README.md aktualisiert

README.md

@@ -8,4 +8,4 @@ Dieses Repository wird gespiegelt
 
 > ÄNDERUNGEEN DIE NICHT AN DER QUELLE DURCHGEFÜHRT WERDEN WERDEN ÜBERSCHRIEBEN
 
-# Tools und Skripte zur Verwaltung von Linux Systemen
+# Tools und Skripte zur Verwaltung von Linux Systemen

setup/add2ansible.sh

@@ -59,15 +59,15 @@ then
    echo "mkdir -p /home/ansible/.ssh/"
    echo "echo \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC/gz8mIcQmAxOVbajBb0nO7jWI09TXfHn6kNg6E/43bSzu10qq3hatTPuuXgaU6Y/KMkGF0nt6nsufP3P9u1FrCtq5j175z3GCQjk6Mb5QOO9iKLO9fQV08d6j3C7YGc1+6SZlTKdReyfBy7lQAfeUMuvFT4KevMExzyzvAtgQ8ZtLHwEUWBW5F/0YIGZyr6cMNe09RT2WTYJIbQCTzfVuWbOPw2SFzvd4ls7TnLK3EU4kjujnzBsTOAJLkbaWFVm6i+W6M3N+TutrtoDcW12Q9CK5eQtVwQrMWS1JbAAIGke1TKeizgDt5EuWk4k5YovXv6wrcWT9SahgeKDVtCLx ansible\" >> /home/ansible/.ssh/authorized_keys"
 else
-   echo "configure 'sudoers' for 'ansible' and 'root'"
+   echo "configure 'sudoers' for 'ansible'"
    echo "
 ### added by script add2ansible.sh
 ansible ALL=(ALL) NOPASSWD:ALL
-root ALL=(ALL) NOPASSWD:ALL
+
 " >> /etc/sudoers
    echo "add key"
-   su -m ansible -c "mkdir -p /home/ansible/.ssh/"
-   su -m ansible -c "echo 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC/gz8mIcQmAxOVbajBb0nO7jWI09TXfHn6kNg6E/43bSzu10qq3hatTPuuXgaU6Y/KMkGF0nt6nsufP3P9u1FrCtq5j175z3GCQjk6Mb5QOO9iKLO9fQV08d6j3C7YGc1+6SZlTKdReyfBy7lQAfeUMuvFT4KevMExzyzvAtgQ8ZtLHwEUWBW5F/0YIGZyr6cMNe09RT2WTYJIbQCTzfVuWbOPw2SFzvd4ls7TnLK3EU4kjujnzBsTOAJLkbaWFVm6i+W6M3N+TutrtoDcW12Q9CK5eQtVwQrMWS1JbAAIGke1TKeizgDt5EuWk4k5YovXv6wrcWT9SahgeKDVtCLx ansible' >> /home/ansible/.ssh/authorized_keys"
+   sudo -u ansible mkdir -p /home/ansible/.ssh/
+   sudo -u ansible echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC/gz8mIcQmAxOVbajBb0nO7jWI09TXfHn6kNg6E/43bSzu10qq3hatTPuuXgaU6Y/KMkGF0nt6nsufP3P9u1FrCtq5j175z3GCQjk6Mb5QOO9iKLO9fQV08d6j3C7YGc1+6SZlTKdReyfBy7lQAfeUMuvFT4KevMExzyzvAtgQ8ZtLHwEUWBW5F/0YIGZyr6cMNe09RT2WTYJIbQCTzfVuWbOPw2SFzvd4ls7TnLK3EU4kjujnzBsTOAJLkbaWFVm6i+W6M3N+TutrtoDcW12Q9CK5eQtVwQrMWS1JbAAIGke1TKeizgDt5EuWk4k5YovXv6wrcWT9SahgeKDVtCLx ansible" >> /home/ansible/.ssh/authorized_keys
 fi
 echo ""
 

setup/init-sshd.sh

@@ -6,54 +6,36 @@
 ###
 ###############################################################
 
-START1='### unique conet sshd config start ###'
-END1='### unique conet sshd config end ###'
-CFG1='Match User conetadm
+START='### unique ssh config start ###'
+
+END='### unique ssh config end ###'
+
+CFG='Match User conetadm
     PasswordAuthentication yes
     PubkeyAuthentication yes
-    AllowUsers conetadm@10.0.0.0/8 conetadm@192.168.0.0/16 conetadm@172.16.0.0/12 conetadm@195.20.133.0/24 conetadm@149.13.94.0/24'
+    AllowUsers conetadm@10.0.0.0/8 conetadm@192.168.0.0/16 conetadm@172.16.0.0/12 conetadm@195.20.133.0/24 conetadm@149.13.94.0/24
 
-UNIQ1="$START1
-$CFG1
-$END1"
-
-START2='### unique ansible sshd config start ###'
-END2='### unique ansible sshd config end ###'
-CFG2='Match User ansible
+Match User ansible
     PasswordAuthentication no
     PubkeyAuthentication yes
     AllowUsers ansible@10.0.0.0/8 ansible@192.168.0.0/16 ansible@172.16.0.0/12'
 
