summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorB Stack <bgstack15@gmail.com>2016-10-20 16:15:23 -0400
committerB Stack <bgstack15@gmail.com>2016-10-20 16:15:23 -0400
commitd60ed67fa4eeeba312646358316e49c0a6cbc6f6 (patch)
tree7cec285c82c1e15cc021086899165afb7bed2385
downloaddeployscripts-d60ed67fa4eeeba312646358316e49c0a6cbc6f6.tar.gz
deployscripts-d60ed67fa4eeeba312646358316e49c0a6cbc6f6.tar.bz2
deployscripts-d60ed67fa4eeeba312646358316e49c0a6cbc6f6.zip
initial commit
-rw-r--r--.gitignore4
-rwxr-xr-x.makecert.exp22
-rwxr-xr-xinc/localize_git.sh2
-rwxr-xr-xinc/scrub.py122
-rw-r--r--inc/scrub.txt19
-rwxr-xr-xpack_ds.sh13
-rw-r--r--packaging.txt30
-rwxr-xr-xs1_setname.sh115
-rwxr-xr-xs2_networking.sh78
-rwxr-xr-xs3_mountscripts.sh35
-rwxr-xr-xs4_vm.sh100
-rwxr-xr-xs5_auth.sh57
-rwxr-xr-xs6_bgstack15.sh33
-rw-r--r--updateval.sh63
14 files changed, 693 insertions, 0 deletions
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..762a52c
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,4 @@
+old
+freebsd
+deployscripts.tgz
+deployscripts.master.tgz
diff --git a/.makecert.exp b/.makecert.exp
new file mode 100755
index 0000000..36bdee1
--- /dev/null
+++ b/.makecert.exp
@@ -0,0 +1,22 @@
+#!/usr/bin/expect
+set keyfile [lindex $argv 1]
+set certfile [lindex $argv 2]
+set timeout 2
+spawn openssl req -x509 -nodes -days 1095 -newkey rsa:2048 -keyout "${keyfile}" -out "${certfile}"
+expect "Country Name (2 letter code) \[XX\]:"
+set timeout 1
+send "US\r"
+expect "State or Province Name (full name) \[\]:"
+send "Some State\r"
+expect "Locality Name (eg, city) \[Default City\]:"
+send "Default City\r"
+expect "Organization Name (eg, company) \[Default Company Ltd\]:"
+send "Default Company Ltd\r"
+expect "Organizational Unit Name (eg, section) \[\]:" &&
+send "Information Technologies\r"
+expect "Common Name (eg, your name or your server's hostname) \[\]:"
+send [lindex $argv 0]
+send "\r"
+expect "Email Address \[\]:"
+send "linuxadmin@example.com\r"
+interact
diff --git a/inc/localize_git.sh b/inc/localize_git.sh
new file mode 100755
index 0000000..bce9b2d
--- /dev/null
+++ b/inc/localize_git.sh
@@ -0,0 +1,2 @@
+#!/bin/sh
+\cp -pRf /home/work/template.clean/.git /mnt/scripts/template
diff --git a/inc/scrub.py b/inc/scrub.py
new file mode 100755
index 0000000..10cfe14
--- /dev/null
+++ b/inc/scrub.py
@@ -0,0 +1,122 @@
+#!/bin/env python3
+# Filename: scrub.py
+# Location: Various
+# Author: bgstack15@gmail.com
+# Startdate: 2016-09-28
+# Title: Script that Simultaneously Copies and Scrubs a Directory
+# Purpose: Prepare projects for publication by removing private information like usernames and hostnames
+# Package: Various
+# History:
+# 2016-10-03 working on batch rename files
+# 2016-10-20 added not ".tgz" in source.name
+# Usage:
+# Store this file with any package that gets published. Adjust scrub.txt in local directory.
+# # First line: source directory Second line: target directory. WILL BE OVERWRITTEN!
+# /etc/ansible
+# /home/bjones/ansible.clean
+# # Rest of the lines are "OLD WORD" "NEW WORD"
+# bjones bgstack15
+# rsmith rmstack15
+# Reference:
+# http://stackoverflow.com/questions/79968/split-a-string-by-spaces-preserving-quoted-substrings-in-python/524796#524796
+# http://stackoverflow.com/questions/6706953/python-using-subprocess-to-call-sed#6707003
+# http://stackoverflow.com/questions/6584871/remove-last-character-if-its-a-backslash/6584893#6584893
+# http://stackoverflow.com/questions/2212643/python-recursive-folder-read/2212728#2212728
+# parallel lists: http://stackoverflow.com/questions/1663807/how-can-i-iterate-through-two-lists-in-parallel-in-python
+# file renames http://stackoverflow.com/questions/225735/batch-renaming-of-files-in-a-directory/7917798#7917798
+# Improve:
+# Add option to specify scrub file
+# Add exclude option to scrub file, such as .git and so on
+# Accept CLI options like source, destination, even exclusions?
