From 462ff5116a43d560576ab61859b1e4c0bc81b019 Mon Sep 17 00:00:00 2001 From: Logan Rundle <154925928+LoganRundle-1@users.noreply.github.com> Date: Fri, 23 Jan 2026 10:44:55 -0500 Subject: [PATCH] added scripts and workflows to allow the hil to be effective --- .github/workflows/README.md | 1 + .github/workflows/active-session.yml | 38 ++++++++ .github/workflows/create-user.yml | 39 ++++++++ .github/workflows/update-HIL.yml | 41 +++++++++ Remote-Access/README.md | 131 +++++++++++++++++++++++++++ Show active users/README.md | 77 ++++++++++++++++ Show active users/active-sessions.sh | 75 +++++++++++++++ new user creator/README.md | 101 +++++++++++++++++++++ new user creator/bashrc.sh | 9 ++ new user creator/create_user.sh | 51 +++++++++++ update hil/README.md | 53 +++++++++++ update hil/update.sh | 14 +++ 12 files changed, 630 insertions(+) create mode 100644 .github/workflows/README.md create mode 100644 .github/workflows/active-session.yml create mode 100644 .github/workflows/create-user.yml create mode 100644 .github/workflows/update-HIL.yml create mode 100644 Remote-Access/README.md create mode 100644 Show active users/README.md create mode 100755 Show active users/active-sessions.sh create mode 100644 new user creator/README.md create mode 100644 new user creator/bashrc.sh create mode 100644 new user creator/create_user.sh create mode 100644 update hil/README.md create mode 100644 update hil/update.sh diff --git a/.github/workflows/README.md b/.github/workflows/README.md new file mode 100644 index 0000000..5a08938 --- /dev/null +++ b/.github/workflows/README.md @@ -0,0 +1 @@ +To set up and use the HIL workflows, you must create a GitHub Actions runner on the server. You’ll need higher-level permissions to create the runner, and you should double-check that the runner name matches what’s specified in the workflows. \ No newline at end of file diff --git a/.github/workflows/active-session.yml b/.github/workflows/active-session.yml new file mode 100644 index 0000000..b844865 --- /dev/null +++ b/.github/workflows/active-session.yml @@ -0,0 +1,38 @@ +# .github/workflows/update-active-user.yml +name: Active User Script +#when the active_user.sh is updated in the repo it will update the copy on the server +on: + push: + branches: + - main + paths: + - "Show active users/active-sessions.sh" + + #allows manual triggering of the workflow + workflow_dispatch: + +#replaces the old active_user.sh with the new one in the repo +jobs: + update_script: + runs-on: [self-hosted, linux] + + steps: + - name: Checkout Repository + uses: actions/checkout@v3 + + - name: Deploy active_user.sh + run: | + NEW_SCRIPT_PATH="${{ github.workspace }}/Show active users/active-sessions.sh" + PROFILE_SCRIPT_PATH="/etc/profile.d/active-sessions.sh" + + if [ -f "$NEW_SCRIPT_PATH" ]; then + sudo /usr/bin/cp "$NEW_SCRIPT_PATH" "$PROFILE_SCRIPT_PATH" + sudo /usr/bin/chmod +x "$PROFILE_SCRIPT_PATH" + echo "active-sessions.sh updated successfully in $PROFILE_SCRIPT_PATH" + else + echo "Error: active_user.sh not found in repo folder!" + exit 1 + fi + + - name: Log update + run: echo "active-sessions.sh now runs active_user.sh at login." diff --git a/.github/workflows/create-user.yml b/.github/workflows/create-user.yml new file mode 100644 index 0000000..e3f4682 --- /dev/null +++ b/.github/workflows/create-user.yml @@ -0,0 +1,39 @@ + +name: create user script + +#when the create_user.sh is updated in the repo it will update the copy on the server +on: + push: + branches: + - main + paths: + - "new user creator/create_user.sh" + + #allows manual triggering of the workflow + workflow_dispatch: + +#replaces the old create_user.sh with the new one in the repo +jobs: + update_script: + runs-on: [self-hosted, linux] + + steps: + - name: Checkout Repository + uses: actions/checkout@v3 + + - name: Replace local create_user.sh + run: | + NEW_SCRIPT_PATH="${{ github.workspace }}/new user creator/create_user.sh" + LOCAL_SCRIPT_PATH="/usr/local/bin/create_user.sh" + + if [ -f "$NEW_SCRIPT_PATH" ]; then + sudo /usr/bin/cp "$NEW_SCRIPT_PATH" "$LOCAL_SCRIPT_PATH" + sudo /usr/bin/chmod +x "$LOCAL_SCRIPT_PATH" + echo "create_user.sh updated successfully in $LOCAL_SCRIPT_PATH" + else + echo "Error: create_user.sh not found in repo folder!" + exit 1 + fi + + - name: Log update + run: echo "create_user.sh has been replaced with the latest version from the repo." diff --git a/.github/workflows/update-HIL.yml b/.github/workflows/update-HIL.yml new file mode 100644 index 0000000..e807d5d --- /dev/null +++ b/.github/workflows/update-HIL.yml @@ -0,0 +1,41 @@ + +name: Update Local Script + +#when the update.sh is updated in the repo it will update the copy on the server +on: + push: + branches: + - main + paths: + - "update hil/update.sh" + + #allows manual triggering of the workflow + workflow_dispatch: + +#replaces the old update.sh with the new one in the repo +jobs: + update_script: + runs-on: [self-hosted, linux] + + steps: + - name: Checkout Repository + uses: actions/checkout@v3 + + - name: Replace local update.sh + run: | + NEW_SCRIPT_PATH="${{ github.workspace }}/update hil/update.sh" + + LOCAL_SCRIPT_PATH="$HOME/update.sh" + + if [ -f "$NEW_SCRIPT_PATH" ]; then + cp "$NEW_SCRIPT_PATH" "$LOCAL_SCRIPT_PATH" + chmod +x "$LOCAL_SCRIPT_PATH" + echo "update.sh updated successfully in $HOME" + else + echo "Error: update.sh not found in repo folder 'update hil'!" + exit 1 + fi + + + - name: Log update + run: echo "update.sh has been replaced with the latest version from the repo." diff --git a/Remote-Access/README.md b/Remote-Access/README.md new file mode 100644 index 0000000..c1a91df --- /dev/null +++ b/Remote-Access/README.md @@ -0,0 +1,131 @@ + +--- + +# Remote Access Setup Using DuckDNS and Clemson VPN + +This guide explains how to set up remote SSH access to your local server using a Dynamic DNS (DDNS) service such as DuckDNS. It also includes instructions to automatically update your public IP address so you can reliably connect even if it changes. + +--- + +## Overview + +1. **DuckDNS** (or another DDNS provider) assigns your home server a persistent domain name (for example, `example.duckdns.org`). +2. **Cron** and **curl** automatically keep your DuckDNS record updated with your current public IP address. +3. **Clemson VPN** allows secure remote access when off-campus. +4. **SSH** provides a secure connection to the server + +--- + +## Step 1: Set Up a DuckDNS Domain + +1. Go to [https://www.duckdns.org](https://www.duckdns.org) +2. Log in using a supported account (GitHub, Google, etc.). +3. Create a new subdomain, for example: + + ``` + example.duckdns.org + ``` +4. Copy your **token** — you will need it for the update script. + +--- + +## Step 2: Install Dependencies + +Make sure both `curl` and `cron` are installed on your server: + +```bash +sudo apt update +sudo apt install curl cron -y +``` + +--- + +## Step 3: Set Up DuckDNS Update Script + +1. Create a new directory for DuckDNS: + + ```bash + mkdir -p ~/duckdns + cd ~/duckdns + ``` + +2. Create