diff options
author | B Stack <bgstack15@gmail.com> | 2016-10-20 16:15:23 -0400 |
---|---|---|
committer | B Stack <bgstack15@gmail.com> | 2016-10-20 16:15:23 -0400 |
commit | d60ed67fa4eeeba312646358316e49c0a6cbc6f6 (patch) | |
tree | 7cec285c82c1e15cc021086899165afb7bed2385 | |
download | deployscripts-d60ed67fa4eeeba312646358316e49c0a6cbc6f6.tar.gz deployscripts-d60ed67fa4eeeba312646358316e49c0a6cbc6f6.tar.bz2 deployscripts-d60ed67fa4eeeba312646358316e49c0a6cbc6f6.zip |
initial commit
-rw-r--r-- | .gitignore | 4 | ||||
-rwxr-xr-x | .makecert.exp | 22 | ||||
-rwxr-xr-x | inc/localize_git.sh | 2 | ||||
-rwxr-xr-x | inc/scrub.py | 122 | ||||
-rw-r--r-- | inc/scrub.txt | 19 | ||||
-rwxr-xr-x | pack_ds.sh | 13 | ||||
-rw-r--r-- | packaging.txt | 30 | ||||
-rwxr-xr-x | s1_setname.sh | 115 | ||||
-rwxr-xr-x | s2_networking.sh | 78 | ||||
-rwxr-xr-x | s3_mountscripts.sh | 35 | ||||
-rwxr-xr-x | s4_vm.sh | 100 | ||||
-rwxr-xr-x | s5_auth.sh | 57 | ||||
-rwxr-xr-x | s6_bgstack15.sh | 33 | ||||
-rw-r--r-- | updateval.sh | 63 |
14 files changed, 693 insertions, 0 deletions
diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..762a52c --- /dev/null +++ b/.gitignore @@ -0,0 +1,4 @@ +old +freebsd +deployscripts.tgz +deployscripts.master.tgz diff --git a/.makecert.exp b/.makecert.exp new file mode 100755 index 0000000..36bdee1 --- /dev/null +++ b/.makecert.exp @@ -0,0 +1,22 @@ +#!/usr/bin/expect +set keyfile [lindex $argv 1] +set certfile [lindex $argv 2] +set timeout 2 +spawn openssl req -x509 -nodes -days 1095 -newkey rsa:2048 -keyout "${keyfile}" -out "${certfile}" +expect "Country Name (2 letter code) \[XX\]:" +set timeout 1 +send "US\r" +expect "State or Province Name (full name) \[\]:" +send "Some State\r" +expect "Locality Name (eg, city) \[Default City\]:" +send "Default City\r" +expect "Organization Name (eg, company) \[Default Company Ltd\]:" +send "Default Company Ltd\r" +expect "Organizational Unit Name (eg, section) \[\]:" && +send "Information Technologies\r" +expect "Common Name (eg, your name or your server's hostname) \[\]:" +send [lindex $argv 0] +send "\r" +expect "Email Address \[\]:" +send "linuxadmin@example.com\r" +interact diff --git a/inc/localize_git.sh b/inc/localize_git.sh new file mode 100755 index 0000000..bce9b2d --- /dev/null +++ b/inc/localize_git.sh @@ -0,0 +1,2 @@ +#!/bin/sh +\cp -pRf /home/work/template.clean/.git /mnt/scripts/template diff --git a/inc/scrub.py b/inc/scrub.py new file mode 100755 index 0000000..10cfe14 --- /dev/null +++ b/inc/scrub.py @@ -0,0 +1,122 @@ +#!/bin/env python3 +# Filename: scrub.py +# Location: Various +# Author: bgstack15@gmail.com +# Startdate: 2016-09-28 +# Title: Script that Simultaneously Copies and Scrubs a Directory +# Purpose: Prepare projects for publication by removing private information like usernames and hostnames +# Package: Various +# History: +# 2016-10-03 working on batch rename files +# 2016-10-20 added not ".tgz" in source.name +# Usage: +# Store this file with any package that gets published. Adjust scrub.txt in local directory. +# # First line: source directory Second line: target directory. WILL BE OVERWRITTEN! +# /etc/ansible +# /home/bjones/ansible.clean +# # Rest of the lines are "OLD WORD" "NEW