+# Add flag for performing file renames as well, or file renames only
+import re, shlex, os, sys, shutil
+from pathlib import Path
+
+# scrubpy version
+scrubpyversion = "2016-10-20a"
+
+# Define functions
+
+def removeComments(string):
+ #string = re.sub(re.compile("/\*.*?\*/",re.DOTALL ) ,"", string)
+ #string = re.sub(re.compile("//.*?\n" ) ,"" ,string)
+ pattern = r"(\".*?\"|\'.*?\')|(/\*.*?\*/|(//|#)[^\r\n]*$)"
+ regex = re.compile(pattern, re.MULTILINE|re.DOTALL)
+ def _replacer(match):
+ if match.group(2) is not None:
+ return ""
+ else:
+ return match.group(1)
+ return regex.sub(_replacer, string)
+
+# Main code
+stringfile = open('scrub.txt','r')
+count=0
+thisdir=""
+newdir=""
+oldstrings=[]
+newstrings=[]
+
+while True:
+ x = stringfile.readline().rstrip()
+ count += 1
+ if not x: break
+ x = removeComments(x)
+ #print("x=" + x)
+ y = shlex.split (x)
+ if len(y) >= 1:
+ if thisdir == "":
+ thisdir = y[0]
+ elif newdir == "":
+ newdir = y[0]
+ if len(y) >= 2:
+ #print("y[0]=" + y[0] + "\t and y[1]=" + y[1])
+ oldstrings.append(y[0])
+ newstrings.append(y[1])
+
+# After the file is done
+stringfile.close()
+#newdir = thisdir.rstrip('\/') + ".scrubbed/"
+
+if False:
+ print("\nthisdir=" + thisdir)
+ print("newdir=" + newdir + '\n')
+ print("oldstrings are:")
+ print(oldstrings)
+ print("newstrings are:")
+ print(newstrings)
+
+# Clean scrubbed directory
+try:
+ shutil.rmtree(newdir)
+except:
+ foo=1
+
+shutil.copytree(thisdir,newdir,symlinks=True)
+
+# Execute substitutions
+for rootfolder, subdirs, files in os.walk(thisdir):
+ for filename in files:
+ sourcepath = os.path.join(rootfolder, filename)
+ with open( sourcepath, "r" ) as source:
+ if not ".swp" in source.name and not ".git" in source.name and not ".tgz" in source.name:
+ destdir = rootfolder.replace(thisdir.rstrip('\/'),newdir.rstrip('\/'))
+ destfile = os.path.join(destdir, filename)
+ #print("sourcefile=" + source.name)
+ #print("destfile=" + destfile + '\n')
+ with open( destfile, "w") as target:
+ data = source.read()
+ for oldword, newword in zip(oldstrings, newstrings):
+ data = data.replace(oldword,newword)
+ changed = data
+ target.write(changed)
+
+# Execute file renames
+# Used "file renames" reference, as well as the structure of directory traversal used earlier, which was from a different source.
+for rootfolder, subdirs, files in os.walk(newdir):
+ for filename in files:
+ oldpath = os.path.join(rootfolder, filename)
+ for oldword, newword in zip(oldstrings, newstrings):
+ if oldword in oldpath:
+ #print("oldword=" + oldword + "\toldpath=" + oldpath)
+ os.rename(oldpath, oldpath.replace(oldword,newword))
diff --git a/inc/scrub.txt b/inc/scrub.txt
new file mode 100644
index 0000000..611e581
--- /dev/null
+++ b/inc/scrub.txt
@@ -0,0 +1,19 @@
+# First line: source directory Second line: target directory. WILL BE OVERWRITTEN!
