setup/qemu-ga-conf.sh aktualisiert

setup/qemu-ga-conf.sh hinzugefügt
2025-03-10 10:05:18 +01:00 · 2025-03-10 10:04:24 +01:00 · 2025-03-10 09:45:03 +01:00 · 2025-01-17 11:20:16 +01:00 · 2025-01-17 11:18:12 +01:00 · 2025-01-17 11:03:11 +01:00
6 changed files with 62 additions and 31 deletions
--- a/setup/add2ansible.sh
+++ b/setup/add2ansible.sh
@@ -59,15 +59,15 @@ then
   echo "mkdir -p /home/ansible/.ssh/"
   echo "echo \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC/gz8mIcQmAxOVbajBb0nO7jWI09TXfHn6kNg6E/43bSzu10qq3hatTPuuXgaU6Y/KMkGF0nt6nsufP3P9u1FrCtq5j175z3GCQjk6Mb5QOO9iKLO9fQV08d6j3C7YGc1+6SZlTKdReyfBy7lQAfeUMuvFT4KevMExzyzvAtgQ8ZtLHwEUWBW5F/0YIGZyr6cMNe09RT2WTYJIbQCTzfVuWbOPw2SFzvd4ls7TnLK3EU4kjujnzBsTOAJLkbaWFVm6i+W6M3N+TutrtoDcW12Q9CK5eQtVwQrMWS1JbAAIGke1TKeizgDt5EuWk4k5YovXv6wrcWT9SahgeKDVtCLx ansible\" >> /home/ansible/.ssh/authorized_keys"
 else
-   echo "configure 'sudoers' for 'ansible'"
+   echo "configure 'sudoers' for 'ansible' and 'root'"
   echo "
 ### added by script add2ansible.sh
 ansible ALL=(ALL) NOPASSWD:ALL
-
+root ALL=(ALL) NOPASSWD:ALL
 " >> /etc/sudoers
   echo "add key"
-   sudo -u ansible mkdir -p /home/ansible/.ssh/
+   su -m ansible -c "mkdir -p /home/ansible/.ssh/"
-   sudo -u ansible echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC/gz8mIcQmAxOVbajBb0nO7jWI09TXfHn6kNg6E/43bSzu10qq3hatTPuuXgaU6Y/KMkGF0nt6nsufP3P9u1FrCtq5j175z3GCQjk6Mb5QOO9iKLO9fQV08d6j3C7YGc1+6SZlTKdReyfBy7lQAfeUMuvFT4KevMExzyzvAtgQ8ZtLHwEUWBW5F/0YIGZyr6cMNe09RT2WTYJIbQCTzfVuWbOPw2SFzvd4ls7TnLK3EU4kjujnzBsTOAJLkbaWFVm6i+W6M3N+TutrtoDcW12Q9CK5eQtVwQrMWS1JbAAIGke1TKeizgDt5EuWk4k5YovXv6wrcWT9SahgeKDVtCLx ansible" >> /home/ansible/.ssh/authorized_keys
+   su -m ansible -c "echo 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC/gz8mIcQmAxOVbajBb0nO7jWI09TXfHn6kNg6E/43bSzu10qq3hatTPuuXgaU6Y/KMkGF0nt6nsufP3P9u1FrCtq5j175z3GCQjk6Mb5QOO9iKLO9fQV08d6j3C7YGc1+6SZlTKdReyfBy7lQAfeUMuvFT4KevMExzyzvAtgQ8ZtLHwEUWBW5F/0YIGZyr6cMNe09RT2WTYJIbQCTzfVuWbOPw2SFzvd4ls7TnLK3EU4kjujnzBsTOAJLkbaWFVm6i+W6M3N+TutrtoDcW12Q9CK5eQtVwQrMWS1JbAAIGke1TKeizgDt5EuWk4k5YovXv6wrcWT9SahgeKDVtCLx ansible' >> /home/ansible/.ssh/authorized_keys"
 fi
 echo ""
--- a/setup/init-sshd.sh
+++ b/setup/init-sshd.sh
@@ -6,36 +6,54 @@
 ###
 ###############################################################
-START='### unique ssh config start ###'
+START1='### unique conet sshd config start ###'
-
+END1='### unique conet sshd config end ###'
-END='### unique ssh config end ###'
+CFG1='Match User conetadm
 CFG='Match User conetadm
    PasswordAuthentication yes
    PubkeyAuthentication yes
