External/du_setup
1
0
Fork 0
mirror of https://github.com/buildplan/du_setup.git synced 2025-12-29 16:14:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

Improve VPS detection

Browse Source
This commit is contained in:
buildplan
2025-10-14 01:00:59 +01:00
parent 1d5bcbcc3e
commit d1da2b6142
1 changed files with 267 additions and 178 deletions
Download Patch File Download Diff File Expand all files Collapse all files

301
du_setup.sh
View File

@@ -210,13 +210,10 @@ print_info() {
# --- CLEANUP HELPER FUNCTIONS --- # --- CLEANUP HELPER FUNCTIONS ---
execute_check() { execute_check() {
if [[ "$CLEANUP_PREVIEW" == "true" ]]; then
"$@" 2>/dev/null
return $?
fi
"$@" "$@"
} }
execute_command() { execute_command() {
local cmd_string="$*" local cmd_string="$*"
@@ -261,6 +258,12 @@ detect_environment() {
fi fi
fi fi
if command -v dmidecode &>/dev/null && [[ $(id -u) -eq 0 ]]; then
DETECTED_BIOS_VENDOR=$(dmidecode -s bios-vendor 2>/dev/null | tr '[:upper:]' '[:lower:]' || echo "unknown")
elif [[ -r /sys/class/dmi/id/bios_vendor ]]; then
DETECTED_BIOS_VENDOR=$(tr '[:upper:]' '[:lower:]' < /sys/class/dmi/id/bios_vendor 2>/dev/null || echo "unknown")
fi
# Cloud provider detection patterns # Cloud provider detection patterns
local CLOUD_PATTERNS=( local CLOUD_PATTERNS=(
# VPS/Cloud Providers # VPS/Cloud Providers
@@ -309,10 +312,8 @@ detect_environment() {
# Additional checks based on virtualization type # Additional checks based on virtualization type
case "$VIRT_TYPE" in case "$VIRT_TYPE" in
kvm|qemu) kvm|qemu)
if [[ "$MANUFACTURER" =~ (qemu|bochs|ovmf) ]]; then if [[ -z "$IS_CLOUD_VPS" ]] || [[ "$IS_CLOUD_VPS" == "false" ]]; then
if [[ "$MANUFACTURER" == "qemu" && "$PRODUCT" =~ ^(standard pc|pc-|pc ) ]]; then if [[ -d /etc/cloud/cloud.cfg.d ]] && grep -qE "(Hetzner|DigitalOcean|Vultr|OVH)" /etc/cloud/cloud.cfg.d/* 2>/dev/null; then
IS_CLOUD_VPS=false
else
IS_CLOUD_VPS=true IS_CLOUD_VPS=true
fi fi
fi fi
@@ -336,18 +337,99 @@ detect_environment() {
;; ;;
esac esac
# Determine environment type based on detection
if [[ "$VIRT_TYPE" == "none" ]]; then
ENVIRONMENT_TYPE="bare-metal"
elif [[ "$IS_CLOUD_VPS" == "true" ]]; then
ENVIRONMENT_TYPE="commercial-cloud"
elif [[ "$VIRT_TYPE" =~ ^(kvm|qemu)$ ]]; then
if [[ "$MANUFACTURER" == "qemu" && "$PRODUCT" =~ ^(standard pc|pc-|pc ) ]]; then
ENVIRONMENT_TYPE="uncertain-kvm"
else
ENVIRONMENT_TYPE="commercial-cloud"
fi