+/mnt/scripts/template
+/home/work/template.clean
+# rest of the lines are "OLD WORD" "NEW WORD"
+BGSTACK15 BGSTACK15
+Bgstack15 Bgstack15
+bgstack15 bgstack15
+bgstackness bgstackness
+gstack15 gstack15
+GSTACK15 GSTACK15
+User1 User1
+user1 user1
+"Some State" "Some State"
+"Default City" "Default City"
+"Default Company Ltd" "Default Company Ltd"
+example example
+EXAMPLE EXAMPLE
+".com" ".com"
+"203.0." "203.0."
diff --git a/pack_ds.sh b/pack_ds.sh
new file mode 100755
index 0000000..dad8f7a
--- /dev/null
+++ b/pack_ds.sh
@@ -0,0 +1,13 @@
+#!/bin/sh
+# File: /mnt/scripts/template/pack_ds.sh
+# Package: deployscripts
+# Author: bgstack15
+# Startdate: 2016
+# Title: Script that Packages deployscripts
+# Purpose: Provides an easy way to pack the deployscripts together
+# History: Started probably in early 2016
+# 2016-10-20 given headers
+# Usage: Run ./pack_ds.sh and it will make the new tgz
+# Reference:
+# Improve:
+( cd /mnt/scripts/template && rm -rf deployscripts.tgz && tar -zcf deployscripts.tgz .makecert.exp updateval.sh s*sh; )
diff --git a/packaging.txt b/packaging.txt
new file mode 100644
index 0000000..e7ba0d4
--- /dev/null
+++ b/packaging.txt
@@ -0,0 +1,30 @@
+File: /root/packaging.txt
+Package: deployscripts.tgz
+Author: bgstack15
+Startdate: 2016-10-20
+Title: Packaging information for deployscripts.tgz
+Purpose: To describe how these scripts are stored, packaged, and deployed
+History: 2014 I wrote shell scripts (adapting from a previous person's source scripts) that automate hard-coded information for a server
+Usage:
+Reference: bgscripts README.txt
+ "Building the Centos 7 Template.docx"
+Improve:
+Document: Below this line
+
+### PACKAGING the deployscripts in a tgz
+( cd /mnt/scripts/template && rm -rf deployscripts.tgz && tar -zcf deployscripts.tgz .makecert.exp updateval.sh s*sh; )
+
+### DEPLOYING from nfs hosted tgz
+tar -zxC /root -f /mnt/scripts/template/deployscripts.tgz
+
+### DEPLOYING from scp tgz
+scp -pr norite:/mnt/scripts/template/deployscripts.tgz /root
+
+tar -zxC /root -f /root/deployscripts.tgz
+
+### PACKAGING in a MASTER tgz
+# This includes the git information and auxiliary info
+mtgz=/mnt/scripts/template/deployscripts.master.tgz
+rm "${mtgz}"
+( cd $( dirname ${mtgz} );
+tar -X /mnt/scripts/template/.gitignore --no-recursion -zc -f "${mtgz}" * .makecert.exp )
diff --git a/s1_setname.sh b/s1_setname.sh
new file mode 100755
index 0000000..bbd8608
--- /dev/null
+++ b/s1_setname.sh
@@ -0,0 +1,115 @@
+#!/bin/bash
+# File: /root/s1_setname.sh
+# Package: deployscripts
+# Author: bgstack15
+# Startdate: 2015
+# Title: Template Script 1: Set Name
+# Purpose: Sets hostname regardless of OS
+# History: 2016-08-16 Given original headers
+# Usage: ./s1[tab][enter]
+# observe the /bin/bash shebang. I only run this on a system after bash is installed.