-    AllowUsers conetadm@10.0.0.0/8 conetadm@192.168.0.0/16 conetadm@172.16.0.0/12 conetadm@195.20.133.0/24 conetadm@149.13.94.0/24
+    AllowUsers conetadm@10.0.0.0/8 conetadm@192.168.0.0/16 conetadm@172.16.0.0/12 conetadm@195.20.133.0/24 conetadm@149.13.94.0/24'
-Match User ansible
+UNIQ1="$START1
 $CFG1
 $END1"
 START2='### unique ansible sshd config start ###'
 END2='### unique ansible sshd config end ###'
 CFG2='Match User ansible
    PasswordAuthentication no
    PubkeyAuthentication yes
    AllowUsers ansible@10.0.0.0/8 ansible@192.168.0.0/16 ansible@172.16.0.0/12'
-UNIQ="$START
+UNIQ2="$START2
-$CFG
+$CFG2
-$END"
+$END2"
-grep "$START" /etc/ssh/sshd_config
+grep "$START1" /etc/ssh/sshd_config
 if [ "$?" == "1" ]
 then
-   echo uniq Eintrag nicht vorhanden, wird angehängt
+   echo 1. uniq Eintrag nicht vorhanden, wird angehängt
 else
-   echo uniq Eintrag gefunden, wird ersetzt
+   echo 1. uniq Eintrag gefunden, wird ersetzt
   cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bu
-   sed -i "/$START/,/$END/d" /etc/ssh/sshd_config
+   sed -i "/$START1/,/$END1/d" /etc/ssh/sshd_config
 fi
-echo "$UNIQ" >> /etc/ssh/sshd_config
+echo "$UNIQ1" >> /etc/ssh/sshd_config
 grep "$START2" /etc/ssh/sshd_config
 if [ "$?" == "1" ]
 then
   echo 2. uniq Eintrag nicht vorhanden, wird angehängt
 else
   echo 2. uniq Eintrag gefunden, wird ersetzt
   cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bu
   sed -i "/$START2/,/$END2/d" /etc/ssh/sshd_config
 fi
 echo "$UNIQ2" >> /etc/ssh/sshd_config
 sed -i "s/^[# ]*PermitRootLogin.*$/PermitRootLogin no/g" /etc/ssh/sshd_config
 sed -i "s/^[# ]*AllowTcpForwarding.*$/AllowTcpForwarding no/g" /etc/ssh/sshd_config
 systemctl restart sshd
 systemctl restart ssh
--- a/setup/init-sudoers.sh
+++ b/setup/init-sudoers.sh
@@ -6,7 +6,5 @@
 ###
 ###############################################################
 echo "
-### added by script initialsetup.sh
+conetadm ALL=(ALL:ALL) ALL
 conetadm ALL=(ALL) ALL
 " >> /etc/sudoers
--- a/setup/init.sh
+++ b/setup/init.sh
@@ -2,10 +2,10 @@
 apt install curl
-curl http://<<IP>>:<<PORT>>/<<USER>>/linux-tools/raw/branch/<<BRANCH>>/setup/init-iptables.sh | sh
+curl http://10.1.1.5:3000/ageissler/linux-tools/raw/branch/conet/setup/init-iptables.sh | bash
-curl http://<<IP>>:<<PORT>>/<<USER>>/linux-tools/raw/branch/<<BRANCH>>/setup/init-iptables-blocklist.sh | sh
+curl http://10.1.1.5:3000/ageissler/linux-tools/raw/branch/conet/setup/init-iptables-blocklist.sh | bash
-curl http://<<IP>>:<<PORT>>/<<USER>>/linux-tools/raw/branch/<<BRANCH>>/setup/init-fail2ban.sh | sh
+curl http://10.1.1.5:3000/ageissler/linux-tools/raw/branch/conet/setup/init-fail2ban.sh | bash
-curl http://<<IP>>:<<PORT>>/<<USER>>/linux-tools/raw/branch/<<BRANCH>>/setup/init-snmpd.sh | sh
+curl http://10.1.1.5:3000/ageissler/linux-tools/raw/branch/conet/setup/init-snmpd.sh | bash
-curl http://<<IP>>:<<PORT>>/<<USER>>/linux-tools/raw/branch/<<BRANCH>>/setup/init-sudoers.sh | sh
+curl http://10.1.1.5:3000/ageissler/linux-tools/raw/branch/conet/setup/init-sudoers.sh | bash
-curl http://<<IP>>:<<PORT>>/<<USER>>/linux-tools/raw/branch/<<BRANCH>>/setup/init-sshd.sh | sh
+curl http://10.1.1.5:3000/ageissler/linux-tools/raw/branch/conet/setup/init-sshd.sh | bash
-curl http://<<IP>>:<<PORT>>/<<USER>>/linux-tools/raw/branch/<<BRANCH>>/setup/init-tz.sh | sh
+curl http://10.1.1.5:3000/ageissler/linux-tools/raw/branch/conet/setup/init-tz.sh | bash
--- a/setup/qemu-ga-conf.sh
+++ b/setup/qemu-ga-conf.sh
@@ -0,0 +1,15 @@
 CONFFILE=/etc/qemu/qemu-ga.conf
 if [ "$(which qemu-ga)" == "" ]; then
   echo "guest agent is not installed"
 else
   if [ ! -f $CONFFILE ]; then
      qemu-ga -D > $CONFFILE
      sed -i "s/block-rpcs=/block-rpcs=guest-set-user-password/" $CONFFILE
      systemctl restart qemu-guest-agent
   else
      if [ "$(grep guest-set-user-password $CONFFILE)" == "" ]; then
         echo "block-rpcs=guest-set-user-password" >> $CONFFILE
         systemctl restart qemu-guest-agent
      fi
   fi
 fi
Author	SHA1	Message	Date
ageissler	d9f7604c83	setup/qemu-ga-conf.sh aktualisiert	2025-03-10 10:05:18 +01:00
ageissler	a6103ab7d5	setup/qemu-ga-conf.sh aktualisiert	2025-03-10 10:04:24 +01:00
ageissler	e3770513cd	setup/qemu-ga-conf.sh hinzugefügt	2025-03-10 09:45:03 +01:00
ageissler	bc659c3423	setup/add2ansible.sh aktualisiert	2025-01-17 11:20:16 +01:00
ageissler	8003125cad	setup/add2ansible.sh aktualisiert	2025-01-17 11:18:12 +01:00
ageissler	14f99953ab	setup/init.sh aktualisiert	2025-01-17 11:03:11 +01:00
ageissler	eb6ee7d9b9	setup/init-sshd.sh aktualisiert	2025-01-02 18:55:08 +01:00
ageissler	0c34707638	setup/init-sudoers.sh aktualisiert Kommentar entfernt. Die verbliebene Zeile wird durch das CyberArk Onboardingskript ersetzt	2024-11-01 18:19:53 +01:00
ageissler	eb7d1caad4	setup/init-sshd.sh aktualisiert Ansible User in eigenen Abschnitt ausgelagert. Anpassung der Start/Ende Markierung zur Kompatibilität mit dem CyberArk Onboarding Skript	2024-11-01 18:18:30 +01:00
ageissler	ccdd2b63f5	setup/init-sshd.sh aktualisiert	2024-11-01 15:49:20 +01:00
ageissler	1b62941c40	setup/init-sudoers.sh aktualisiert	2024-11-01 15:47:09 +01:00
ageissler	3334a3cb13	README.md aktualisiert	2024-11-01 12:41:15 +01:00
ageissler	1d1331fae4	setup/init.sh aktualisiert conet	2024-11-01 12:36:45 +01:00