Bash Script: Basic internal network services

basic internal network services tutorial

This script will auto configure basic internal network services:

I would like to share with you a script I wrote which auto-configures a Linux machine to work with network services. After editing and running the script:

• The machine will pull all packages from a currently installed server (of your choice).
• It will turn off SELINUX and firewall.
• It will install VNC server and open port 5906.
• It will install htop and alias it to replace top.
• It will install ypbind and bind to your NIS server.
• It will configure your server to work with NTP & NIS server in your organization.
• It will configure sendmail on the server just like another server in organization.
• It will add your super user account to /etc/sudoers
• It will install and configure nrpe and snmp.
• It will make your VI/VIM editor work even better.

The values which are marked Red should be edited.

In order to run the script, make it executable and run it:

$ chmod +x script.sh
$ ./script.sh

#!/bin/bash
# Itai Ganot 2013 mailto:lel@lel.bz 
# This script auto-configures a freshly installed server to work with a company's network services. 
# It is recommended to send the machine's rsa key to the machines which you intend to pull files from, you can do that by following this guide.
# Don't forget to edit the relevant fields 
# Run as root . 
host=`cat /etc/sysconfig/network |grep -i hostname|cut -d= -f2` 
ip=`ip a |grep "inet "|awk 'NR==2'|cut -d/ -f1|awk -F" " '{print $2}'` 
ip2=`ip a |grep "inet "|awk 'NR==3'|cut -d/ -f1|awk -F" " '{print $2}'` 
who=`whoami` 
scp="/usr/bin/scp" 
ssh="/usr/bin/ssh" 
res1="Change IP" 
res2="Change IP" 
mailip="Change IP" 
mailhost="Change hostname"
dmn="your domain"
if [ $who != "root" ]; 
    then echo -e "\e[31mRun the script as root!\e[0m"
    exit
  fi
echo -e "\e[36m#===# Retrieving repos from server $res1 #===#\e[0m"
$scp -r root@$res1:/etc/pki/rpm-gpg /etc/pki/
$scp -r root@$res1:/etc/yum.repos.d /etc/
echo -e "\e[36m#===# Getting list of packages to install #===#\e[0m"
$ssh root@$res2 'rpm -qa --queryformat "%{NAME}\n" >/tmp/sw.lst'
$scp root@$res2:/tmp/sw.lst /tmp/ 
np=`cat /tmp/sw.lst |wc -l` 
echo -e "\e[36m#===# $np Packages are going to be installed! #===#\e[0m" 
sleep 2
/usr/bin/xargs yum -y install < /tmp/sw.lst
echo -e "\e[36m#==# Deleting temporary files #==#\e[0m"
sleep 2
$ssh root@$res1 'rm -f /tmp/sw.lst'
/bin/rm -f /tmp/sw.lst
echo -e "\e[36m#===# Turning firewall off... #===#\e[0m"
/etc/init.d/iptables stop ; /etc/init.d/ip6tables stop
/sbin/chkconfig iptables off ; /sbin/chkconfig ip6tables off
echo -e "\e[36m#===# Setting SELINUX to disabled #===#\e[0m"
/bin/sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
echo -e "\e[36m#===# Installing VNC server on port 5906 #===#\e[0m"
yum install pixman pixman-devel libXfont tigervnc-server.x86_64 -y
cat << EOF > /etc/sysconfig/vncservers 
VNCSERVERS="6:root"
VNCSERVERARGS[6]="-geometry 1152x864" 
EOF
chkconfig vncserver on
echo -e "\e[36m#===# Please set VNC server password #===#\e[0m"
/usr/bin/vncpasswd
/etc/init.d/vncserver start 2& > /dev/null
/bin/rpm -qa |grep ypbind && /bin/rpm -qa |grep yp-tools
  if [ $? != 0 ]; 
    then /usr/bin/yum install ypbind yp-tools -y
  fi 
echo -e "\e[36m#==# Installing & Setting HTOP as the default top #==#\e[0m"
/usr/bin/yum install htop -y
echo 'alias top=htop' >> /etc/bashrc
echo 'alias top=htop' >> /etc/skel/.bashrc 
#echo -e "\e[36m#===# Adding NIS server to /etc/sysconfig/network #===#\e[0m"
#sed -i 's/HOSTNAME=$host/HOSTNAME=$host.$dmn/g' /etc/sysconfig/network 
echo 'NISDOMAIN="$dmn"' >> /etc/sysconfig/network
echo -e "\e[36m#===# Setting /etc/yp.conf #===#\e[0m"
echo 'domain $dmn server emailsrvip1' >> /etc/yp.conf
