andre/linux-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: andre:conet
Branches Tags
andre:main andre:conet andre:home
..
compare: andre:main
Branches Tags
andre:conet andre:main andre:home

2 Commits
conet ... main

Author SHA1 Message Date
ageissler
48e3ffe6fd README.md aktualisiert 2025-03-10 08:13:26 +01:00
ageissler
61b08816b9 README.md aktualisiert 2024-11-01 12:40:57 +01:00
6 changed files with 31 additions and 62 deletions
Expand all files Collapse all files

8
setup/add2ansible.sh
View File

@@ -59,15 +59,15 @@ then
echo "mkdir -p /home/ansible/.ssh/" echo "mkdir -p /home/ansible/.ssh/"
echo "echo \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC/gz8mIcQmAxOVbajBb0nO7jWI09TXfHn6kNg6E/43bSzu10qq3hatTPuuXgaU6Y/KMkGF0nt6nsufP3P9u1FrCtq5j175z3GCQjk6Mb5QOO9iKLO9fQV08d6j3C7YGc1+6SZlTKdReyfBy7lQAfeUMuvFT4KevMExzyzvAtgQ8ZtLHwEUWBW5F/0YIGZyr6cMNe09RT2WTYJIbQCTzfVuWbOPw2SFzvd4ls7TnLK3EU4kjujnzBsTOAJLkbaWFVm6i+W6M3N+TutrtoDcW12Q9CK5eQtVwQrMWS1JbAAIGke1TKeizgDt5EuWk4k5YovXv6wrcWT9SahgeKDVtCLx ansible\" >> /home/ansible/.ssh/authorized_keys" echo "echo \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC/gz8mIcQmAxOVbajBb0nO7jWI09TXfHn6kNg6E/43bSzu10qq3hatTPuuXgaU6Y/KMkGF0nt6nsufP3P9u1FrCtq5j175z3GCQjk6Mb5QOO9iKLO9fQV08d6j3C7YGc1+6SZlTKdReyfBy7lQAfeUMuvFT4KevMExzyzvAtgQ8ZtLHwEUWBW5F/0YIGZyr6cMNe09RT2WTYJIbQCTzfVuWbOPw2SFzvd4ls7TnLK3EU4kjujnzBsTOAJLkbaWFVm6i+W6M3N+TutrtoDcW12Q9CK5eQtVwQrMWS1JbAAIGke1TKeizgDt5EuWk4k5YovXv6wrcWT9SahgeKDVtCLx ansible\" >> /home/ansible/.ssh/authorized_keys"
else else
echo "configure 'sudoers' for 'ansible' and 'root'" echo "configure 'sudoers' for 'ansible'"
echo " echo "
### added by script add2ansible.sh ### added by script add2ansible.sh
ansible ALL=(ALL) NOPASSWD:ALL ansible ALL=(ALL) NOPASSWD:ALL
root ALL=(ALL) NOPASSWD:ALL
" >> /etc/sudoers " >> /etc/sudoers
echo "add key" echo "add key"
su -m ansible -c "mkdir -p /home/ansible/.ssh/" sudo -u ansible mkdir -p /home/ansible/.ssh/
su -m ansible -c "echo 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC/gz8mIcQmAxOVbajBb0nO7jWI09TXfHn6kNg6E/43bSzu10qq3hatTPuuXgaU6Y/KMkGF0nt6nsufP3P9u1FrCtq5j175z3GCQjk6Mb5QOO9iKLO9fQV08d6j3C7YGc1+6SZlTKdReyfBy7lQAfeUMuvFT4KevMExzyzvAtgQ8ZtLHwEUWBW5F/0YIGZyr6cMNe09RT2WTYJIbQCTzfVuWbOPw2SFzvd4ls7TnLK3EU4kjujnzBsTOAJLkbaWFVm6i+W6M3N+TutrtoDcW12Q9CK5eQtVwQrMWS1JbAAIGke1TKeizgDt5EuWk4k5YovXv6wrcWT9SahgeKDVtCLx ansible' >> /home/ansible/.ssh/authorized_keys" sudo -u ansible echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC/gz8mIcQmAxOVbajBb0nO7jWI09TXfHn6kNg6E/43bSzu10qq3hatTPuuXgaU6Y/KMkGF0nt6nsufP3P9u1FrCtq5j175z3GCQjk6Mb5QOO9iKLO9fQV08d6j3C7YGc1+6SZlTKdReyfBy7lQAfeUMuvFT4KevMExzyzvAtgQ8ZtLHwEUWBW5F/0YIGZyr6cMNe09RT2WTYJIbQCTzfVuWbOPw2SFzvd4ls7TnLK3EU4kjujnzBsTOAJLkbaWFVm6i+W6M3N+TutrtoDcW12Q9CK5eQtVwQrMWS1JbAAIGke1TKeizgDt5EuWk4k5YovXv6wrcWT9SahgeKDVtCLx ansible" >> /home/ansible/.ssh/authorized_keys
fi fi
echo "" echo ""

48
setup/init-sshd.sh
View File

@@ -6,54 +6,36 @@
### ###
############################################################### ###############################################################
START1='### unique conet sshd config start ###' START='### unique ssh config start ###'
END1='### unique conet sshd config end ###'
CFG1='Match User conetadm END='### unique ssh config end ###'
CFG='Match User conetadm
PasswordAuthentication yes PasswordAuthentication yes
PubkeyAuthentication yes PubkeyAuthentication yes
AllowUsers conetadm@10.0.0.0/8 conetadm@192.168.0.0/16 conetadm@172.16.0.0/12 conetadm@195.20.133.0/24 conetadm@149.13.94.0/24' AllowUsers conetadm@10.0.0.0/8 conetadm@192.168.0.0/16 conetadm@172.16.0.0/12 conetadm@195.20.133.0/24 conetadm@149.13.94.0/24
UNIQ1="$START1 Match User ansible
$CFG1
$END1"
START2='### unique ansible sshd config start ###'
END2='### unique ansible sshd config end ###'
CFG2='Match User ansible
PasswordAuthentication no PasswordAuthentication no
PubkeyAuthentication yes PubkeyAuthentication yes
AllowUsers ansible@10.0.0.0/8 ansible@192.168.0.0/16 ansible@172.16.0.0/12' AllowUsers ansible@10.0.0.0/8 ansible@192.168.0.0/16 ansible@172.16.0.0/12'
UNIQ2="$START2 UNIQ="$START
$CFG2 $CFG
$END2" $END"
grep "$START1" /etc/ssh/sshd_config grep "$START" /etc/ssh/sshd_config
if [ "$?" == "1" ] if [ "$?" == "1" ]
then then
echo 1. uniq Eintrag nicht vorhanden, wird angehängt echo uniq Eintrag nicht vorhanden, wird angehängt
else else
echo 1. uniq Eintrag gefunden, wird ersetzt echo uniq Eintrag gefunden, wird ersetzt
cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bu cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bu
sed -i "/$START1/,/$END1/d" /etc/ssh/sshd_config sed -i "/$START/,/$END/d" /etc/ssh/sshd_config
fi fi
echo "$UNIQ1" >> /etc/ssh/sshd_config echo "$UNIQ" >> /etc/ssh/sshd_config
grep "$START2" /etc/ssh/sshd_config
if [ "$?" == "1" ]
then
echo 2. uniq Eintrag nicht vorhanden, wird angehängt
else
echo 2. uniq Eintrag gefunden, wird ersetzt
cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bu
sed -i "/$START2/,/$END2/d" /etc/ssh/sshd_config
fi
echo "$UNIQ2" >> /etc/ssh/sshd_config
sed -i "s/^[# ]*PermitRootLogin.*$/PermitRootLogin no/g" /etc/ssh/sshd_config sed -i "s/^[# ]*PermitRootLogin.*$/PermitRootLogin no/g" /etc/ssh/sshd_config
sed -i "s/^[# ]*AllowTcpForwarding.*$/AllowTcpForwarding no/g" /etc/ssh/sshd_config sed -i "s/^[# ]*AllowTcpForwarding.*$/AllowTcpForwarding no/g" /etc/ssh/sshd_config
systemctl restart sshd systemctl restart sshd
systemctl restart ssh

4
setup/init-sudoers.sh
View File

@@ -6,5 +6,7 @@
### ###
############################################################### ###############################################################
echo " echo "
conetadm ALL=(ALL:ALL) ALL ### added by script initialsetup.sh
conetadm ALL=(ALL) ALL
" >> /etc/sudoers " >> /etc/sudoers

14
setup/init.sh
View File

@@ -2,10 +2,10 @@
apt install curl apt install curl
curl http://10.1.1.5:3000/ageissler/linux-tools/raw/branch/conet/setup/init-iptables.sh | bash curl http://<<IP>>:<<PORT>>/<<USER>>/linux-tools/raw/branch/<<BRANCH>>/setup/init-iptables.sh | sh
curl http://10.1.1.5:3000/ageissler/linux-tools/raw/branch/conet/setup/init-iptables-blocklist.sh | bash curl http://<<IP>>:<<PORT>>/<<USER>>/linux-tools/raw/branch/<<BRANCH>>/setup/init-iptables-blocklist.sh | sh
curl http://10.1.1.5:3000/ageissler/linux-tools/raw/branch/conet/setup/init-fail2ban.sh | bash curl http://<<IP>>:<<PORT>>/<<USER>>/linux-tools/raw/branch/<<BRANCH>>/setup/init-fail2ban.sh | sh
curl http://10.1.1.5:3000/ageissler/linux-tools/raw/branch/conet/setup/init-snmpd.sh | bash curl http://<<IP>>:<<PORT>>/<<USER>>/linux-tools/raw/branch/<<BRANCH>>/setup/init-snmpd.sh | sh
curl http://10.1.1.5:3000/ageissler/linux-tools/raw/branch/conet/setup/init-sudoers.sh | bash curl http://<<IP>>:<<PORT>>/<<USER>>/linux-tools/raw/branch/<<BRANCH>>/setup/init-sudoers.sh | sh
curl http://10.1.1.5:3000/ageissler/linux-tools/raw/branch/conet/setup/init-sshd.sh | bash curl http://<<IP>>:<<PORT>>/<<USER>>/linux-tools/raw/branch/<<BRANCH>>/setup/init-sshd.sh | sh
curl http://10.1.1.5:3000/ageissler/linux-tools/raw/branch/conet/setup/init-tz.sh | bash curl http://<<IP>>:<<PORT>>/<<USER>>/linux-tools/raw/branch/<<BRANCH>>/setup/init-tz.sh | sh

15
setup/qemu-ga-conf.sh
View File

@@ -1,15 +0,0 @@
CONFFILE=/etc/qemu/qemu-ga.conf
if [ "$(which qemu-ga)" == "" ]; then
echo "guest agent is not installed"
else
if [ ! -f $CONFFILE ]; then
qemu-ga -D > $CONFFILE
sed -i "s/block-rpcs=/block-rpcs=guest-set-user-password/" $CONFFILE
systemctl restart qemu-guest-agent
else
if [ "$(grep guest-set-user-password $CONFFILE)" == "" ]; then
echo "block-rpcs=guest-set-user-password" >> $CONFFILE
systemctl restart qemu-guest-agent
fi
fi
fi