secure_coding/install_debian.sh at master · SourceCode-AI/secure_coding · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
#!/bin/bash


if [ "$EUID" -ne 0 ]
  then echo "Please run as root"
  exit
fi


cd /
apt-get update
apt-get install -y gpg

wget -O - https://apt.releases.hashicorp.com/gpg | sudo gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list

apt-get update
apt-get install -y  nano gcc wget jq screen python3-venv python3-pip python3-build strip-nondeterminism tree postgresql postgresql-client vault git xxd binutils-multiarch openssl nginx
apt-get install -y diffoscope-minimal --no-install-suggests --no-install-recommends

git clone https://github.com/SourceCode-AI/secure_coding.git /secure_coding

echo "listen_addresses='*'">>/etc/postgresql/17/main/postgresql.conf

echo "host    all             all              0.0.0.0/0                       scram-sha-256">>/etc/postgresql/17/main/pg_hba.conf
echo "host    all             all              ::/0                            scram-sha-256">>/etc/postgresql/17/main/pg_hba.conf

#PG_PASSWD=$(openssl rand -hex 16)
sudo -u postgres createdb secure_db
sudo -u postgres psql -c "create role vault with login superuser password 'not_so_secure_default_password'";
sudo -u postgres psql --db secure_db -c "create table users (name VARCHAR(255));";
sudo -u postgres psql --db secure_db -c "insert into users values ('john doe');";
systemctl restart postgresql

echo "export VAULT_SKIP_VERIFY=true">>/etc/bash.bashrc
echo "export VAULT_DEV_LISTEN_ADDRESS=0.0.0.0:8200">>/etc/bash.bashrc
echo "export VAULT_ADDR=http://127.0.0.1:8200">>/etc/bash.bashrc
touch /tmp/automation_finished
echo "Installation completed successfully! Rebooting..."
reboot