-UNIQ2="$START2
-$CFG2
-$END2"
+UNIQ="$START
+$CFG
+$END"
 
-grep "$START1" /etc/ssh/sshd_config
+grep "$START" /etc/ssh/sshd_config
 if [ "$?" == "1" ]
 then
-   echo 1. uniq Eintrag nicht vorhanden, wird angehängt
+   echo uniq Eintrag nicht vorhanden, wird angehängt
 else
-   echo 1. uniq Eintrag gefunden, wird ersetzt
+   echo uniq Eintrag gefunden, wird ersetzt
    cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bu
-   sed -i "/$START1/,/$END1/d" /etc/ssh/sshd_config
+   sed -i "/$START/,/$END/d" /etc/ssh/sshd_config
 fi
-echo "$UNIQ1" >> /etc/ssh/sshd_config
-
-
-grep "$START2" /etc/ssh/sshd_config
-if [ "$?" == "1" ]
-then
-   echo 2. uniq Eintrag nicht vorhanden, wird angehängt
-else
-   echo 2. uniq Eintrag gefunden, wird ersetzt
-   cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bu
-   sed -i "/$START2/,/$END2/d" /etc/ssh/sshd_config
-fi
-echo "$UNIQ2" >> /etc/ssh/sshd_config
-
+echo "$UNIQ" >> /etc/ssh/sshd_config
 
 sed -i "s/^[# ]*PermitRootLogin.*$/PermitRootLogin no/g" /etc/ssh/sshd_config
 sed -i "s/^[# ]*AllowTcpForwarding.*$/AllowTcpForwarding no/g" /etc/ssh/sshd_config
 
-systemctl restart sshd
-systemctl restart ssh
+systemctl restart sshd

setup/init-sudoers.sh

@@ -6,5 +6,7 @@
 ###
 ###############################################################
 echo "
-conetadm ALL=(ALL:ALL) ALL
+### added by script initialsetup.sh
+conetadm ALL=(ALL) ALL
+
 " >> /etc/sudoers

setup/init.sh

@@ -2,10 +2,10 @@
 
 apt install curl
 
-curl http://10.1.1.5:3000/ageissler/linux-tools/raw/branch/conet/setup/init-iptables.sh | bash
-curl http://10.1.1.5:3000/ageissler/linux-tools/raw/branch/conet/setup/init-iptables-blocklist.sh | bash
-curl http://10.1.1.5:3000/ageissler/linux-tools/raw/branch/conet/setup/init-fail2ban.sh | bash
-curl http://10.1.1.5:3000/ageissler/linux-tools/raw/branch/conet/setup/init-snmpd.sh | bash
-curl http://10.1.1.5:3000/ageissler/linux-tools/raw/branch/conet/setup/init-sudoers.sh | bash
-curl http://10.1.1.5:3000/ageissler/linux-tools/raw/branch/conet/setup/init-sshd.sh | bash
-curl http://10.1.1.5:3000/ageissler/linux-tools/raw/branch/conet/setup/init-tz.sh | bash
+curl http://<<IP>>:<<PORT>>/<<USER>>/linux-tools/raw/branch/<<BRANCH>>/setup/init-iptables.sh | sh
+curl http://<<IP>>:<<PORT>>/<<USER>>/linux-tools/raw/branch/<<BRANCH>>/setup/init-iptables-blocklist.sh | sh
+curl http://<<IP>>:<<PORT>>/<<USER>>/linux-tools/raw/branch/<<BRANCH>>/setup/init-fail2ban.sh | sh
+curl http://<<IP>>:<<PORT>>/<<USER>>/linux-tools/raw/branch/<<BRANCH>>/setup/init-snmpd.sh | sh
+curl http://<<IP>>:<<PORT>>/<<USER>>/linux-tools/raw/branch/<<BRANCH>>/setup/init-sudoers.sh | sh
+curl http://<<IP>>:<<PORT>>/<<USER>>/linux-tools/raw/branch/<<BRANCH>>/setup/init-sshd.sh | sh
+curl http://<<IP>>:<<PORT>>/<<USER>>/linux-tools/raw/branch/<<BRANCH>>/setup/init-tz.sh | sh

setup/qemu-ga-conf.sh

@@ -1,15 +0,0 @@
-CONFFILE=/etc/qemu/qemu-ga.conf
-if [ "$(which qemu-ga)" == "" ]; then
-   echo "guest agent is not installed"
-else
-   if [ ! -f $CONFFILE ]; then
-      qemu-ga -D > $CONFFILE
-      sed -i "s/block-rpcs=/block-rpcs=guest-set-user-password/" $CONFFILE
-      systemctl restart qemu-guest-agent
-   else
-      if [ "$(grep guest-set-user-password $CONFFILE)" == "" ]; then
-         echo "block-rpcs=guest-set-user-password" >> $CONFFILE
-         systemctl restart qemu-guest-agent
-      fi
-   fi
-fi