+# Reference:
+# Improve:
+
+eval flavor=$( grep -iE "^\s*ID=" /etc/os-release 2>/dev/null | sed 's/^.*=//;' )
+if test -z "${flavor}"; then test "$( uname -s )" = "FreeBSD" && flavor=freebsd; fi
+case "${flavor}" in
+ centos)
+ motdfile=/etc/motd
+ netfile=/etc/sysconfig/network
+ templatename=centos7alpha
+ ;;
+ ubuntu)
+ motdfile=/etc/issue
+ templatename=ubuntu16alpha
+ ;;
+ freebsd)
+ flavor=freebsd
+ motdfile=/etc/motd
+ netfile=/etc/rc.conf
+ templatename=freebsd10alpha
+ ;;
+ *)
+ echo "$0: Error 1. Cannot determine OS from /etc/os-release. Aborted." 1>&2
+ exit 1
+ ;;
+esac
+
+# OS agnostic
+server=
+role=
+hostnamefile=/etc/hostname
+tmpfile1=~/.$$.$RANDOM.tmp
+
+function clean_setname {
+ rm -f $tmpfile1 2>/dev/null
+ exit
+}
+
+trap 'clean_setname' 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
+
+while [[ -z "$server" ]];
+do
+ printf "server (excluding .example.com): "
+ read server
+done
+
+while [[ -z "$role" ]];
+do
+ printf "role: "
+ read role
+done
+
+if [[ "$server" = "${server%%.*}" ]];
+then
+ serverlong="${server}".example.com
+else
+ # assume we placed .example.com in it already
+ serverlong=${server}
+ server="${serverlong%%.*}"
+fi
+
+# UPDATE FILES
+# MOTD
+sed "s/SERVER/${server}/g;s/ROLE/${role}/g;" <${motdfile} > ${tmpfile1}
+cp -p ${tmpfile1} ${motdfile}
+chmod 444 ${motdfile}
+# HOSTNAME
+printf "${serverlong}\n" > ${hostnamefile}
+chmod 644 ${hostnamefile}
+
+# FLAVOR-SPECIFIC ACTIONS
+case "${flavor}" in
+ centos)
+ # UPDATE hostname and NetworkManager
+ hostnamectl set-hostname "${serverlong}"
+ {
+ echo "NETWORKING=yes"
+ echo "HOSTNAME=$serverlong"
+ } > ${netfile}
+ ;;
+ ubuntu)
+ # Change volume group names if necessary
+ oldvg=$( vgs --rows | grep -E "^\s*VG" | awk '{print $2}' )
+ case "${oldvg}" in
+ *ubuntu16*-vg)
+ vgrename "${oldvg}" "${server}-vg" >/dev/null 2>&1
+ sed -i "s/${oldvg%-vg}--vg/${server}--vg/g;" /etc/fstab
+ sed -i "s/${oldvg%-vg}--vg/${server}--vg/g;" /boot/grub/grub.cfg
+ update-grub >/dev/null 2>&1
+ sed -i "s/${templatename}/${server}/g;" /etc/postfix/main.cf
+ /etc/init.d/postfix reload >/dev/null 2>&1
+ ;;
+ *) [ ];;
+ esac
+ ;;
+ freebsd)
+ # change hostname for freebsd. Need to update rc.conf, smb4.conf, /etc/mail/freebsd.mc
+ hostname "${serverlong}"
+ sed -I -e "s/^hostname=\".*\"/hostname=\"${serverlong}\"/;" /etc/rc.conf /etc/rc.conf.example
+ sed -I -e "s/netbios name = .*$/netbios name = $( hostname -s )/;" /usr/local/etc/smb4.conf /usr/local/etc/smb4.conf.example
+ sed -i -e 's/MASQUERADE_AS.*$/MASQUERADE_AS(\`'"$( hostname )'"')/;' /etc/mail/freebsd.mc
+
+ ;;
+# no wildcard needed because already vetted in flavor check earlier
+esac
diff --git a/s2_networking.sh b/s2_networking.sh
new file mode 100755
index 0000000..7db4c77
--- /dev/null
+++ b/s2_networking.sh
@@ -0,0 +1,78 @@
+#!/bin/bash
+# File: /root/s2_networking.sh
+# Package: deployscripts
+# Author: bgstack15
+# Startdate: 2015
+# Title: Template Script 2: Networking
+# Purpose: Set initial hard-coded network settings
+# History: 2016-07-28 given initial headers
+# Usage: ./s2[tab][enter]
+# Reference:
+# Improve:
+
+eval flavor=$( grep -iE "^\s*ID=" /etc/os-release 2>/dev/null | sed 's/^.*=//;' )
+if test -z "${flavor}"; then test "$( uname -s )" = "FreeBSD" && flavor=freebsd; fi
+
+# interactive:
+#macaddr=$( ip link show | grep ether | awk '{print $2}' )
+macaddr=$( ifconfig | grep -oIE "(ether|HWaddr)\>.*\>" | awk '{print $2}' )
+printf 'IP address: '; read thisip
+echo ${thisip} | grep -qiE "^([0-9]{1,3}\.){3}[0-9]{1,3}" || { echo "Invalid IP. Aborted."; exit 1; }
+defgateway=${thisip%.*}.254
+printf "Gateway [${defgateway}]: "; read thisgateway
+[[ -z ${thisgateway} ]] && thisgateway=${defgateway}
+echo ${thisgateway} | grep -qiE "^([0-9]{1,3}\.){3}[0-9]{1,3}" || { echo "Invalid gateway. Aborted."; exit 1; }
+
+#build other components
+_netmask="255.255.255.0" #class c, or CIDR /24. Good enough for the example default.
