Shell Scripting: My Story, My Post-Install – Part 3

Where I work we have very few Red Hat servers, so there hasn’t been a need, so far, to deploy a Red Hat Satellite server to assist with deploying servers. What I have done, since we use VMware ESXi for our virtual environment, is create a virtual machine template with some basic configuration. Once I deploy the virtual server I use some custom shell scripts to finish the configuration. What I have for holding the post-install scripts for the new servers is a NAS with a share. Because I am often changing the post-install scripts with new security changes and such, I have a basic updatesscripts.sh on the template that looks like this:

#!/bin/bash
# Mounts NAS share to local share directory on the server template
mount -t cifs //ipaddress/scripts_share /share -o username=username
sleep 2
# Copies mount to local scripts
yes | cp -R /share/* /scripts
sleep 4
umount /share

Then, when I am ready to start the server setup, I run this script that gives menu options:

#!/bin/bash
clear

selection=
until [ "$selection" = "0" ]; do
	echo ""
	echo "-------------------------"
	echo "* New Server Setup MENU *"
	echo "-------------------------"
	echo ""
	echo "1 - Change network IP"
	echo "2 - Change hostname"
	echo "3 - Register Red Hat server with Red Hat subscription"
	echo "4 - Update the server"
	echo "5 - Setup Red Hat 7 server"
	echo "6 - Install TrendMicro for domain1.local"
	echo "7 - Install TrendMicro for domain2.local"
	echo "8 - Create new user"
	echo "9 - Copy standardized bashrc"
	echo ""
	echo "0 - exit program"
	echo ""
	echo -n "Enter selection: "
	read selection
	echo ""
case $selection in
	1 ) sh /scripts/RH7_CentOS7/networkchg_RH7_CentOS7.sh ;;
	2 ) sh /scripts/RH7_CentOS7/hostnamechg_RH7_CentOS7.sh ;;
	3 ) sh /scripts/RHEL_subscription.sh ;;
	4 ) sh /scripts/yumupdate.sh ;;
	5 ) sh /scripts/RH7_CentOS7/Setup_RH7.sh ;;
	6 ) sh /scripts/TM_Orlando.sh ;;
	7 ) sh /scripts/TM_Peak10.sh ;;
	8 ) sh /scripts/createuser_prompt-RH.sh ;;
	9 ) sh /scripts/cpbashrc.sh ;;
	0 ) exit ;;
	* ) echo "Please enter 1 - 9 or 0"
esac
done

Here is what each of those scripts from the menu executes:

Menu 1

#!/bin/bash
clear
echo
echo "*** The current IP address is: ***"
echo "__________________________________"
ip addr
echo "__________________________________"
echo
echo "^^^ Would you like to change the network IP address? yes or no: ^^^"
read REPLY
if [ "$REPLY" == "yes" ]; then
 nmtui
echo "*** Restarting the network service ***"
echo
systemctl restart network
echo
else [ "$REPLY" == "no" ]
 echo
 echo "*** No change ***"
 echo
fi
echo "*** This is the current IP address ***"
echo "______________________________________"
ip addr
echo "______________________________________"
echo

Menu 2

#!/bin/bash
# Change hostname
clear
echo
echo "*** Confirming the static hostname is set... ***"
echo
hostnamectl status
echo
echo "^^^ The current hostname is -> `hostname` <-. Would you like to change the machine hostname? yes or no: ^^^"
read HOSTCHANGE
if [ "$HOSTCHANGE" == "yes" ]; then
 echo
 echo "**** Changing the hostname. What would you like to change it to? ****"
 read HOSTNAME
 hostnamectl set-hostname $HOSTNAME
 echo
 hostnamectl status
 sleep 3
else [ "$HOSTCHANGE" == "no" ]
 echo
 echo "*** No change ***"
 echo
fi
clear

Menu 3

#!/bin/bash
clear
subscription-manager register --username username --auto-attach
echo
subscription-manager attach --pool=longidstring
echo
echo "Currently assigned and consumed"
echo "_______________________________"
echo
subscription-manager list --consumed
echo "_______________________________"
clear

Menu 4

#!/bin/bash
clear
yum install -y wget vim rsync
yum -y update
echo
echo "^^^ Updates have been applied. Would you like to reboot? yes or no: ^^^"
read RESPONSE
if [ "$RESPONSE" == "yes" ]; then
 echo
 echo "**** Rebooting ****"
 sleep 3
 reboot
else [ "$RESPONSE" == "no" ]
 echo
fi
clear

Menu 5

This next script runs a hardening process for PCI compliance. Basically, it’s a script that launches many scripts that hardens the server based on CIS Red Hat 7 Benchmark and OpenSCAP hardening along with some standing installs and configurations.

#!/bin/bash
clear
echo "----------------------------------------------------"
echo "@@@ OS Hardening @@@"
sleep 4
echo
echo "----------------------------------------------------"
echo "*** CIS 1-1 - Sticky bit, disbable mounting ***"
echo
sh /scripts/RH7_CentOS7/PCI_scripts_RH7_CentOS7/CIS_1-1_fs.sh
echo
##read -p "Press [Enter] to continue"
echo "----------------------------------------------------"
echo "*** CIS 2-1 - Remove special services ***"
echo
sh /scripts/RH7_CentOS7/PCI_scripts_RH7_CentOS7/CIS_2-2_removespecialservices.sh
echo
#read -p "Press [Enter] to continue"
echo "----------------------------------------------------"
echo "*** CIS 2-3 - Remove services ***"
echo
sh /scripts/RH7_CentOS7/PCI_scripts_RH7_CentOS7/CIS_2-3_removeservices.sh
echo
#read -p "Press [Enter] to continue"
echo "----------------------------------------------------"
echo
echo "*** CIS 3-1 - Modify Network Parameters ***"
echo
sh /scripts/RH7_CentOS7/PCI_scripts_RH7_CentOS7/CIS_3-1_modifynetparam.sh
echo
#read -p "Press [Enter] to continue"
echo "----------------------------------------------------"
echo "*** CIS 3-3 - Disable IPv6 ***"
echo
sh /scripts/RH7_CentOS7/PCI_scripts_RH7_CentOS7/CIS_3-3_modifyipv6.sh
echo
#read -p "Press [Enter] to continue"
echo "----------------------------------------------------"
echo "*** CIS 3-4 - Install TCP Wrappers ***"
echo
sh /scripts/RH7_CentOS7/PCI_scripts_RH7_CentOS7/CIS_3-4_tcpwrappers.sh
echo
#read -p "Press [Enter] to continue"
echo "----------------------------------------------------"
echo "*** CIS 3-5 - Uncommon Network Protocols ***"
echo
sh /scripts/RH7_CentOS7/PCI_scripts_RH7_CentOS7/CIS_3-5_uncommonnetwork.sh
echo
#read -p "Press [Enter] to continue"
echo "----------------------------------------------------"
echo "*** CIS 3-6 - Enable IPtables & add rules ***"
echo
sh /scripts/RH7_CentOS7/PCI_scripts_RH7_CentOS7/CIS_3-6_confirmfirewall.sh
echo
#read -p "Press [Enter] to continue"
echo "----------------------------------------------------"
echo "*** CIS 4-1 - Configure Auditing ***"
echo
sh /scripts/RH7_CentOS7/PCI_scripts_RH7_CentOS7/CIS_4-1_configsysacct.sh
echo
#read -p "Press [Enter] to continue"
echo "----------------------------------------------------"
echo "*** CIS 4-2 - Configure logs ***"
echo
sh /scripts/RH7_CentOS7/PCI_scripts_RH7_CentOS7/CIS_4-2_configlogfiles.sh
echo
#read -p "Press [Enter] to continue"
echo "----------------------------------------------------"
echo "*** CIS 5-2 - Configure SSH ***"
echo
sh /scripts/RH7_CentOS7/PCI_scripts_RH7_CentOS7/CIS_5-2_configssh.sh
echo
#read -p "Press [Enter] to continue"
#echo "----------------------------------------------------"
#echo "CIS 5-3 - Set lockout for failed password"
#echo
#sh /scripts/RH7_CentOS7/PCI_scripts_RH7_CentOS7/CIS_5-3_logout.sh
#echo
##read -p "Press [Enter] to continue"
echo "----------------------------------------------------"
echo "*** CIS 5-4 - Set password expiration, lock inactive user accounts ***"
echo
sh /scripts/RH7_CentOS7/PCI_scripts_RH7_CentOS7/CIS_5-4_passwordexp.sh
echo
#read -p "Press [Enter] to continue"
echo "----------------------------------------------------"
echo "*** CIS 6-2 - Configure home directory, additional auditing ***"
echo
sh /scripts/RH7_CentOS7/PCI_scripts_RH7_CentOS7/CIS_6-2_checkuserhome.sh
echo
echo "----------------------------------------------------"
echo "@@@ Additional hardening cont'd @@@"
echo
sh /scripts/RH7_CentOS7/PCI_scripts_RH7_CentOS7/RHEL7_PCI_harden.sh
echo
#echo "---->> Complete <<----"
echo -e "---->> \033[33;7mHardending Completed\033[0m <<----"
echo
sleep 4
clear
echo "----------------------------------------------------"
echo "@@@ Setting up SNMPv3 @@@"
sh /scripts/RH7_CentOS7/snmp_abc_RH7_CentOS7.sh
sleep 4
clear
echo "----------------------------------------------------"
echo "@@@ Installing Splunk @@@"
sh /scripts/splunk_inst.sh
sleep 4
clear
echo "----------------------------------------------------"
echo "@@@ Installing VMware Tools @@@"
sh /scripts/vmwaretools.sh
sleep 4
clear
echo "----------------------------------------------------"
echo "@@@ Configure Max Password Age for root @@@"
sh /scripts/rootmaxpass.sh
sleep 4
clear
echo -e "---->> \033[33;7mCompleted Setup\033[0m <<----"
sleep 4
clear

