https://github.com/green-fox-academy/safely-syllabus/tree/master/materialreview/scripts/bash
##### 3. linuxadmin part of exam preparation #####
Typical Admin tasks
Install the httpd package
Create a user and the corresponding group as webmaster for the website administrator
The webmaster SSH public key is this:
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBaVwDbVfjWUudsIHLQFdfekvdm2S1eYBCw7tZx0U1+gaXOd5LX2cq3P2YEBImsoUl0c9R0wOlf7w6H1bKLYtaCeyKByiyYUBQyU/VmeFH9RUOw1uJzIuuHaOMVx1GuONzymGhTpiPi0x+2gsBDLtdJCq5AiH/8QHJ7BcNNqgjK8kIHPT6gaaXgboy6hIw5KGOnw1+y9yGRXhRWT4vAjncoK7P1UO3BTcc42OpDOdet1E5iGzYAd6lIF6lpjPuJBTvdYZDt33I6vXCSBBnI8tlx7HPSj0ULP+kHl8MAY2Nqv/aRBG8LQULT/QhmG7+y4LVtASJGnylcMRt1i3ojiIx root@408cd9fb18a8
Copy it to the right place.
The /var/web directory is no longer needed, delete it
Create a folder for a website in progress: /var/www
Create an index.html file here with arbitrary content
Download the following image to the /var/www directory along with the HTML file: image
Tip: to download, you can use the wget command, for example
The /var/www folder and all files in it should be owned by the webmaster user and group
Set the permissions on the /var/www folder so that only the webmaster user can write to it, but everyone can see and access it.
Set the permissions on the files inside the /var/www folder so that only the webmaster user and group can read and write, everyone else can read, and the files cannot be run
function admintasks()
{
yum -y install httpd
groupadd webmaster
useradd -g webmaster webmaster
#mkdir -p ~/.ssh
mkdir -p /home/webmaster/.ssh
touch /home/webmaster/.ssh/authorized_keys
echo ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBaVwDbVfjWUudsIHLQFdfekvdm2S1eYBCw7tZx0U1+gaXOd5LX2cq3P2YEBImsoUl0c9R0wOlf7w6H1bKLYtaCeyKByiyYUBQyU/VmeFH9RUOw1uJzIuuHaOMVx1GuONzymGhTpiPi0x+2gsBDLtdJCq5AiH/8QHJ7BcNNqgjK8kIHPT6gaaXgboy6hIw5KGOnw1+y9yGRXhRWT4vAjncoK7P1UO3BTcc42OpDOdet1E5iGzYAd6lIF6lpjPuJBTvdYZDt33I6vXCSBBnI8tlx7HPSj0ULP+kHl8MAY2Nqv/aRBG8LQULT/QhmG7+y4LVtASJGnylcMRt1i3ojiIx root@408cd9fb18a8 >> /home/webmaster/.ssh/authorized_keys
rm -rf /var/web
mkdir /var/www
echo something > /var/www/index.html
wget https://upload.wikimedia.org/wikipedia/commons/9/92/Penguin_Admin.svg -P /var/www
chown webmaster:webmaster /var/www
chmod a+rx,u+w /var/www
chmod -R a=r,ug=rw /var/www/*
}
##### 3rd exam linuxadmin part ######
Typical Admin tasks
Create a new user named mysql-backup and a group with the same name
Create a new file in the home folder of mysql-backup named hello.txt with any content
Create a folder for a database in progress: /var/mariadb-data
Download an installation script from here: mariadb_repo_setup to /var/setup
Tip: to download, you can use the wget command, for example
Set the permissions of /var/setup/mariadb_repo_setup so that everyone can run it and everyone can read its contents, but only the owner user and group can write to it
The /var/mariadb-data folder and all files in it should be owned by the mysql-backup user and group
Set the permissions on /var/mariadb-data so that no one can write to it, but everyone can see and list its contents.
