first commit
This commit is contained in:
2
WsConfman/confman/hostlist/192.168.2.100
Normal file
2
WsConfman/confman/hostlist/192.168.2.100
Normal file
@ -0,0 +1,2 @@
|
||||
first_start
|
||||
jb{RWfnu
|
2
WsConfman/confman/hostlist/192.168.2.163
Normal file
2
WsConfman/confman/hostlist/192.168.2.163
Normal file
@ -0,0 +1,2 @@
|
||||
first_start
|
||||
>X1nr0.E
|
60
WsConfman/confman/managemnt.sh
Executable file
60
WsConfman/confman/managemnt.sh
Executable file
@ -0,0 +1,60 @@
|
||||
#!/bin/bash
|
||||
#(c) Roy Cohen 12/06/2017 :roy@wondercohen.nl
|
||||
#original script :My own work
|
||||
#objective :Linux workstation configration manger
|
||||
#last update :
|
||||
#version
|
||||
|
||||
|
||||
#Varibles
|
||||
CLIENT_ARR=( `sudo tail -50 /var/log/secure | grep "Did not receive identification string from" |cut -d " " -f12| sort | uniq` )
|
||||
CLIENT_PATH="$HOME/confman/hostlist/"
|
||||
CLIENT=(`ls $CLIENT_PATH`)
|
||||
|
||||
# Functions
|
||||
function add_client {
|
||||
#Check if the client is known and add the cilent if it is not known in the system
|
||||
for client in "${CLIENT_ARR[@]}"; do
|
||||
if [ -f $CLIENT_PATH$client ] ; then
|
||||
echo "$CLIENT_PATH$client already exists"
|
||||
else
|
||||
echo "" > $CLIENT_PATH$client
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
function add_ssh_ECDSA {
|
||||
#Check if the client is known and add the ssh ECDSA key fingerprint to ~/.ssh/known_hosts
|
||||
for client in "${CLIENT[@]}"; do
|
||||
grep "$client" $HOME/.ssh/known_hosts > /dev/null
|
||||
|
||||
if [ $? -eq 0 ] ; then
|
||||
echo " $client already known at ~/.ssh/known_hosts"
|
||||
else
|
||||
ssh-keyscan $client >> ~/.ssh/known_hosts
|
||||
fi
|
||||
done
|
||||
|
||||
}
|
||||
|
||||
#ssh root@$CLIENT "md5sum /etc/ssh/sshd_config"
|
||||
#Check if first_start.sh as run on the client, if not than copy the first_start.sh to the client and run it
|
||||
function first_start {
|
||||
#FIST_START=`head -1 $CLIENT_PATH$CLIENT`
|
||||
|
||||
for cilent in "${CLIENT[@]}"; do
|
||||
head -1 $CLIENT_PATH$cilent | grep first_start > /dev/null
|
||||
|
||||
if [ $? -eq 0 ] ; then
|
||||
echo "$cilent has allready run first_start"
|
||||
else
|
||||
scp ~/confman/scripts/first_start.sh root@$cilent:/root && echo "first_start" > $CLIENT_PATH$cilent
|
||||
ssh root@$cilent '/root/first_start.sh' >> $CLIENT_PATH$cilent && ssh root@$cilent 'rm /root/first_start.sh'
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
#call funcions
|
||||
add_client
|
||||
add_ssh_ECDSA
|
||||
first_start
|
9
WsConfman/confman/scripts/first_start.sh
Executable file
9
WsConfman/confman/scripts/first_start.sh
Executable file
@ -0,0 +1,9 @@
|
||||
#!/bin/bash
|
||||
|
||||
PASS=`< /dev/urandom tr -dc A-Za-z0-9'"<>,./?!@#$%^&(){}[]' | head -c8`
|
||||
oldPassword="Test2001"
|
||||
newPassword=$PASS
|
||||
rootdevice="/dev/sda3"
|
||||
printf '%s\n' "$oldPassword" "$newPassword" "$newPassword" |sudo cryptsetup luksAddKey $rootdevice
|
||||
printf '%s\n' "$oldPassword" |sudo cryptsetup luksRemoveKey $rootdevice
|
||||
echo $newPassword
|
164
WsConfman/ks.cfg
Normal file
164
WsConfman/ks.cfg
Normal file
@ -0,0 +1,164 @@
|
||||
#version=RHEL7
|
||||
# Install OS instead of upgrade
|
||||
install
|
||||
cdrom
|
||||
|
||||
# Reboot the machine after the installation is complete
|
||||
# and attempt to eject the CD/DVD/Bootdisk
|
||||
#reboot --eject
|
||||
|
||||
# Setup network interfaces via DHCP
|
||||
network --device=enp0s3 --bootproto=dhcp --onboot=yes --activate
|
||||
|
||||
# Install from an installation tree on a remote server
|
||||
# Required when using a minimal ISO
|
||||
#url --url=http://mirror.centos.org/centos/$releasever/os/$basearch/
|
||||
|
||||
# install in text mode
|
||||
text
|
||||
#Shut down nd power off the system after the installation has successfully completed.
