View Single Post
  #3   (View Single Post)  
Old 6th November 2008
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,128
Default

Last year I used the following install.site script for a box called 'hercules'.
Code:
#!/bin/sh
. ./install.site.hercules 2>&1 | tee ./install.report
This way I have a log in the file 'install.report'.

Some snippets from the actual 'install.site.hercules' script which does the real work.
  • A modification of .profile:
    Code:
    #!/bin/sh
    echo  ------------------------------------------------
    echo "               Running $0 on hercules"
    echo  ------------------------------------------------
    
    # ----------------------------------------------------
    # -- KSH PROMPT 
    # --- /.profile is a hard link to /root/.profile so on
    
    PROFILES="/root/.profile /etc/skel/.profile"
    
    for file in $PROFILES ; do
        echo "$0: adding prompt to: $file"
        cat <<END >>$file
    
    # --- prompt
    # j65nko@zeno[/home/j65nko/] 
    #  \u   @ \h [    \w       ]
    
    PS1="\u@\h[\w]"
    export PS1
    
    export PAGER=less 
    
    END
    done
  • Disabling inetd:
    Code:
    # --- disable inetd
    FILE=/etc/rc.conf.local
    cat <<END  >>/etc/rc.conf.local
    inetd=NO
    END
  • Commenting out all lines from inetd.conf':
    Code:
    FILE=/etc/inetd.conf
    BACKUP=${FILE}.orig
    
    cp -p $FILE $BACKUP 
    sed -e 's/^[^#]/#/g' $BACKUP > $FILE
  • Apply an in-line patch of the sudoers file:
    Code:
    FILE=/etc/sudoers
    
    cat <<END_OF_PATCH | patch -b -p0 ${FILE}
    --- ORIG/sudoers        Wed Aug  8 13:45:04 2007
    +++ NEW/sudoers Wed Aug  8 13:54:56 2007
    @@ -17,7 +17,7 @@
     Defaults env_keep +="DESTDIR FETCH_CMD FLAVOR FTPMODE
    ATH PKG_TMPDIR RELEASEDIR SUBPACKAGE"
     
     # Uncomment to preserve the environment for users in 
    -#Defaults:%wheel !env_reset
    +Defaults:%wheel !env_reset
     
     # Runas alias specification
     
    @@ -26,7 +26,7 @@
     
     # Uncomment to allow people in group wheel to run all
     # and set environment variables.
    -# %wheel       ALL=(ALL) SETENV: ALL
    +%wheel ALL=(ALL) SETENV: ALL
     
     # Same thing without a password
     # %wheel       ALL=(ALL) NOPASSWD: SETENV: ALL
    END_OF_PATCH
    echo  --- patch script for: sudoers --- END
    I wrote a small script to generate this type of in-line patches
  • Patching ntpd.conf to sync to the local time server 192.168.222.10 :
    Code:
    FILE=/etc/ntpd.conf
    
    # --- patch it !
    cat <<END_OF_PATCH | patch -b -p0 ${FILE}
    --- ORIG/ntpd.conf      Thu Jun 28 06:24:00 2007
    +++ NEW/ntpd.conf       Thu Jun 28 06:24:50 2007
    @@ -5,8 +5,8 @@
     #listen on *
     
     # sync to a single server
    -#server ntp.example.org
    +server 192.168.222.10
     
     # use a random selection of 8 public stratum 2 servers
     # see http://twiki.ntp.org/bin/view/Servers/NTPPoolServers
    -servers pool.ntp.org
    +# servers pool.ntp.org
    END_OF_PATCH
  • Setting noatime and enable softupdates:
    Code:
    echo "softupdates on a"
    
    mv /etc/fstab /etc/fstab.orig
    cat /etc/fstab.orig | sed -e '/wd0a/  s/rw/rw,softdep,noatime/' >/etc/fstab
  • Add some packages:
    Code:
    # --- configure shared library cache with code stolen from "/etc/rc"
    
    if [ -f /sbin/ldconfig ]; then
            echo 'creating runtime link editor directory cache.'
            if [ -d /usr/local/lib ]; then
                    shlib_dirs="/usr/local/lib $shlib_dirs"
            fi
            if [ -d /usr/X11R6/lib ]; then
                    shlib_dirs="/usr/X11R6/lib $shlib_dirs"
            fi
            ldconfig $shlib_dirs
    fi
    
    # ---
    export PKG_PATH="ftp://mirror.hostfuss.com/pub/OpenBSD/snapshots/packages/amd64/"
    
    export PKG_CACHE=/home/packages
    mkdir -p ${PKG_CACHE}
    
    PACKAGES="fetchmail-6.3.8.tgz pine-4.64p4.tgz mutt-1.5.16p0.tgz ghostscript-8.54p1-a4-no_x11.tgz a2ps-4.13bp4-a4.tgz apsfilter-7.2.8p0.tgz irssi-0.8.11.tgz "
    
    echo Installing the following packages from $PKG_PATH
    echo $PACKAGES | tr ' ' '\n'
    echo -------------------------------------------------
    pkg_add -v $PACKAGES
    
    echo  ----------------------------------------------------------------------   
    echo "               $0 on hercules finished! "
    echo  ----------------------------------------------------------------------

CAVEAT: Please keep in mind that these snippets are tailored to OBSD 4.2 current of August 2007. So they are a year old and thus some of them will need to be modified to work on the just released 4.4.

I just show them here to give you some ideas
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote