#!/bin/bash # # LiHAS Grundinstallation Jessie Vserver ln -sf bash /bin/sh rm -rf /var/lib/apt/lists/* grep -ri 'APT::Cache-Limit' /etc/apt/* [ $? != 0 ] && cat << EOF >> /etc/apt/apt.conf.d/70debconf APT::Cache-Limit "100000000"; EOF apt-get clean # In case of distupgrade #apt-get -y update #apt-get -y --force-yes upgrade #apt-get -y --force-yes dist-upgrade #apt-get -y --force-yes upgrade >/etc/apt/sources.list echo '#deb http://deb.debian.org/debian/ buster main contrib non-free' >/etc/apt/sources.list.d/buster.list echo '#deb http://deb.debian.org/debian stretch-proposed-updates main contrib non-free' >/etc/apt/sources.list.d/stretch-proposed-updates.list echo '#deb http://deb.debian.org/debian sid main contrib non-free' >/etc/apt/sources.list.d/sid.list echo '#deb http://deb.debian.org/debian experimental main contrib non-free' >/etc/apt/sources.list.d/experimental.list echo 'deb http://ftp.lihas.de/debian/ stretch main' >/etc/apt/sources.list.d/lihas.list echo '#deb http://deb.debian.org/debian/ stretch-backports main contrib non-free' >/etc/apt/sources.list.d/stretch-backports.list echo 'deb http://deb.debian.org/debian stretch main contrib non-free' >/etc/apt/sources.list.d/stretch.list echo 'deb http://deb.debian.org/debian-security stretch/updates main contrib non-free' >/etc/apt/sources.list.d/stretch-security.list echo 'deb http://deb.debian.org/debian stretch-updates main contrib non-free' >/etc/apt/sources.list.d/stretch-updates.list cat << EOF > /etc/apt/preferences Package: * Pin: release a=stretch-backports Pin-Priority: 200 Package: * Pin: release n=stretch-proposed-updates Pin-Priority: 500 Package: * Pin: release n=stretch-updates Pin-Priority: 500 Package: * Pin: release n=sid Pin-Priority: 99 Package: * Pin: release n=buster Pin-Priority: 100 Package: * Pin: release n=stretch Pin-Priority: 500 Package: * Pin: release a=experimental Pin-Priority: 9 EOF apt -y install gpg dbus curl curl -q http://ftp.lihas.de/debian/apt-key-lihas.gpg | apt-key add - apt-get -y update # Debconf-Parameter setzen echo dash dash/sh select false | debconf-set-selections echo debconf debconf/frontend select Dialog | debconf-set-selections echo debconf debconf/priority select medium | debconf-set-selections echo nullmailer nullmailer/defaultdomain string | debconf-set-selections echo nullmailer shared/mailname string mail | debconf-set-selections echo nullmailer nullmailer/adminaddr string | debconf-set-selections echo nullmailer nullmailer/relayhost string mail | debconf-set-selections echo man-db man-db/auto-update boolean true | debconf-set-selections echo man-db man-db/install-setuid boolean false | debconf-set-selections echo ca-certificates ca-certificates/new_crts multiselect | debconf-set-selections echo ca-certificates ca-certificates/trust_new_crts select yes | debconf-set-selections echo tzdata tzdata/Areas select Europe | debconf-set-selections echo tzdata tzdata/Zones/Europe