Menu 6 & 7

Basically, those are scripts for install TrendMicro

Menu 8

#!/bin/bash
clear
echo -n "Enter a username: "
read name
useradd -m $name
passwd $name
chage -d 0 $name
echo
echo "^^^ Would you like to add the new user to the sudoers? yes or no: ^^^"
read REPLY
if [ "$REPLY" == "yes" ]; then
 echo
 echo "** Adding user to the end of the file **"
 echo
 echo "$name ALL=(ALL) ALL" >> /etc/sudoers
 echo
 echo "** Here is the output confirmation **"
 sleep 5
 cat /etc/sudoers
 sleep 3
else [ "$REPLY" == "no" ]
 echo
 echo "** Not adding user **"
 echo
fi
sleep 3
clear

Menu 9

I have a custom bashrc. If you are interested in seeing it, just post in the comments and I will update this post with the custom file.

#!/bin/bash
clear
echo
echo "** Configure custom bashrc **"
echo
echo "** Current bashrc **"
sleep 3
clear
cat $HOME/.bashrc
sleep 5
echo
echo "** Backing up current bashrc **"
sleep 3
cp $HOME/.bashrc $HOME/.bashrc.bk
echo
echo "** Copying custom bashrc **"
cp -f /scripts/bashrc $HOME/.bashrc
echo
echo "** New bashrc **"
sleep 3
clear
cat $HOME/.bashrc
sleep 5
clear

Shell Scripting: My Story, My Post-Install – Part 2

One thing I figure I should post is my app script referenced in the last post. This is what I use to install my favorite applications that is referenced in my post-install script for Fedora based distros.

#!/bin/bash
selection=
until [ "$selection" = "0" ]; do
 echo ""
 echo "PROGRAM INSTALLATION MENU"
 echo "1 - Install Geany"
 echo "2 - Install Chrome"
 echo "3 - Install Guake"
 echo "4 - Install htop"
 echo "5 - Install inxi"
 echo "6 - Install Nano"
 echo "7 - Install ncdu"
 echo "8 - Install nmap"
 echo "9 - Install Shutter"
 echo "10 - Install terminology"
 echo "11 - Install tlp"
 echo "12 - Install vim"
 echo ""
 echo "0 - exit program"
 echo ""
 echo -n "Enter selection: "
 read selection
 echo ""
 case $selection in
 1 ) sudo dnf install -y geany ;;
 2 ) sudo dnf install -y google-chrome ;;
 3 ) sudo dnf install -y guake ;;
 4 ) sudo dnf install -y htop ;;
 5 ) sudo dnf install -y inxi ;;
 6 ) sudo dnf install -y nano ;;
 7 ) sudo dnf install -y ncdu ;;
 8 ) sudo dnf install -y nmap ;;
 9 ) sudo dnf install -y shutter ;;
 10 ) sudo dnf install -y terminology ;;
 11 ) sudo dnf install -y tlp ;;
 12 ) sudo dnf install -y vim ;;
 0 ) exit ;;
 * ) echo "Please enter 1 - 12 or 0"
 esac
done

Shell Scripting: My Story, My Post-Install – Part 1

If you’ve been following my blog for a while you will get a sense that I am a Linux enthusiast. Recent historical post will show that I have achieved a few Linux certifications. In my very short career as a Linux Administrator, I have found that shell scripting is extremely useful, especially for those repetitive task. After achieving my Linux certifications I set out to try to learn bash shell scripting using some online courses, online tutorials and even buying a couple of books. I’ve been using it for a while but I am nowhere near to where I want to be as far as being an expert.

Saying all that I get to this point: I plan on posting some sample shell scripts here I have created that have helped me in my professional and personal tech life. I don’t at all claim to be an expert so what you see is what you get. Take and use it as you like, if you want.

In this post I will share some scripts and processes I have used on several occasions as my post install scripts for when I install Linux (Debian and Red Hat based) on my personal and work machines, physical and virtual. What I have found really useful for storing my scripts is git using the free service Bitbucket. Here is my process for my personal machines (I use Ubuntu Mate on my desktop and Korora on my laptop):

  1. Install the operating system
  2. Complete a git clone (git clone https://username@bitbucket.org/username/scriptrepo.git) from command line, assuming git is already installed (Fedora based distros do have it installed by default), to pull down all my shell scripts and then launch my custom shell script.

