|
#!/bin/sh |
|
|
|
########## |
|
# |
|
# a-configure-server.sh |
|
# |
|
# Shell script to be used to configure CentOS 5.5 server |
|
# |
|
# Written by Doc Walker (Rx) Nov 2010 |
|
# |
|
# Run this script 1st |
|
# |
|
########## |
|
|
|
|
|
if [[ $(id -u) -ne 0 ]]; then |
|
printf "This script must be run as root.\n" && exit 1 |
|
fi |
|
|
|
|
|
function display_usage |
|
{ |
|
cat <<EOF |
|
usage: `basename $0` [--dry-run] [--usage] [--help] |
|
|
|
--dry-run: execute without changing any files |
|
--usage: provide information on usage |
|
--help: provide information on usage |
|
|
|
EOF |
|
return |
|
} |
|
|
|
|
|
function check_sudoers |
|
{ |
|
printf " - file $file " |
|
# check to see if file exists |
|
if [ -e $file ]; then |
|
printf "exists\n" |
|
printf " - wheel group is " |
|
regex="^\s*\%wheel\s*ALL\s*=\s*\(\s*ALL\s*\)\s*ALL\s*$" |
|
grep -E "$regex" $file &> /dev/null |
|
if [ 0 == $? ]; then |
|
printf "able to execute sudo command\n" |
|
else |
|
printf "not able to execute sudo command\n\n" |
|
cat <<EOF |
|
Please fix this before proceeding with server configuration. |
|
|
|
# visudo |
|
|
|
Scroll down to line containing %wheel. Change it to: |
|
|
|
%wheel ALL=(ALL) ALL |
|
|
|
Command reference: |
|
/ enters search mode (look for '%wheel') |
|
i enters insert mode |
|
[ESC] exits edit mode |
|
:w writes the file to disk |
|
:q quits vi (append ! to discard changes) |
|
|
|
EOF |
|
exit 1 |
|
fi |
|
else |
|
printf "does not exist\n" |
|
exit 1 |
|
fi |
|
} |
|
|
|
|
|
function remove_previous_modifications |
|
{ |
|
printf " - file $file " |
|
# check to see if file exists |
|
if [ -e $file ]; then |
|
# remove previously-modified section |
|
printf "exists\n" |
|
$sed_command $sed_args "/$header/, /$footer/d" $file |
|
if [ 0 == $? ] && [ ! "$dry_run" ]; then |
|
printf " - removed previously-modified section\n" |
|
rm -f "$file$sed_ext" |
|
if [ 0 == $? ]; then |
|
printf " - removed temp file $file$sed_ext\n" |
|
fi |
|
fi |
|
else |
|
printf "does not exist\n" |
|
fi |
|
} |
|
|
|
|
|
function append_to_file |
|
{ |
|
if [ "$dry_run" ]; then |
|
printf " - dry run complete\n" |
|
else |
|
echo "$append" >> "$file" |
|
if [ 0 == $? ]; then |
|
printf " - file modifications complete\n" |
|
else |
|
printf " - ERROR $?: unable to modify file $file\n" |
|
fi |
|
fi |
|
} |
|
|
|
|
|
function comment_lines |
|
{ |
|
printf " - file $file " |
|
# check to see if file exists |
|
if [ -e $file ]; then |
|
printf "exists\n" |
|
sed_expression="s/(^[[:space:]]*($parameter)[[:space:]].*$)/\#\1 $disabled$now/" |
|
$sed_command $sed_args "$sed_expression" $file |
|
if [ 0 == $? ] && [ ! "$dry_run" ]; then |
|
printf " - commented out parameter(s)\n" |
|
rm -f "$file$sed_ext" |
|
if [ 0 == $? ]; then |
|
printf " - removed temp file $file$sed_ext\n" |
|
fi |
|
fi |
|
else |
|
printf "does not exist\n" |
|
fi |
|
} |
|
|
|
|
|
function verify_or_create_dir |
|
{ |
|
printf " - directory $dir " |
|
# check to see if directory exists |
|
if [ -d $dir ]; then |
|
printf "exists\n" |
|
else |
|
printf "does not exist\n" |
|
if [ ! "$dry_run" ]; then |
|
mkdir -m $dir_mode -p "$dir" |
|
if [ 0 == $? ]; then |
|
printf " - directory $dir created\n" |
|
else |
|
printf " - ERROR $?: unable to create directory $dir\n" |
|
fi |
|
fi |
|
fi |
|
} |
|
|
|
|
|
function download_source |
|
{ |
|
if [ "Linux" == "$system" ] && [ "" != "$yum_packages" ]; then |
|
if [ "$dry_run" ]; then |
|
printf " - yum -y install $yum_packages\n" |
|
else |
|
yum -y install $yum_packages |
|
fi |
|
fi |
|
cd $dir |
|
link_regex='([^\/]*).tar.gz$' |
