andre/linux-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: andre:main
Branches Tags
andre:main andre:conet andre:home
..
compare: andre:conet
Branches Tags
andre:conet andre:main andre:home

13 Commits
main ... conet

Author SHA1 Message Date
ageissler
d9f7604c83 setup/qemu-ga-conf.sh aktualisiert 2025-03-10 10:05:18 +01:00
ageissler
a6103ab7d5 setup/qemu-ga-conf.sh aktualisiert 2025-03-10 10:04:24 +01:00
ageissler
e3770513cd setup/qemu-ga-conf.sh hinzugefügt 2025-03-10 09:45:03 +01:00
ageissler
bc659c3423 setup/add2ansible.sh aktualisiert 2025-01-17 11:20:16 +01:00
ageissler
8003125cad setup/add2ansible.sh aktualisiert 2025-01-17 11:18:12 +01:00
ageissler
14f99953ab setup/init.sh aktualisiert 2025-01-17 11:03:11 +01:00
ageissler
eb6ee7d9b9 setup/init-sshd.sh aktualisiert 2025-01-02 18:55:08 +01:00
ageissler
0c34707638 setup/init-sudoers.sh aktualisiert 
Kommentar entfernt. Die verbliebene Zeile wird durch das CyberArk Onboardingskript ersetzt
 2024-11-01 18:19:53 +01:00
ageissler
eb7d1caad4 setup/init-sshd.sh aktualisiert 
Ansible User in eigenen Abschnitt ausgelagert. Anpassung der Start/Ende Markierung zur Kompatibilität mit dem CyberArk Onboarding Skript
 2024-11-01 18:18:30 +01:00
ageissler
ccdd2b63f5 setup/init-sshd.sh aktualisiert 2024-11-01 15:49:20 +01:00
ageissler
1b62941c40 setup/init-sudoers.sh aktualisiert 2024-11-01 15:47:09 +01:00
ageissler
3334a3cb13 README.md aktualisiert 2024-11-01 12:41:15 +01:00
ageissler
1d1331fae4 setup/init.sh aktualisiert 
conet
 2024-11-01 12:36:45 +01:00
6 changed files with 62 additions and 31 deletions
Expand all files Collapse all files

2
README.md
View File

@@ -8,4 +8,4 @@ Dieses Repository wird gespiegelt
> ÄNDERUNGEEN DIE NICHT AN DER QUELLE DURCHGEFÜHRT WERDEN WERDEN ÜBERSCHRIEBEN > ÄNDERUNGEEN DIE NICHT AN DER QUELLE DURCHGEFÜHRT WERDEN WERDEN ÜBERSCHRIEBEN
# Tools und Skripte zur Verwaltung von Linux Systemen # Tools und Skripte zur Verwaltung von Linux Systemen

8
setup/add2ansible.sh
View File

@@ -59,15 +59,15 @@ then
echo "mkdir -p /home/ansible/.ssh/" echo "mkdir -p /home/ansible/.ssh/"
echo "echo \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC/gz8mIcQmAxOVbajBb0nO7jWI09TXfHn6kNg6E/43bSzu10qq3hatTPuuXgaU6Y/KMkGF0nt6nsufP3P9u1FrCtq5j175z3GCQjk6Mb5QOO9iKLO9fQV08d6j3C7YGc1+6SZlTKdReyfBy7lQAfeUMuvFT4KevMExzyzvAtgQ8ZtLHwEUWBW5F/0YIGZyr6cMNe09RT2WTYJIbQCTzfVuWbOPw2SFzvd4ls7TnLK3EU4kjujnzBsTOAJLkbaWFVm6i+W6M3N+TutrtoDcW12Q9CK5eQtVwQrMWS1JbAAIGke1TKeizgDt5EuWk4k5YovXv6wrcWT9SahgeKDVtCLx ansible\" >> /home/ansible/.ssh/authorized_keys" echo "echo \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC/gz8mIcQmAxOVbajBb0nO7jWI09TXfHn6kNg6E/43bSzu10qq3hatTPuuXgaU6Y/KMkGF0nt6nsufP3P9u1FrCtq5j175z3GCQjk6Mb5QOO9iKLO9fQV08d6j3C7YGc1+6SZlTKdReyfBy7lQAfeUMuvFT4KevMExzyzvAtgQ8ZtLHwEUWBW5F/0YIGZyr6cMNe09RT2WTYJIbQCTzfVuWbOPw2SFzvd4ls7TnLK3EU4kjujnzBsTOAJLkbaWFVm6i+W6M3N+TutrtoDcW12Q9CK5eQtVwQrMWS1JbAAIGke1TKeizgDt5EuWk4k5YovXv6wrcWT9SahgeKDVtCLx ansible\" >> /home/ansible/.ssh/authorized_keys"
else else
echo "configure 'sudoers' for 'ansible'" echo "configure 'sudoers' for 'ansible' and 'root'"
echo " echo "
### added by script add2ansible.sh ### added by script add2ansible.sh
ansible ALL=(ALL) NOPASSWD:ALL ansible ALL=(ALL) NOPASSWD:ALL
root ALL=(ALL) NOPASSWD:ALL
" >> /etc/sudoers " >> /etc/sudoers
echo "add key" echo "add key"
sudo -u ansible mkdir -p /home/ansible/.ssh/ su -m ansible -c "mkdir -p /home/ansible/.ssh/"
sudo -u ansible echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC/gz8mIcQmAxOVbajBb0nO7jWI09TXfHn6kNg6E/43bSzu10qq3hatTPuuXgaU6Y/KMkGF0nt6nsufP3P9u1FrCtq5j175z3GCQjk6Mb5QOO9iKLO9fQV08d6j3C7YGc1+6SZlTKdReyfBy7lQAfeUMuvFT4KevMExzyzvAtgQ8ZtLHwEUWBW5F/0YIGZyr6cMNe09RT2WTYJIbQCTzfVuWbOPw2SFzvd4ls7TnLK3EU4kjujnzBsTOAJLkbaWFVm6i+W6M3N+TutrtoDcW12Q9CK5eQtVwQrMWS1JbAAIGke1TKeizgDt5EuWk4k5YovXv6wrcWT9SahgeKDVtCLx ansible" >> /home/ansible/.ssh/authorized_keys su -m ansible -c "echo 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC/gz8mIcQmAxOVbajBb0nO7jWI09TXfHn6kNg6E/43bSzu10qq3hatTPuuXgaU6Y/KMkGF0nt6nsufP3P9u1FrCtq5j175z3GCQjk6Mb5QOO9iKLO9fQV08d6j3C7YGc1+6SZlTKdReyfBy7lQAfeUMuvFT4KevMExzyzvAtgQ8ZtLHwEUWBW5F/0YIGZyr6cMNe09RT2WTYJIbQCTzfVuWbOPw2SFzvd4ls7TnLK3EU4kjujnzBsTOAJLkbaWFVm6i+W6M3N+TutrtoDcW12Q9CK5eQtVwQrMWS1JbAAIGke1TKeizgDt5EuWk4k5YovXv6wrcWT9SahgeKDVtCLx ansible' >> /home/ansible/.ssh/authorized_keys"
fi fi
echo "" echo ""

50
setup/init-sshd.sh
View File

@@ -6,36 +6,54 @@
### ###
############################################################### ###############################################################
START='### unique ssh config start ###' START1='### unique conet sshd config start ###'
END1='### unique conet sshd config end ###'
END='### unique ssh config end ###' CFG1='Match User conetadm
CFG='Match User conetadm
PasswordAuthentication yes PasswordAuthentication yes
PubkeyAuthentication yes PubkeyAuthentication yes
AllowUsers conetadm@10.0.0.0/8 conetadm@192.168.0.0/16 conetadm@172.16.0.0/12 conetadm@195.20.133.0/24 conetadm@149.13.94.0/24 AllowUsers conetadm@10.0.0.0/8 conetadm@192.168.0.0/16 conetadm@172.16.0.0/12 conetadm@195.20.133.0/24 conetadm@149.13.94.0/24'
Match User ansible UNIQ1="$START1
$CFG1
$END1"
START2='### unique ansible sshd config start ###'
END2='### unique ansible sshd config end ###'
CFG2='Match User ansible
PasswordAuthentication no PasswordAuthentication no
PubkeyAuthentication yes PubkeyAuthentication yes
AllowUsers ansible@10.0.0.0/8 ansible@192.168.0.0/16 ansible@172.16.0.0/12' AllowUsers ansible@10.0.0.0/8 ansible@192.168.0.0/16 ansible@172.16.0.0/12'
UNIQ="$START UNIQ2="$START2
$CFG $CFG2
$END" $END2"
grep "$START" /etc/ssh/sshd_config grep "$START1" /etc/ssh/sshd_config
if [ "$?" == "1" ] if [ "$?" == "1" ]
then then
echo uniq Eintrag nicht vorhanden, wird angehängt echo 1. uniq Eintrag nicht vorhanden, wird angehängt
else else
echo uniq Eintrag gefunden, wird ersetzt echo 1. uniq Eintrag gefunden, wird ersetzt
cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bu cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bu
sed -i "/$START/,/$END/d" /etc/ssh/sshd_config sed -i "/$START1/,/$END1/d" /etc/ssh/sshd_config
fi fi
echo "$UNIQ" >> /etc/ssh/sshd_config echo "$UNIQ1" >> /etc/ssh/sshd_config
grep "$START2" /etc/ssh/sshd_config
if [ "$?" == "1" ]
then
echo 2. uniq Eintrag nicht vorhanden, wird angehängt
else
echo 2. uniq Eintrag gefunden, wird ersetzt
cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bu
sed -i "/$START2/,/$END2/d" /etc/ssh/sshd_config
fi
echo "$UNIQ2" >> /etc/ssh/sshd_config
sed -i "s/^[# ]*PermitRootLogin.*$/PermitRootLogin no/g" /etc/ssh/sshd_config sed -i "s/^[# ]*PermitRootLogin.*$/PermitRootLogin no/g" /etc/ssh/sshd_config
sed -i "s/^[# ]*AllowTcpForwarding.*$/AllowTcpForwarding no/g" /etc/ssh/sshd_config sed -i "s/^[# ]*AllowTcpForwarding.*$/AllowTcpForwarding no/g" /etc/ssh/sshd_config
systemctl restart sshd systemctl restart sshd
systemctl restart ssh

