From fe26bc91ff84f86cca6aa8e1c0940ff45c8181b8 Mon Sep 17 00:00:00 2001
From: Mike Crute <mike@crute.us>
Date: Sun, 28 Jan 2018 04:52:01 +0000
Subject: [PATCH] Scramble root and alpine passwords

---
 tiny-ec2-bootstrap | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/tiny-ec2-bootstrap b/tiny-ec2-bootstrap
index 510f4f7..b0e3ca0 100644
--- a/tiny-ec2-bootstrap
+++ b/tiny-ec2-bootstrap
@@ -52,12 +52,18 @@ _run_userdata() {
     fi
 }
 
+_scramble_password() {
+    echo "$1:$(head -c 100 /dev/urandom | sha512sum | cut -d' ' -f1)" | chpasswd
+}
+
 start() {
     # Don't bootstrap if the host has already been bootstrapped
     [ -f "/var/lib/cloud/.bootstrap-complete" ] && return 0
 
     [ -d "/var/lib/cloud" ] || mkdir -p /var/lib/cloud
 
+    ebegin "Scrambling root password"; _scramble_password root; eend $?
+    ebegin "Scrambling alpine password"; _scramble_password alpine; eend $?
     ebegin "Setting ec2 hostname"; _update_hostname; eend $?
     ebegin "Setting ec2 user ssh keys"; _set_ssh_keys "alpine"; eend $?
     ebegin "Running ec2 user data script"; _run_userdata; eend $?