+_network="${thisip%.*}.0"
+_broadcast="${thisip%.*}.255"
+
+case "${flavor}" in
+ centos)
+ netfile=/etc/sysconfig/network-scripts/.template
+ tmpfile=/tmp/netfile1
+ outfile=/etc/sysconfig/network-scripts/ifcfg-eth0
+
+ sed "s/HWADDR=.*/HWADDR=\"${macaddr}\"/;" ${netfile} > ${tmpfile}
+ cat <<EOF >> ${tmpfile}
+IPADDR=${thisip}
+NETMASK=255.255.255.0
+GATEWAY=${thisgateway}
+EOF
+
+ chmod --reference ${netfile} ${tmpfile}
+ mv -f ${tmpfile} ${outfile}
+ rm -f /etc/sysconfig/network-scripts/ifcfg-eno*
+ systemctl restart network.service
+ ;;
+ ubuntu)
+ netfile=/etc/network/interfaces.example
+ tmpfile=/tmp/netfile1
+ outfile=/etc/network/interfaces
+
+ sed "s/THISIP/${thisip}/;s/THISNETMASK/${_netmask}/;s/THISNETWORK/${_network}/;s/THISBROADCAST/${_broadcast}/;s/THISGATEWAY/${thisgateway}/;" ${netfile} > ${tmpfile}
+ chmod --reference ${outfile} ${tmpfile} 2>/dev/null
+ mv -f ${tmpfile} ${outfile}
+ ifdown -a
+ ifup -a
+
+ # Firewall rules, since ufw is disabled by default per https://help.ubuntu.com/16.04/serverguide/firewall.html
+ ufw enable
+ ufw allow ssh
+ ;;
+ freebsd)
+ netfile=/etc/rc.conf.example
+ tmpfile=/tmp/netfile1
+ outfile=/etc/rc.conf
+ sed "s/^ifconfig_em0=.*\$/ifconfig_em0=\"inet ${thisip} netmask ${_netmask}\"/;s/^defaultrouter=.*/defaultrouter=\"${thisgateway}\"/;" ${netfile} > ${tmpfile}
+ cp -p ${tmpfile} ${outfile}
+ /etc/rc.d/netif restart
+ ;;
+ *)
+ echo "$0: Error 1. OS cannot be determined from /etc/os-release. Aborted." 1>&2
+ exit 1
+ ;;
+esac
+
+echo "Please reboot (telinit 6)."
diff --git a/s3_mountscripts.sh b/s3_mountscripts.sh
new file mode 100755
index 0000000..a7b6c6b
--- /dev/null
+++ b/s3_mountscripts.sh
@@ -0,0 +1,35 @@
+#!/bin/bash
+# File: /root/s3_mountscripts.sh
+# Package: deployscripts
+# Author: bgstack15
+# Startdate: 2015
+# Title: Template Script 3: Mount Scripts Directory
+# Purpose: Mounts the network mount for this organization
+# History: 2016-05-19 given original headers
+# Usage: ./s3[tab][enter]
+# Reference:
+# Improve:
+
+server=$( hostname )
+ipaddr=$( ifconfig | grep -E "Bcast|broadcast" | awk '{print $2}' | sed 's/[^0-9\.]//g;' )
+sdir=/mnt/scripts
+
+if [[ ! "$1" = "-y" ]];
+then
+ cat <<EOFNOTICE
+ensure on norite.example.com:
+ 1. /etc/exports is allowing this host ("${server}")
+ 2. /etc/sysconfig/iptables allows this ip address ("${ipaddr}")
+ 3. service nfs restart
+ 4. service iptables restart
+rerun this script with "-y"
+
+References:
+https://protect.example.com/wiki/display/itops/norite
+EOFNOTICE
+else
+ # so "-y" was used
+ [[ ! -d ${sdir} ]] && mkdir -p ${sdir} 2>/dev/null
+ #mount -t nfs norite.example.com:/mnt/scripts /mnt/scripts
+ mount /mnt/scripts #it better be in /etc/fstab!