elif [[ "$VIRT_TYPE" =~ ^(vmware|virtualbox|oracle)$ ]]; then
ENVIRONMENT_TYPE="personal-vm"
elif [[ "$VIRT_TYPE" == "xen" ]]; then
ENVIRONMENT_TYPE="uncertain-xen"
else
ENVIRONMENT_TYPE="unknown"
fi
case "$ENVIRONMENT_TYPE" in
commercial-cloud)
if [[ "$MANUFACTURER" =~ digitalocean ]]; then
DETECTED_PROVIDER_NAME="DigitalOcean"
elif [[ "$MANUFACTURER" =~ hetzner ]]; then
DETECTED_PROVIDER_NAME="Hetzner Cloud"
elif [[ "$MANUFACTURER" =~ vultr ]]; then
DETECTED_PROVIDER_NAME="Vultr"
elif [[ "$MANUFACTURER" =~ linode || "$PRODUCT" =~ akamai ]]; then
DETECTED_PROVIDER_NAME="Linode/Akamai"
elif [[ "$MANUFACTURER" =~ ovh ]]; then
DETECTED_PROVIDER_NAME="OVH"
elif [[ "$MANUFACTURER" =~ amazon || "$PRODUCT" =~ "ec2" ]]; then
DETECTED_PROVIDER_NAME="Amazon Web Services (AWS)"
elif [[ "$MANUFACTURER" =~ google ]]; then
DETECTED_PROVIDER_NAME="Google Cloud Platform"
elif [[ "$MANUFACTURER" =~ microsoft ]]; then
DETECTED_PROVIDER_NAME="Microsoft Azure"
else
DETECTED_PROVIDER_NAME="Cloud VPS Provider"
fi
;;
personal-vm)
if [[ "$VIRT_TYPE" == "virtualbox" || "$MANUFACTURER" =~ innotek ]]; then
DETECTED_PROVIDER_NAME="VirtualBox"
elif [[ "$VIRT_TYPE" == "vmware" ]]; then
DETECTED_PROVIDER_NAME="VMware"
else
DETECTED_PROVIDER_NAME="Personal VM"
fi
;;
uncertain-kvm)
DETECTED_PROVIDER_NAME="KVM/QEMU Hypervisor"
;;
esac
# Export results as global variables # Export results as global variables
export ENVIRONMENT_TYPE
DETECTED_VIRT_TYPE="$VIRT_TYPE" DETECTED_VIRT_TYPE="$VIRT_TYPE"
DETECTED_MANUFACTURER="$MANUFACTURER" DETECTED_MANUFACTURER="$MANUFACTURER"
DETECTED_PRODUCT="$PRODUCT" DETECTED_PRODUCT="$PRODUCT"
DETECTED_BIOS_VENDOR="${DETECTED_BIOS_VENDOR:-unknown}"
IS_CLOUD_PROVIDER="$IS_CLOUD_VPS" IS_CLOUD_PROVIDER="$IS_CLOUD_VPS"
log "Environment detection: VIRT=$VIRT_TYPE, MANUFACTURER=$MANUFACTURER, PRODUCT=$PRODUCT, IS_CLOUD=$IS_CLOUD_VPS" log "Environment detection: VIRT=$VIRT_TYPE, MANUFACTURER=$MANUFACTURER, PRODUCT=$PRODUCT, IS_CLOUD=$IS_CLOUD_VPS, TYPE=$ENVIRONMENT_TYPE"
} }
cleanup_provider_packages() { cleanup_provider_packages() {
print_section "Provider Package Cleanup (Optional)" print_section "Provider Package Cleanup (Optional)"
# Validate required global variables
if [[ -z "$LOG_FILE" ]]; then
LOG_FILE="/var/log/du_setup_$(date +%Y%m%d_%H%M%S).log"
echo "Warning: LOG_FILE not set, using: $LOG_FILE"
fi
if [[ -z "$USERNAME" ]]; then
print_error "ERROR: USERNAME variable not set. Cannot proceed safely."