WORD" +# bjones bgstack15 +# rsmith rmstack15 +# Reference: +# http://stackoverflow.com/questions/79968/split-a-string-by-spaces-preserving-quoted-substrings-in-python/524796#524796 +# http://stackoverflow.com/questions/6706953/python-using-subprocess-to-call-sed#6707003 +# http://stackoverflow.com/questions/6584871/remove-last-character-if-its-a-backslash/6584893#6584893 +# http://stackoverflow.com/questions/2212643/python-recursive-folder-read/2212728#2212728 +# parallel lists: http://stackoverflow.com/questions/1663807/how-can-i-iterate-through-two-lists-in-parallel-in-python +# file renames http://stackoverflow.com/questions/225735/batch-renaming-of-files-in-a-directory/7917798#7917798 +# Improve: +# Add option to specify scrub file +# Add exclude option to scrub file, such as .git and so on +# Accept CLI options like source, destination, even exclusions? +# Add flag for performing file renames as well, or file renames only +import re, shlex, os, sys, shutil +from pathlib import Path + +# scrubpy version +scrubpyversion = "2016-10-20a" + +# Define functions + +def removeComments(string): + #string = re.sub(re.compile("/\*.*?\*/",re.DOTALL ) ,"", string) + #string = re.sub(re.compile("//.*?\n" ) ,"" ,string) + pattern = r"(\".*?\"|\'.*?\')|(/\*.*?\*/|(//|#)[^\r\n]*$)" + regex = re.compile(pattern, re.MULTILINE|re.DOTALL) + def _replacer(match): + if match.group(2) is not None: + return "" + else: + return match.group(1) + return regex.sub(_replacer, string) + +# Main code +stringfile = open('scrub.txt','r') +count=0 +thisdir="" +newdir="" +oldstrings=[] +newstrings=[] + +while True: + x = stringfile.readline().rstrip() + count += 1 + if not x: break + x = removeComments(x) + #print("x=" + x) + y = shlex.split (x) + if len(y) >= 1: + if thisdir == "": + thisdir = y[0] + elif newdir == "": + newdir = y[0] + if len(y) >= 2: + #print("y[0]=" + y[0] + "\t and y[1]=" + y[1]) + oldstrings.append(y[0]) + newstrings.append(y[1]) + +# After the file is done +stringfile.close() +#newdir = thisdir.rstrip('\/') + ".scrubbed/" + +if False: + print("\nthisdir=" + thisdir) + print("newdir=" + newdir + '\n') + print("oldstrings are:") + print(oldstrings) + print("newstrings are:") + print(newstrings) + +# Clean scrubbed directory +try: + shutil.rmtree(newdir) +except: + foo=1 + +shutil.copytree(thisdir,newdir,symlinks=True) + +# Execute substitutions +for rootfolder, subdirs, files in os.walk(thisdir): + for filename in files: + sourcepath = os.path.join(rootfolder, filename) + with open( sourcepath, "r" ) as source: + if not ".swp" in source.name and not ".git" in source.name and not ".tgz" in source.name: + destdir = rootfolder.replace(thisdir.rstrip('\/'),newdir.rstrip('\/')) + destfile = os.path.join(destdir, filename) + #print("sourcefile=" + source.name) + #print("destfile=" + destfile + '\n') + with open( destfile, "w") as target: + data = source.read() + for oldword, newword in zip(oldstrings, newstrings): + data = data.replace(oldword,newword) + changed = data + target.write(changed) + +# Execute file renames +# Used "file renames" reference, as well as the structure of directory traversal used earlier, which was from a different source. +for rootfolder, subdirs, files in os.walk(newdir): + for