Install the package called mariadb-server
A /var/web directory exists in the container, but it is no longer needed, delete it and its contents
Create the /etc/systemd/system folder
Create the file /etc/systemd/system/mariadb.service with the following content:
[Service]
ExecStart=/usr/sbin/mysqld
function mysql()
{
groupadd mysql-backup
useradd -g mysql-backup mysql-backup
mkdir -p /home/mysql-backup/
echo "like content" >/home/mysql-backup/hello.txt
mkdir /var/mariadb-data
wget https://downloads.mariadb.com/MariaDB/mariadb_repo_setup -P /var/setup
chmod -R a=rx,ug+w /var/setup/mariadb_repo_setup
chown mysql-backup:mysql-backup /var/mariadb-data
chown mysql-backup:mysql-backup /var/mariadb-data/*
chmod -R a=rx,a-w /var/mariadb-data
yum -y install mariadb-server
rm -rf /var/web
mkdir /etc/systemd/system
echo -e "[Service]\nExecStart=/usr/sbin/mysqld" > /etc/systemd/system/mariadb.service
}
mysql
###### LINUXadmin project tasks #####
1) Disallow the root user to log in via SSH.
#!/usr/bin/bash
#futtatas before:
#chmod a+x ~/Megoldasaim/Linux-Admin/001.sh
sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config-_`date +"%Y%m%d_%H%M%S"`
this="#PermitRootLogin prohibit-password
this="PermitRootLogin no"
what="/etc/ssh/sshd_config"
sed -i "s/$ez/$erre/g" $miben
2) SElinux function is switched off.
#!/usr/bin/bash
#futtatas before:
#chmod a+x ~/Megoldasaim/Linux-Admin/001.sh
sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config-_`date +"%Y%m%d_%H%M%S"`
this="#PermitRootLogin prohibit-password
this="PermitRootLogin yes"
miben="/etc/ssh/sshd_config"
sed -i "s/$ez/$erre/g" $miben
[User3@linux9 Linux-Admin]$ nano 001.sh
[User3@linux9 Linux-Admin]$ cat 002.sh
#!/usr/bin/bash
#futtatas before:
#chmod a+x ~/Megoldasaim/Linux-Admin/002.sh
sudo cp /etc/selinux/config /etc/selinux/config-_`date +"%Y%m%d_%H%M%S"`
this="SELINUX=enforcing"
this="SELINUX=disabled"
what="/etc/selinux/config"
sudo sed -i "s/$ez/$erre/g" $miben
#getenforce
#reboot
3) A disk is added to the server which is not yet in use
(20GB). The file system should be: XFS
#!/bin/bash
#elotte:
#chmod a+x ~/Megoldasaim/Linux-Admin/003.sh
sudo ls /sys/class/scsi_host | sudo awk '{print "echo \"- - -\" > /sys/class/scsi_host/" $1 "/scan" }' | sudo /usr/bin/bash
lsblk
#(echo n; echo p;echo ""; echo ""; echo ""; echo w )| sudo fdisk /dev/sdb
<<com
echo "n
p
1
w
"|sudo fdisk /dev/sdb
com
#sudo sfdisk /dev/sdb
echo -e 'n\np\n\n\n\n\nw\n'|sudo fdisk /dev/sdb
echo --------------------------------------------------------------------------------------------
sudo mkfs.xfs -f /dev/sdb1
4) Add it to the machine with /WEBDATA mount point and the volume label:
WEBDATA
#!/bin/bash
#elotte:
#chmod a+x ~/Megoldasaim/Linux-Admin/004.sh
sudo mkfs.xfs -f /dev/sdb1 -L WEBDATA
sudo mkdir -p /WEBDATA
sudo mount /dev/sdb1 /WEBDATA
5) Under /WEBDATA create a portal, an interface and a bin
library.
#!/bin/bash
#elotte:
#chmod a+x ~/Megoldasaim/Linux-Admin/004.sh
sudo mkdir -p /WEBDATA/portal
sudo mkdir -p /WEBDATA/interface
sudo mkdir -p /WEBDATA/bin
6) Install the HTTPD web server, start it on boot
automatically.
#!/bin/bash
#elotte:
#chmod a+x ~/Megoldasaim/Linux-Admin/006.sh
sudo yum -y install httpd
sudo systemctl enable httpd.service
sudo systemctl start httpd.service
sudo systemctl status httpd.service
7) The web server should be accessible on port 8080. The /WEBDATA/bin directory
should be the root dirtectory of the web page.
