Aaron's CentOS7 Scripts

Basic Server Setup Script

#!/bin/bash

#Basic Server Setup Script

echo "Username?"
read username
echo "Password?"
read -s password
echo "Hostname?"
read hostname 
echo Running Updates..
yum -y update
echo Adding User...
useradd $username
echo Setting Password...
echo $password | passwd --stdin $username
gpasswd -a $username wheel
echo Installing EPEL repository...
yum -y install epel-release
echo Installing Basic Programs...
yum -y install htop sysstat fail2ban nano
echo Setting Hostname...
hostnamectl set-hostname $hostname
echo Disabling Root Login...
sed -i -e 's/#PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/sshd_config
echo Rebooting
reboot

As always feedback is appreciated.

Upcoming Scripts:

Fail2Ban Setup
LAMP Install
WordPress Install

Have a suggestion? Send it along!

scottalanmiller

I don't see a full update being run, that should be done before rebooting, I should think.

yum -y update

@scottalanmiller said:

I don't see a full update being run, that should be done before rebooting, I should think.
yum -y update

It's in there. It's his 12th line if I counted right.

scottalanmiller

Oh, so it is.

Alex Sage

I want to create a updated version of this script:

I want to add some key management to it.

scottalanmiller

The easiest form of key managemet is to put the public keys into the script as text and "echo" them out to the appropriate file. here would be an example:

echo "sdpvoisd;lfkjsfjsagpioja[giwrj[ gij[aij[wwwdfffghag" >> /home/anonymous/.ssh/authorized_keys

Where the gibberish is actually the key contents.

scottalanmiller

Assuming that the file does not already exist, you would need to chmod and chown it too, for it to work correctly. And you would need to set SELinux perms on it. Assuming that we are on CentOS 7, which is the basis of this thread so I am assuming.

Alex Sage

@scottalanmiller said:

Assuming that the file does not already exist, you would need to chmod and chown it too, for it to work correctly. And you would need to set SELinux perms on it. Assuming that we are on CentOS 7, which is the basis of this thread so I am assuming.

Hmmmmm. How hard is that to do?

I have been using this guide: https://www.digitalocean.com/community/tutorials/initial-server-setup-with-centos-7

Hoping to automate

Alex Sage

If I did su - <username> and created the file first, would that solve the problem?

scottalanmiller

Here is the loop that we use to fix perms on the home directories:

for i in $(ls /home); do chown -R $i:$i /home/"$i"; chmod 700 /home/"$i"; chmod 700 /home/"$i"/.ssh; chmod 600 /home/"$i"/.ssh/authorized_keys; restorecon /home/"$i"/.ssh; done

scottalanmiller

@anonymous said:

If I did su - <username> and created the file first, would that solve the problem?

That's kinda awful, lol.

Alex Sage

@scottalanmiller So $i is the username?

Alex Sage

Would you be willing to post the whole script? No doubt others could benefit from it

Take out the NTG stuff

scottalanmiller

Let me see about cleaning it up.

Alex Sage

@scottalanmiller said:

Let me see about cleaning it up.

THANKS!

mlnews

Okay, here is the CentOS 7 specific one (should work on CentOS 6, Fedora 23, but it is for C7) with all but two users stripped out to demonstrate the wheel and non-wheel user functions. And before anyone notices, yes I need to update the key length.

#!/bin/bash
useradd scott -u 1101 -c "Scott Alan Miller" -G wheel
useradd danielle -u 1107 -c "Danielle Ralston"

for i in $(ls /home); do mkdir -p /home/$i/.ssh; done

echo 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDDPdBvgVUD/gHJl/inuOMGDgUXT88pdPrEM1WFdYqlnG4QximJ0HEqSweSlK8Qhxg6u7B+gPtR2GDxyLOydajARXNoR6d5W/Aupvet8vUVAXp5sIfjyYGcrZOM4dboWE0MkKuVtJX+ZEEXuLojqd9RvICnsBYhV3KwzuGimtf1c3z8hau82bKc7fxvsF1KBV6luLyb6MFlEgapf32v0j8aSoMmGHxcNBoR/H+iJxEUMLr0d4ecZNSW9864J+dy6qT5Ei3bcPdwJZ7/gVcee7MVDYzPtbAXEtgT/U4r4zghZvuLnB2N/sBpDm1MsZpzA4YdJw+Cm7V4RmAx+SmPoAzT scott@cc-lnx-jump' > /home/scott/.ssh/authorized_keys

echo 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCcR7YY5dzaGtW4a3rte57aUE6Gqre7bco60vUM+UUoJyjlqH98P+GqkkMTUCiHELQR3HLMc5bpknaRcjqJtl1CpD5Wl3PgbFU0BD9mYbKcEGW1AET7hvYMPjJuC5lHYGDRgRLBTAuPFU2lijyMx2881BMmUNqWyNQTLzqKrWpleSq7hpMY3zdTSzt4I1T/S20zs2iWjxoGj0NboImwLwn2fJSuOVVVBCVWt7u8Hfau2yQ29b0sCFAge6rp2cJRn7dnN27K6J9jexQWZHBuxRdkdrdp+jOnObqwL47+2AmjeuGuzP2ZQyYvcgTynQKiyBWYhDl47kquYgHvwSyfFIYWAx2aJi7g7naJiX0AyQaKBcdC7p4/VKo/z54iStFV4/1Y3nY2+K4hX+NewrVopl4hmtwgA8YFXwGuEa7TEol6QOw288QSlUCUIQdSla6zewmAYm/e436SuQaW9mtRgNkhQzlhEagIfPVmwDbRyWt9zeueXGGuSPxaAtI28Ul0zCk8ukyZUyPBXAFMZyGQn0kot37Hcxxc8ewA/Vt5wms1TUowQmVc52X6ckMks+8XtcXB45E/BeISQFguNACYzjLwYPbQ8ir0+BA8+92+XUU8SkNLLtHSCCxTzuw/xlAh+1Dy7fPKt+YT3OAvwQRPIDNlqBaCN6+FNht4vsL05oGEaQ== danielle@cc-lnx-jump' > /home/danielle/.ssh/authorized_keys

for i in $(ls /home); do chown -R $i:$i /home/"$i"; chmod 700 /home/"$i"; chmod 700 /home/"$i"/.ssh; chmod 600 /home/"$i"/.ssh/authorized_keys; restorecon /home/"$i"/.ssh; done

if [ -f /etc/redhat-release ]; then
    sed -i 's/^%wheel/# %wheel/' /etc/sudoers
    sed -i 's/^#\s*\(%wheel\s\+ALL=(ALL)\s\+NOPASSWD:\s\+ALL\)/\1/' /etc/sudoers
    yum -y install epel-release
    yum -y install sysstat htop fail2ban yum-cron
fi

mlnews

Heaven only knows why I posted from this account.

Alex Sage

So you guys use first names only? What happens when you hire another Scott? No access to Linux servers for him?

Alex Sage

I don't see where you define i?