|
if [[ "$link" =~ $link_regex ]]; then |
|
targz="${BASH_REMATCH[0]}" |
|
#make_dir="${BASH_REMATCH[1]}" |
|
printf " - file $targz " |
|
if [ -f "$targz" ]; then |
|
printf "exists\n" |
|
else |
|
printf "does not exist\n" |
|
printf " - download $link\n" |
|
if [ ! "$dry_run" ]; then wget "$link"; fi |
|
fi |
|
make_dir=`tar ztf $targz | head -n 1` |
|
printf " - directory $dir/$make_dir " |
|
if [ -d "$dir/$make_dir" ]; then |
|
printf "exists\n" |
|
else |
|
printf "does not exist\n" |
|
if [ ! "$dry_run" ]; then |
|
dir="$tar_dir" |
|
verify_or_create_dir |
|
printf " - unarchiving file $targz\n" |
|
tar zxvf "$targz" -C $tar_dir &> /dev/null |
|
fi |
|
fi |
|
if [ "$dry_run" ]; then printf " - dry run complete\n"; fi |
|
fi |
|
} |
|
|
|
|
|
function build_source |
|
{ |
|
if [ ! "$dry_run" ]; then |
|
printf " - directory $dir/$make_dir " |
|
if [ -d "$dir/$make_dir" ]; then |
|
printf "exists\n" |
|
cd "$dir/$make_dir" |
|
printf " - compiling source\n" |
|
make prefix=$install_dir all |
|
make prefix=$install_dir install |
|
else |
|
printf "does not exist\n" |
|
fi |
|
fi |
|
} |
|
|
|
|
|
########## BEGIN ########## |
|
system=`uname -s` |
|
case $system in |
|
Darwin) |
|
sed_command="sed -E " |
|
;; |
|
Linux) |
|
sed_command="sed -r " |
|
;; |
|
*) |
|
sed_command="sed" |
|
;; |
|
esac |
|
|
|
# iterate through command line arguments |
|
for arg in "$@"; do |
|
if [ "--usage" == "$arg" ] || [ "--help" == "$arg" ]; then |
|
display_usage |
|
exit 0 |
|
elif [ "--dry-run" == "$arg" ]; then |
|
dry_run="true" |
|
sed_args="-n -e" |
|
else |
|
echo "Unknown option: $arg" |
|
display_usage |
|
exit 0 |
|
fi |
|
done |
|
|
|
# verify wheel group is in sudoers |
|
file="/etc/sudoers" |
|
printf "Configure /etc/sudoers\n" |
|
check_sudoers |
|
|
|
# modify sed arguments, depending on whether dry_run flag is set |
|
if [ ! "$dry_run" ]; then |
|
sed_ext=".old" |
|
sed_args="-i$sed_ext -e" |
|
fi |
|
|
|
# set up header and footer to be included in each changed file |
|
now=`date` |
|
header="### Rx: modified by setup script - " |
|
footer="### Rx: end of modifications - " |
|
disabled=" # - disabled - " |
|
|
|
# set up temporary path |
|
PATH=/bin:/usr/bin:/usr/sbin:$PATH |
|
|
|
|
|
########## update yum packages ########## |
|
if [ "Linux" == $system ]; then |
|
printf "\nUpdate yum packages\n" |
|
if [ "$dry_run" ]; then |
|
yum check-update |
|
printf " - dry run complete\n" |
|
else |
|
yum -y update |
|
fi |
|
fi |
|
|
|
|
|
########## add common aliases to /etc/bashrc ########## |
|
file="/etc/bashrc" |
|
read -d '' append <<EOF |
|
$header$now |
|
alias la='/bin/ls -al' |
|
alias psg='/bin/ps ax | grep' |
|
alias ps='/bin/ps -auxc' |
|
alias path='/bin/echo \$PATH' |
|
alias tm='sudo tail -F -n 1000 /var/log/maillog' |
|
$footer$now |
|
EOF |
|
printf "\nAdd common aliases to $file\n" |
|
remove_previous_modifications |
|
append_to_file |
|
|
|
|
|
########## modify PATH variable in /root/.bash_profile ########## |
|
file="/root/.bash_profile" |
|
read -d '' append <<EOF |
|
$header$now |
|
PATH=$PATH:/usr/local/bin |
|
export PATH |
|
$footer$now |
|
EOF |
|
printf "\nModify PATH variable in $file\n" |
|
remove_previous_modifications |
|
append_to_file |
|
|
|
|
|
########## add global EDITOR variable to /etc/profile.d/editor.sh ########## |
|
file="/etc/profile.d/editor.sh" |
|
read -d '' append <<EOF |
|
$header$now |
|
EDITOR=/usr/bin/nano |
|
$footer$now |
|
EOF |
|
printf "\nAdd global EDITOR variable to $file\n" |
|
remove_previous_modifications |
|
append_to_file |
|
|
|
|
|