#!/usr/bin/bash
#futtatas before:
#chmod a+x ~/Megoldasaim/Linux-Admin/007.sh
sudo cp /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf-_`date +"%Y%m%d_%H%M%S"`
this="Listen 80"
this="Listen 8080"
what="/etc/httpd/conf/httpd.conf"
sudo sed -i "s/$ez/$erre/g" $miben
this="/var/www/html"
this="/WEBDATA/bin"
miben="/etc/httpd/conf/httpd.conf"
sudo sed -i "s|$his|$erre|g" $miben
sudo systemctl restart httpd.service
sudo firewall-cmd --permanent --zone=public --add-port=8080/tcp
sudo firewall-cmd --reload
sudo firewall-cmd --list-all
8) Create an index.html here with the content PORTAL.
#!/bin/bash
#elotte:
#chmod a+x ~/Megoldasaim/Linux-Admin/008.sh
sudo touch /WEBDATA/bin/index.html
sudo echo "PORTAL" | sudo tee /WEBDATA/bin/index.html
sudo chown apache:apache /WEBDATA/bin/index.html
9) Create a weboperator account with the primary group
apache, and its ID is 2000.
#chmod a+x ~/Megoldasaim/Linux-Admin/009.sh
sudo useradd -u 2000 -g apache weboperator
10) The /WEBDATA volume should be owned by apache. The contents of the directory should be fully owned by apache.
permission, while members of the apache group have read-only access. The exception to this is the
portal directory, which can be written by the weboperator. If you have no other ideas, you can use the
change ownership rights for the portal library.
#!/bin/bash
#elotte:
#chmod a+x ~/Megoldasaim/Linux-Admin/010.sh
sudo chown apache:apache /WEBDATA
sudo chmod -R u+rwx,g+r /WEBDATA
sudo setfacl -m u:weboperator:rw /WEBDATA/portal
11) Create an RSA key for ssh login using the weboperator
for .
#!/bin/bash
#elotte:
#chmod a+x ~/Megoldasaim/Linux-Admin/002.sh
sudo mkdir -p /home/weboperator/.ssh
sudo echo -e 'y\n\n\n\n\n'|sudo ssh-keygen -t rsa -f /home/weboperator/.ssh/id_rsa
sudo chown -R weboperator /home/weboperator/.ssh
12) Install an FTP server (vsftpd).
#!/bin/bash
#elotte:
#chmod a+x ~/Megoldasaim/Linux-Admin/012.sh
sudo yum -y install vsftpd
sudo systemctl start vsftpd.service
sudo systemctl status vsftpd.service
13) The weboperator should be able to copy a file via ftp to /WEBDATA/portal.
#!/usr/bin/bash
#futtatas before:
#chmod a+x ~/Megoldasaim/Linux-Admin/013.sh
#https://www.ryadel.com/en/vsftpd-configure-different-home-folder-each-user-specific-directory/
sudo cp /etc/vsftpd/vsftpd.conf /etc/vsftpd/vsftpd.conf-_`date +"%Y%m%d_%H%M%S"`
this="listen=NO
this="listen=YES"
what="/etc/vsftpd/vsftpd.conf"
sudo sed -i "s/$ezt/$erre/g" $miben
this="listen_ipv6=YES"
this="listen_ipv6=NO"
in what="/etc/vsftpd/vsftpd.conf"
sudo sed -i "s/$ez/$erre/g" $miben
sudo echo "userlist_deny=NO
local_enable=YES
virtual_use_local_privs=YES
user_config_dir=/etc/vsftpd/user_config_dir/" | sudo tee -a /etc/vsftpd/vsftpd.conf
sudo cp /etc/vsftpd/user_list /etc/vsftpd/user_list-_`date +"%Y%m%d_%H%M%S"`
sudo echo "weboperator" | sudo tee -a /etc/vsftpd/user_list
sudo mkdir /etc/vsftpd/user_config_dir/
sudo cp /etc/vsftpd/user_config_dir/weboperator /etc/vsftpd/user_config_dir/weboperator-_`date +"%Y%m%d_%H%M%S"`
sudo touch /etc/vsftpd/user_config_dir/weboperator
sudo echo "local_root=/WEBDATA/portal
write_enable=YES" | sudo tee /etc/vsftpd/user_config_dir/weboperator
sudo systemctl restart vsftpd.service
sudo firewall-cmd --permanent --zone=public --add-service=ftp
sudo firewall-cmd --reload
sudo firewall-cmd --list-all
14) Create an interface account with apache as the primary group,
and its ID: 2001.