log "cleanup_provider_packages() failed: USERNAME not defined"
return 1
fi
# Validate required variables
if [[ -z "$BACKUP_DIR" ]]; then
BACKUP_DIR="/root/setup_harden_backup_$(date +%Y%m%d_%H%M%S)"
mkdir -p "$BACKUP_DIR"
log "Created backup directory: $BACKUP_DIR"
fi
# Ensure cleanup mode variables are set
CLEANUP_PREVIEW="${CLEANUP_PREVIEW:-false}"
CLEANUP_ONLY="${CLEANUP_ONLY:-false}"
VERBOSE="${VERBOSE:-true}"
# Detect environment first # Detect environment first
detect_environment detect_environment
@@ -356,60 +438,113 @@ cleanup_provider_packages() {
echo "Virtualization Type: ${DETECTED_VIRT_TYPE:-unknown}" echo "Virtualization Type: ${DETECTED_VIRT_TYPE:-unknown}"
echo "System Manufacturer: ${DETECTED_MANUFACTURER:-unknown}" echo "System Manufacturer: ${DETECTED_MANUFACTURER:-unknown}"
echo "Product Name: ${DETECTED_PRODUCT:-unknown}" echo "Product Name: ${DETECTED_PRODUCT:-unknown}"
if [[ -n "${DETECTED_BIOS_VENDOR}" && "${DETECTED_BIOS_VENDOR}" != "unknown" ]]; then
echo "BIOS Vendor: ${DETECTED_BIOS_VENDOR}"
fi
if [[ -n "${DETECTED_PROVIDER_NAME}" ]]; then
echo "Detected Provider: ${DETECTED_PROVIDER_NAME}"
fi
echo echo
# Determine recommendation based on detection # Determine recommendation based on three-way detection
local CLEANUP_RECOMMENDED=false local CLEANUP_RECOMMENDED=false
local DEFAULT_ANSWER="n"
local RECOMMENDATION_TEXT="" local RECOMMENDATION_TEXT=""
local ENVIRONMENT_CONFIDENCE="${ENVIRONMENT_CONFIDENCE:-low}"
if [[ "$IS_CLOUD_PROVIDER" == "true" ]]; then case "$ENVIRONMENT_TYPE" in
CLEANUP_RECOMMENDED=true commercial-cloud)
echo -e "${YELLOW}⚠ Cloud VPS Provider Detected${NC}" CLEANUP_RECOMMENDED=true
echo "This appears to be a cloud VPS from an external provider." DEFAULT_ANSWER="y"
RECOMMENDATION_TEXT="Provider cleanup is ${BOLD}RECOMMENDED${NC} for security." echo -e "${YELLOW}☁ Commercial Cloud VPS Detected${NC}"
echo -e "$RECOMMENDATION_TEXT" if [[ -n "${DETECTED_PROVIDER_NAME}" ]]; then
echo "Providers may install monitoring agents, pre-configured users, and other tools." echo -e "Provider: ${CYAN}${DETECTED_PROVIDER_NAME}${NC}"
echo fi
elif [[ "$DETECTED_VIRT_TYPE" == "none" ]]; then echo "This is a commercial VPS from an external provider."
echo -e "${GREEN}✓ Bare Metal Server Detected${NC}" RECOMMENDATION_TEXT="Provider cleanup is ${BOLD}RECOMMENDED${NC} for security."
echo "This appears to be a physical (bare metal) server." echo -e "$RECOMMENDATION_TEXT"
RECOMMENDATION_TEXT="Provider cleanup is ${BOLD}NOT NEEDED${NC} for bare metal." echo "Providers may install monitoring agents, pre-configured users, and management tools."