########## configure /etc/ssh/sshd_config ########## |
|
if [ "Darwin" == $system ]; then |
|
file="/etc/sshd_config" |
|
elif [ "Linux" == $system ]; then |
|
file="/etc/ssh/sshd_config" |
|
else |
|
file="" |
|
fi |
|
read -d '' append <<EOF |
|
$header$now |
|
PermitRootLogin no |
|
UsePAM no |
|
# per http://www.broadbandreports.com/forum/remark,12601792~mode=flat |
|
KeepAlive no |
|
MaxStartups 10 |
|
LoginGraceTime 120 |
|
ClientAliveInterval 60 |
|
ClientAliveCountMax 1 |
|
|
|
# disable PasswordAuthentication once public key login is working |
|
PasswordAuthentication yes |
|
$footer$now |
|
EOF |
|
printf "\nConfigure $file\n" |
|
parameter="PasswordAuthentication|UsePAM" |
|
comment_lines |
|
remove_previous_modifications |
|
append_to_file |
|
if [ ! "$dry_run" ]; then |
|
if [ "Darwin" == $system ]; then |
|
printf " - restarting com.openssh.sshd via launchctl\n" |
|
launchctl stop com.openssh.sshd |
|
launchctl start com.openssh.sshd |
|
elif [ "Linux" == $system ]; then |
|
printf " - restarting service sshd\n" |
|
/sbin/service sshd restart |
|
fi |
|
fi |
|
|
|
|
|
########## install git from source ########## |
|
dir="/tmp/src" |
|
dir_mode="755" |
|
yum_packages="zlib-devel openssl-devel cpio expat-devel gettext-devel curl-devel gcc gcc-c++ httpd-devel apr-devel readline-devel" |
|
link="http://git-core.googlecode.com/files/git-1.7.9.3.tar.gz" |
|
tar_dir="$dir" |
|
install_dir="/usr/local" |
|
printf "\nInstall git\n" |
|
verify_or_create_dir |
|
download_source |
|
build_source |
|
|
|
link="http://git-core.googlecode.com/files/git-manpages-1.7.9.3.tar.gz" |
|
tar_dir="/usr/local/share/man" |
|
printf "\nInstall git man pages\n" |
|
yum_packages="" |
|
download_source |
|
if [ "$dry_run" ]; then |
|
printf " - dry run complete\n" |
|
else |
|
printf " - unarchiving file $targz\n" |
|
tar zxvf $targz -C $tar_dir |
|
fi |
|
|
|
|
|
########## install sqlite3 from source ########## |
|
dir="/tmp/src" |
|
dir_mode="755" |
|
yum_packages="gcc" |
|
link="http://sqlite.org/sqlite-amalgamation-3.7.3.tar.gz" |
|
tar_dir="$dir" |
|
printf "\nInstall sqlite3\n" |
|
verify_or_create_dir |
|
download_source |
|
|
|
if [ ! "$dry_run" ]; then |
|
printf " - directory $dir/$make_dir " |
|
if [ -d "$dir/$make_dir" ]; then |
|
printf "exists\n" |
|
cd "$dir/$make_dir" |
|
printf " - compiling source\n" |
|
./configure |
|
make |
|
make install |
|
else |
|
printf "does not exist\n" |
|
fi |
|
fi |
|
|
|
|
|
########## install rvm from script ########## |
|
dir="/tmp/src" |
|
dir_mode="755" |
|
yum_packages="gcc" |
|
script="rvm" |
|
link="http://rvm.beginrescueend.com/install/$script" |
|
printf "\nInstall Ruby Version Manager (rvm)\n" |
|
printf " - which rvm `which rvm`\n" |
|
if [ "$dry_run" ]; then |
|
printf " - dry run complete\n" |
|
else |
|
verify_or_create_dir |
|
printf " - downloading script $script\n" |
|
curl -L "$link" > "$dir/$script" |
|
printf " - executing script $script\n" |
|
bash < "$dir/$script" |
|
printf " - install Ruby 1.9.2\n" |
|
rvm install 1.9.2 |
|
printf " - set Ruby 1.9.2 as default\n" |
|
rvm use 1.9.2 --default |
|
fi |
|
|
|
# file="/etc/httpd/conf.d/passenger.conf" |
|
# read -d '' append <<EOF |
|
# $header$now |
|
# LoadModule passenger_module /usr/local/rvm/gems/ruby-1.9.2-p0/gems/passenger-3.0.0/ext/apache2/mod_passenger.so |
|
# PassengerRoot /usr/local/rvm/gems/ruby-1.9.2-p0/gems/passenger-3.0.0 |
|
# PassengerRuby /usr/local/rvm/wrappers/ruby-1.9.2-p0/ruby |
|
# $footer$now |
|
# EOF |
|
# printf "\nAdd common aliases to $file\n" |
|
# remove_previous_modifications |
|
# append_to_file |