0 ]; do read -e -s -r -p "New MySQL root password:" PASS1 echo "" read -e -s -r -p "Retype MySQL root password:" PASS2 if [[ "$PASS1" == "$PASS2" ]]; then let done=1 #perform the actual change assuming that our initial password is default mysqladmin -u root --password='default' password $PASS1 else echo "The 2 passwords did not match, please try again." fi done #Perform the reinstall of OpenSSH so that the key is regenerated echo "We are now going to generate your ssh keys." sudo apt-get --purge -y remove openssh-server sudo apt-get install -y openssh-server # You can add here any first user login actions that you require
-
Make it executable: sudo chmod a+x /opt/sample-app/bin/initial_config