grupo totp

VM_OPENSSL_APACHE.sh

@@ -7,6 +7,18 @@ sudo yum install -y epel-release
 sudo yum install -y openssl httpd mod_ssl mod_authnz_pam google-authenticator 
 sudo yum install -y mod_session
 
+# utilizador
+id -u john &>/dev/null || useradd john
+echo "password" | passwd --stdin john
+
+# dar acesso ao apache para ler o .google_authenticator
+groupadd -f totp
+usermod -aG totp apache
+usermod -aG totp john
+
+sudo chown apache:totp /home/john/.google_authenticator
+sudo chmod 660 /home/john/.google_authenticator
+
 if_dentro="enp0s8"
 ip_dentro="10.60.0.1"
 ifconfig $if_dentro $ip_dentro netmask 255.255.255.0
@@ -34,6 +46,7 @@ cp ca/ca.crt /etc/httpd/ssl/
 cp ca/apache.crt /etc/httpd/ssl/
 cp ca/apache.key /etc/httpd/ssl/
 cp conf/ssl.conf /etc/httpd/conf.d/ssl.conf
+cp conf/httpd.conf /etc/httpd/conf/httpd.conf
 cp conf/httpd-totp /etc/pam.d/httpd-totp
 
 # NOTA(vasco) é preciso desativar home protection outra vez
@@ -51,12 +64,3 @@ cp -r www/* /var/www/html/
 chown -R apache:apache /var/www/html/
 
 systemctl enable --now httpd
-
-# acho ?????
-sudo chgrp apache /etc/shadow
-sudo chmod o+x /home/john
-sudo chown apache /home/john/.google_authenticator
-sudo chmod 400 /home/john/.google_authenticator
-sudo chmod o+x /home/user
-sudo chown apache /home/user/.google_authenticator
-sudo chmod 400 /home/user/.google_authenticator