echo -e "$RECOMMENDATION_TEXT" ;;
echo
else uncertain-kvm)
echo -e "${CYAN} Personal/Private Virtualization Detected${NC}" CLEANUP_RECOMMENDED=false
echo "This appears to be a personal VM (VirtualBox, VMware, Proxmox, etc.)" DEFAULT_ANSWER="n"
RECOMMENDATION_TEXT="Provider cleanup is ${BOLD}OPTIONAL${NC} for trusted environments." echo -e "${YELLOW}⚠ KVM/QEMU Virtualization Detected (Uncertain)${NC}"
echo -e "$RECOMMENDATION_TEXT" echo "This environment could be:"
echo "If you control the hypervisor/host, you likely don't need cleanup." echo " ${CYAN}${NC} A commercial cloud provider VPS (Hetzner, Vultr, OVH, smaller providers)"
echo echo " ${CYAN}${NC} A personal VM on Proxmox, KVM, or QEMU"
fi echo " ${CYAN}${NC} A VPS from a regional/unlisted provider"
echo ""
RECOMMENDATION_TEXT="Cleanup is ${BOLD}OPTIONAL${NC} - review packages carefully before proceeding."
echo -e "$RECOMMENDATION_TEXT"
echo "If this is a commercial VPS, cleanup is recommended."
echo "If you control the hypervisor (Proxmox/KVM), cleanup is optional."
;;
personal-vm)
CLEANUP_RECOMMENDED=false
DEFAULT_ANSWER="n"
echo -e "${CYAN} Personal/Private Virtualization Detected${NC}"
if [[ -n "${DETECTED_PROVIDER_NAME}" ]]; then
echo -e "Platform: ${CYAN}${DETECTED_PROVIDER_NAME}${NC}"
fi
echo "This appears to be a personal VM (VirtualBox, VMware Workstation, etc.)"
RECOMMENDATION_TEXT="Provider cleanup is ${BOLD}NOT RECOMMENDED${NC} for trusted environments."
echo -e "$RECOMMENDATION_TEXT"
echo "If you control the hypervisor/host, you likely don't need cleanup."
;;
bare-metal)
echo -e "${GREEN}✓ Bare Metal Server Detected${NC}"
echo "This appears to be a physical (bare metal) server."
RECOMMENDATION_TEXT="Provider cleanup is ${BOLD}NOT NEEDED${NC} for bare metal."
echo -e "$RECOMMENDATION_TEXT"
echo "No virtualization layer detected - skipping cleanup."
log "Provider package cleanup skipped: bare metal server detected."
return 0
;;
uncertain-xen|unknown|*)
CLEANUP_RECOMMENDED=false
DEFAULT_ANSWER="n"
echo -e "${YELLOW}⚠ Virtualization Environment: Uncertain${NC}"
echo "Could not definitively identify the hosting provider or environment."
RECOMMENDATION_TEXT="Cleanup is ${BOLD}OPTIONAL${NC} - proceed with caution."
echo -e "$RECOMMENDATION_TEXT"
echo "Review packages carefully before removing anything."
;;
esac
echo
# Decision point based on environment and flags # Decision point based on environment and flags
if [[ "$CLEANUP_PREVIEW" == "false" ]] && [[ "$CLEANUP_ONLY" == "false" ]]; then if [[ "$CLEANUP_PREVIEW" == "false" ]] && [[ "$CLEANUP_ONLY" == "false" ]]; then
if [[ "$IS_CLOUD_PROVIDER" == "true" ]]; then local PROMPT_TEXT=""
# Cloud VPS - recommend cleanup with default "yes"
if ! confirm "Run provider package cleanup? (Recommended for cloud VPS)" "y"; then if [[ "$ENVIRONMENT_TYPE" == "commercial-cloud" ]]; then
print_info "Skipping provider package cleanup." PROMPT_TEXT="Run provider package cleanup? (Recommended for cloud VPS)"
log "Provider package cleanup skipped by user (cloud VPS detected)." elif [[ "$ENVIRONMENT_TYPE" == "uncertain-kvm" ]]; then
return 0 PROMPT_TEXT="Run provider package cleanup? (Verify your environment first)"
fi
else else
# Personal VM or bare metal - recommend skip with default "no" PROMPT_TEXT="Run provider package cleanup? (Not recommended for trusted environments)"
echo -e "${YELLOW}This cleanup is intended for untrusted cloud VPS providers.${NC}" fi
echo "If you trust your virtualization environment (personal Proxmox, ESXi, etc.),"
echo "you should skip this step."
