Annexe

1. Administration RHEL 7 / Centos 7

Centos 7 / RHEL 7 : activation de la console série en modifiant grub

Contexte : accéder à une appliance GNS3 en console série texte

https://gist.githubusercontent.com/goffinet/ea0df57d760293a5b861e63253dfeea4/raw/f5831b7ce002d58b590c95b09e53505163f4b3e5/centos7-grub-console.sh

#!/bin/bash
if [ "$(id -u)" != "0" ]; then
   echo "This script must be run as root" 1>&2
   exit 1
fi
cat << EOF > /etc/default/grub
# grub-mkconfig -o /boot/grub/grub.cfg
GRUB_TIMEOUT=5
GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)"
GRUB_DEFAULT=saved
GRUB_DISABLE_SUBMENU=false
GRUB_TERMINAL="serial console"
GRUB_SERIAL_COMMAND="serial --speed=115200"
GRUB_CMDLINE_LINUX="rd.lvm.lv=centos/root rd.lvm.lv=centos/swap console=ttyS0,115200n8"
GRUB_DISABLE_RECOVERY="false"
EOF
grub2-mkconfig -o /boot/grub2/grub.cfg
reboot

Centos 7 / RHEL 7 : compilation et installation de stress-ng

Contexte : exercice sur cpulimit, cgroups, nice/renice

https://gist.githubusercontent.com/goffinet/4e9622dee0dc1d4a2a7692ef7ece8224/raw/8659074d31e057465500bd051e436525604cf230/stress-ng.sh

#!/bin/bash
yum -y install git || apt-get install git
yum -y groupinstall 'Development Tools' || apt-get install build-essential git
cd /tmp
git clone git://kernel.ubuntu.com/cking/stress-ng.git
cd stress-ng
make
cp stress-ng /usr/bin
rm -rf /tmp/stress-*

Centos 7 / RHEL 7 : compilation et installation de John the Ripper 1.8.0*

Contexte : Tester la robustesse des mots de passe

https://gist.githubusercontent.com/goffinet/83565ebec963fed0c74d/raw/81d3b6e4cd6c54ad8fc3c1b83514b38a05926c12/jtrinstall.sh

#!/bin/bash
# Centos 7 John the Ripper Installation
yum -y install wget gpgme
yum -y group install "Development Tools"
cd
wget http://www.openwall.com/john/j/john-1.8.0.tar.xz
wget http://www.openwall.com/john/j/john-1.8.0.tar.xz.sign
wget http://www.openwall.com/signatures/openwall-signatures.asc
gpg --import openwall-signatures.asc
gpg --verify john-1.8.0.tar.xz.sign
tar xvfJ john-1.8.0.tar.xz
cd john-1.8.0/src
make clean linux-x86-64
cd ../run/
./john --test
#password dictionnary download
wget -O - http://mirrors.kernel.org/openwall/wordlists/all.gz | gunzip -c > openwall.dico

Centos 7 / RHEL 7 : routeur avec eth0=internal DHCP/DNS et eth1=public masquerading

Contexte : Créer un routeur nat IPv4

https://gist.githubusercontent.com/goffinet/0d2604d09e333d1842b7323d4cb536d8/raw/dd4cebffd7712debbaa83704e61f44e4c2fff83b/net.sh

#!/bin/bash
1_interfaces-ipv4 () {
hostnamectl set-hostname router
nmcli c mod eth0 ipv4.addresses 192.168.168.1/24
nmcli c mod eth0 ipv4.method manual
nmcli c mod eth0 connection.zone internal
nmcli c up  eth0
}
2_routing () {
sysctl -w net.ipv4.ip_forward=1
sysctl -p
}
3_firewall () {
systemctl enable firewalld
systemctl start firewalld
firewall-cmd --zone=internal --add-service=dns --permanent
firewall-cmd --zone=internal --add-service=dhcp --permanent
firewall-cmd --zone=internal --add-source=192.168.168.0/24 --permanent
firewall-cmd --zone=public --add-masquerade --permanent
firewall-cmd --reload
}
4_dhcp-dns () {
yum -y install dnsmasq*
echo "dhcp-range=192.168.168.50,192.168.168.150,255.255.255.0,12h" > /etc/dnsmasq.d/eth0.conf
echo "dhcp-option=3,192.168.168.1" >> /etc/dnsmasq.d/eth0.conf
systemctl enable dnsmasq
systemctl start dnsmasq
}

