serverforge 0.1.3

ServerForge - A robust server setup and maintenance tool
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190

//! # Setup Module
//!
//! This module provides functionality for performing initial setup tasks on a Linux server.
//! It includes functions for updating the system, installing essential packages,
//! setting up a firewall, and configuring SSH for improved security.
//!
//! The module is designed to work across different Linux distributions by using
//! distribution-specific commands where necessary.
use crate::config::Config;
use crate::rollback::RollbackManager;
use crate::utils::run_command;
use log::info;
use std::error::Error;
use std::fs;

/// Performs the initial setup of the server based on the provided configuration.
///
/// This function orchestrates the entire initial setup process, including:
/// - Updating the system
/// - Installing essential packages
/// - Setting up the firewall
/// - Configuring SSH
///
/// It creates a snapshot before starting the setup process for potential rollback.
///
/// # Arguments
///
/// * `config` - A reference to the `Config` struct containing setup configuration
/// * `rollback` - A reference to the `RollbackManager` for creating snapshots
///
/// # Returns
///
/// Returns `Ok(())` if the initial setup is completed successfully, or an error if setup fails.
pub fn initial_setup(config: &Config, rollback: &RollbackManager) -> Result<(), Box<dyn Error>> {
    info!("Performing initial setup...");

    let snapshot = rollback.create_snapshot()?;

    update_system(config)?;
    install_essential_packages(config)?;
    setup_firewall(config)?;
    setup_ssh()?;

    rollback.commit_snapshot(snapshot)?;

    info!("Initial setup completed");
    Ok(())
}

/// Updates the system using the appropriate package manager for the Linux distribution.
///
/// This function runs system update commands specific to Ubuntu, CentOS, or Fedora.
///
/// # Arguments
///
/// * `config` - A reference to the `Config` struct containing the Linux distribution information
///
/// # Returns
///
/// Returns `Ok(())` if the system is updated successfully, or an error if the update fails.
pub fn update_system(config: &Config) -> Result<(), Box<dyn Error>> {
    match config.linux_distro.as_str() {
        "ubuntu" => {
            run_command("apt", &["update"])?;
            run_command("apt", &["upgrade", "-y"])?;
        }
        "centos" => {
            run_command("yum", &["update", "-y"])?;
        }
        "fedora" => {
            run_command("dnf", &["upgrade", "-y"])?;
        }
        _ => return Err("Unsupported Linux distribution".into()),
    }
    Ok(())
}

/// Installs essential packages on the system.
///
/// This function installs a predefined list of essential packages using
/// the appropriate package manager for the Linux distribution.
///
/// # Arguments
///
/// * `config` - A reference to the `Config` struct containing the Linux distribution information
///
/// # Returns
///
/// Returns `Ok(())` if all packages are installed successfully, or an error if installation fails.
pub fn install_essential_packages(config: &Config) -> Result<(), Box<dyn Error>> {
    let essential_packages = [
        "curl",
        "wget",
        "vim",
        "ufw",
        "fail2ban",
        "apt-listchanges",
        "needrestart",
        "debsums",
        "apt-show-versions",
    ];

    match config.linux_distro.as_str() {
        "ubuntu" => {
            for package in &essential_packages {
                run_command("apt", &["install", "-y", package])?;
            }
        }
        "centos" => {
            for package in &essential_packages {
                run_command("yum", &["install", "-y", package])?;
            }
        }
        "fedora" => {
            for package in &essential_packages {
                run_command("dnf", &["install", "-y", package])?;
            }
        }
        _ => return Err("Unsupported Linux distribution".into()),
    }
    Ok(())
}

/// Sets up the firewall with basic rules and any custom rules specified in the configuration.
///
/// This function configures either UFW (for Ubuntu) or firewalld (for CentOS/Fedora)
/// with default deny incoming, allow outgoing policy, and opens ports for SSH and any custom rules.
///
/// # Arguments
///
/// * `config` - A reference to the `Config` struct containing firewall configuration and Linux distribution information
///
/// # Returns
///
/// Returns `Ok(())` if the firewall is set up successfully, or an error if setup fails.
pub fn setup_firewall(config: &Config) -> Result<(), Box<dyn Error>> {
    match config.linux_distro.as_str() {
        "ubuntu" => {
            run_command("ufw", &["default", "deny", "incoming"])?;
            run_command("ufw", &["default", "allow", "outgoing"])?;
            run_command("ufw", &["allow", "OpenSSH"])?;
            for rule in &config.custom_firewall_rules {
                run_command("ufw", &["allow", rule])?;
            }
            run_command("ufw", &["enable"])?;
        }
        "centos" | "fedora" => {
            run_command("systemctl", &["start", "firewalld"])?;
            run_command("systemctl", &["enable", "firewalld"])?;
            run_command(
                "firewall-cmd",
                &["--zone=public", "--add-service=ssh", "--permanent"],
            )?;
            for rule in &config.custom_firewall_rules {
                run_command(
                    "firewall-cmd",
                    &["--zone=public", "--add-port=", rule, "--permanent"],
                )?;
            }
            run_command("firewall-cmd", &["--reload"])?;
        }
        _ => return Err("Unsupported Linux distribution".into()),
    }
    Ok(())
}

/// Configures SSH for improved security.
///
/// This function modifies the SSH configuration to:
/// - Disable root login
/// - Disable password authentication (requiring key-based authentication)
/// - Change the default SSH port (TODO: implement this securely)
///
/// After making changes, it restarts the SSH service to apply the new configuration.
///
/// # Returns
///
/// Returns `Ok(())` if SSH is configured successfully, or an error if configuration fails.
pub fn setup_ssh() -> Result<(), Box<dyn Error>> {
    let ssh_config = "/etc/ssh/sshd_config";
    let mut ssh_content = fs::read_to_string(ssh_config)?;
    ssh_content = ssh_content
        .replace("PermitRootLogin yes", "PermitRootLogin no")
        .replace("#PasswordAuthentication yes", "PasswordAuthentication no")
        .replace("#Port 22", "Port 2222"); //TODO: Change SSH port for better security
    fs::write(ssh_config, ssh_content)?;

    run_command("systemctl", &["restart", "sshd"])?;
    Ok(())
}