echo
if ! confirm "Run provider package cleanup anyway?" "n"; then if ! confirm "$PROMPT_TEXT" "$DEFAULT_ANSWER"; then
print_info "Skipping provider package cleanup (recommended for trusted environments)." print_info "Skipping provider package cleanup."
log "Provider package cleanup skipped by user (trusted environment detected)." log "Provider package cleanup skipped by user (environment: $ENVIRONMENT_TYPE)."
return 0
fi
# Extra warning for non-cloud environments
if [[ "$CLEANUP_RECOMMENDED" == "false" ]] && [[ "$ENVIRONMENT_TYPE" != "uncertain-kvm" ]]; then
echo
print_warning "⚠ You chose to run cleanup on a trusted/personal environment."
print_warning "This may remove useful tools or break functionality."
echo
if ! confirm "Are you sure you want to continue?" "n"; then
print_info "Cleanup cancelled."
log "User cancelled cleanup after warning."
return 0 return 0
fi fi
print_warning "Proceeding with cleanup on a trusted environment."
print_warning "Exercise caution - this may remove useful tools."
echo
fi fi
fi fi
@@ -445,9 +580,6 @@ cleanup_provider_packages() {
"qemu-guest-agent" "qemu-guest-agent"
"virtio-utils" "virtio-utils"
"virt-what" "virt-what"
"libvirt-daemon-system"
"libvirt-clients"
"libguestfs-tools"
# Cloud-init and cloud utilities # Cloud-init and cloud utilities
"cloud-init" "cloud-init"
"cloud-guest-utils" "cloud-guest-utils"
@@ -456,18 +588,9 @@ cleanup_provider_packages() {
# VMware, Xen, Hyper-V, Oracle # VMware, Xen, Hyper-V, Oracle
"open-vm-tools" "open-vm-tools"
"xe-guest-utilities" "xe-guest-utilities"
"oracle-cloud-agent"
"ovm-tools"
"xen-tools" "xen-tools"
"xenserver-guest-tools"
"xenserver-guest-utils"
"xenserver-libs"
"hyperv-daemons" "hyperv-daemons"
"hv-kvp-daemon-init" "oracle-cloud-agent"
"hv-fcopy-daemon-init"
"hv-vss-daemon-init"
"hv-utils"
# Cloud Provider Agents (by provider)
# AWS # AWS
"aws-systems-manager-agent" "aws-systems-manager-agent"
"amazon-ssm-agent" "amazon-ssm-agent"
@@ -475,11 +598,8 @@ cleanup_provider_packages() {
"google-compute-engine" "google-compute-engine"
"google-osconfig-agent" "google-osconfig-agent"
# Azure # Azure
"azure-agent"
"walinuxagent" "walinuxagent"
# Oracle # Popular VPS Providers
"oracle-cloud-agent"
# Common third-party host agents
"hetzner-needrestart" "hetzner-needrestart"
"digitalocean-agent" "digitalocean-agent"
"do-agent" "do-agent"
@@ -487,41 +607,10 @@ cleanup_provider_packages() {
"vultr-monitoring" "vultr-monitoring"
"scaleway-ecosystem" "scaleway-ecosystem"
"ovh-rtm" "ovh-rtm"
# Contabo # OpenStack (guest-side only)
"contabo-monitoring"
# Hetzner
"hcloud"
"hcloud-agent"
# Alibaba Cloud
"aliyun-assist"
# Tencent Cloud
"qcloud-agent"
# IBM Cloud
"ibm-cloud-agent"
# OpenStack
"openstack-guest-utils" "openstack-guest-utils"
"openstack-nova-agent" "openstack-nova-agent"
"openstack-neutron-agent" )
"openstack-ceilometer-agent"
"openstack-glance"
"openstack-keystone"
"openstack-swift"
"openstack-cinder"
"openstack-dashboard"
"openstack-nova-compute"
"openstack-neutron-server"
"openstack-ceilometer-api"
"openstack-ceilometer-collector"
"openstack-ceilometer-notification"