|
||||
#poweroff
|
||||
reboot
|
||||
|
||||
# System keyboard
|
||||
keyboard us
|
||||
|
||||
xconfig --startxonboot
|
||||
|
||||
# System language
|
||||
lang en_US.UTF-8
|
||||
|
||||
#set root pw here (required by KS), remove pw in post
|
||||
## (Required) Sets the root password so there is no prompt during installation
|
||||
# Example: encrypted password is "Test2001"
|
||||
# to generate the hash mkpasswd --method=sha-512
|
||||
rootpw Test2001
|
||||
authconfig --enableshadow --passalgo=sha512
|
||||
|
||||
#user
|
||||
user --groups=test --homedir=/home/test --name=test1 --password=Test2001 --gecos="test"
|
||||
|
||||
#Block ssh
|
||||
firewall --enabled --service=ssh
|
||||
#Dont start firstboot dialoge
|
||||
firstboot --disabled
|
||||
eula --agreed
|
||||
|
||||
# SELinux configuration
|
||||
# By default, selinux is enforcing
|
||||
#selinux --enforcing
|
||||
selinux --permissive
|
||||
|
||||
# Services
|
||||
services --enabled=ntpd,ntpdate
|
||||
|
||||
# Installation logging level
|
||||
logging --level=debug
|
||||
|
||||
# System timezone
|
||||
timezone Europe/Amsterdam
|
||||
|
||||
# System bootloader configuration
|
||||
bootloader --location=mbr --driveorder=sda --append="rhgb quiet"
|
||||
#Network configuration
|
||||
network --device=enp0s3 --bootproto=dhcp --onboot=yes --activate
|
||||
|
||||
# Clear the Master Boot Record
|
||||
zerombr
|
||||
|
||||
# Automatically create partitions, no LVM
|
||||
#autopart --nolvm
|
||||
|
||||
# Partition clearing information
|
||||
clearpart --all --initlabel
|
||||
|
||||
# Create primary partitions
|
||||
part /boot --fstype "ext3" --size=1024 --asprimary
|
||||
part swap --fstype swap --size=8024
|
||||
part pv.01 --size=1 --grow --encrypted --passphrase=Test2001
|
||||
#part pv.01 --size=1 --grow
|
||||
|
||||
# Create more logical partitions
|
||||
volgroup vgroup1 pv.01
|
||||
logvol / --fstype ext3 --name=root --vgname=vgroup1 --size=10240
|
||||
logvol /tmp --fstype ext3 --name=temp --vgname=vgroup1 --size=5120 --fsoptions="nodev,noexec,nosuid"
|
||||
logvol /home --fstype ext3 --name=home --vgname=vgroup1 --size=1 --grow --fsoptions="nodev"
|
||||
logvol /var --fstype ext3 --name=var --vgname=vgroup1 --size=5120 --fsoptions="nodev"
|
||||
|
||||
%packages
|
||||
@base
|
||||
@core
|
||||
@desktop-debugging
|
||||
@fonts
|
||||
@gnome
|
||||
@gnome-desktop
|
||||
@guest-agents
|
||||
@guest-desktop-agents
|
||||
@input-methods
|
||||
@internet-browser
|
||||
@multimedia
|
||||
@print-client
|
||||
@print-server
|
||||
@x11
|
||||
-sysreport
|
||||
|
||||
%end
|
||||
|
||||
|
||||
%post --nochroot --log=/mnt/sysimage/var/log/ks.post01.log
|
||||
#!/bin/bash
|
||||
|
||||
set -x
|
||||
|
||||
%end
|
||||
|
||||
%post --log=/var/log/ks.post02.log
|
||||
#!/bin/bash
|
||||
|
||||
set -x
|
||||
|
||||
# Remove root password
|
||||
#echo "Removing root password"
|
||||
#passwd -d root
|
||||
|
||||
# Make sure we have the latest security updates
|
||||
echo "Updating packages"
|
||||
/usr/bin/yum clean all
|
||||
/usr/bin/yum update -y
|
||||
# Install Node.js and json via EPEL
|
||||
/usr/bin/yum install -y epel-release
|
||||
/usr/bin/yum install -y nodejs
|
||||
/usr/bin/npm install -g json
|
||||
# Clean up all yum caches
|
||||
echo "Cleaning up yum caches"
|
||||
/usr/bin/yum clean all
|
||||
# Disable kdump
|
||||
echo "Disabling kdump"
|
||||
systemctl disable kdump.service
|
||||
# Ensure we have sane and consistent defaults for ntp.conf
|
||||
sed s/restrict\ default\ nomodify\ notrap\ nopeer\ noquery/restrict\ default\ kod\ nomodify\ notrap\ nopeer\ noquery/ -i /etc/ntp.conf
|
||||
# For IPv6
|
||||
echo "restrict -6 default kod nomodify notrap nopeer noquery" >> /etc/ntp.conf
|
||||
sed s/restrict\ ::1/restrict\ -6\ ::1/ -i /etc/ntp.conf
|
||||
# Disable password auth. SSH logon is via ssh key only. A password is being set
|
||||
# for root via the image manifest per IMAGE-459.
|
||||
echo "Disabling password auth in sshd_config"
|
||||
sed s/PasswordAuthentication\ yes/PasswordAuthentication\ no/ -i /etc/ssh/sshd_config
|
||||
# Clean up files
|
||||
echo "Ceaning up build files"
|
||||
/bin/rm -rf /root/anaconda-ks.cfg
|
||||
/bin/rm -rf /tmp/.npm/
|
||||
/bin/rm -rf /tmp/ks-script*
|
||||
/bin/rm -rf /var/log/anaconda
|
||||
|
||||
# cronjob
|
||||
echo "*/5 * * * * nc 192.168.2.129 22 < /dev/null" > /var/spool/cron/root
|
||||
chmod 600 /var/spool/cron/root
|
||||
|
||||
#ssh key
|
||||
mkdir /root/.ssh
|
||||
chmod 700 /root/.ssh
|
||||
echo "ssh-rsa Ack man1@localhost.localdomain" > /root/.ssh/authorized_keys
|
||||
chmod 600 /root/.ssh/authorized_keys
|
||||
|
||||
%end
|
Reference in New Issue
Block a user