API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Sep 2nd, 2014
196
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 5.27 KB | None | 0 0
raw download clone embed print report
  1. #!/bin/bash
  2.  
  3. # Setup the script's directory variable to ensure that the script runs
  4. # properly regardless of where it's called from.
  5. umask 022
  6.  
  7. DT=`date '+%Y%m%d'`
  8.  
  9. FILELOCATION=$(readlink -f "$0")
  10. DIR=$(dirname "$FILELOCATION")
  11.  
  12. # Determine the OS version, and set the OS variable.
  13.  
  14. if grep -q -i "release 6" /etc/*-release; then
  15.  
  16. OS="6"
  17.  
  18. elif grep -q -i "release 5" /etc/*-release; then
  19.  
  20. OS="5"
  21.  
  22. else
  23.  
  24. OS="other"
  25.  
  26. fi
  27.  
  28. # The below will setup the password expiration policy. To adjust to your own
  29. # policy, you will want to adjust the numbers to reflect your settings.
  30.  
  31. login_defs() {
  32.  
  33. sed -e 's/^PASS_MAX_DAYS.*/PASS_MAX_DAYS 90/' \
  34. -e 's/^PASS_MIN_DAYS.*/PASS_MIN_DAYS 21/' \
  35. -e 's/^PASS_MIN_LEN.*/PASS_MIN_LEN 8/' \
  36. -e 's/^PASS_WARN_AGE.*/PASS_WARN_AGE 7/' \
  37. /etc/login.defs > /tmp/tempfile
  38. cp /tmp/tempfile /etc/login.defs
  39. rm /tmp/tempfile
  40. }
  41.  
  42.  
  43. # Configure SSH to show the banner provided in the folder. Replace the contents
  44. # of the banner file to change what this is.
  45.  
  46. banner_ssh() {
  47.  
  48. sed -e 's/^#Banner.*/Banner \/etc\/banner/' /etc/ssh/sshd_config > /tmp/tempfile
  49. cp /tmp/tempfile /etc/ssh/sshd_config
  50. rm /tmp/tempfile
  51. }
  52.  
  53. # This function will disabled selinux
  54.  
  55. disable_selinux() {
  56.  
  57. sed -e 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config > /tmp/tempfile
  58. cp /tmp/tempfile /etc/selinux/config
  59. rm /tmp/tempfile
  60. }
  61.  
  62. # This will disabled the RHEL firewall
  63.  
  64. disable_firewall() {
  65.  
  66. for file in /etc/sysconfig/system-config-firewall \
  67. /etc/sysconfig/system-config-securitylevel
  68. do
  69. if [ -f $file ]; then
  70. sed -e 's/^--enabled/--disabled/' $file > /tmp/tempfile
  71. cp /tmp/tempfile $file
  72. rm /tmp/tempfile
  73. fi
  74. done
  75. }
  76.  
  77. # This will create the opasswd file to allow for remembering old passwords.
  78.  
  79. create_opasswd() {
  80. for file in /etc/security/opasswd
  81. do
  82. touch $file
  83. chown root:root $file
  84. chmod 0600 $file
  85. done
  86. }
  87.  
  88. # This will create a backup of all the files we will be changing or overwriting.
  89.  
  90. backup_files() {
  91. for file in \
  92. \
  93. /etc/pam.d/system-auth-ac \
  94. /etc/profile.d/hctra_custom.sh \
  95. /usr/local/bin/passwd.custom \
  96. /etc/login.defs \
  97. /etc/banner \
  98. /etc/motd \
  99. /etc/ssh/sshd_config \
  100. /etc/selinux/config \
  101. /etc/sysconfig/system-config-securitylevel \
  102. /etc/sysconfig/system-config-firewall \
  103. /etc/pam.d/password-auth-ac
  104.  
  105. do
  106. if [ -f $file ]; then
  107. test -f $file.$DT || cp -p $file $file.$DT
  108. fi
  109. done
  110. }
  111.  
  112. case $OS in
  113. 5)
  114. echo "Creating file backups"
  115. backup_files
  116. echo "Copying /etc/login.defs file"
  117. login_defs
  118. echo "Updating sshd_config to show Banner"
  119. banner_ssh
  120. echo "Disabling SELinux"
  121. disable_selinux
  122. echo "Disabling the Red Hat Firewall"
  123. disable_firewall
  124. create_opasswd
  125. echo "Setting up the MOTD, and Password policies"
  126. # The below files will copy the banner file, pam file for password complexity, and
  127. # the custom passwd command which specifies the required complexity when changing
  128. # the user password. Adjust these files to fit your needs.
  129. cp $DIR/5/system-auth-ac /etc/pam.d
  130. cp $DIR/hctra_custom.sh /etc/profile.d
  131. cp $DIR/passwd.custom /usr/local/bin
  132. cp $DIR/banner /etc
  133. cp $DIR/banner /etc/motd
  134. echo "Performing system updates"
  135. yum -y update && yum -y upgrade
  136. ;;
  137. 6)
  138. echo "Creating file backups"
  139. backup_files
  140. echo "Copying /etc/login.defs file"
  141. login_defs
  142. echo "Updating sshd_config to show Banner"
  143. banner_ssh
  144. echo "Disabling SELinux"
  145. disable_selinux
  146. echo "Disabling the Red Hat Firewall"
  147. disable_firewall
  148. create_opasswd
  149. echo "Setting up the MOTD, and Password policies"
  150. # The below files will copy the banner file, pam file for password complexity, and
  151. # the custom passwd command which specifies the required complexity when changing
  152. # the user password. Adjust these files to fit your needs.
  153. cp $DIR/6/system-auth-ac /etc/pam.d
  154. cp $DIR/6/password-auth-ac /etc/pam.d
  155. cp $DIR/hctra_custom.sh /etc/profile.d
  156. cp $DIR/passwd.custom /usr/local/bin
  157. cp $DIR/banner /etc
  158. cp $DIR/banner /etc/motd
  159. echo "Performing system updates"
  160. yum -y update && yum -y upgrade
  161. ;;
  162. other)
  163. echo "This operating system is not compatible."
  164. ;;
  165. esac
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!