"openstack-glance-api"
"openstack-glance-registry"
"openstack-keystone"
"openstack-swift-proxy"
"openstack-cinder-api"
"openstack-cinder-scheduler"
"openstack-cinder-volume"
"openstack-dashboard"
)
# Common provider-created default users # Common provider-created default users
local COMMON_PROVIDER_USERS=( local COMMON_PROVIDER_USERS=(
@@ -601,23 +690,23 @@ cleanup_provider_packages() {
if [[ "$CLEANUP_PREVIEW" == "true" ]]; then if [[ "$CLEANUP_PREVIEW" == "true" ]]; then
print_info "[PREVIEW] Would offer to review and edit /root/.ssh/authorized_keys" print_info "[PREVIEW] Would offer to review and edit /root/.ssh/authorized_keys"
print_info "[PREVIEW] Would backup to $BACKUP_DIR/root_authorized_keys.backup.<timestamp>" print_info "[PREVIEW] Would backup to $BACKUP_DIR/root_authorized_keys.backup.<timestamp>"
else else
if confirm "Review and potentially remove root SSH keys?" "n"; then if confirm "Review and potentially remove root SSH keys?" "n"; then
local backup_file="$BACKUP_DIR/root_authorized_keys.backup.$(date +%Y%m%d_%H%M%S)" local backup_file="$BACKUP_DIR/root_authorized_keys.backup.$(date +%Y%m%d_%H%M%S)"
execute_command cp /root/.ssh/authorized_keys "$backup_file" cp /root/.ssh/authorized_keys "$backup_file"
log "Backed up /root/.ssh/authorized_keys to $backup_file" log "Backed up /root/.ssh/authorized_keys to $backup_file"
print_warning "IMPORTANT: Do NOT delete ALL keys or you'll be locked out!" print_warning "IMPORTANT: Do NOT delete ALL keys or you'll be locked out!"
print_info "Opening /root/.ssh/authorized_keys for manual review..." print_info "Opening /root/.ssh/authorized_keys for manual review..."
print_warning "Delete any keys you don't recognize. Save and exit when done."
read -rp "Press Enter to continue..." read -rp "Press Enter to continue..."
"${EDITOR:-nano}" /root/.ssh/authorized_keys "${EDITOR:-nano}" /root/.ssh/authorized_keys
if [[ ! -s /root/.ssh/authorized_keys ]]; then if [[ ! -s /root/.ssh/authorized_keys ]]; then
print_error "WARNING: authorized_keys is empty! This could lock you out." print_error "WARNING: authorized_keys is empty! This could lock you out."
if confirm "Restore from backup?" "y"; then if [[ -f "$backup_file" ]] && confirm "Restore from backup?" "y"; then
execute_command cp "$backup_file" /root/.ssh/authorized_keys cp "$backup_file" /root/.ssh/authorized_keys
print_info "Restored backup." print_info "Restored backup."
log "Restored /root/.ssh/authorized_keys from backup due to empty file." log "Restored /root/.ssh/authorized_keys from backup due to empty file."
fi fi
@@ -717,7 +806,7 @@ cleanup_provider_packages() {
echo " Risks if removed:" echo " Risks if removed:"
echo " - Provider dashboard metrics will disappear" echo " - Provider dashboard metrics will disappear"
echo " - May affect support troubleshooting" echo " - May affect support troubleshooting"
echo -e " ${YELLOW}Remove only if you don't need provider monitoring${NC}" echo -e " ${YELLOW}Remove only if you don't need provider monitoring${NC}"
;; ;;
*) *)
echo -e "${CYAN} $pkg${NC}" echo -e "${CYAN} $pkg${NC}"