the update script: + + ```bash + nano duck.sh + ``` + +3. Paste the following code (replace with your DuckDNS domain and token): + + ```bash + echo "url=https://www.duckdns.org/update?domains=example&token=YOUR_TOKEN&ip=" | curl -k -o ~/duckdns/duck.log -K - + ``` + +4. Save and make it executable: + + ```bash + chmod 700 ~/duckdns/duck.sh + ``` + +--- + +## Step 4: Schedule Automatic Updates with Cron + +Edit your crontab to run the update automatically: + +```bash +crontab -e +``` + +Add these lines at the bottom: + +``` +*/5 * * * * ~/duckdns/duck.sh >/dev/null 2>&1 +@reboot ~/duckdns/duck.sh >/dev/null 2>&1 +``` + +This will: + +* Run the DuckDNS update every 5 minutes. +* Run it once at boot to immediately refresh your IP. + +To verify it’s running: + +```bash +cat ~/duckdns/duck.log +``` + +--- + +## Step 5: Connect via SSH + +Once set up, you can SSH into your server using your DuckDNS address: + +```bash +ssh user@example.duckdns.org +``` + +Replace `user` with your server’s username. + +--- + +## Step 6: Remote Access via Clemson VPN + +When off-campus, use Clemson’s Cisco VPN (the same one used for iRoar and other Clemson services): + +1. Connect to the Clemson VPN using Cisco AnyConnect. +2. After connecting, SSH into your server the same way as before: + + ```bash + ssh user@example.duckdns.org + ``` + +--- + +## Optional: Use DuckDNS Docker Container Instead of the Script + +DuckDNS also provides an official Docker container that handles automatic IP updates. +You can find the docker image here: +[DuckDNS Docker Image](https://hub.docker.com/r/linuxserver/duckdns) + +--- diff --git a/Show active users/README.md b/Show active users/README.md new file mode 100644 index 0000000..674acd8 --- /dev/null +++ b/Show active users/README.md @@ -0,0 +1,77 @@ + +--- + +## Active Sessions Script Setup + +This script displays a custom welcome message when users log in, showing: + +* Who is connected +* When they connected +* How long they’ve been connected +* Whether they are idle + +It replaces the default **message of the day (MOTD)** with custom information. + +--- + +### 1. Copy the Script + +Copy the script from GitHub into: + +```bash +sudo nano /etc/profile.d/active-sessions.sh +``` + +Paste the script, then save and exit. + +--- + +### 2. Make It Executable + +```bash +sudo chmod +x /etc/profile.d/active-sessions.sh +``` + +--- + +### 3. Disable the Default MOTD + +To hide the default login message: + +```bash +sudo chmod -x /etc/update-motd.d/* +``` + +To re-enable it later if needed: + +```bash +sudo chmod +x /etc/update-motd.d/* +``` + +--- + +### 4. Set the Time Zone + +Set your system to the Eastern Time zone: + +```bash +sudo timedatectl set-timezone America/New_York +``` + +--- + +### 5. Edit or Remove the Script + +To edit: + +```bash +sudo nano /etc/profile.d/active-sessions.sh +``` + +To delete: + +```bash +sudo rm /etc/profile.d/active-sessions.sh +``` + +--- diff --git a/Show active users/active-sessions.sh b/Show active users/active-sessions.sh new file mode 100755 index 0000000..7a862bc --- /dev/null +++ b/Show active users/active-sessions.sh @@ -0,0 +1,75 @@ +#!/bin/bash + +if [ -z "$SSH_CONNECTION" ] || [ -z "$PS1" ]; then + return +fi +#prints out the modt +cat << "EOF" +__ __ _ _ +\ \ / / ___ | | ___ ___ _ __ ___ ___ | |_ ___ ! + \ \ /\ / / / _ \ | | / __| / _ \ | '_ ` _ \ / _ \ | __| / _ \ ! + \ V V / | __/ | | | (__ | (_) | | | | | | | | __/ | |_ | (_) | ^ + \_/\_/ \___| |_| \___| \___/ |_| |_| |_| \___| \__| \___/ / \ + /___\ + _ _ ___ _ |= =| + | | | | |_ _| | | | | + | |_| | | | | | | | + | _ | | | | |___ | | + |_| |_| |___| |_____| | | + /|##!