Shell Scripting: My Story, My Post-Install – Part 3

Where I work we have very few Red Hat servers, so there hasn’t been a need, so far, to deploy a Red Hat Satellite server to assist with deploying servers. What I have done, since we use VMware ESXi for our virtual environment, is create a virtual machine template with some basic configuration. Once I deploy the virtual server I use some custom shell scripts to finish the configuration. What I have for holding the post-install scripts for the new servers is a NAS with a share. Because I am often changing the post-install scripts with new security changes and such, I have a basic updatesscripts.sh on the template that looks like this:

#!/bin/bash
# Mounts NAS share to local share directory on the server template
mount -t cifs //ipaddress/scripts_share /share -o username=username
sleep 2
# Copies mount to local scripts
yes | cp -R /share/* /scripts
sleep 4
umount /share

Then, when I am ready to start the server setup, I run this script that gives menu options:

#!/bin/bash
clear

selection=
until [ "$selection" = "0" ]; do
	echo ""
	echo "-------------------------"
	echo "* New Server Setup MENU *"
	echo "-------------------------"
	echo ""
	echo "1 - Change network IP"
	echo "2 - Change hostname"
	echo "3 - Register Red Hat server with Red Hat subscription"
	echo "4 - Update the server"
	echo "5 - Setup Red Hat 7 server"
	echo "6 - Install TrendMicro for domain1.local"
	echo "7 - Install TrendMicro for domain2.local"
	echo "8 - Create new user"
	echo "9 - Copy standardized bashrc"
	echo ""
	echo "0 - exit program"
	echo ""
	echo -n "Enter selection: "
	read selection
	echo ""
case $selection in
	1 ) sh /scripts/RH7_CentOS7/networkchg_RH7_CentOS7.sh ;;
	2 ) sh /scripts/RH7_CentOS7/hostnamechg_RH7_CentOS7.sh ;;
	3 ) sh /scripts/RHEL_subscription.sh ;;
	4 ) sh /scripts/yumupdate.sh ;;
	5 ) sh /scripts/RH7_CentOS7/Setup_RH7.sh ;;
	6 ) sh /scripts/TM_Orlando.sh ;;
	7 ) sh /scripts/TM_Peak10.sh ;;
	8 ) sh /scripts/createuser_prompt-RH.sh ;;
	9 ) sh /scripts/cpbashrc.sh ;;
	0 ) exit ;;
	* ) echo "Please enter 1 - 9 or 0"
esac
done

Here is what each of those scripts from the menu executes:

Menu 1

#!/bin/bash
clear
echo
echo "*** The current IP address is: ***"
echo "__________________________________"
ip addr
echo "__________________________________"
echo
echo "^^^ Would you like to change the network IP address? yes or no: ^^^"
read REPLY
if [ "$REPLY" == "yes" ]; then
 nmtui
echo "*** Restarting the network service ***"
echo
systemctl restart network
echo
else [ "$REPLY" == "no" ]
 echo
 echo "*** No change ***"
 echo
fi
echo "*** This is the current IP address ***"
echo "______________________________________"
ip addr
echo "______________________________________"
echo

Menu 2

#!/bin/bash
# Change hostname
clear
echo
echo "*** Confirming the static hostname is set... ***"
echo
hostnamectl status
echo
echo "^^^ The current hostname is -> `hostname` <-. Would you like to change the machine hostname? yes or no: ^^^"
read HOSTCHANGE
if [ "$HOSTCHANGE" == "yes" ]; then
 echo
 echo "**** Changing the hostname. What would you like to change it to? ****"
 read HOSTNAME
 hostnamectl set-hostname $HOSTNAME
 echo
 hostnamectl status
 sleep 3
else [ "$HOSTCHANGE" == "no" ]
 echo
 echo "*** No change ***"
 echo
fi
clear

Menu 3

#!/bin/bash
clear
subscription-manager register --username username --auto-attach
echo
subscription-manager attach --pool=longidstring
echo
echo "Currently assigned and consumed"
echo "_______________________________"
echo
subscription-manager list --consumed
echo "_______________________________"
clear

Menu 4

#!/bin/bash
clear
yum install -y wget vim rsync
yum -y update
echo
echo "^^^ Updates have been applied. Would you like to reboot? yes or no: ^^^"
read RESPONSE
if [ "$RESPONSE" == "yes" ]; then
 echo
 echo "**** Rebooting ****"
 sleep 3
 reboot
else [ "$RESPONSE" == "no" ]
 echo
fi
clear

Menu 5

This next script runs a hardening process for PCI compliance. Basically, it’s a script that launches many scripts that hardens the server based on CIS Red Hat 7 Benchmark and OpenSCAP hardening along with some standing installs and configurations.

