Shell Scripting: My Story, My Post-Install – Part 3

Where I work we have very few Red Hat servers, so there hasn’t been a need, so far, to deploy a Red Hat Satellite server to assist with deploying servers. What I have done, since we use VMware ESXi for our virtual environment, is create a virtual machine template with some basic configuration. Once I deploy the virtual server I use some custom shell scripts to finish the configuration. What I have for holding the post-install scripts for the new servers is a NAS with a share. Because I am often changing the post-install scripts with new security changes and such, I have a basic updatesscripts.sh on the template that looks like this:

#!/bin/bash
# Mounts NAS share to local share directory on the server template
mount -t cifs //ipaddress/scripts_share /share -o username=username
sleep 2
# Copies mount to local scripts
yes | cp -R /share/* /scripts
sleep 4
umount /share

Then, when I am ready to start the server setup, I run this script that gives menu options:

#!/bin/bash
clear

selection=
until [ "$selection" = "0" ]; do
	echo ""
	echo "-------------------------"
	echo "* New Server Setup MENU *"
	echo "-------------------------"
	echo ""
	echo "1 - Change network IP"
	echo "2 - Change hostname"
	echo "3 - Register Red Hat server with Red Hat subscription"
	echo "4 - Update the server"
	echo "5 - Setup Red Hat 7 server"
	echo "6 - Install TrendMicro for domain1.local"
	echo "7 - Install TrendMicro for domain2.local"
	echo "8 - Create new user"
	echo "9 - Copy standardized bashrc"
	echo ""
	echo "0 - exit program"
	echo ""
	echo -n "Enter selection: "
	read selection
	echo ""
case $selection in
	1 ) sh /scripts/RH7_CentOS7/networkchg_RH7_CentOS7.sh ;;
	2 ) sh /scripts/RH7_CentOS7/hostnamechg_RH7_CentOS7.sh ;;
	3 ) sh /scripts/RHEL_subscription.sh ;;
	4 ) sh /scripts/yumupdate.sh ;;
	5 ) sh /scripts/RH7_CentOS7/Setup_RH7.sh ;;
	6 ) sh /scripts/TM_Orlando.sh ;;
	7 ) sh /scripts/TM_Peak10.sh ;;
	8 ) sh /scripts/createuser_prompt-RH.sh ;;
	9 ) sh /scripts/cpbashrc.sh ;;
	0 ) exit ;;
	* ) echo "Please enter 1 - 9 or 0"
esac
done

Here is what each of those scripts from the menu executes:

Menu 1

#!/bin/bash
clear
echo
echo "*** The current IP address is: ***"
echo "__________________________________"
ip addr
echo "__________________________________"
echo
echo "^^^ Would you like to change the network IP address? yes or no: ^^^"
read REPLY
if [ "$REPLY" == "yes" ]; then
 nmtui
echo "*** Restarting the network service ***"
echo
systemctl restart network
echo
else [ "$REPLY" == "no" ]
 echo
 echo "*** No change ***"
 echo
fi
echo "*** This is the current IP address ***"
echo "______________________________________"
ip addr
echo "______________________________________"
echo

Menu 2

#!/bin/bash
# Change hostname
clear
echo
echo "*** Confirming the static hostname is set... ***"
echo
hostnamectl status
echo
echo "^^^ The current hostname is -> `hostname` <-. Would you like to change the machine hostname? yes or no: ^^^"
read HOSTCHANGE
if [ "$HOSTCHANGE" == "yes" ]; then
 echo
 echo "**** Changing the hostname. What would you like to change it to? ****"
 read HOSTNAME
 hostnamectl set-hostname $HOSTNAME
 echo
 hostnamectl status
 sleep 3
else [ "$HOSTCHANGE" == "no" ]
 echo
 echo "*** No change ***"
 echo
fi
clear

Menu 3

#!/bin/bash
clear
subscription-manager register --username username --auto-attach
echo
subscription-manager attach --pool=longidstring
echo
echo "Currently assigned and consumed"
echo "_______________________________"
echo
subscription-manager list --consumed
echo "_______________________________"
clear

Menu 4

#!/bin/bash
clear
yum install -y wget vim rsync
yum -y update
echo
echo "^^^ Updates have been applied. Would you like to reboot? yes or no: ^^^"
read RESPONSE
if [ "$RESPONSE" == "yes" ]; then
 echo
 echo "**** Rebooting ****"
 sleep 3
 reboot
else [ "$RESPONSE" == "no" ]
 echo
fi
clear

Menu 5

This next script runs a hardening process for PCI compliance. Basically, it’s a script that launches many scripts that hardens the server based on CIS Red Hat 7 Benchmark and OpenSCAP hardening along with some standing installs and configurations.