Below is the script that I use for my Fedora based install:


#!/bin/bash
# script to complete a post-install auto setup

# Complete system and OS updates
echo
echo "^^^ Would you like to complete OS updates? yes or no: ^^^"
read UPDATESRESPONSE
if [ "$UPDATESRESPONSE" == "yes" ]; then
	echo
	echo "**** Completing OS updates ****"
	echo
	sleep 3
	sudo dnf update -y
else [ "$UPDATESRESPONSE" == "no" ]
	echo
        echo "---- Proceeding with setup ----"
fi
sleep 3
echo
# Creates a 'bin' directory in your home directory
echo "Creating 'bin' directory in home"
mkdir $HOME/bin
echo
echo "@@@@ Changing to configs directory @@@@"
cd $HOME/scripts_repo/configs
echo
sleep 3
# Launches a custom script to install preferred applications
echo "==== Will now install apps ===="
echo
sh $HOME/scripts_repo/configs/fedora_apps_home.sh
echo
sleep 3
# Copies a custom '.bashrc' file
echo "==== Will now configure bash. Making a backup of .bashrc ===="
cp $HOME/.bashrc $HOME/.bashrc.bk
echo
echo "---- Replacing .bashrc with configured version ----"
cp -f $HOME/scripts_repo/configs/bashrc_Fed $HOME/.bashrc
echo
echo "--- Done ---"
echo
sleep 3
# Copies a custom '.vimrc' for VIM
echo "==== Now proceeding with configuring VIM. Making a backup ===="
cp $HOME/.vimrc $HOME/.vimrc.bk
echo
echo "---- Replacing .vimrc with configured version ----"
echo
cp -f $HOME/scripts_repo/configs/vimrc $HOME/.vimrc
echo "---- Done with vimrc ----"
echo
sleep 3
# Adding Terminology to autostart. Works best with Gnome & Mate desktop environment
echo "==== Copying Terminology startup config ===="
cp -f $HOME/scripts_repo/configs/terminology.desktop $HOME/.config/autostart/terminology.desktop
echo
echo "---- Done with startup config ----"
echo
sleep 3
# Copies custom 'hosts' file for LAN resolution
echo "==== Copying home LAN hosts file ===="
echo
echo "^^^ Copy your home LAN hosts file? yes or no: ^^^"
read HOSTSRESPONSE
if [ "$HOSTSRESPONSE" == "yes" ]; then
	echo
	sudo cp -f /etc/hosts /etc/hosts.bk && cat $HOME/scripts_repo/configs/home_hosts | sudo tee -a /etc/hosts
else [ "$HOSTSRESPONSE" == "no" ]
	echo
	echo "Not changing hosts file"
	echo
fi
echo
echo "---- Done with hosts file ----"
echo
sleep 3
# Change the system's hostname
echo "^^^ The current hostname is -> `hostname` <-. Would you like to change the machine hostname? yes or no: ^^^"
read HOSTCHANGE
if [ "$HOSTCHANGE" == "yes" ]; then
	echo
	echo "**** Changing the hostname. What would you like to change it to? ****"
	read HOSTNAME
	sudo hostnamectl set-hostname $HOSTNAME
	echo
	hostnamectl status
	sleep 7
	echo
        echo "**** Will now update /etc/hosts ****"
else [ "$HOSTCHANGE" == "no" ]
        echo
        echo "---- Proceeding with setup ----"
fi
echo
HOSTCALL=`hostname`
sudo sed -i "s/localhost.localdomain/$HOSTCALL/g" /etc/hosts
echo
echo "**** Here is the updated /etc/hosts file ****"
echo
sudo cat /etc/hosts | awk '/^127.0.0.1/{print $1,$2,$3}'
echo
sleep 3
# A choice to reboot or not
echo "^^^ Would you like to reboot? yes or no: ^^^"
read REBOOTRESPONSE
if [ "$REBOOTRESPONSE" == "yes" ]; then
        echo
        echo "**** Rebooting ****"
        sleep 3
        sudo shutdown -r now
else [ "$REBOOTRESPONSE" == "no" ]
	echo
        read -p "**** Done with configuration of system. Hit [Enter] to continue ****"
fi
exit

Basically, what the script does is run OS updates, creates a ‘bin’ directory to store my scripts that I run all the time, then installs my favorite apps, copies over my custom ‘.bashrc’ file, then my custom ‘.vimrc’ file, some startup files, copies a custom /etc/hosts file that has all the host on my LAN, then updates my machines hostname then updates the /etc/hosts file with my machines new hostname, then ask me if I want to reboot or not.

I also have an Ubuntu script that does basically the same thing.

Next post, I will post a script template I use for post-installs of CentOS/Red Hat servers that I use at work.