#!/bin/bash
clear
echo "----------------------------------------------------"
echo "@@@ OS Hardening @@@"
sleep 4
echo
echo "----------------------------------------------------"
echo "*** CIS 1-1 - Sticky bit, disbable mounting ***"
echo
sh /scripts/RH7_CentOS7/PCI_scripts_RH7_CentOS7/CIS_1-1_fs.sh
echo
##read -p "Press [Enter] to continue"
echo "----------------------------------------------------"
echo "*** CIS 2-1 - Remove special services ***"
echo
sh /scripts/RH7_CentOS7/PCI_scripts_RH7_CentOS7/CIS_2-2_removespecialservices.sh
echo
#read -p "Press [Enter] to continue"
echo "----------------------------------------------------"
echo "*** CIS 2-3 - Remove services ***"
echo
sh /scripts/RH7_CentOS7/PCI_scripts_RH7_CentOS7/CIS_2-3_removeservices.sh
echo
#read -p "Press [Enter] to continue"
echo "----------------------------------------------------"
echo
echo "*** CIS 3-1 - Modify Network Parameters ***"
echo
sh /scripts/RH7_CentOS7/PCI_scripts_RH7_CentOS7/CIS_3-1_modifynetparam.sh
echo
#read -p "Press [Enter] to continue"
echo "----------------------------------------------------"
echo "*** CIS 3-3 - Disable IPv6 ***"
echo
sh /scripts/RH7_CentOS7/PCI_scripts_RH7_CentOS7/CIS_3-3_modifyipv6.sh
echo
#read -p "Press [Enter] to continue"
echo "----------------------------------------------------"
echo "*** CIS 3-4 - Install TCP Wrappers ***"
echo
sh /scripts/RH7_CentOS7/PCI_scripts_RH7_CentOS7/CIS_3-4_tcpwrappers.sh
echo
#read -p "Press [Enter] to continue"
echo "----------------------------------------------------"
echo "*** CIS 3-5 - Uncommon Network Protocols ***"
echo
sh /scripts/RH7_CentOS7/PCI_scripts_RH7_CentOS7/CIS_3-5_uncommonnetwork.sh
echo
#read -p "Press [Enter] to continue"
echo "----------------------------------------------------"
echo "*** CIS 3-6 - Enable IPtables & add rules ***"
echo
sh /scripts/RH7_CentOS7/PCI_scripts_RH7_CentOS7/CIS_3-6_confirmfirewall.sh
echo
#read -p "Press [Enter] to continue"
echo "----------------------------------------------------"
echo "*** CIS 4-1 - Configure Auditing ***"
echo
sh /scripts/RH7_CentOS7/PCI_scripts_RH7_CentOS7/CIS_4-1_configsysacct.sh
echo
#read -p "Press [Enter] to continue"
echo "----------------------------------------------------"
echo "*** CIS 4-2 - Configure logs ***"
echo
sh /scripts/RH7_CentOS7/PCI_scripts_RH7_CentOS7/CIS_4-2_configlogfiles.sh
echo
#read -p "Press [Enter] to continue"
echo "----------------------------------------------------"
echo "*** CIS 5-2 - Configure SSH ***"
echo
sh /scripts/RH7_CentOS7/PCI_scripts_RH7_CentOS7/CIS_5-2_configssh.sh
echo
#read -p "Press [Enter] to continue"
#echo "----------------------------------------------------"
#echo "CIS 5-3 - Set lockout for failed password"
#echo
#sh /scripts/RH7_CentOS7/PCI_scripts_RH7_CentOS7/CIS_5-3_logout.sh
#echo
##read -p "Press [Enter] to continue"
echo "----------------------------------------------------"
echo "*** CIS 5-4 - Set password expiration, lock inactive user accounts ***"
echo
sh /scripts/RH7_CentOS7/PCI_scripts_RH7_CentOS7/CIS_5-4_passwordexp.sh
echo
#read -p "Press [Enter] to continue"
echo "----------------------------------------------------"
echo "*** CIS 6-2 - Configure home directory, additional auditing ***"
echo
sh /scripts/RH7_CentOS7/PCI_scripts_RH7_CentOS7/CIS_6-2_checkuserhome.sh
echo
echo "----------------------------------------------------"
echo "@@@ Additional hardening cont'd @@@"
echo
sh /scripts/RH7_CentOS7/PCI_scripts_RH7_CentOS7/RHEL7_PCI_harden.sh
echo
#echo "---->> Complete <<----"
echo -e "---->> \033[33;7mHardending Completed\033[0m <<----"
echo
sleep 4
clear
echo "----------------------------------------------------"
echo "@@@ Setting up SNMPv3 @@@"
sh /scripts/RH7_CentOS7/snmp_abc_RH7_CentOS7.sh
sleep 4
clear
echo "----------------------------------------------------"
echo "@@@ Installing Splunk @@@"
sh /scripts/splunk_inst.sh
sleep 4
clear
echo "----------------------------------------------------"
echo "@@@ Installing VMware Tools @@@"
sh /scripts/vmwaretools.sh
sleep 4
clear
echo "----------------------------------------------------"
echo "@@@ Configure Max Password Age for root @@@"
sh /scripts/rootmaxpass.sh
sleep 4
clear
echo -e "---->> \033[33;7mCompleted Setup\033[0m <<----"
sleep 4
clear

Menu 6 & 7

Basically, those are scripts for install TrendMicro

Menu 8

#!/bin/bash
clear
echo -n "Enter a username: "
read name
useradd -m $name
passwd $name
chage -d 0 $name
echo
echo "^^^ Would you like to add the new user to the sudoers? yes or no: ^^^"
read REPLY
if [ "$REPLY" == "yes" ]; then
 echo
 echo "** Adding user to the end of the file **"
 echo
 echo "$name ALL=(ALL) ALL" >> /etc/sudoers
 echo
 echo "** Here is the output confirmation **"
 sleep 5
 cat /etc/sudoers
 sleep 3
else [ "$REPLY" == "no" ]
 echo
 echo "** Not adding user **"
 echo
fi
sleep 3
clear

Menu 9

I have a custom bashrc. If you are interested in seeing it, just post in the comments and I will update this post with the custom file.

#!/bin/bash
clear
echo
echo "** Configure custom bashrc **"
echo
echo "** Current bashrc **"
sleep 3
clear
cat $HOME/.bashrc
sleep 5
echo
echo "** Backing up current bashrc **"
sleep 3
cp $HOME/.bashrc $HOME/.bashrc.bk
echo
echo "** Copying custom bashrc **"
cp -f /scripts/bashrc $HOME/.bashrc
echo
echo "** New bashrc **"
sleep 3
clear
cat $HOME/.bashrc
sleep 5
clear

Shell Scripting: My Story, My Post-Install – Part 2

One thing I figure I should post is my app script referenced in the last post. This is what I use to install my favorite applications that is referenced in my post-install script for Fedora based distros.

#!/bin/bash
selection=
until [ "$selection" = "0" ]; do
 echo ""
 echo "PROGRAM INSTALLATION MENU"
 echo "1 - Install Geany"
 echo "2 - Install Chrome"
 echo "3 - Install Guake"
 echo "4 - Install htop"
 echo "5 - Install inxi"
 echo "6 - Install Nano"
 echo "7 - Install ncdu"
 echo "8 - Install nmap"
 echo "9 - Install Shutter"
 echo "10 - Install terminology"
 echo "11 - Install tlp"
 echo "12 - Install vim"
 echo ""
 echo "0 - exit program"
 echo ""
 echo -n "Enter selection: "
 read selection
 echo ""
 case $selection in
 1 ) sudo dnf install -y geany ;;
 2 ) sudo dnf install -y google-chrome ;;
 3 ) sudo dnf install -y guake ;;
 4 ) sudo dnf install -y htop ;;
 5 ) sudo dnf install -y inxi ;;
 6 ) sudo dnf install -y nano ;;
 7 ) sudo dnf install -y ncdu ;;
 8 ) sudo dnf install -y nmap ;;
 9 ) sudo dnf install -y shutter ;;
 10 ) sudo dnf install -y terminology ;;
 11 ) sudo dnf install -y tlp ;;
 12 ) sudo dnf install -y vim ;;
 0 ) exit ;;
 * ) echo "Please enter 1 - 12 or 0"
 esac
done

