#! /bin/sh echo $PATH > /tmp/kickstart-path-test-for-nick.txt pwd >> /tmp/kickstart-path-test-for-nick.txt /bin/mount >> /tmp/kickstart-path-test-for-nick.txt # Set up ntp: /bin/cp /etc/ntp.conf /tmp/ntp.conf-orig /bin/sed '/^server.*$/s//server ictlab.tyict.vtc.edu.hk/ /^fudge/s//#&/ /^multicastclient/s//#&/ /^broadcastdelay/s//#&/' /tmp/ntp.conf-orig > /tmp/ntp.conf /usr/bin/install -m644 /tmp/ntp.conf /etc/ntp.conf /bin/rm /tmp/ntp.conf-orig /tmp/ntp.conf /sbin/chkconfig --level 345 ntpd on # Set up autofs access to the server. # Note: must cope with where has already been set up. if ! grep '/\.auto[[:space:]]\+/etc/auto.ftp' /etc/auto.master > /dev/null 2>&1 then /bin/cp /etc/auto.master /tmp/auto.master-orig /bin/sed '/\/.misc/s//#&/' /tmp/auto.master-orig > /tmp/auto.master echo "/.auto /etc/auto.ftp --timeout=60" >> /tmp/auto.master /usr/bin/install -m644 /tmp/auto.master /etc/auto.master /bin/rm /tmp/auto.master-orig /tmp/auto.master fi echo "ftp -ro,soft,intr ictlab.tyict.vtc.edu.hk:/var/ftp/pub" > /etc/auto.ftp /bin/mkdir /.auto /bin/ln -s .auto/ftp /ftp /sbin/chkconfig --level 345 autofs on # Add Nick to the sudoers file: if ! grep nicku /etc/sudoers > /dev/null 2>&1; then echo "nicku ALL=(ALL) ALL" >> /etc/sudoers fi if ! grep nickl /etc/sudoers > /dev/null 2>&1; then echo "nickl ALL=(ALL) ALL" >> /etc/sudoers fi # configure for local accounts, and make one for Nick: /bin/mkdir /home2 > /dev/null 2>&1 /usr/sbin/useradd -D -b /home2 /usr/sbin/useradd -c "Nick Urbanik (local)" nickl /usr/sbin/usermod -p '$1$Gdorsn4J$T1EQKjXAHUSEyLEhMcDry.' nickl # Turn some evil stuff off: /sbin/chkconfig --level 345 telnet off /sbin/chkconfig --level 345 finger off /sbin/chkconfig --level 2345 ipchains off /sbin/service ipchains stop # Install the wonderful keychain: mkdir /mnt/temp mount 172.19.64.52:/var/ftp/pub/tarball /mnt/temp install -m755 /mnt/temp/keychain/keychain /usr/bin umount /mnt/temp rmdir /mnt/temp # The wonderful all encompassing remote upgrade and system configuration # system. # How it works: # system admin runs a script that loops though all machines, not resting # until a script has been transferred to /root/bin. This script can do # anything; it can change or crate configuraton files, mount a network # drive and install software, apply updates, etc, etc. # A cron job runs periodically on each client. # If script is newer than a reference file, # touch the reference file # run the script. # Implementation for client: # Have system admin's public ssh key in /root/.ssh/authorized_keys2 # would be nice to put sysadmin's host key in /etc/ssh/known_hosts, but... # have the dir /root/bin # root's cron runs a script in /root/bin that implements the logic above # Say run at lunchtime, 12.30 daily. # call the script that system admin uploads configure-system # call the cron script: check-and-configure # call the reference script /root/bin/last-run-at-this-time # Install cron job if not already installed: if ! grep check-and-configure /var/spool/cron/root > /dev/null 2>&1 then echo "30 12 * * * /root/bin/check-and-configure" >> /var/spool/cron/root fi chmod 600 /var/spool/cron/root # create script: mkdir /root/bin > /dev/null 2>&1 cat <<'END_OF_SCRIPT' > /root/bin/check-and-configure #! /bin/sh if [ /root/bin/configure-system -nt /root/bin/last-run-at-this-time ] then touch /root/bin/last-run-at-this-time chmod 700 /root/bin/configure-system /root/bin/configure-system fi END_OF_SCRIPT chmod 700 /root/bin/check-and-configure # Install the sysadmin's public key: mkdir /root/.ssh > /dev/null 2>&1 if ! grep nicku@nickpc.tyict.vtc.edu.hk /root/.ssh/authorized_keys2 > /dev/null 2>&1 then echo 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA0MuUzKus0c1HcRgHyr1KvwxigG2smHgsfwJJtrXNMCkvCvhBJQt0Ql78IqyQU6vBjSFc+p9iaZhw1CdpKLFBGDDxvVqu6IE4f3YT/Nx8T5BFmOWHydNJsDInoUv7akRWbFLkuvr/uEXLMqcYL7yO+hwJzR//QbU4YFDjk1zulAs= nicku@nickpc.tyict.vtc.edu.hk' > /root/.ssh/authorized_keys2 fi chmod 700 /root/.ssh chmod 600 /root/.ssh/authorized_keys2 # Other stuff to do: # setup up autorpm to automatically upgrade. # Include the proxy and other settings. # Add Red Hat's gpg public key to root's keyring.