first commit

This commit is contained in:
Roy
2025-06-23 21:19:51 +02:00
commit a4f9ea11f3
69 changed files with 4857 additions and 0 deletions

View File

@ -0,0 +1,2 @@
first_start
jb{RWfnu

View File

@ -0,0 +1,2 @@
first_start
>X1nr0.E

60
WsConfman/confman/managemnt.sh Executable file
View File

@ -0,0 +1,60 @@
#!/bin/bash
#(c) Roy Cohen 12/06/2017 :roy@wondercohen.nl
#original script :My own work
#objective :Linux workstation configration manger
#last update :
#version
#Varibles
CLIENT_ARR=( `sudo tail -50 /var/log/secure | grep "Did not receive identification string from" |cut -d " " -f12| sort | uniq` )
CLIENT_PATH="$HOME/confman/hostlist/"
CLIENT=(`ls $CLIENT_PATH`)
# Functions
function add_client {
#Check if the client is known and add the cilent if it is not known in the system
for client in "${CLIENT_ARR[@]}"; do
if [ -f $CLIENT_PATH$client ] ; then
echo "$CLIENT_PATH$client already exists"
else
echo "" > $CLIENT_PATH$client
fi
done
}
function add_ssh_ECDSA {
#Check if the client is known and add the ssh ECDSA key fingerprint to ~/.ssh/known_hosts
for client in "${CLIENT[@]}"; do
grep "$client" $HOME/.ssh/known_hosts > /dev/null
if [ $? -eq 0 ] ; then
echo " $client already known at ~/.ssh/known_hosts"
else
ssh-keyscan $client >> ~/.ssh/known_hosts
fi
done
}
#ssh root@$CLIENT "md5sum /etc/ssh/sshd_config"
#Check if first_start.sh as run on the client, if not than copy the first_start.sh to the client and run it
function first_start {
#FIST_START=`head -1 $CLIENT_PATH$CLIENT`
for cilent in "${CLIENT[@]}"; do
head -1 $CLIENT_PATH$cilent | grep first_start > /dev/null
if [ $? -eq 0 ] ; then
echo "$cilent has allready run first_start"
else
scp ~/confman/scripts/first_start.sh root@$cilent:/root && echo "first_start" > $CLIENT_PATH$cilent
ssh root@$cilent '/root/first_start.sh' >> $CLIENT_PATH$cilent && ssh root@$cilent 'rm /root/first_start.sh'
fi
done
}
#call funcions
add_client
add_ssh_ECDSA
first_start

View File

@ -0,0 +1,9 @@
#!/bin/bash
PASS=`< /dev/urandom tr -dc A-Za-z0-9'"<>,./?!@#$%^&(){}[]' | head -c8`
oldPassword="Test2001"
newPassword=$PASS
rootdevice="/dev/sda3"
printf '%s\n' "$oldPassword" "$newPassword" "$newPassword" |sudo cryptsetup luksAddKey $rootdevice
printf '%s\n' "$oldPassword" |sudo cryptsetup luksRemoveKey $rootdevice
echo $newPassword