#!/bin/bash
#elotte:
#chmod a+x ~/Megoldasaim/Linux-Admin/014.sh
sudo useradd -u 2001 -g apache interface
sudo echo -e 'Password1\nPassword1'|sudo passwd interface
15) The interface should be able to upload files via ftp to /WEBDATA/interface.
#!/usr/bin/bash
#futtatas before:
#chmod a+x ~/Megoldasaim/Linux-Admin/015.sh
sudo setfacl -m u:interface:rwx /WEBDATA/interface
sudo cp /etc/vsftpd/vsftpd.conf /etc/vsftpd/vsftpd.conf-_`date +"%Y%m%d_%H%M%S"`
this="listen=NO
this="listen=YES"
what="/etc/vsftpd/vsftpd.conf"
sudo sed -i "s/$ezt/$erre/g" $miben
this="listen_ipv6=YES"
this="listen_ipv6=NO"
in what="/etc/vsftpd/vsftpd.conf"
sudo sed -i "s/$ez/$erre/g" $miben
sudo cp /etc/vsftpd/user_list /etc/vsftpd/user_list-_`date +"%Y%m%d_%H%M%S"`
sudo echo "interface" | sudo tee -a /etc/vsftpd/user_list
sudo mkdir /etc/vsftpd/user_config_dir/
sudo cp /etc/vsftpd/user_config_dir/interface /etc/vsftpd/user_config_dir/interface-_`date +"%Y%m%d_%H%M%S"`
sudo touch /etc/vsftpd/user_config_dir/interface
sudo echo "local_root=/WEBDATA/interface
write_enable=YES" | sudo tee /etc/vsftpd/user_config_dir/interface
sudo systemctl restart vsftpd.service
sudo firewall-cmd --permanent --zone=public --add-service=ftp
sudo firewall-cmd --reload
sudo firewall-cmd --list-all
16) Create a script that writes to the /root/log directory as ioperf.log
IO load per minute.The script should start every morning at 6:00 am and run until ~20:00 pm
fusson.
#!/bin/bash
1TP4I KNOW THAT IT'S TILL 22, BUT NOW IT'S NOT FUN :D 21:04
#elotte:
#chmod a+x ~/Megoldasaim/Linux-Admin/016.sh
sudo mkdir /root/log
echo "#!/bin/bash
sudo iostat | sudo tee -a /root/log/ioperf.log"| sudo tee ~/iostatbash.sh
sudo chmod a+x ~/iostatbash.sh
echo "*/1 6-22 * * * ~/iostatbash.sh"| tee -a ~/crontab-_`date +"%Y%m%d_%H%M"`
crontab ~/crontab-_`date +"%Y%m%d_%H%M"`
17) Create a script that writes to /root/log as cpuperf.log
CPU load per minute. The script should start every morning at 6:00 am and run until ~20:00 pm
fusson
#!/bin/bash
1TP4I KNOW THAT IT'S TILL 22, BUT NOW IT'S NOT FUN :D 21:04
#elotte:
#chmod a+x ~/Megoldasaim/Linux-Admin/017.sh
sudo mkdir /root/log
echo "#!/bin/bash
sudo top -b -n 1 | sudo tee -a /root/log/cpuperf.log" | sudo tee ~/cpustatbash.sh
sudo chmod a+x ~/cpustatbash.sh
echo "*/1 6-22 * * * ~/cpustatbash.sh"| tee -a ~/crontab-_`date +"%Y%m%d_%H%M"`
crontab ~/crontab-_`date +"%Y%m%d_%H%M"`
English (UK) 
Magyar 
Deutsch 
Русский 
简体中文
Leave A Comment