1_interfaces-ipv4
2_routing
3_firewall
4_dhcp-dns

2. Administration Debian 8 (Jessie) / Kali Linux 2

Complilation d'un noyau 4.9.8 dans une de Debian 8 pour une Debian 8

Contexte : Compilation du noyau Debian

https://gist.githubusercontent.com/goffinet/559f5e176fc60e14841e6ae033e1ad93/raw/bbd3b0b0d28389e0c83ab18a51e9e3f471f9b27f/kernel.deb.sh

#!/bin/bash
sudo apt update && apt update -yqq && apt dist-upgrade -yqq
sudo apt install git fakeroot build-essential ncurses-dev xz-utils libssl-dev bc -yqq
sudo apt install kernel-package -yqq
wget https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.9.8.tar.xz
unxz linux-4.9.8.tar.xz
wget https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.9.8.tar.sign
gpg2 --keyserver hkp://keys.gnupg.net --recv-keys 38DBBDC86092693E
gpg2 --verify linux-4.9.8.tar.sign
tar xvf linux-4.9.8.tar
cd linux-4.9.8/
cp /boot/config-$(uname -r) .config
make menuconfig
make-kpkg clean
fakeroot make-kpkg --initrd --revision=1.0.spec kernel_image kernel_headers -j 4
ls ../*.deb

3. Apache sous Debian 8

4. OpenVPN

Installation d'OpenVPN et configuration de clients

https://gist.githubusercontent.com/goffinet/aec2c7d85891e6078c5138c9f38de100/raw/7761dc2372604133e458091e19312cf6c5b71123/openvpn-install.sh

5. Scripts de virtualisation KVM/libvirt

https://github.com/goffinet/virt-scripts/

Cet ensemble de scripts pour Libvirt/Qemu/KVM vise à la fois, d'une part, à fournir rapidement des solutions de déploiement et de gestion de systèmes Linux, et d'autre part, à démontrer l'usage des scripts Bash à des fins pédagogiques.

On y trouve entre autres de quoi fabriquer automatiquement à partir de sources HTTP et un fichier de configuration (kickstart ou preseed) une distribution Debian 8, Ubuntu 16.04 ou Centos 7 à optimiser et à cloner.

On y trouve aussi un script d'installation d'images déjà préparées (Quickbuilder).

Native installation and post-installation

Purpose : gold image auto-creation

  1. autoprep.sh : prepare your system as virtualization host
  2. get-iso.sh : get iso distributions
  3. auto-install.sh : build a fresh Centos, Debian or Ubuntu system with http repos and kickstart files
  4. auto-install-tui.sh : auto-install.sh text user interface demo
  5. sparsify.sh : optimize space disk on the designated guest
  6. clone.sh : clone, sysprep and optimize builded guests
  7. hosts-file : print the running guests and their ipv4 address
  8. nested-physical.sh : nested installation

Devices creation

Purpose : disks and network creation

  1. add-isolated-bridge.sh : add an isolated libvirt bridge
  2. add-net-live.sh : attach a bridged network interface to a live guest
  3. add-storage.sh : attach an empty bit disk by Gb size

Quickbuilder

Purpose : deploy quickly centos7 debian7 debian8 ubuntu1604 kali metasploitable openwrt15.05 guests based on pre-builded and downloaded minimal images.

  • quickbuilder-install.sh : install quickbuilder procedure
  • define-guest-image.sh : Install pre-builded images (quickbuilder)
  • get_and_install_openwrt.sh : get and start openwrt with two interfaces

Start stop and remove guests

  1. start_all.sh : start all the defined guests
  2. destroy_and_undefine_all.sh : destroy, undefine all the guests with storage removing

Native installation and post-installation

Step 1 : Verify your installation

Script : autoprep.sh

Description : Setup KVM/Libvirtd/LibguestFS on RHEL7/Centos 7/Debian Jessie.

Usage :

# ./autoprep.sh

Step 2 : Get iso images (optionnal)

Script : get-iso.sh

Description : Get latest iso of Centos 7, Debian Jessie and Ubuntu Xenial.

Usage :

# ./get-iso.sh unknow
Erreur dans le script : ./get-iso.sh [ centos | debian | ubuntu ]

Step 3 : Build a guest automatically

Script : auto-install.sh

Description : Centos 7, Debian Jessie or Ubuntu Xenial fully automatic installation by HTTP Repo and response file via local HTTP.

Usage :

./auto-install.sh [ centos | debian | ubuntu ] guest_name

Note : Escape character is ^]

Step 4 : Sparse your native image

Script : sparsify.sh

Description : Sparse a disk. Great gain on disk space !

Usage :

./sparsify.sh guest_name

Check the disk usage : 2,0G

# du -h /var/lib/libvirt/images/ubuntu-gold-31122016.qcow2
2,0G    /var/lib/libvirt/images/ubuntu-gold-31122016.qcow2

Sparsify operation

# ./sparsify.sh ubuntu-gold-31122016

Sparse disk optimization
[   0,1] Create overlay file in /tmp to protect source disk
[   0,1] Examine source disk
[   4,3] Fill free space in /dev/sda1 with zero
 100% ⟦▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒⟧ --:--
[   6,9] Fill free space in /dev/u1-vg/root with zero
 100% ⟦▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒⟧ 00:00
[  70,6] Clearing Linux swap on /dev/u1-vg/swap_1
[  71,9] Copy to destination and make sparse
[ 191,4] Sparsify operation completed with no errors.
virt-sparsify: Before deleting the old disk, carefully check that the
target disk boots and works correctly.

Check the disk usage : 432M

# du -h /var/lib/libvirt/images/ubuntu-gold-31122016.qcow2
432M    /var/lib/libvirt/images/ubuntu-gold-31122016.qcow2

Step 5 : Clone your guest

Script : clone.sh

Description : Cloning a domain disk with sparsifying and Linux sysprep.

Usage :

./clone.sh original_guest_name clone_guest_name

Step 6 : Add the guest hostname resolution

Script :

Description : Print a new /etc/resolv.conf with the ip address and the hostname of running guests.

Usage :

./hosts-file.sh

For example :

# ./hosts-file.sh
192.168.122.152 d1
192.168.122.236 d2
192.168.122.190 d3
192.168.122.155 c1
192.168.122.100 c2
192.168.122.40 c3

To update your /etc/hosts :

./hosts-file.sh >> /etc/hosts

Manage network and storage

Script : add-isolated-bridge.sh

Description : add an isolated libvirt bridge named "lan" on "virbr3"

Usage :

./add-isolated-bridge.sh

Script : add-net-live.sh

Description : attach a bridged network interface to a live guest

Usage :

./add-net-live.sh guest_name

Script : add-storage.sh

Description : attach an empty bit disk by GB size

Usage :

./add-storage.sh guest_name disk_name size_in_GB

Next steps ...

  • Install ansible, add ssh hosts keys, create an ansible inventory and test your managed nodes.
  • Exploit snapshots and virtual storage
  • Exploit Freeipa, Pacemaker, Ovirt

Todo

  • auto-install.sh
    • Fedora
  • create_repo.sh : create local repo

6. Scripts de Manipulation

Evaluation d'expressions rationnelles

Regexp.sh

Contexte : Evaluation d'expression rationnelles.