filename in files: + oldpath = os.path.join(rootfolder, filename) + for oldword, newword in zip(oldstrings, newstrings): + if oldword in oldpath: + #print("oldword=" + oldword + "\toldpath=" + oldpath) + os.rename(oldpath, oldpath.replace(oldword,newword)) diff --git a/inc/scrub.txt b/inc/scrub.txt new file mode 100644 index 0000000..611e581 --- /dev/null +++ b/inc/scrub.txt @@ -0,0 +1,19 @@ +# First line: source directory Second line: target directory. WILL BE OVERWRITTEN! +/mnt/scripts/template +/home/work/template.clean +# rest of the lines are "OLD WORD" "NEW WORD" +BGSTACK15 BGSTACK15 +Bgstack15 Bgstack15 +bgstack15 bgstack15 +bgstackness bgstackness +gstack15 gstack15 +GSTACK15 GSTACK15 +User1 User1 +user1 user1 +"Some State" "Some State" +"Default City" "Default City" +"Default Company Ltd" "Default Company Ltd" +example example +EXAMPLE EXAMPLE +".com" ".com" +"203.0." "203.0." diff --git a/pack_ds.sh b/pack_ds.sh new file mode 100755 index 0000000..dad8f7a --- /dev/null +++ b/pack_ds.sh @@ -0,0 +1,13 @@ +#!/bin/sh +# File: /mnt/scripts/template/pack_ds.sh +# Package: deployscripts +# Author: bgstack15 +# Startdate: 2016 +# Title: Script that Packages deployscripts +# Purpose: Provides an easy way to pack the deployscripts together +# History: Started probably in early 2016 +# 2016-10-20 given headers +# Usage: Run ./pack_ds.sh and it will make the new tgz +# Reference: +# Improve: +( cd /mnt/scripts/template && rm -rf deployscripts.tgz && tar -zcf deployscripts.tgz .makecert.exp updateval.sh s*sh; ) diff --git a/packaging.txt b/packaging.txt new file mode 100644 index 0000000..e7ba0d4 --- /dev/null +++ b/packaging.txt @@ -0,0 +1,30 @@ +File: /root/packaging.txt +Package: deployscripts.tgz +Author: bgstack15 +Startdate: 2016-10-20 +Title: Packaging information for deployscripts.tgz +Purpose: To describe how these scripts are stored, packaged, and deployed +History: 2014 I wrote shell scripts (adapting from a previous person's source scripts) that automate hard-coded information for a server +Usage: +Reference: bgscripts README.txt + "Building the Centos 7 Template.docx" +Improve: +Document: Below this line + +### PACKAGING the deployscripts in a tgz +( cd /mnt/scripts/template && rm -rf deployscripts.tgz && tar -zcf deployscripts.tgz .makecert.exp updateval.sh s*sh; ) + +### DEPLOYING from nfs hosted tgz +tar -zxC /root -f /mnt/scripts/template/deployscripts.tgz + +### DEPLOYING from scp tgz +scp -pr norite:/mnt/scripts/template/deployscripts.tgz /root + +tar -zxC /root -f /root/deployscripts.tgz + +### PACKAGING in a MASTER tgz +# This includes the git information and auxiliary info +mtgz=/mnt/scripts/template/deployscripts.master.tgz +rm "${mtgz}" +( cd $( dirname ${mtgz} ); +tar -X /mnt/scripts/template/.gitignore --no-recursion -zc -f "${mtgz}" * .makecert.exp ) diff --git a/s1_setname.sh b/s1_setname.sh new file mode 100755 index 0000000..bbd8608 --- /dev/null +++ b/s1_setname.sh @@ -0,0 +1,115 @@ +#!/bin/bash +# File: /root/s1_setname.sh +# Package: deployscripts +# Author: bgstack15 +# Startdate: 2015 +# Title: Template Script 1: Set Name +# Purpose: Sets hostname regardless of OS +# History: 2016-08-16 Given original headers +# Usage: ./s1[tab][enter] +# observe the /bin/bash shebang. I only run this on a system after bash is installed. +# Reference: +# Improve: + +eval flavor=$( grep -iE "^\s*ID=" /etc/os-release 2>/dev/null | sed 's/^.*=//;' ) +if test -z "${flavor}"; then test "$( uname -s )" = "FreeBSD" && flavor=freebsd; fi +case "${flavor}" in + centos) + motdfile=/etc/motd + netfile=/etc/sysconfig/network + templatename=centos7alpha + ;; + ubuntu) + motdfile=/etc/issue + templatename=ubuntu16alpha + ;; + freebsd) + flavor=freebsd + motdfile=/etc/motd + netfile=/etc/rc.conf + templatename=freebsd10alpha + ;; + *) + echo "$0: Error 1. Cannot determine OS from /etc/os-release. Aborted." 1>&2 + exit 1 + ;; +esac + +# OS agnostic +server= +role= +hostnamefile=/etc/hostname +tmpfile1=~/.$$.$RANDOM.tmp + +function clean_setname { + rm -f $tmpfile1 2>/dev/null + exit +} + +trap 'clean_setname' 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 + +while [[ -z "$server" ]]; +do + printf "server (excluding .example.com): " + read server +done + +while [[ -z "$role" ]]; +do + printf "role: " + read role +done + +if [[ "$server" = "${server%%.*}" ]]; +then + serverlong="${server}".example.com +else + # assume we placed .example.com in it already + serverlong=${server} + server="${serverlong%%.*}" +fi + +# UPDATE FILES +# MOTD +sed "s/SERVER/${server}/g;s/ROLE/${role}/g;" <${motdfile} > ${tmpfile1} +cp -p ${tmpfile1} ${motdfile} +chmod 444 ${motdfile} +# HOSTNAME +printf "${serverlong}\n" > ${hostnamefile} +chmod 644 ${hostnamefile} + +# FLAVOR-SPECIFIC ACTIONS +case "${flavor}" in + centos) + # UPDATE hostname and NetworkManager + hostnamectl set-hostname "${serverlong}" + { + echo "NETWORKING=yes" + echo "HOSTNAME=$serverlong" + } > ${netfile} + ;; + ubuntu) + # Change volume group names if necessary + oldvg=$( vgs --rows | grep -E "^\s*VG" | awk '{print $2}' ) + case "${oldvg}" in + *ubuntu16*-vg) + vgrename "${oldvg}" "${server}-vg" >/dev/null 2>&1 + sed -i "s/${oldvg%-vg}--vg/${server}--vg/g;" /etc/fstab + sed -i "s/${oldvg%-vg}--vg/${server}--vg/g;" /boot/grub/grub.cfg + update-grub >/dev/null 2>&1 + sed -i "s/${templatename}/${server}/g;" /etc/postfix/main.cf + /etc/init.d/postfix reload >/dev/null 2>&1 + ;; + *) [ ];; + esac + ;; + freebsd) + # change hostname for freebsd. Need to update rc.conf, smb4.conf, /etc/mail/freebsd.mc + hostname "${serverlong}" + sed -I -e "s/^hostname=\".*\"/hostname=\"${serverlong}\"/;" /etc/rc.conf /etc/rc.conf.example + sed -I -e "s/netbios name = .*$/netbios name = $( hostname -s )/;" /usr/local/etc/smb4.conf /usr/local/etc/smb4.conf.example + sed -i -e 's/MASQUERADE_AS.*$/MASQUERADE_AS(\`'"$( hostname )'"')/;' /etc/mail/freebsd.mc + + ;; +# no wildcard needed because already vetted in flavor check earlier +esac diff --git a/s2_networking.sh b/s2_networking.sh new file mode 100755 index 0000000..7db4c77 --- /dev/null +++ b/s2_networking.sh @@ -0,0 +1,78 @@ +#!/bin/bash +# File: /root/s2_networking.sh +# Package: deployscripts +# Author: bgstack15 +# Startdate: 2015 +# Title: Template Script 2: Networking +# Purpose: Set initial hard-coded network settings +# History: 2016-07-28 given initial headers +# Usage: ./s2[tab][enter] +# Reference: +# Improve: + +eval flavor=$( grep -iE "^\s*ID=" /etc/os-release 2>/dev/null | sed 's/^.