+fi
diff --git a/s4_vm.sh b/s4_vm.sh
new file mode 100755
index 0000000..27b53bf
--- /dev/null
+++ b/s4_vm.sh
@@ -0,0 +1,100 @@
+#!/bin/bash
+# File: /root/s4_vm.sh
+# Package: deployscripts
+# Author: bgstack15
+# Startdate: 2015
+# Title: Template Script 4: General Settings
+# Purpose: Do initial hard-coded configs
+# History: 2016-05-19 given original headers
+# Usage: ./s4[tab][enter]
+# Reference: Original vm.sh script by user1
+# Improve:
+
+eval flavor=$( grep -iE "^\s*ID=" /etc/os-release 2>/dev/null | sed 's/^.*=//;' )
+if test -z "${flavor}"; then test "$( uname -s )" = "FreeBSD" && flavor=freebsd; fi
+
+case "${flavor}" in
+ centos|redhat)
+ templatename=centos7alpha
+ keyfile=/etc/pki/tls/private/localhost.key
+ certfile=/etc/pki/tls/certs/localhost.crt
+ ;;
+ ubuntu|debian)
+ templatename=ubuntu16alpha
+ keyfile=/etc/ssl/private/localhost.key
+ certfile=/etc/ssl/certs/localhost.crt
+ ;;
+ freebsd)
+ templatename=freebsd10alpha
+ keyfile=/etc/ssl/localhost.key
+ keyfile=/etc/ssl/localhost.crt
+ ;;
+ *) echo "Assuming centos directory layout for certificates..."
+ templatename=unspecified0alpha
+ keyfile=/etc/pki/tls/private/localhost.key
+ certfile=/etc/pki/tls/certs/localhost.crt
+ ;;
+esac
+
+rm -rf /root/.viminfo
+history -w
+history -c
+
+cat /dev/null >/root/.bash_history
+
+printf "Regenerating the ssh key...\n"
+rm -rf /root/.ssh/id_rsa*
+ssh-keygen -qt rsa -f /root/.ssh/id_rsa -P ""
+
+printf "Changing password for user \"root\"\n"
+passwd
+
+#ntpd update example-dc1.example.com
+ntpd -gq 1>/dev/null 2>&1
+
+chmod +x /etc/cron.daily/0*logwatch 2>/dev/null || {
+ #probably freebsd
+ /root/updateval.sh /etc/crontab "^#*.*\t.*\t\*\t\*.*root.*\/usr\/local\/sbin\/logwatch\.pl$" "15\t4\t\*\t\*\t\*\troot\t\/usr\/local\/sbin\/logwatch\.pl" --apply
+}
+
+# clears these files without removing pointer, to prevent corruption
+[[ -f /var/log/dmesg ]] && /bin/cat /dev/null >/var/log/dmesg
+[[ -f /var/log/lastlog ]] && /bin/cat /dev/null >/var/log/lastlog
+[[ -f /var/log/messages ]] && /bin/cat /dev/null >/var/log/messages
+[[ -f /var/log/secure ]] && /bin/cat /dev/null >/var/log/secure
+[[ -f /var/log/wtmp ]] && /bin/cat /dev/null >/var/log/wtmp
+[[ -f /var/log/yum.log ]] && /bin/cat /dev/null >/var/log/yum.log
+[[ -f /var/log/grubby ]] && /bin/cat /dev/null >/var/log/grubby
+[[ -f /var/log/maillog ]] && /bin/cat /dev/null >/var/log/maillog
+[[ -f /var/log/mail.log ]] && /bin/cat /dev/null >/var/log/mail.log
+[[ -f /var/log/boot.log ]] && /bin/cat /dev/null >/var/log/boot.log
+[[ -f /var/log/auth.log ]] && /bin/cat /dev/null >/var/log/auth.log
+[[ -f /var/log/syslog ]] && /bin/cat /dev/null >/var/log/syslog
+[[ -f /var/log/dpkg.log ]] && /bin/cat /dev/null >/var/log/dpkg.log
+[[ -f /var/log/kern.log ]] && /bin/cat /dev/null >/var/log/kern.log
+
+# deletes extra files
+/bin/rm -f /var/log/*-???????? /var/log/*.gz /var/log/dmesg.old 2>/dev/null
+/bin/rm -rf /var/log/anaconda 2>/dev/null
+
+# suppress extraneous "dm-0: WRITE SAME failed. Manually zeroing" error
+# Reference: http://www.it3.be/2013/10/16/write-same-failed/
+thispath=$( find /sys | grep max_write_same_blocks | head -n 1 )