##|\ + / |##!##| \ + / |##!##| \ + | / ^ ^ \ | + | / \ | + |/ \| + +EOF + +#prints out the current users conencted, there conntection time, and the duration of the connection, +#and if the user is active or not +echo "" +echo "======= Active SSH Sessions =======" +printf "%-10s %-20s %-15s %-10s\n" "USER" "LOGIN TIME" "DURATION" "STATUS" + +w -h | awk ' +{ + user = $1 + login_time_str = $4 # LOGIN@ column + split(login_time_str, t, ":") + login_hour = t[1] + login_min = t[2] + + # Get current time + cmd = "date +\"%H %M\"" + cmd | getline now + close(cmd) + split(now, n, " ") + now_hour = n[1] + now_min = n[2] + + # Compute duration in minutes + duration_min = (now_hour*60 + now_min) - (login_hour*60 + login_min) + if (duration_min < 0) { + duration_min += 24*60 # handle midnight wrap + } + + hours = int(duration_min / 60) + mins = duration_min % 60 + duration_fmt = sprintf("%02dh:%02dm", hours, mins) + + # Determine status using IDLE column ($5) + idle = $5 + if (idle ~ /[0-9]+\.[0-9]+s/) { idle_min = 0 } + else if (idle ~ /[0-9]+:[0-9]+/) { + split(idle, im, ":") + idle_min = im[1] + im[2]/60 + } else if (idle ~ /^[0-9]+$/) { idle_min = idle } + else { idle_min = 0 } + + status = (idle_min > 5) ? "Inactive" : "Active" + + printf "%-10s %-20s %-15s %-10s\n", user, login_time_str, duration_fmt, status +} +' +echo "===================================" +echo "" \ No newline at end of file diff --git a/new user creator/README.md b/new user creator/README.md new file mode 100644 index 0000000..4d156d9 --- /dev/null +++ b/new user creator/README.md @@ -0,0 +1,101 @@ + +--- + +## Login User Setup + +This is how to setup a special user named **`login`** that automatically runs a user-creation script whenever it is accessed. + +--- + +### 1. Create the `login` User + +```bash +sudo adduser login +``` + +--- + +### 2. Edit the `.bashrc` File + +Open the file: + +```bash +sudo nano /home/login/.bashrc +``` + +At the **bottom** of the file, paste the code that is in the **bashrc.sh** script as shown below. + +```bash +echo "Type 'create' to create a new user account, or 'exit' to log out." +read input +if [ "$input" == "create" ]; then + /usr/local/bin/create_user.sh + exit +else + echo "Goodbye!" + exit +fi +``` + +Save and exit. + +--- + +### 3. Install the `create_user.sh` Script + +Place your script in: + +```bash +sudo nano /usr/local/bin/create_user.sh +``` + +Make it executable: + +```bash +sudo chmod +x /usr/local/bin/create_user.sh +``` + +--- + +### 4. Grant Permissions + +Allow the `login` user to run the script and user management commands without a password: + +```bash +sudo visudo +``` + +Add the following line at the bottom: + +```bash +login ALL=(root) NOPASSWD: /usr/local/bin/create_user.sh, /usr/sbin/adduser, /usr/sbin/chpasswd +``` + +Save and exit. + +--- + +### 5. How to Delete a User if Needed + +To remove a user and their home directory: + +```bash +sudo deluser --remove-home username +``` + +--- + +### 6. Access the `login` User + +Switch to the `login` account: + +```bash +sudo -i +cd /home/login +``` + +Whenever the `login` user is accessed, the `create_user.sh` script will run automatically. + +--- + + diff --git a/new user creator/bashrc.sh b/new user creator/bashrc.sh new file mode 100644 index 0000000..5f78702 --- /dev/null +++ b/new user creator/bashrc.sh @@ -0,0 +1,9 @@ +echo "Type 'create' to create a new user account, or 'exit' to log out." +read input +if [ "$input" == "create" ]; then + /usr/local/bin/create_user.sh + exit +else + echo "Goodbye!" + exit +fi \ No newline at end of file diff --git a/new user creator/create_user.sh b/new user creator/create_user.sh new file mode 100644 index 0000000..821eee1 --- /dev/null +++ b/new user creator/create_user.sh @@ -0,0 +1,51 @@ +#!/bin/bash + +echo "Creating a new user account..." + +# Loop until a valid username is entered +while true; do + read -rp "Please Enter a new username: " newuser + + # Check username (allowing lowercase, uppercase, numbers, underscores, and dashes) + if [[ ! "$newuser" =~ ^[A-Za-z_][A-Za-z0-9_-]*$ ]]; then + echo "Invalid username. Use only letters, numbers, underscores, or dashes." + continue + fi + + # Check if user already exists + if id "$newuser" &>/dev/null; then + echo "User '$newuser' already exists!" + continue + fi + + # If both checks pass, break out of loop + break +done + +# Loop until passwords match +while true; do + read -rsp "Enter a password for $newuser: " password + echo + read -rsp "Confirm password: " password2 + echo + + if [[ "$password" == "$password2" ]]; then + break + else + echo "Passwords do not match. Please try again." + fi +done + +# Create user with no initial password +sudo adduser --disabled-password --gecos "" "$newuser" &>/dev/null + +# Set the entered password +echo "$newuser:$password" | sudo chpasswd + +# Completion messages +echo "User '$newuser' has been created." +echo "Password has been set by the user." +echo "Home directory: /home/$newuser" +echo "You can now SSH using: ssh $newuser@clemsoncure.duckdns.org" + +exit diff --git a/update hil/README.md b/update hil/README.md new file mode 100644 index 0000000..ac159fa --- /dev/null +++ b/update hil/README.md @@ -0,0 +1,53 @@ + +--- + +## System Update Script + +You can place this script anywhere on the server, but it’s recommended to keep it in your home directory for easy access. + +The script may take some time to run. It’s designed to show minimal output and will only print messages when each step is complete. + +### Make the script executable + +```bash +sudo chmod +x ~/update.sh +``` + +### Run the script + +```bash +sudo ./update.sh +``` + +Wait for the script to finish. It will: + +* Update all packages +* Apply updates +* Remove old or unnecessary packages + +--- + +## Schedule Automatic Updates with Cron + +To make the script run automatically, edit your crontab: + +```bash +crontab -e +``` + +Add one of the following lines depending on how often you want it to run: + +* **Daily at midnight** + + ``` + 0 0 * * * ~/update.sh >/dev/null 2>&1 + ``` +* **Weekly (every Sunday at midnight)** + + ``` + 0 0 * * 0 ~/update.sh >/dev/null 2>&1 + ``` + +Save and exit the editor. Cron will now automatically run the update script on the chosen schedule. + +--- diff --git a/update hil/update.sh b/update hil/update.sh new file mode 100644 index 0000000..0a00461 --- /dev/null +++ b/update hil/update.sh @@ -0,0 +1,14 @@ +#!/bin/bash + +echo "Updating package lists..." +sudo -S apt update -y > /dev/null 2>&1 && echo "Package lists updated." + +echo "Upgrading system packages..." +sudo -S apt upgrade -y > /dev/null 2>&1 && echo "System packages upgraded." + +echo "Performing full upgrade..." +sudo -S apt full-upgrade -y > /dev/null 2>&1 && echo "Full upgrade done." + +echo "Removing unnecessary packages..." +sudo -S apt autoremove -y > /dev/null 2>&1 && echo "Unnecessary packages removed." +