echo 'domain $dmn server emailsrvip2' >> /etc/yp.conf 
##### This section is optional, uncomment if needed: #####
#echo -e "\e[36m#===# Setting /etc/sysconfig/authconfig #===#\e[0m"
#/bin/sed -i 's/USENIS=no/USENIS=yes/g'
#echo 'session optional pam_mkhomedir.so skel=/etc/skel umask=077' >> /etc/pam.d/system-auth
####### End of optional section #######
echo -e "\e[36m#===# Adding NIS & NTP servers to /etc/hosts #===#\e[0m"
echo "$ip $host" >> /etc/hosts
echo "$mailip $mailhost " >> /etc/hosts
echo -e "\e[36m#===# Setting domain name #===#\e[0m"
/bin/domainname $dmn
/bin/ypdomainname $dmn
echo -e "\e[36m#===# Setting /etc/nsswitch.conf #===#\e[0m"
/bin/cat << EOF >> /etc/nsswitch.conf
passwd: files nis 
shadow: files nis 
hosts: files nis dns 
bootparams: nisplus [NOTFOUND=return] files
ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files
netgroup: nisplus
publickey: nisplus
automount: files nisplus
aliases: files nisplus
EOF
echo -e "\e[36m#===# Starting bind service #===#\e[0m"
/etc/init.d/ypbind start
echo -e "\e[36m#===# Setting daemons to start on boot #===#\e[0m"
/sbin/chkconfig ypbind on
/sbin/chkconfig rpcbind on
echo -e "\e[36m#===# Configuring sendmail #===#\e[0m"
$scp root@$res1:/etc/mail/sendmail.cf /etc/mail/
$scp root@$res1:/etc/mail/sendmail.mc /etc/mail/
/etc/init.d/sendmail start
echo -e "\e[36m#===# Checking that NIS configuration is working... #===#\e[0m"
sleep 2
/usr/bin/ypcat hosts
  if [ $? = 0 ];
    then echo -e "\e[36m#===# Seems like NIS is configured correctly #===#\e[0m"
    sleep 2
    else echo -e "\e[31;47m#===# Scroll up to look for errors :( #===#\e[0m"
    sleep 2
  fi
echo -e "\e[36m#===# Adding Super Users (taken from NIS) to /etc/sudoers #===#\e[0m"
echo 'itaig ALL=(ALL) ALL' >> /etc/sudoers
echo -e "\e[36m#===# Setting NTP settings #===#\e[0m"
/bin/cat << EOF > /etc/ntp.conf
restrict default nomodify notrap noquery
restrict 127.0.0.1
server amasys prefer
server 127.127.1.0
fudge 127.127.1.0 stratum 10
driftfile /var/lib/ntp/drift
broadcastdelay 0.008
keys /etc/ntp/keys
EOF
/etc/init.d/xinetd start
/etc/init.d/httpd start
echo -e "\e[36m#===# Starting NTP #===#\e[0m"
/usr/sbin/ntpdate ntp_server_ip
/etc/init.d/ntpd start
echo -e "\e[36m#===# Setting NRPE #===#\e[0m"
scp root@$res1:/etc/sysconfig/nrpe /etc/sysconfig/
scp root@$res1:/etc/nagios/nrpe.cfg /etc/nagios/
echo -e "\e[36m#===# Starting NRPE #===#\e[0m"
/etc/init.d/nrpe start
echo -e "\e[36m#===# Setting SNMP #===#\e[0m"
/bin/cat << EOF > /etc/snmp/snmpd.conf
com2sec mynetwork 127.0.0.1 public
com2sec mynetwork YOUR_NETWORK_GOES_HERE/24 public
group MyROGroup v1 mynetwork
group MyROGroup v2c mynetwork
rocommunity public 127.0.0.1 .1
rocommunity public YOUR_NETWORK_GOES_HERE/24 .1 
view all included .1
view systemview included .1.3.6.1.2.1.1
view systemview included .1.3.6.1.2.1.25.1.1
access MyROGroup "" any noauth exact all none none
access notConfigGroup "" any noauth exact systemview none none
syslocation Unknown (edit /etc/snmp/snmpd.conf)
syscontact Root <root@localhost> (configure /etc/snmp/snmp.local.conf) 
pass .1.3.6.1.4.1.4413.4.1 /usr/bin/ucd5820stat
EOF
echo -e "\e[36m#===# Restarting snmp daemon #===#\e[0m"
/etc/init.d/snmpd restart
## read -r -p "#==# Would you like to set vim/vi profile? [ yes / no ]? #==#" ans1
  if [ $ans1 = yes ];
    then tee /etc/skel/{.vimrc,.virc} > /dev/null << EOF
set incsearch
:set ignorecase
:set smartcase
:set ts=2
vmap ,ic :s/^/#/g:let @/ = ""
map  ,ic :s/^/#/g:let @/ = ""
vmap ,rc :s/^#//g:let @/ = ""
map  ,rc :s/^#//g:let @/ = ""
EOF
/bin/cp /etc/skel/{.vimrc,.virc,.bashrc} /root/
  fi
read -r -p "\e[36m#==# A reboot is required for selinux to be updated, reboot? [ yes / no ]? #==#\e[0m " reb
if [ $reb = yes ];
then /sbin/init 6
else
exit
fi

Comments

comments