Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- # Setup the script's directory variable to ensure that the script runs
- # properly regardless of where it's called from.
- umask 022
- DT=`date '+%Y%m%d'`
- FILELOCATION=$(readlink -f "$0")
- DIR=$(dirname "$FILELOCATION")
- # Determine the OS version, and set the OS variable.
- if grep -q -i "release 6" /etc/*-release; then
- OS="6"
- elif grep -q -i "release 5" /etc/*-release; then
- OS="5"
- else
- OS="other"
- fi
- # The below will setup the password expiration policy. To adjust to your own
- # policy, you will want to adjust the numbers to reflect your settings.
- login_defs() {
- sed -e 's/^PASS_MAX_DAYS.*/PASS_MAX_DAYS 90/' \
- -e 's/^PASS_MIN_DAYS.*/PASS_MIN_DAYS 21/' \
- -e 's/^PASS_MIN_LEN.*/PASS_MIN_LEN 8/' \
- -e 's/^PASS_WARN_AGE.*/PASS_WARN_AGE 7/' \
- /etc/login.defs > /tmp/tempfile
- cp /tmp/tempfile /etc/login.defs
- rm /tmp/tempfile
- }
- # Configure SSH to show the banner provided in the folder. Replace the contents
- # of the banner file to change what this is.
- banner_ssh() {
- sed -e 's/^#Banner.*/Banner \/etc\/banner/' /etc/ssh/sshd_config > /tmp/tempfile
- cp /tmp/tempfile /etc/ssh/sshd_config
- rm /tmp/tempfile
- }
- # This function will disabled selinux
- disable_selinux() {
- sed -e 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config > /tmp/tempfile
- cp /tmp/tempfile /etc/selinux/config
- rm /tmp/tempfile
- }
- # This will disabled the RHEL firewall
- disable_firewall() {
- for file in /etc/sysconfig/system-config-firewall \
- /etc/sysconfig/system-config-securitylevel
- do
- if [ -f $file ]; then
- sed -e 's/^--enabled/--disabled/' $file > /tmp/tempfile
- cp /tmp/tempfile $file
- rm /tmp/tempfile
- fi
- done
- }
- # This will create the opasswd file to allow for remembering old passwords.
- create_opasswd() {
- for file in /etc/security/opasswd
- do
- touch $file
- chown root:root $file
- chmod 0600 $file
- done
- }
- # This will create a backup of all the files we will be changing or overwriting.
- backup_files() {
- for file in \
- \
- /etc/pam.d/system-auth-ac \
- /etc/profile.d/hctra_custom.sh \
- /usr/local/bin/passwd.custom \
- /etc/login.defs \
- /etc/banner \
- /etc/motd \
- /etc/ssh/sshd_config \
- /etc/selinux/config \
- /etc/sysconfig/system-config-securitylevel \
- /etc/sysconfig/system-config-firewall \
- /etc/pam.d/password-auth-ac
- do
- if [ -f $file ]; then
- test -f $file.$DT || cp -p $file $file.$DT
- fi
- done
- }
- case $OS in
- 5)
- echo "Creating file backups"
- backup_files
- echo "Copying /etc/login.defs file"
- login_defs
- echo "Updating sshd_config to show Banner"
- banner_ssh
- echo "Disabling SELinux"
- disable_selinux
- echo "Disabling the Red Hat Firewall"
- disable_firewall
- create_opasswd
- echo "Setting up the MOTD, and Password policies"
- # The below files will copy the banner file, pam file for password complexity, and
- # the custom passwd command which specifies the required complexity when changing
- # the user password. Adjust these files to fit your needs.
- cp $DIR/5/system-auth-ac /etc/pam.d
- cp $DIR/hctra_custom.sh /etc/profile.d
- cp $DIR/passwd.custom /usr/local/bin
- cp $DIR/banner /etc
- cp $DIR/banner /etc/motd
- echo "Performing system updates"
- yum -y update && yum -y upgrade
- ;;
- 6)
- echo "Creating file backups"
- backup_files
- echo "Copying /etc/login.defs file"
- login_defs
- echo "Updating sshd_config to show Banner"
- banner_ssh
- echo "Disabling SELinux"
- disable_selinux
- echo "Disabling the Red Hat Firewall"
- disable_firewall
- create_opasswd
- echo "Setting up the MOTD, and Password policies"
- # The below files will copy the banner file, pam file for password complexity, and
- # the custom passwd command which specifies the required complexity when changing
- # the user password. Adjust these files to fit your needs.
- cp $DIR/6/system-auth-ac /etc/pam.d
- cp $DIR/6/password-auth-ac /etc/pam.d
- cp $DIR/hctra_custom.sh /etc/profile.d
- cp $DIR/passwd.custom /usr/local/bin
- cp $DIR/banner /etc
- cp $DIR/banner /etc/motd
- echo "Performing system updates"
- yum -y update && yum -y upgrade
- ;;
- other)
- echo "This operating system is not compatible."
- ;;
- esac
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement