Aaron's CentOS7 Scripts
-
Basic Server Setup Script
#!/bin/bash #Basic Server Setup Script echo "Username?" read username echo "Password?" read -s password echo "Hostname?" read hostname echo Running Updates.. yum -y update echo Adding User... useradd $username echo Setting Password... echo $password | passwd --stdin $username gpasswd -a $username wheel echo Installing EPEL repository... yum -y install epel-release echo Installing Basic Programs... yum -y install htop sysstat fail2ban nano echo Setting Hostname... hostnamectl set-hostname $hostname echo Disabling Root Login... sed -i -e 's/#PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/sshd_config echo Rebooting reboot
As always feedback is appreciated.
-
Upcoming Scripts:
- Fail2Ban Setup
- LAMP Install
- WordPress Install
Have a suggestion? Send it along!
-
I don't see a full update being run, that should be done before rebooting, I should think.
yum -y update
-
@scottalanmiller said:
I don't see a full update being run, that should be done before rebooting, I should think.
yum -y update
It's in there. It's his 12th line if I counted right.
-
Oh, so it is.
-
I want to create a updated version of this script:
I want to add some key management to it.
-
The easiest form of key managemet is to put the public keys into the script as text and "echo" them out to the appropriate file. here would be an example:
echo "sdpvoisd;lfkjsfjsagpioja[giwrj[ gij[aij[wwwdfffghag" >> /home/anonymous/.ssh/authorized_keys
Where the gibberish is actually the key contents.
-
Assuming that the file does not already exist, you would need to chmod and chown it too, for it to work correctly. And you would need to set SELinux perms on it. Assuming that we are on CentOS 7, which is the basis of this thread so I am assuming.
-
@scottalanmiller said:
Assuming that the file does not already exist, you would need to chmod and chown it too, for it to work correctly. And you would need to set SELinux perms on it. Assuming that we are on CentOS 7, which is the basis of this thread so I am assuming.
Hmmmmm. How hard is that to do?
I have been using this guide: https://www.digitalocean.com/community/tutorials/initial-server-setup-with-centos-7
Hoping to automate
-
If I did su - <username> and created the file first, would that solve the problem?
-
Here is the loop that we use to fix perms on the home directories:
for i in $(ls /home); do chown -R $i:$i /home/"$i"; chmod 700 /home/"$i"; chmod 700 /home/"$i"/.ssh; chmod 600 /home/"$i"/.ssh/authorized_keys; restorecon /home/"$i"/.ssh; done
-
@anonymous said:
If I did su - <username> and created the file first, would that solve the problem?
That's kinda awful, lol.
-
@scottalanmiller So $i is the username?
-
Would you be willing to post the whole script? No doubt others could benefit from it
Take out the NTG stuff
-
Let me see about cleaning it up.
-
-
Okay, here is the CentOS 7 specific one (should work on CentOS 6, Fedora 23, but it is for C7) with all but two users stripped out to demonstrate the wheel and non-wheel user functions. And before anyone notices, yes I need to update the key length.
#!/bin/bash useradd scott -u 1101 -c "Scott Alan Miller" -G wheel useradd danielle -u 1107 -c "Danielle Ralston" for i in $(ls /home); do mkdir -p /home/$i/.ssh; done echo 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDDPdBvgVUD/gHJl/inuOMGDgUXT88pdPrEM1WFdYqlnG4QximJ0HEqSweSlK8Qhxg6u7B+gPtR2GDxyLOydajARXNoR6d5W/Aupvet8vUVAXp5sIfjyYGcrZOM4dboWE0MkKuVtJX+ZEEXuLojqd9RvICnsBYhV3KwzuGimtf1c3z8hau82bKc7fxvsF1KBV6luLyb6MFlEgapf32v0j8aSoMmGHxcNBoR/H+iJxEUMLr0d4ecZNSW9864J+dy6qT5Ei3bcPdwJZ7/gVcee7MVDYzPtbAXEtgT/U4r4zghZvuLnB2N/sBpDm1MsZpzA4YdJw+Cm7V4RmAx+SmPoAzT scott@cc-lnx-jump' > /home/scott/.ssh/authorized_keys echo 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCcR7YY5dzaGtW4a3rte57aUE6Gqre7bco60vUM+UUoJyjlqH98P+GqkkMTUCiHELQR3HLMc5bpknaRcjqJtl1CpD5Wl3PgbFU0BD9mYbKcEGW1AET7hvYMPjJuC5lHYGDRgRLBTAuPFU2lijyMx2881BMmUNqWyNQTLzqKrWpleSq7hpMY3zdTSzt4I1T/S20zs2iWjxoGj0NboImwLwn2fJSuOVVVBCVWt7u8Hfau2yQ29b0sCFAge6rp2cJRn7dnN27K6J9jexQWZHBuxRdkdrdp+jOnObqwL47+2AmjeuGuzP2ZQyYvcgTynQKiyBWYhDl47kquYgHvwSyfFIYWAx2aJi7g7naJiX0AyQaKBcdC7p4/VKo/z54iStFV4/1Y3nY2+K4hX+NewrVopl4hmtwgA8YFXwGuEa7TEol6QOw288QSlUCUIQdSla6zewmAYm/e436SuQaW9mtRgNkhQzlhEagIfPVmwDbRyWt9zeueXGGuSPxaAtI28Ul0zCk8ukyZUyPBXAFMZyGQn0kot37Hcxxc8ewA/Vt5wms1TUowQmVc52X6ckMks+8XtcXB45E/BeISQFguNACYzjLwYPbQ8ir0+BA8+92+XUU8SkNLLtHSCCxTzuw/xlAh+1Dy7fPKt+YT3OAvwQRPIDNlqBaCN6+FNht4vsL05oGEaQ== danielle@cc-lnx-jump' > /home/danielle/.ssh/authorized_keys for i in $(ls /home); do chown -R $i:$i /home/"$i"; chmod 700 /home/"$i"; chmod 700 /home/"$i"/.ssh; chmod 600 /home/"$i"/.ssh/authorized_keys; restorecon /home/"$i"/.ssh; done if [ -f /etc/redhat-release ]; then sed -i 's/^%wheel/# %wheel/' /etc/sudoers sed -i 's/^#\s*\(%wheel\s\+ALL=(ALL)\s\+NOPASSWD:\s\+ALL\)/\1/' /etc/sudoers yum -y install epel-release yum -y install sysstat htop fail2ban yum-cron fi
-
Heaven only knows why I posted from this account.
-
So you guys use first names only? What happens when you hire another Scott? No access to Linux servers for him?
-
I don't see where you define i?