Shell Scripting: My Story, My Post-Install – Part 1

If you’ve been following my blog for a while you will get a sense that I am a Linux enthusiast. Recent historical post will show that I have achieved a few Linux certifications. In my very short career as a Linux Administrator, I have found that shell scripting is extremely useful, especially for those repetitive task. After achieving my Linux certifications I set out to try to learn bash shell scripting using some online courses, online tutorials and even buying a couple of books. I’ve been using it for a while but I am nowhere near to where I want to be as far as being an expert.

Saying all that I get to this point: I plan on posting some sample shell scripts here I have created that have helped me in my professional and personal tech life. I don’t at all claim to be an expert so what you see is what you get. Take and use it as you like, if you want.

In this post I will share some scripts and processes I have used on several occasions as my post install scripts for when I install Linux (Debian and Red Hat based) on my personal and work machines, physical and virtual. What I have found really useful for storing my scripts is git using the free service Bitbucket. Here is my process for my personal machines (I use Ubuntu Mate on my desktop and Korora on my laptop):

1. Install the operating system
2. Complete a git clone (git clone https://username@bitbucket.org/username/scriptrepo.git) from command line, assuming git is already installed (Fedora based distros do have it installed by default), to pull down all my shell scripts and then launch my custom shell script.

Below is the script that I use for my Fedora based install:

#!/bin/bash
# script to complete a post-install auto setup

# Complete system and OS updates
echo
echo "^^^ Would you like to complete OS updates? yes or no: ^^^"
read UPDATESRESPONSE
if [ "$UPDATESRESPONSE" == "yes" ]; then
	echo
	echo "**** Completing OS updates ****"
	echo
	sleep 3
	sudo dnf update -y
else [ "$UPDATESRESPONSE" == "no" ]
	echo
        echo "---- Proceeding with setup ----"
fi
sleep 3
echo
# Creates a 'bin' directory in your home directory
echo "Creating 'bin' directory in home"
mkdir $HOME/bin
echo
echo "@@@@ Changing to configs directory @@@@"
cd $HOME/scripts_repo/configs
echo
sleep 3
# Launches a custom script to install preferred applications
echo "==== Will now install apps ===="
echo
sh $HOME/scripts_repo/configs/fedora_apps_home.sh
echo
sleep 3
# Copies a custom '.bashrc' file
echo "==== Will now configure bash. Making a backup of .bashrc ===="
cp $HOME/.bashrc $HOME/.bashrc.bk
echo
echo "---- Replacing .bashrc with configured version ----"
cp -f $HOME/scripts_repo/configs/bashrc_Fed $HOME/.bashrc
echo
echo "--- Done ---"
echo
sleep 3
# Copies a custom '.vimrc' for VIM
echo "==== Now proceeding with configuring VIM. Making a backup ===="
cp $HOME/.vimrc $HOME/.vimrc.bk
echo
echo "---- Replacing .vimrc with configured version ----"
echo
cp -f $HOME/scripts_repo/configs/vimrc $HOME/.vimrc
echo "---- Done with vimrc ----"
echo
sleep 3
# Adding Terminology to autostart. Works best with Gnome & Mate desktop environment
echo "==== Copying Terminology startup config ===="
cp -f $HOME/scripts_repo/configs/terminology.desktop $HOME/.config/autostart/terminology.desktop
echo
echo "---- Done with startup config ----"
echo
sleep 3
# Copies custom 'hosts' file for LAN resolution
echo "==== Copying home LAN hosts file ===="
echo
echo "^^^ Copy your home LAN hosts file? yes or no: ^^^"
read HOSTSRESPONSE
if [ "$HOSTSRESPONSE" == "yes" ]; then
	echo
	sudo cp -f /etc/hosts /etc/hosts.bk && cat $HOME/scripts_repo/configs/home_hosts | sudo tee -a /etc/hosts
else [ "$HOSTSRESPONSE" == "no" ]
	echo
	echo "Not changing hosts file"
	echo
fi
echo
echo "---- Done with hosts file ----"
echo
sleep 3
# Change the system's hostname
echo "^^^ The current hostname is -> `hostname` <-. Would you like to change the machine hostname? yes or no: ^^^"
read HOSTCHANGE
if [ "$HOSTCHANGE" == "yes" ]; then
	echo
	echo "**** Changing the hostname. What would you like to change it to? ****"
	read HOSTNAME
	sudo hostnamectl set-hostname $HOSTNAME
	echo
	hostnamectl status
	sleep 7
	echo
        echo "**** Will now update /etc/hosts ****"
else [ "$HOSTCHANGE" == "no" ]
        echo
        echo "---- Proceeding with setup ----"
fi
echo
HOSTCALL=`hostname`
sudo sed -i "s/localhost.localdomain/$HOSTCALL/g" /etc/hosts
echo
echo "**** Here is the updated /etc/hosts file ****"
echo
sudo cat /etc/hosts | awk '/^127.0.0.1/{print $1,$2,$3}'
echo
sleep 3
# A choice to reboot or not
echo "^^^ Would you like to reboot? yes or no: ^^^"
read REBOOTRESPONSE
if [ "$REBOOTRESPONSE" == "yes" ]; then
        echo
        echo "**** Rebooting ****"
        sleep 3
        sudo shutdown -r now
else [ "$REBOOTRESPONSE" == "no" ]
	echo
        read -p "**** Done with configuration of system. Hit [Enter] to continue ****"
fi
exit