#!/bin/bash
clear
echo "----------------------------------------------------"
echo "@@@ OS Hardening @@@"
sleep 4
echo
echo "----------------------------------------------------"
echo "*** CIS 1-1 - Sticky bit, disbable mounting ***"
echo
sh /scripts/RH7_CentOS7/PCI_scripts_RH7_CentOS7/CIS_1-1_fs.sh
echo
##read -p "Press [Enter] to continue"
echo "----------------------------------------------------"
echo "*** CIS 2-1 - Remove special services ***"
echo
sh /scripts/RH7_CentOS7/PCI_scripts_RH7_CentOS7/CIS_2-2_removespecialservices.sh
echo
#read -p "Press [Enter] to continue"
echo "----------------------------------------------------"
echo "*** CIS 2-3 - Remove services ***"
echo
sh /scripts/RH7_CentOS7/PCI_scripts_RH7_CentOS7/CIS_2-3_removeservices.sh
echo
#read -p "Press [Enter] to continue"
echo "----------------------------------------------------"
echo
echo "*** CIS 3-1 - Modify Network Parameters ***"
echo
sh /scripts/RH7_CentOS7/PCI_scripts_RH7_CentOS7/CIS_3-1_modifynetparam.sh
echo
#read -p "Press [Enter] to continue"
echo "----------------------------------------------------"
echo "*** CIS 3-3 - Disable IPv6 ***"
echo
sh /scripts/RH7_CentOS7/PCI_scripts_RH7_CentOS7/CIS_3-3_modifyipv6.sh
echo
#read -p "Press [Enter] to continue"
echo "----------------------------------------------------"
echo "*** CIS 3-4 - Install TCP Wrappers ***"
echo
sh /scripts/RH7_CentOS7/PCI_scripts_RH7_CentOS7/CIS_3-4_tcpwrappers.sh
echo
#read -p "Press [Enter] to continue"
echo "----------------------------------------------------"
echo "*** CIS 3-5 - Uncommon Network Protocols ***"
echo
sh /scripts/RH7_CentOS7/PCI_scripts_RH7_CentOS7/CIS_3-5_uncommonnetwork.sh
echo
#read -p "Press [Enter] to continue"
echo "----------------------------------------------------"
echo "*** CIS 3-6 - Enable IPtables & add rules ***"
echo
sh /scripts/RH7_CentOS7/PCI_scripts_RH7_CentOS7/CIS_3-6_confirmfirewall.sh
echo
#read -p "Press [Enter] to continue"
echo "----------------------------------------------------"
echo "*** CIS 4-1 - Configure Auditing ***"
echo
sh /scripts/RH7_CentOS7/PCI_scripts_RH7_CentOS7/CIS_4-1_configsysacct.sh
echo
#read -p "Press [Enter] to continue"
echo "----------------------------------------------------"
echo "*** CIS 4-2 - Configure logs ***"
echo
sh /scripts/RH7_CentOS7/PCI_scripts_RH7_CentOS7/CIS_4-2_configlogfiles.sh
echo
#read -p "Press [Enter] to continue"
echo "----------------------------------------------------"
echo "*** CIS 5-2 - Configure SSH ***"
echo
sh /scripts/RH7_CentOS7/PCI_scripts_RH7_CentOS7/CIS_5-2_configssh.sh
echo
#read -p "Press [Enter] to continue"
#echo "----------------------------------------------------"
#echo "CIS 5-3 - Set lockout for failed password"
#echo
#sh /scripts/RH7_CentOS7/PCI_scripts_RH7_CentOS7/CIS_5-3_logout.sh
#echo
##read -p "Press [Enter] to continue"
echo "----------------------------------------------------"
echo "*** CIS 5-4 - Set password expiration, lock inactive user accounts ***"
echo
sh /scripts/RH7_CentOS7/PCI_scripts_RH7_CentOS7/CIS_5-4_passwordexp.sh
echo
#read -p "Press [Enter] to continue"
echo "----------------------------------------------------"
echo "*** CIS 6-2 - Configure home directory, additional auditing ***"
echo
sh /scripts/RH7_CentOS7/PCI_scripts_RH7_CentOS7/CIS_6-2_checkuserhome.sh
echo
echo "----------------------------------------------------"
echo "@@@ Additional hardening cont'd @@@"
echo
sh /scripts/RH7_CentOS7/PCI_scripts_RH7_CentOS7/RHEL7_PCI_harden.sh
echo
#echo "---->> Complete <<----"
echo -e "---->> \033[33;7mHardending Completed\033[0m <<----"
echo
sleep 4
clear
echo "----------------------------------------------------"
echo "@@@ Setting up SNMPv3 @@@"
sh /scripts/RH7_CentOS7/snmp_abc_RH7_CentOS7.sh
sleep 4
clear
echo "----------------------------------------------------"
echo "@@@ Installing Splunk @@@"
sh /scripts/splunk_inst.sh
sleep 4
clear
echo "----------------------------------------------------"
echo "@@@ Installing VMware Tools @@@"
sh /scripts/vmwaretools.sh
sleep 4
clear
echo "----------------------------------------------------"
echo "@@@ Configure Max Password Age for root @@@"
sh /scripts/rootmaxpass.sh
sleep 4
clear
echo -e "---->> \033[33;7mCompleted Setup\033[0m <<----"
sleep 4
clear

Menu 6 & 7

Basically, those are scripts for install TrendMicro

Menu 8

#!/bin/bash
clear
echo -n "Enter a username: "
read name
useradd -m $name
passwd $name
chage -d 0 $name
echo
echo "^^^ Would you like to add the new user to the sudoers? yes or no: ^^^"
read REPLY
if [ "$REPLY" == "yes" ]; then
 echo
 echo "** Adding user to the end of the file **"
 echo
 echo "$name ALL=(ALL) ALL" >> /etc/sudoers
 echo
 echo "** Here is the output confirmation **"
 sleep 5
 cat /etc/sudoers
 sleep 3
else [ "$REPLY" == "no" ]
 echo
 echo "** Not adding user **"
 echo
fi
sleep 3
clear

Menu 9

I have a custom bashrc. If you are interested in seeing it, just post in the comments and I will update this post with the custom file.

#!/bin/bash
clear
echo
echo "** Configure custom bashrc **"
echo
echo "** Current bashrc **"
sleep 3
clear
cat $HOME/.bashrc
sleep 5
echo
echo "** Backing up current bashrc **"
sleep 3
cp $HOME/.bashrc $HOME/.bashrc.bk
echo
echo "** Copying custom bashrc **"
cp -f /scripts/bashrc $HOME/.bashrc
echo
echo "** New bashrc **"
sleep 3
clear
cat $HOME/.bashrc
sleep 5
clear
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s