+[[ -n "${thispath}" ]] && cat <<EOF > /etc/tmpfiles.d/write_same.conf
+# Type Path Mode UID GID Age Argument
+w ${thispath} - - - - 0
+EOF
+
+#printf "Making new certificate for this host. Press enter to begin...\n"
+#read foo
+#openssl req -x509 -nodes -days 1095 -newkey rsa:2048 -keyout /etc/pki/tls/private/localhost.key -out /etc/pki/tls/certs/localhost.crt
+expect /root/.makecert.exp "$( hostname )" "${keyfile}" "${certfile}"
+
+case "${flavor}" in
+ ubuntu)
+ grep -liIE "${templatename}" /etc/* 2>/dev/null | xargs -n1 sed -i -e "s/ubuntu16alpha/$( hostname -s )/g;"
+ update-grub >/dev/null 2>&1
+ ;;
+ *) [ ]
+ ;;
+esac
diff --git a/s5_auth.sh b/s5_auth.sh
new file mode 100755
index 0000000..046e9bd
--- /dev/null
+++ b/s5_auth.sh
@@ -0,0 +1,57 @@
+#!/bin/bash
+# File: /root/s5_auth.sh
+# Package: deployscripts
+# Author: bgstack15
+# Startdate: 2016-08-02
+# Title: Template Script 5: AD Authorization
+# Purpose: To join AD for users and groups
+# History: 2016-08-02 given original headers
+# Usage: ./s5[tab][auth]
+# Reference:
+# "\\example.com\staff\IT\PlatformServices\Linux\Templates\Building the Centos 7 Template.docx"
+# Improve:
+
+eval flavor=$( grep -iE "^\s*ID=" /etc/os-release 2>/dev/null | sed 's/^.*=//;' )
+if test -z "${flavor}"; then test "$( uname -s )" = "FreeBSD" && flavor=freebsd; fi
+
+thisuser="Bgstack15"
+
+case "${flavor}" in
+ centos|redhat|ubuntu|debian)
+ realm join example.com -U "${thisuser}" --install=/
+ /bin/cp -fp /etc/sssd/sssd.conf /etc/sssd/sssd.conf.orig
+ /bin/cp -fp /etc/sssd/sssd.conf.example /etc/sssd/sssd.conf
+ chmod 600 /etc/sssd/sssd.conf
+
+ /bin/cp -fp /etc/krb5.conf /etc/krb5.conf.orig
+ /bin/cp -fp /etc/krb5.conf.example /etc/krb5.conf
+ chmod 644 /etc/krb5.conf
+
+ sed -i -e '\|^sudoers:.*|h; ${x;s/sudoers://;{g;tF};a\' -e 'sudoers:\tfiles' -e '};:F;s/.*sudoers:.*/sudoers:\tfiles/g;' /etc/nsswitch.conf
+
+ systemctl restart sssd.service
+ time id "${thisuser}" | fold -w 80 | head
+
+ cat <<EOF > /etc/cron.d/keepadalive
+# File: /etc/cron.d/keepadalive
+# Purpose: keeps ad user authentication active and fast, by frequently asking for group info for a user
+*/5 * * * * root /usr/bin/id Bgstack15 >/dev/null 2>&1
+EOF
+ ;;
+ freebsd)
+ kinit "${thisuser}"
+ net ads join -k -U "${thisuser}"
+ kdestroy
+ kinit -k "$( hostname -s | tr 'a-z' 'A-Z')\$"
+ /root/updateval.sh /etc/crontab '^#.*\/kinithost.sh' '0,30\t*\t*\t*\t*\troot\t\/usr\/local\/bin\/kinithost\.sh' --apply
+ # enable services
+ /root/updateval.sh /etc/rc.conf '^samba_server_enable=.*' 'samba_server_enable="YES"' --apply
+ /root/updateval.sh /etc/rc.conf '^sssd_enable=.*' 'sssd_enable="YES"' --apply
+ # cannot start services regularly until a reboot, so onestart for now
+ service samba_server start
+ service sssd start
+ ;;
+ *)
+ echo "Cannot identify OS/flavor. Aborted." && exit 2
+ ;;
+esac
diff --git a/s6_bgstack15.sh b/s6_bgstack15.sh
new file mode 100755
index 0000000..49ff7bf
--- /dev/null
+++ b/s6_bgstack15.sh
@@ -0,0 +1,33 @@
+#!/bin/sh
+# File: /root/s6_bgstack15.sh
+# Package: deployscripts
+# Author: bgstack15
+# Startdate: 2016-05-20
+# Title: Template Script 6: bgstackness