Basically, what the script does is run OS updates, creates a ‘bin’ directory to store my scripts that I run all the time, then installs my favorite apps, copies over my custom ‘.bashrc’ file, then my custom ‘.vimrc’ file, some startup files, copies a custom /etc/hosts file that has all the host on my LAN, then updates my machines hostname then updates the /etc/hosts file with my machines new hostname, then ask me if I want to reboot or not.

I also have an Ubuntu script that does basically the same thing.

Next post, I will post a script template I use for post-installs of CentOS/Red Hat servers that I use at work.

Cheap Ambient Lighting

My wife and I were at Target a few days after Christmas and stumbled upon some great Christmas decoration lighting priced (I believe it was) at 75% off. Normally, I don’t really care about that kind of stuff but when I saw this at around $2:

I couldn’t pass it by. Not because I wanted to use it for Christmas in the coming years but because of other (geeky) applications. I mean, come on, cheap, battery powered, LED lighting that can be used anywhere. How can you NOT pass it up? My idea was to use it in my home office for some ambient lighting around my desk. As you can see below, it didn’t turn out too bad.

This is what it looks like out of the box:

And this is what it looks like under my desk using Bulldog Hardware Stic Mount Hook & Loop velcro adhesive strips for the battery pack and clear packing tape for the wire with an additional wire hanging behind my monitors.

Like I said, geeky.

Free Video Conferencing with appear.in

If you have been keeping up with my blog you will know that I am a Linux user. Being a Linux user you are, at times, left behind on really cool and exciting software. It’s just a hard fact that most companies do not consider developing software for Linux and focus more on Windows and Mac. It’s actually really annoying. However, it doesn’t hinder me from being productive and getting things done.

One of the tools out there that I have found lacking and with good support is video conferencing with screen sharing. Products like WebEx, Join.me, GoToMeeting, and Skype just don’t have great support for Linux. I’ve used Teamviewer, Hangouts and Jitsi and all are pretty decent for Linux but have their flaws. Recently, I came across a really good tool called appear.in. You can visit and create your own free room by visiting here:

And one of the coolest features of this free service is that they have a mobile app for Android and iOS for those on the go.

I’ve tested it out a little, both the desktop and mobile app for Android, with a co-worker using video conferencing and screen sharing, both worked really well, even on Linux (Fedora 24 with Google Chrome).

One of these days when I get some extra time (we have a 8 month old in the house keeping us pretty busy) I may try to schedule a video conference with a few people to see how well it holds up with a large group.

Captain Picard is a jerk

I was watching a little bit of Star Trek: The Next Generation ‘Galaxy’s Child’ last night when I noticed this look Riker gave Picard after he accidentally killed the unknown entity. I’ve seen this episode tons and never really noticed until now this nasty look Riker gave Picard. It’s priceless.

