Skip to main content

enterprise linux boilerplate

##
## ct deploy for EL
##

##
## install base stuff 
##
dnf update -y
reboot


dnf -y install yum-utils
#dnf config-manager --set-enabled crb
dnf -y install epel-release
#/usr/bin/crb enable
#dnf repolist | grep epel
dnf -y install bind-utils tmux git vim whois wget curl openssh-server sudo certbot tar nfs-utils
#systemctl enable sshd && systemctl start sshd

##
## install cockpit
##
dnf -y install cockpit 
systemctl disable auditd
systemctl start cockpit.socket
systemctl enable --now cockpit.socket
systemctl status cockpit.socket


##
## user creation
##
#useradd -u 42069 -m -s /bin/bash jgalley
#usermod --append -G wheel jgalley
##passwd jgalley
#usermod --password '$6$cnf9W.dpRaJfuADG$6Eer/0SqMngyks7DkMH7tBqg3gie3mEC8qLrVSrJB9glVejXubeJAshP.plxYKhQG/5Cyj6X3AwK1AAW3Le4g1' jgalley

mkdir -p /home/jgalley/.ssh

cat > /home/jgalley/.ssh/authorized_keys <<EOF
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCtHvz80lFGGsJJSnjxXEOgS8whQ7mirBA6AorIxFt0oNNQl7D8Jid/LLxFRpfigT+LtpHHVukmnpklRedrO48dQvpxCmOnRf1wRKYSGANWs9u4iWNhmWlrq0MctDMJ/Nq6JR2cigGzDney0H5O3op7smfPrHWHTwdmaYEuuGS8ZRNojzF8M0ABllnS8TIwub6ssp51gE0as8g9o6Bw9Cy7zzU5WgOl+rfi1XPAkl1OsjS8ioeV7JawfCKA58aywGoa2zQuBPlYwm/7q/NVvfQ4romUYj3f1JWde3UaIGK5WNpvGGGuKU+021O66/dluv/0tq/S3wfV49/VSXZgyO/J4kU6PGg9P4gu/rj0XerFmOgC89hhf5RX8LAIKpsOk9L4xnxiYhv2P6CG7GBxNHLD29ODfmeKF/W2AmTYPVbk3MSbu4HsJEWwlqYZ3JVVeau1lbnYnx68AEJoxcG//yF5dBKkOgCfkfqP7ObKHH9OIJ1X6cS6j10mxa0QDmYchrc= jgalley@ws1.pigeonkebab.local
EOF

chown -R jgalley:jgalley /home/jgalley/.ssh
chown -R jgalley:jgalley /home/jgalley/.ssh/authorized_keys
chmod 700 /home/jgalley/.ssh
chmod 600 /home/jgalley/.ssh/authorized_keys

groupadd -g 10701 mgmt-code
groupadd -g 10702   mgmt-docs
groupadd -g 10703   mgmt-media
groupadd -g 10704   mgmt-logs
usermod -a -G 10701 jgalley
usermod -a -G 10702 jgalley
usermod -a -G 10703 jgalley
usermod -a -G 10704 jgalley


useradd -u 1001 -s /bin/bash -m pkadmin
usermod -a -G wheel pkadmin
usermod  --password '$6$mlEZlyqvTBF6X.Zv$he74O3K8QsklYkNwAUQQ.JJTaCexuLbypo694bPfV.AwSNeYktFpel.1PFSNJYlCMGUNhpilXpoN27gkfGP96.' pkadmin

/mnt/nfs1/system_setup
echo '10.2.104.31:/volume1/Public/system_setup        /mnt/nfs1/system_setup  nfs     _netdev,noacl,noatime 0 0' | tee -a /etc/fstab
systemctl daemon-reload
mount -a 

dnf -y install bash-completion
cp /mnt/nfs1/system_setup/scripts/colorprompt.sh /etc/profile.d/colorprompt.sh 

##
## template creation
##
truncate -s 0 /etc/machine-id

cat > /etc/systemd/system/regenerate_ssh_host_keys.service <<EOF
[Unit]
Description=Regenerate SSH host keys
Before=ssh.service
ConditionFileIsExecutable=/usr/bin/ssh-keygen
 
[Service]
Type=oneshot
ExecStartPre=-/bin/dd if=/dev/hwrng of=/dev/urandom count=1 bs=4096
ExecStartPre=-/bin/sh -c "/bin/rm -f -v /etc/ssh/ssh_host_*_key*"
ExecStart=/usr/bin/ssh-keygen -A -v
ExecStartPost=/bin/systemctl disable regenerate_ssh_host_keys
 
[Install]
WantedBy=multi-user.target
EOF

systemctl daemon-reload
systemctl enable regenerate_ssh_host_keys.service
systemctl status regenerate_ssh_host_keys.service

shutdown -h now
No Comments
Back to top