#! /bin/sh
# Christophe Blaess, Scripts Shell Linux et Unix, p. 180.
# regexp.sh
EXPRESSION="$1"
# Eliminons l'expression des arguments de ligne de commande :
shift
# Puis comparons-la avec les chaines :
for chaine in "$@"
do
echo "$chaine" | grep "$EXPRESSION" > /dev/null
if [ $? -eq 0 ]
then
echo "$chaine : OUI"
else
echo "$chaine : NON"
fi
done

Script rm_secure.sh

Auteur : Christophe Blaess, Scripts Shell Linux et Unix, http://www.blaess.fr/christophe/articles/secure-your-rm-command.

Contexte : Ce script est utilisé comme point de départ du livre de Christophe Blaess.

rm_secure.sh

# http://www.blaess.fr/christophe/articles/secure-your-rm-command

    sauvegarde_rm=~/.rm_saved/

function rm
{
    local opt_force=0
    local opt_interactive=0
    local opt_recursive=0
    local opt_verbose=0
    local opt_empty=0
    local opt_list=0
    local opt_restore=0
    local opt

    OPTIND=0
    # Analyse des arguments de la ligne de commande
    while getopts ":dfirRvels-:" opt ; do
        case $opt in
            d ) ;; # ignor�e
            f ) opt_force=1 ;;
            i ) opt_interactive=1 ;;
            r | R ) opt_recursive=1 ;;
            e ) opt_empty=1 ;;
            l ) opt_list=1 ;;
            s ) opt_restore=1 ;;
            v ) opt_verbose=1 ;;
            - ) case $OPTARG in
                directory )     ;;
                force)        opt_force=1 ;;
                interactive )    opt_interactive=1 ;;
                recursive )    opt_recursive=1 ;;
                verbose )    opt_verbose=1 ;;
                help ) /bin/rm --help
                    echo "rm_secure:"
                    echo "  -e  --empty     vider la corbeille"
                    echo "  -l  --list      voir les fichiers sauv�s"
                    echo "  -s, --restore   r�cup�rer des fichiers"
                    return 0 ;;
                version ) /bin/rm --version
                    echo "(rm_secure 1.2)"
                    return 0 ;;
                empty )     opt_empty=1 ;;
                list )        opt_list=1 ;;
                restore )    opt_restore=1 ;;
                * )     echo "option ill�gale --$OPTARG"
                    return 1;;
            esac ;;
        ? )     echo "option ill�gale -$OPTARG"
            return 1;;
        esac
    done
    shift $(($OPTIND - 1))

    # Cr�er �ventuellement le r�pertoire
    if [ ! -d "$sauvegarde_rm" ] ; then
        mkdir "$sauvegarde_rm"
    fi

    # Vider la poubelle
    if [ $opt_empty -ne 0 ] ; then
        /bin/rm -rf "$sauvegarde_rm"
        return 0
    fi

    # Liste des fichiers sauv�s
    if [ $opt_list -ne 0 ] ; then
        ( cd "$sauvegarde_rm"
          ls -lRa * )
    fi

    # R�cup�ration de fichiers
    if [ $opt_restore -ne 0 ] ; then
        while [ -n "$1" ] ; do
            mv "${sauvegarde_rm}/$1" .
            shift
        done
        return
    fi

    # Suppression de fichiers
    while [ -n "$1" ] ; do
        # Pour les suppressions interactives, interroger l'utilisateur
        if [ $opt_force -ne 1 ] && [ $opt_interactive -ne 0 ] ; then
            local reponse
            echo -n "D�truire $1 ? "
            read reponse
            if [ "$reponse" != "y" ] && [ "$reponse" != "Y" ] &&
               [ "$reponse" != "o" ] && [ "$reponse" != "O" ] ; then
                shift
                continue
            fi
        fi
        if [ -d "$1" ] && [ $opt_recursive -eq 0 ] ; then
            # Les r�pertoires n�cessitent l'option r�cursive
            shift
            continue
        fi
        if [ $opt_verbose -ne 0 ] ; then
            echo "Suppression $1"
        fi
        mv -f "$1" "${sauvegarde_rm}/"
        shift
      done
}

    trap "/bin/rm -rf $sauvegarde_rm" EXIT

results matching ""

    No results matching ""