*=//;' ) +if test -z "${flavor}"; then test "$( uname -s )" = "FreeBSD" && flavor=freebsd; fi + +# interactive: +#macaddr=$( ip link show | grep ether | awk '{print $2}' ) +macaddr=$( ifconfig | grep -oIE "(ether|HWaddr)\>.*\>" | awk '{print $2}' ) +printf 'IP address: '; read thisip +echo ${thisip} | grep -qiE "^([0-9]{1,3}\.){3}[0-9]{1,3}" || { echo "Invalid IP. Aborted."; exit 1; } +defgateway=${thisip%.*}.254 +printf "Gateway [${defgateway}]: "; read thisgateway +[[ -z ${thisgateway} ]] && thisgateway=${defgateway} +echo ${thisgateway} | grep -qiE "^([0-9]{1,3}\.){3}[0-9]{1,3}" || { echo "Invalid gateway. Aborted."; exit 1; } + +#build other components +_netmask="255.255.255.0" #class c, or CIDR /24. Good enough for the example default. +_network="${thisip%.*}.0" +_broadcast="${thisip%.*}.255" + +case "${flavor}" in + centos) + netfile=/etc/sysconfig/network-scripts/.template + tmpfile=/tmp/netfile1 + outfile=/etc/sysconfig/network-scripts/ifcfg-eth0 + + sed "s/HWADDR=.*/HWADDR=\"${macaddr}\"/;" ${netfile} > ${tmpfile} + cat <<EOF >> ${tmpfile} +IPADDR=${thisip} +NETMASK=255.255.255.0 +GATEWAY=${thisgateway} +EOF + + chmod --reference ${netfile} ${tmpfile} + mv -f ${tmpfile} ${outfile} + rm -f /etc/sysconfig/network-scripts/ifcfg-eno* + systemctl restart network.service + ;; + ubuntu) + netfile=/etc/network/interfaces.example + tmpfile=/tmp/netfile1 + outfile=/etc/network/interfaces + + sed "s/THISIP/${thisip}/;s/THISNETMASK/${_netmask}/;s/THISNETWORK/${_network}/;s/THISBROADCAST/${_broadcast}/;s/THISGATEWAY/${thisgateway}/;" ${netfile} > ${tmpfile} + chmod --reference ${outfile} ${tmpfile} 2>/dev/null + mv -f ${tmpfile} ${outfile} + ifdown -a + ifup -a + + # Firewall rules, since ufw is disabled by default per https://help.ubuntu.com/16.04/serverguide/firewall.html + ufw enable + ufw allow ssh + ;; + freebsd) + netfile=/etc/rc.conf.example + tmpfile=/tmp/netfile1 + outfile=/etc/rc.conf + sed "s/^ifconfig_em0=.*\$/ifconfig_em0=\"inet ${thisip} netmask ${_netmask}\"/;s/^defaultrouter=.*/defaultrouter=\"${thisgateway}\"/;" ${netfile} > ${tmpfile} + cp -p ${tmpfile} ${outfile} + /etc/rc.d/netif restart + ;; + *) + echo "$0: Error 1. OS cannot be determined from /etc/os-release. Aborted." 1>&2 + exit 1 + ;; +esac + +echo "Please reboot (telinit 6)." diff --git a/s3_mountscripts.sh b/s3_mountscripts.sh new file mode 100755 index 0000000..a7b6c6b --- /dev/null +++ b/s3_mountscripts.sh @@ -0,0 +1,35 @@ +#!/bin/bash +# File: /root/s3_mountscripts.sh +# Package: deployscripts +# Author: bgstack15 +# Startdate: 2015 +# Title: Template Script 3: Mount Scripts Directory +# Purpose: Mounts the network mount for this organization +# History: 2016-05-19 given original headers +# Usage: ./s3[tab][enter] +# Reference: +# Improve: + +server=$( hostname ) +ipaddr=$( ifconfig | grep -E "Bcast|broadcast" | awk '{print $2}' | sed 's/[^0-9\.]