4
setup/init-sudoers.sh
View File

@@ -6,7 +6,5 @@
### ###
############################################################### ###############################################################
echo " echo "
### added by script initialsetup.sh conetadm ALL=(ALL:ALL) ALL
conetadm ALL=(ALL) ALL
" >> /etc/sudoers " >> /etc/sudoers

14
setup/init.sh
View File

@@ -2,10 +2,10 @@
apt install curl apt install curl
curl http://<<IP>>:<<PORT>>/<<USER>>/linux-tools/raw/branch/<<BRANCH>>/setup/init-iptables.sh | sh curl http://10.1.1.5:3000/ageissler/linux-tools/raw/branch/conet/setup/init-iptables.sh | bash
curl http://<<IP>>:<<PORT>>/<<USER>>/linux-tools/raw/branch/<<BRANCH>>/setup/init-iptables-blocklist.sh | sh curl http://10.1.1.5:3000/ageissler/linux-tools/raw/branch/conet/setup/init-iptables-blocklist.sh | bash
curl http://<<IP>>:<<PORT>>/<<USER>>/linux-tools/raw/branch/<<BRANCH>>/setup/init-fail2ban.sh | sh curl http://10.1.1.5:3000/ageissler/linux-tools/raw/branch/conet/setup/init-fail2ban.sh | bash
curl http://<<IP>>:<<PORT>>/<<USER>>/linux-tools/raw/branch/<<BRANCH>>/setup/init-snmpd.sh | sh curl http://10.1.1.5:3000/ageissler/linux-tools/raw/branch/conet/setup/init-snmpd.sh | bash
curl http://<<IP>>:<<PORT>>/<<USER>>/linux-tools/raw/branch/<<BRANCH>>/setup/init-sudoers.sh | sh curl http://10.1.1.5:3000/ageissler/linux-tools/raw/branch/conet/setup/init-sudoers.sh | bash
curl http://<<IP>>:<<PORT>>/<<USER>>/linux-tools/raw/branch/<<BRANCH>>/setup/init-sshd.sh | sh curl http://10.1.1.5:3000/ageissler/linux-tools/raw/branch/conet/setup/init-sshd.sh | bash
curl http://<<IP>>:<<PORT>>/<<USER>>/linux-tools/raw/branch/<<BRANCH>>/setup/init-tz.sh | sh curl http://10.1.1.5:3000/ageissler/linux-tools/raw/branch/conet/setup/init-tz.sh | bash

15
setup/qemu-ga-conf.sh Normal file
View File

@@ -0,0 +1,15 @@
CONFFILE=/etc/qemu/qemu-ga.conf
if [ "$(which qemu-ga)" == "" ]; then
echo "guest agent is not installed"
else
if [ ! -f $CONFFILE ]; then
qemu-ga -D > $CONFFILE
sed -i "s/block-rpcs=/block-rpcs=guest-set-user-password/" $CONFFILE
systemctl restart qemu-guest-agent
else
if [ "$(grep guest-set-user-password $CONFFILE)" == "" ]; then
echo "block-rpcs=guest-set-user-password" >> $CONFFILE
systemctl restart qemu-guest-agent
fi
fi
fi