+# Purpose: Set up my personal configs
+# History:
+# Usage: ./s6[tab][enter]
+# Reference:
+# "\\example.com\staff\IT\PlatformServices\Linux\Templates\Building the Centos 7 Template.docx"
+# Improve:
+
+eval flavor=$( grep -iE "^\s*ID=" /etc/os-release | sed 's/^.*=//;' )
+thisuser="Bgstack15"
+
+case "${flavor}" in
+ centos)
+ wget http://mirror.example.com/bgscripts/bgscripts.repo -O /etc/yum.repos.d/bgscripts.repo
+ yum -y install keepalive
+ #cat <<EOFBGSTACK15 >/etc/sudoers.d/10_bgstack15
+ #User_Alias BGSTACK15 = Bgstack15, bgstack15, bgstack15-local
+ #BGSTACK15 ALL=(ALL) NOPASSWD: ALL
+ #EOFBGSTACK15
+ ;;
+ ubuntu)
+ wget --quiet http://mirror.example.com/ubuntu/example-debian/example-debian.gpg -O /root/example-debian.gpg
+ apt-key add /root/example-debian.gpg
+ wget --quiet http://mirror.example.com/ubuntu/example-debian/example-debian.list -O /etc/apt/sources.list.d/example-debian.list
+ http_proxy= apt-get update >/dev/null 2>&1
+ http_proxy= apt-get -y install bgscripts keepalive
+ ;;
+esac
diff --git a/updateval.sh b/updateval.sh
new file mode 100644
index 0000000..08f431a
--- /dev/null
+++ b/updateval.sh
@@ -0,0 +1,63 @@
+#!/bin/sh
+# File: /root/updateval.sh
+# Package: deployscripts
+# Author: bgstack15
+# Startdate: 2016-07-27
+# Title: Script that Updates/Adds Value
+# Purpose: Supposed to allow idempotent and programmatic modifications to config files
+# History: 2016-08-01 last modified main content
+# 2016-10-11 Replaced in bgscripts with python3 script. The shell version is maintained for the deployscripts package.
+# Usage: ./updateval.sh /etc/rc.conf "^ntpd_enable=.*" 'ntpd_enable="YES"' --apply
+# Reference:
+# "Building the FreeBSD 10.3 Template.docx"
+# Improve:
+# Document: Below this line
+
+infile="${1}"
+searchstring="${2}"
+destinationstring="${3}"
+doapply="${4}"
+tmpfile="$( mktemp )"
+lineexists=0
+
+#determine sed command
+case "$( uname -s )" in
+ FreeBSD) sedcommand=gsed; formatstring="-f %p";;
+ Linux|*) sedcommand=sed; formatstring="-c %a";;
+esac
+
+#linenum=$( grep -niE "${searchstring}" "${infile}" | awk -F: '{print $1;}' )
+linenum=$( awk "/${searchstring}/ { print FNR; }" "${infile}" )
+#echo "linenum=\"${linenum}\""
+for word in ${linenum};
+do
+ #echo "word=${word}"
+ if test -n "${word}" && test ${word} -ge 0;
+ then
+ # line number is valid
+ lineexists=1
+ #echo "##### line number is valid"
+ if test "${doapply}" = "--apply";
+ then
+ #echo $sedcommand -i -e "s/${searchstring}/${destinationstring}/;" ${infile}
+ $sedcommand -i -e "s/${searchstring}/${destinationstring}/;" ${infile}
+ else
+ #echo $sedcommand -e "s/${searchstring}/${destinationstring}/;" ${infile}
+ $sedcommand -e "s/${searchstring}/${destinationstring}/;" ${infile}
+ fi
+ fi
+done
+if test "${lineexists}x" = "0x";
+then
+ # must add the value
+ #echo "##### must add the value"
+ if test "${doapply}" = "--apply";
+ then
+ { cat "${infile}"; printf "${destinationstring}\n"; } > ${tmpfile}
+ _perms=$( stat ${formatstring} "${infile}" | tail -c5 )
+ mv "${tmpfile}" "${infile}"
+ chmod "${_perms}" "${infile}"
+ else
+ { cat "${infile}"; printf "${destinationstring}\n"; }
+ fi
+fi
bgstack15