//g;' ) +sdir=/mnt/scripts + +if [[ ! "$1" = "-y" ]]; +then + cat <<EOFNOTICE +ensure on norite.example.com: + 1. /etc/exports is allowing this host ("${server}") + 2. /etc/sysconfig/iptables allows this ip address ("${ipaddr}") + 3. service nfs restart + 4. service iptables restart +rerun this script with "-y" + +References: +https://protect.example.com/wiki/display/itops/norite +EOFNOTICE +else + # so "-y" was used + [[ ! -d ${sdir} ]] && mkdir -p ${sdir} 2>/dev/null + #mount -t nfs norite.example.com:/mnt/scripts /mnt/scripts + mount /mnt/scripts #it better be in /etc/fstab! +fi diff --git a/s4_vm.sh b/s4_vm.sh new file mode 100755 index 0000000..27b53bf --- /dev/null +++ b/s4_vm.sh @@ -0,0 +1,100 @@ +#!/bin/bash +# File: /root/s4_vm.sh +# Package: deployscripts +# Author: bgstack15 +# Startdate: 2015 +# Title: Template Script 4: General Settings +# Purpose: Do initial hard-coded configs +# History: 2016-05-19 given original headers +# Usage: ./s4[tab][enter] +# Reference: Original vm.sh script by user1 +# Improve: + +eval flavor=$( grep -iE "^\s*ID=" /etc/os-release 2>/dev/null | sed 's/^.*=//;' ) +if test -z "${flavor}"; then test "$( uname -s )" = "FreeBSD" && flavor=freebsd; fi + +case "${flavor}" in + centos|redhat) + templatename=centos7alpha + keyfile=/etc/pki/tls/private/localhost.key + certfile=/etc/pki/tls/certs/localhost.crt + ;; + ubuntu|debian) + templatename=ubuntu16alpha + keyfile=/etc/ssl/private/localhost.key + certfile=/etc/ssl/certs/localhost.crt + ;; + freebsd) + templatename=freebsd10alpha + keyfile=/etc/ssl/localhost.key + keyfile=/etc/ssl/localhost.crt + ;; + *) echo "Assuming centos directory layout for certificates..." + templatename=unspecified0alpha + keyfile=/etc/pki/tls/private/localhost.key + certfile=/etc/pki/tls/certs/localhost.crt + ;; +esac + +rm -rf /root/.viminfo +history -w +history -c + +cat /dev/null >/root/.bash_history + +printf "Regenerating the ssh key...\n" +rm -rf /root/.ssh/id_rsa* +ssh-keygen -qt rsa -f /root/.ssh/id_rsa -P "" + +printf "Changing password for user \"root\"\n" +passwd + +#ntpd update example-dc1.example.com +ntpd -gq 1>/dev/null 2>&1 + +chmod +x /etc/cron.daily/0*logwatch 2>/dev/null || { + #probably freebsd + /root/updateval.sh /etc/crontab "^#*.*\t.*\t\*\t\*.*root.*\/usr\/local\/sbin\/logwatch\.pl$" "15\t4\t\*\t\*\t\*\troot\t\/usr\/local\/sbin\/logwatch\.pl" --apply +} + +# clears these files without removing pointer, to prevent corruption +[[ -f /var/log/dmesg ]] && /bin/cat /dev/null >/var/log/dmesg +[[ -f /var/log/lastlog ]] && /bin/cat /dev/null >/var/log/lastlog +[[ -f /var/log/messages ]] && /bin/cat /dev/null >/var/log/messages +[[ -f /var/log/secure ]] && /bin/cat /dev/null >/var/log/secure +[[ -f /var/log/wtmp ]] && /bin/cat /dev/null >/var/log/wtmp +[[ -f /var/log/yum.log ]] && /bin/cat /dev/null >/var/log/yum.log +[[ -f /var/log/grubby ]] && /bin/cat /dev/null >/var/log/grubby +[[ -f /var/log/maillog ]] && /bin/cat /dev/null >/var/log/maillog +[[ -f /var/log/mail.log ]] && /bin/cat /dev/null >/var/log/mail.log +[[ -f /var/log/boot.log ]] && /bin/cat /dev/null >/var/log/boot.log +[[ -f /var/log/auth.log ]] && /bin/cat /dev/null >/var/log/auth.log +[[ -f /var/log/syslog ]] && /bin/cat /dev/null >/var/log/syslog +[[ -f /var/log/dpkg.log ]] && /bin/cat /dev/null >/var/log/dpkg.log +[[ -f /var/log/kern.log ]] && /bin/cat /dev/null >/var/log/kern.log + +# deletes extra files +/bin/rm -f /var/log/*-???????? /var/log/*.gz /var/log/dmesg.old 2>/dev/null +/bin/rm -rf /var/log/anaconda 2>/dev/null + +# suppress extraneous "dm-0: WRITE SAME failed. Manually zeroing" error +# Reference: http://www.it3.be/2013/10/16/write-same-failed/ +thispath=$( find /sys | grep max_write_same_blocks | head -n 1 ) +[[ -n "${thispath}" ]] && cat <<EOF > /etc/tmpfiles.d/write_same.conf +# Type Path Mode UID GID Age Argument +w ${thispath} - - - - 0 +EOF + +#printf "Making new certificate for this host. Press enter to begin...