Scripts

Remotely setup some basic things from the openaudit machine. Only the straight case, no error checking.
Yes, sshpass is not secure (you can see the password in the script or envar, but so can you have the
private key when you are root and having passworded the private key kind of defeats the purpose of
unattended setup), public key authentication recommended (unless you work with PCI). Use something
like spacewalk, salt, puppet or other monster of various scripting languages (and get awarded your
ruby-perl-python monster badge) or ansible (beware of python). Shees, it's like nobody ever heard about
awk,sed and core utils these days.

  • update
sshpass -pSuperSecretPasswordHere ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no root@$1 << !
export http_proxy="http://proxy.ogwanga.jar:3128"
export https_proxy="https://proxy.ogwanga.jar:3128"
yum update -y
!
  • resolv.conf
sshpass -pSuperSecretPasswordHere ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no root@$1 << !
export http_proxy="http://proxy.ogwanga.jar:3128"
export https_proxy="https://proxy.ogwanga.jar:3128"
cat > /etc/resolv.conf <<-CONFIGRESOLVCONF
        search ogwanga.jar
        nameserver 192.168.2.21
        nameserver 192.168.2.22
CONFIGRESOLVCONF
!
  • rsyslog setup
sshpass -pSuperSecretPasswordHere ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no root@$1 << !
export http_proxy="http://proxy.ogwanga.jar:3128"
export https_proxy="https://proxy.ogwanga.jar:3128"
cat > /etc/yum.repos.d/rsyslog.repo <<-CONFIGRSYSLOGV8REPO
        [rsyslog_v8]
        name=Adiscon CentOS-\\\$releasever - local packages for \\\$basearch
        baseurl=http://rpms.adiscon.com/v8-stable/epel-\\\$releasever/\\\$basearch
        enabled=1
        gpgcheck=0
        gpgkey=http://rpms.adiscon.com/RPM-GPG-KEY-Adiscon
        protect=1
CONFIGRSYSLOGV8REPO
yum update rsyslog -y
sed -i -e 's/^#.*:514$/*.* @@syslog.ogwanga.jar:514/' /etc/rsyslog.conf
chkconfig rsyslog on
service rsyslog restart
  • ntp setup
sshpass -pSuperSecretPasswordHere ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no root@$1 << !
export http_proxy="http://proxy.ogwanga.jar:3128"
export https_proxy="https://proxy.ogwanga.jar:3128"
yum install ntp -y
sed -i -e 's/server 0.centos.pool.ntp.org iburst/server ntp.ogwanga.jar/' /etc/ntp.conf
sed -i -e '/server [0-9].centos.pool.ntp.org iburst/d' /etc/ntp.conf
chkconfig ntpd on
service ntpd start
!
  • Distribute the openaudit public key and trust it so batch encryption is possible (no questioning from gpg when encrypting)
sshpass -pSuperSecretPasswordHere ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no root@$1 << !
cat > openaudit.pgp <<PUBLICKEYOPENAUDIT
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2.0.14 (GNU/Linux)

mQENBFS6jxABCADAPGThjwp00HjuDqoR66ZancLO5uGBGfM71uyzVzlvVeDi0rOr
dt8ceIx+Rty+LAcDfR9IJaYh/Xirr4H0ysmzGZ2lXOXY0n9bz9NSv1L5WbMciO+V
XXv9JA2CxgbVT86CdXdZvsQfgrcfk8LEsCzY3xvmvE8vzw2pfcxIUizF8uIxaugT
r4UxKBUBIyWuD6XNAogrcZYutfmdqQlADgolETbi+SWxqhR8cphP+BFd
=i0N+
-----END PGP PUBLIC KEY BLOCK-----
PUBLICKEYOPENAUDIT
gpg --import openaudit.pgp
gpg --list-keys --with-colon open.audit@openaudit.org | grep "^pub" | awk -F':' '{ print "trusted-key " $5 }' >> .gnupg/gpg.conf
Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-Share Alike 2.5 License.