Updates

It’s been a while since I have posted to this blog. There have been a few changes in my life.

First, I received my Linux+/LPIC-1 certification in June of 2015:

And my Red Hat Certified System Administrator certification in September of 2016:

Second, my wife and I had a baby girl last March.

Needless to say, my life has been a whirlwind for the past year or so.

Going forward I may try to post more here. I’ve been on a mission recently to learn and improve my shell scripting skills. As I find helpful scripts and, hopefully, create some of my own I will try to post them here. It is my hopes to try to learn Python. Perhaps when that time comes I’ll start posting Python scripts here too.

X2Go For Remote Linux

I listen to a couple of podcast that center around the discussion of Linux over at Jupiter Broadcasting. Recently on episode #71 of the Linux Unplugged show in their post-show they discussed X2Go, a technology similar to NoMachine. This discussion was very intriguing to me because I had been searching for a thin client type of access to a Linux machine, especially at work when working from a Windows machine when I need to work on a Linux machine. This motivated me to do some research and attempt to setup my own access to a Linux machine using X2Go. This is what I setup for myself. But keep in mind that this may not be the correct way to setup an X2Go server, this is just what worked for me.

I already had an account and a cloud server with DigitalOcean so I deployed an Ubuntu 14.04 Server and setup everything this way:

1. For Ubuntu 14.04, install repositories:

sudo apt-get install software-properties-common
sudo add-apt-repository ppa:x2go/stable
sudo apt-get update
sudo apt-get install x2goserver x2goserver-xsession

http://wiki.x2go.org/doku.php/doc:installation:x2goserver

2. Install preferred Desktop Environment on the server. For Ubuntu Server 14.04, here are the steps for Mate:

sudo apt-add-repository ppa:ubuntu-mate-dev/ppa
sudo apt-add-repository ppa:ubuntu-mate-dev/trusty-mate
sudo apt-get update
sudo apt-get upgrade
sudo apt-get install mate-desktop-environment-extras

http://wiki.x2go.org/doku.php/doc:de-compat

3. Install the X2Go client on your local computer:

http://wiki.x2go.org/doku.php/doc:installation:x2goclient

4. Create the session information for your connection within the X2Go client.
5. Connect.

This is a screenshot of my connection from Windows 7 to the remote server:

If I need to, I can configure the session to go full screen. I created a couple of shell scripts on my desktop to change the resolution depending on if I am connecting from my laptop or from my laptop with a external monitor connected with a different resolution.

Here is a screenshot at full screen:

VMware Certified

It’s been a while since the last time I posted and it looks a if I am posting here mainly to brag.

A little late, but I wanted to post that I took the VCP510 exam last month and finally passed it. I state finally because this was the second attempt at the exam. It was a difficult exam for me but now I am proud to say that I am a VCP5-DCV, VMware Certified Professional 5 – Data Center Virtualization.

For those that find this post studying for the exam, these are the tools I used to help me study:

1. The guys over at LabGuides put together some really good guides and resources to help anyone setup a nested lab. Use this site and their resources, setup a nested lab and practice, practice, practice. There’s nothing like hands-on experience to help you gain the knowledge needed to work in the field and also to help you with studying for the exam. You can find their site here:

http://www.labguides.com/

2. VMware’s own VCP5-DCV Exam Blueprint was full of valuable information that helped me study for the exam. I had originally purchased a book titled VCP5 VMware Certified Professional on vSphere 5 Study Guide by Brian Atkinson and used it to study for my first attempt at the exam but it wasn’t enough. However, it is still a good book to use as reference material during your studying and really useful when working in a lab environment. But to really study and get fully prepared for the exam, I can’t recommend the VCP5-DCV Exam Blueprint enough.

http://mylearn.vmware.com/mgrReg/plan.cfm?plan=12457&ui=www_cert

Convert Video to Audio (mp3) in Linux Mint 14

I just came across a scenario where I needed to strip the audio out of a YouTube video file I had created in a Google Hangouts on Air recorded last night for The Unique Geek podcast. I found this post and it did exactly what I needed. Basically, I used the tool avconv via terminal but needed to install the codec necessary to convert to .mp3. The command to install the codec is this:

sudo apt-get install libavcodec-extra-53

I then used the following command to complete the conversion:

avconv -i video.mp4 -ab 192000 audio.mp3