\n" +#read foo +#openssl req -x509 -nodes -days 1095 -newkey rsa:2048 -keyout /etc/pki/tls/private/localhost.key -out /etc/pki/tls/certs/localhost.crt +expect /root/.makecert.exp "$( hostname )" "${keyfile}" "${certfile}" + +case "${flavor}" in + ubuntu) + grep -liIE "${templatename}" /etc/* 2>/dev/null | xargs -n1 sed -i -e "s/ubuntu16alpha/$( hostname -s )/g;" + update-grub >/dev/null 2>&1 + ;; + *) [ ] + ;; +esac diff --git a/s5_auth.sh b/s5_auth.sh new file mode 100755 index 0000000..046e9bd --- /dev/null +++ b/s5_auth.sh @@ -0,0 +1,57 @@ +#!/bin/bash +# File: /root/s5_auth.sh +# Package: deployscripts +# Author: bgstack15 +# Startdate: 2016-08-02 +# Title: Template Script 5: AD Authorization +# Purpose: To join AD for users and groups +# History: 2016-08-02 given original headers +# Usage: ./s5[tab][auth] +# Reference: +# "\\example.com\staff\IT\PlatformServices\Linux\Templates\Building the Centos 7 Template.docx" +# Improve: + +eval flavor=$( grep -iE "^\s*ID=" /etc/os-release 2>/dev/null | sed 's/^.*=//;' ) +if test -z "${flavor}"; then test "$( uname -s )" = "FreeBSD" && flavor=freebsd; fi + +thisuser="Bgstack15" + +case "${flavor}" in + centos|redhat|ubuntu|debian) + realm join example.com -U "${thisuser}" --install=/ + /bin/cp -fp /etc/sssd/sssd.conf /etc/sssd/sssd.conf.orig + /bin/cp -fp /etc/sssd/sssd.conf.example /etc/sssd/sssd.conf + chmod 600 /etc/sssd/sssd.conf + + /bin/cp -fp /etc/krb5.conf /etc/krb5.conf.orig + /bin/cp -fp /etc/krb5.conf.example /etc/krb5.conf + chmod 644 /etc/krb5.conf + + sed -i -e '\|^sudoers:.*|h; ${x;s/sudoers://;{g;tF};a\' -e 'sudoers:\tfiles' -e '};:F;s/.*sudoers:.*/sudoers:\tfiles/g;' /etc/nsswitch.conf + + systemctl restart sssd.service + time id "${thisuser}" | fold -w 80 | head + + cat <<EOF > /etc/cron.d/keepadalive +# File: /etc/cron.d/keepadalive +# Purpose: keeps ad user authentication active and fast, by frequently asking for group info for a user +*/5 * * * * root /usr/bin/id Bgstack15 >/dev/null 2>&1 +EOF + ;; + freebsd) + kinit "${thisuser}" + net ads join -k -U "${thisuser}" + kdestroy + kinit -k "$( hostname -s | tr 'a-z' 'A-Z')\$" + /root/updateval.sh /etc/crontab '^#.*\/kinithost.sh' '0,30\t*\t*\t*\t*\troot\t\/usr\/local\/bin\/kinithost\.sh' --apply + # enable services + /root/updateval.sh /etc/rc.conf '^samba_server_enable=.*' 'samba_server_enable="YES"' --apply + /root/updateval.sh /etc/rc.conf '^sssd_enable=.*' 'sssd_enable="YES"' --apply + # cannot start services regularly until a reboot, so onestart for now + service samba_server start + service sssd start + ;; + *) + echo "Cannot identify OS/flavor. Aborted." && exit 2 + ;; +esac diff --git a/s6_bgstack15.sh b/s6_bgstack15.sh new file mode 100755 index 0000000..49ff7bf --- /dev/null +++ b/s6_bgstack15.sh @@ -0,0 +1,33 @@ +#!