164
WsConfman/ks.cfg Normal file
View File

@ -0,0 +1,164 @@
#version=RHEL7
# Install OS instead of upgrade
install
cdrom
# Reboot the machine after the installation is complete
# and attempt to eject the CD/DVD/Bootdisk
#reboot --eject
# Setup network interfaces via DHCP
network --device=enp0s3 --bootproto=dhcp --onboot=yes --activate
# Install from an installation tree on a remote server
# Required when using a minimal ISO
#url --url=http://mirror.centos.org/centos/$releasever/os/$basearch/
# install in text mode
text
#Shut down nd power off the system after the installation has successfully completed.
#poweroff
reboot
# System keyboard
keyboard us
xconfig --startxonboot
# System language
lang en_US.UTF-8
#set root pw here (required by KS), remove pw in post
## (Required) Sets the root password so there is no prompt during installation
# Example: encrypted password is "Test2001"
# to generate the hash mkpasswd --method=sha-512
rootpw Test2001
authconfig --enableshadow --passalgo=sha512
#user
user --groups=test --homedir=/home/test --name=test1 --password=Test2001 --gecos="test"
#Block ssh
firewall --enabled --service=ssh
#Dont start firstboot dialoge
firstboot --disabled
eula --agreed
# SELinux configuration
# By default, selinux is enforcing
#selinux --enforcing
selinux --permissive
# Services
services --enabled=ntpd,ntpdate
# Installation logging level
logging --level=debug
# System timezone
timezone Europe/Amsterdam
# System bootloader configuration
bootloader --location=mbr --driveorder=sda --append="rhgb quiet"
#Network configuration
network --device=enp0s3 --bootproto=dhcp --onboot=yes --activate
# Clear the Master Boot Record
zerombr
# Automatically create partitions, no LVM
#autopart --nolvm
# Partition clearing information
clearpart --all --initlabel
# Create primary partitions
part /boot --fstype "ext3" --size=1024 --asprimary
part swap --fstype swap --size=8024
part pv.01 --size=1 --grow --encrypted --passphrase=Test2001
#part pv.01 --size=1 --grow
# Create more logical partitions
volgroup vgroup1 pv.01
logvol / --fstype ext3 --name=root --vgname=vgroup1 --size=10240
logvol /tmp --fstype ext3 --name=temp --vgname=vgroup1 --size=5120 --fsoptions="nodev,noexec,nosuid"
logvol /home --fstype ext3 --name=home --vgname=vgroup1 --size=1 --grow --fsoptions="nodev"
logvol /var --fstype ext3 --name=var --vgname=vgroup1 --size=5120 --fsoptions="nodev"
%packages
@base
@core
@desktop-debugging
@fonts
@gnome
@gnome-desktop
@guest-agents
@guest-desktop-agents
@input-methods
@internet-browser
@multimedia
@print-client
@print-server
@x11
-sysreport
%end
%post --nochroot --log=/mnt/sysimage/var/log/ks.post01.log
#!/bin/bash
set -x
%end
%post --log=/var/log/ks.post02.log
#!/bin/bash
set -x
# Remove root password
#echo "Removing root password"
#passwd -d root
# Make sure we have the latest security updates
echo "Updating packages"
/usr/bin/yum clean all
/usr/bin/yum update -y
# Install Node.js and json via EPEL
/usr/bin/yum install -y epel-release
/usr/bin/yum install -y nodejs
/usr/bin/npm install -g json
# Clean up all yum caches
echo "Cleaning up yum caches"
/usr/bin/yum clean all
# Disable kdump
echo "Disabling kdump"
systemctl disable kdump.service
# Ensure we have sane and consistent defaults for ntp.conf
sed s/restrict\ default\ nomodify\ notrap\ nopeer\ noquery/restrict\ default\ kod\ nomodify\ notrap\ nopeer\ noquery/ -i /etc/ntp.conf
# For IPv6
echo "restrict -6 default kod nomodify notrap nopeer noquery" >> /etc/ntp.conf
sed s/restrict\ ::1/restrict\ -6\ ::1/ -i /etc/ntp.conf
# Disable password auth. SSH logon is via ssh key only. A password is being set
# for root via the image manifest per IMAGE-459.
echo "Disabling password auth in sshd_config"
sed s/PasswordAuthentication\ yes/PasswordAuthentication\ no/ -i /etc/ssh/sshd_config
# Clean up files
echo "Ceaning up build files"
/bin/rm -rf /root/anaconda-ks.cfg
/bin/rm -rf /tmp/.npm/
/bin/rm -rf /tmp/ks-script*
/bin/rm -rf /var/log/anaconda
# cronjob
echo "*/5 * * * * nc 192.168.2.129 22 < /dev/null" > /var/spool/cron/root
chmod 600 /var/spool/cron/root
#ssh key
mkdir /root/.ssh
chmod 700 /root/.ssh
echo "ssh-rsa Ack man1@localhost.localdomain" > /root/.ssh/authorized_keys
chmod 600 /root/.ssh/authorized_keys
%end