/bin/sh +# File: /root/s6_bgstack15.sh +# Package: deployscripts +# Author: bgstack15 +# Startdate: 2016-05-20 +# Title: Template Script 6: bgstackness +# Purpose: Set up my personal configs +# History: +# Usage: ./s6[tab][enter] +# Reference: +# "\\example.com\staff\IT\PlatformServices\Linux\Templates\Building the Centos 7 Template.docx" +# Improve: + +eval flavor=$( grep -iE "^\s*ID=" /etc/os-release | sed 's/^.*=//;' ) +thisuser="Bgstack15" + +case "${flavor}" in + centos) + wget http://mirror.example.com/bgscripts/bgscripts.repo -O /etc/yum.repos.d/bgscripts.repo + yum -y install keepalive + #cat <<EOFBGSTACK15 >/etc/sudoers.d/10_bgstack15 + #User_Alias BGSTACK15 = Bgstack15, bgstack15, bgstack15-local + #BGSTACK15 ALL=(ALL) NOPASSWD: ALL + #EOFBGSTACK15 + ;; + ubuntu) + wget --quiet http://mirror.example.com/ubuntu/example-debian/example-debian.gpg -O /root/example-debian.gpg + apt-key add /root/example-debian.gpg + wget --quiet http://mirror.example.com/ubuntu/example-debian/example-debian.list -O /etc/apt/sources.list.d/example-debian.list + http_proxy= apt-get update >/dev/null 2>&1 + http_proxy= apt-get -y install bgscripts keepalive + ;; +esac diff --git a/updateval.sh b/updateval.sh new file mode 100644 index 0000000..08f431a --- /dev/null +++ b/updateval.sh @@ -0,0 +1,63 @@ +#!/bin/sh +# File: /root/updateval.sh +# Package: deployscripts +# Author: bgstack15 +# Startdate: 2016-07-27 +# Title: Script that Updates/Adds Value +# Purpose: Supposed to allow idempotent and programmatic modifications to config files +# History: 2016-08-01 last modified main content +# 2016-10-11 Replaced in bgscripts with python3 script. The shell version is maintained for the deployscripts package. +# Usage: ./updateval.sh /etc/rc.conf "^ntpd_enable=.*" 'ntpd_enable="YES"' --apply +# Reference: +# "Building the FreeBSD 10.3 Template.docx" +# Improve: +# Document: Below this line + +infile="${1}" +searchstring="${2}" +destinationstring="${3}" +doapply="${4}" +tmpfile="$( mktemp )" +lineexists=0 + +#determine sed command +case "$( uname -s )" in + FreeBSD) sedcommand=gsed; formatstring="-f %p";; + Linux|*) sedcommand=sed; formatstring="-c %a";; +esac + +#linenum=$( grep -niE "${searchstring}" "${infile}" | awk -F: '{print $1;}' ) +linenum=$( awk "/${searchstring}/ { print FNR; }" "${infile}" ) +#echo "linenum=\"${linenum}\"" +for word in ${linenum}; +do + #echo "word=${word}" + if test -n "${word}" && test ${word} -ge 0; + then + # line number is valid + lineexists=1 + #echo "##### line number is valid" + if test "${doapply}" = "--apply"; + then + #echo $sedcommand -i -e "s/${searchstring}/${destinationstring}/;" ${infile} + $sedcommand -i -e "s/${searchstring}/${destinationstring}/;" ${infile} + else + #echo $sedcommand -e "s/${searchstring}/${destinationstring}/;" ${infile} + $sedcommand -e "s/${searchstring}/${destinationstring}/;" ${infile} + fi + fi +done +if test "${lineexists}x" = "0x"; +then + # must add the value + #echo "##### must add the value" + if test "${doapply}" = "--apply"; + then + { cat "${infile}"; printf "${destinationstring}\n"; } > ${tmpfile} + _perms=$( stat ${formatstring} "${infile}" | tail -c5 ) + mv "${tmpfile}" "${infile}" + chmod "${_perms}" "${infile}" + else + { cat "${infile}"; printf "${destinationstring}\n"; } + fi +fi |