select Berlin | debconf-set-selections echo openssh-server openssh-server/permit-root-login boolean true | debconf-set-selections echo locales locales/default_environment_locale select None | debconf-set-selections echo locales locales/locales_to_be_generated multiselect de_DE ISO-8859-1, de_DE.UTF-8 UTF-8, de_DE@euro ISO-8859-15, en_US ISO-8859-1, en_US.ISO-8859-15 ISO-8859-15, en_US.UTF-8 UTF-8 | debconf-set-selections # zusaetzlich zu tzdata echo "Europe/Berlin" > /etc/timezone # nullmailer, damit nicht exim nachgezogen wird, z.B. bei rsnapshot apt-get -y install nullmailer s-nail bsd-mailx # zusaetzlich zu locales echo 'LANG=de_DE.UTF-8' > /etc/default/locale cat << EOF > /etc/locale.gen # This file lists locales that you wish to have built. You can find a list # of valid supported locales at /usr/share/i18n/SUPPORTED, and you can add # user defined locales to /usr/local/share/i18n/SUPPORTED. If you change # this file, you need to rerun locale-gen. de_DE ISO-8859-1 de_DE.UTF-8 UTF-8 de_DE@euro ISO-8859-15 en_US ISO-8859-1 en_US.ISO-8859-15 ISO-8859-15 en_US.UTF-8 UTF-8 EOF #cat /etc/locale.gen apt-get -y install debsums debconf-utils locales screen bash-completion aptitude man grep -q /etc/bash_completion /root/.bashrc || echo . /etc/bash_completion >> /root/.bashrc grep -q HISTTIMEFORMAT /root/.bashrc || echo 'export HISTTIMEFORMAT="%Y-%m-%d -- %H:%M:%S "' >>/root/.bashrc grep -q HISTSIZE /root/.bashrc || echo 'export HISTSIZE=50000' >>/root/.bashrc # lihas-keyring apt-get -y --allow-downgrades --allow-remove-essential --allow-change-held-packages --allow-unauthenticated install lihas-keyring vo # damit Key greift apt-get update apt-get -y install dialog less vim screen tzdata debconf ssh psmisc ncurses-term mktemp file debian-keyring logrotate rsync etckeeper mktemp logrotate bind9-host curl ca-certificates netcat strace lsof iotop procinfo mbuffer ftp openssl pigz pbzip2 sudo pxz pixz deborphan iperf needrestart # monitoring tools, without samba etc. apt-get -y install --no-install-recommends monitoring-plugins monitoring-plugins-basic monitoring-plugins-common monitoring-plugins-standard nagios-plugins-lihas check-mk-agent xinetd check-mk-agent-netstat-linux check-mk-agent-logins check-mk-agent-inventory-daily check-mk-agent-dnsclient check-mk-agent-apt-daily echo '$nrconf{kernelhints} = 0' >/etc/needrestart/conf.d/nokernelchecks.conf sed -i -e 's/yes/no/g' /etc/xinetd.d/check_mk /etc/init.d/xinetd restart #apt-get -y install debian-backports-keyring #locale-gen dpkg-reconfigure -f noninteractive debconf dpkg-reconfigure -f noninteractive tzdata dpkg-reconfigure -f noninteractive locales dpkg-reconfigure -f noninteractive dash dpkg-reconfigure -f noninteractive openssh-server # allow root login using password sed -i '/^PermitRootLogin/c \PermitRootLogin yes' /etc/ssh/sshd_config # grep -q 'UseDNS no' /etc/ssh/sshd_config || echo 'UseDNS no'>>/etc/ssh/sshd_config /etc/init.d/ssh restart # vim config # - place cursor where file was last edited [ ! -f /etc/vim/vimrc.local ] && cat << EOF > /etc/vim/vimrc.local syntax on colors elflord if has("autocmd") au BufReadPost * if line("'\"") > 1 && line("'\"") <= line("$") | exe "normal! g'\"" | endif endif EOF apt-get -y purge nano #apt-get -y purge libsystemd0 systemd bsdutils libsystemd0 bsdmainutils man-db apt-get -y dist-upgrade # rsyslog anpassen #if [ -f /etc/init.d/rsyslog ]; then # sed -i '/imklog/s/^/#/' /etc/rsyslog.conf #fi #echo -en '* hard nofile 32768\nroot hard nofile 32768' >/etc/security/limits.d/apache.conf # stoerende Dienste deaktivieren, pakete entfernen #[ -f /etc/init.d/hwclock.sh ] && update-rc.d hwclock.sh stop 99 0 1 2 3 4 5 6 S . #[ -f /etc/init.d/checkfs.sh ] && update-rc.d checkfs.sh stop 99 0 1 2 3 4 5 6 S . apt-get -y purge kmod #[ ! -e /dev/fd ] && ln -s /proc/self/fd /dev/fd # auf db2.printacon hat wheezy-installation /var/lock gefehlt: #[ ! -e /var/lock ] && ln -s /run/lock /var/lock # [da bei wheezyVS auf wheezyHost die rc-Symlinks untergehen:] # da bei jessieVS auf jessieHost die rc-Symlinks untergehen: #apt-get --reinstall install cron # git silencen ( if dpkg -l etckeeper > /dev/null ; then cd /etc git config --global user.name root git config --global user.email support@lihas.de git commit --amend --reset-author -m "things done" fi ) # remove dangeling symlink if [ -L /etc/resolv.conf ] && [ ! dpkg -l resolvconf > /dev/null ] ; then rm /etc/resolv.conf echo "" > /etc/resolv.conf echo "******* /etc/resolv.conf is EMPTY ********" fi # replace static /etc/mtab #rm /etc/mtab ; ln -s /proc/mounts /etc/mtab cat << EOF >/root/.screenrc hardstatus alwayslastline "%w" defscrollback 10000 EOF mkdir -p /root/.ssh cat << EOF >>/root/.ssh/authorized_keys ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDU4VaQxmTuW5SGzmdY/1lY9SQO/b6iD+8FKw4yRUwbUjVl1QdM6jwPjE/5f7Px59oanxu2IObm2p9QbcEUuVSAvMxi3T28QGLU7VJJy+h8DGWXxr8Sn5mnbF2sAF2vjBoJFsblFOKSLoIZgIwa0aR85yXIbgPqeTMWg/HujALMCuJ511WSPXruftjoHW2ZeFld1Uy/8a4M/fGuvukybmHJHLcZfrUM7OZq8aGVHRSnniqi5zCKOhG6k6r9qfK6PJliyHWhEvCAEz0rDc/pSAHjhgyCKOw3gL+yNfVLxm1W3VuxcZNZihHaYpb9i/BUoPZDiZ15gUMQrAep9VaC/CQNMGQgy8Le86Ubl4bZApssAkhhr45z9/brSGtWvKJb8XzSLfhqcVJAhXANh0RuSeMJNzlhQgyhzm9g5gNAYvDyoe8xRZ7pXUNxLTdcgen0EOYHPM+BujFv8g0Aw1PoE4N+d+TLE/xLh84+aGWC6Iu7IK7LcM/QdErKyrHEsKZVUjqkMyC+ODcdYlGVxGfQOWHaOztdaiVacuKhK2LD8xw3YC7KShEpFc47+il255qbGZ+PMbaAoXwabZer6HWnA6g1PSJpsjks6OjHNCRyWrZEfrJVboDE0UUZQuTOkHJxZc2f7w7lCrW7lnL2nW0LE7CMvCh7GpaJD6op3R5OT5hdOQ== are@lihas.de/2017 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC9ZxrBgZA8Bw+9wzZVyihD5Lq4uLjIk/bKHtp2rNSyNCQ/B+AJJ64mqWZXUayMIWlhoW1sNjyeC+7qm4H7XwwmBbwIon46UqwQCbU2wCe4ZCGba8YkADMQfZB5jDM9fPCZlbsZrne/XCeDJcTkSkTSnfveEAlQ5Ig1H3zCL+1zvwp500wfCUXipMD+9lak10t3apdksDyKno4Klxq2ETaAChTLxQcAfcb6U6BCncQF11upZ0mDm0/wP5k+4wamUdmhFA0WnK0C8JF08XM+cG20SHszvt3nAiAA3WpJnA/cmL8bTrEZUDiRYKvvhv+M1J4YezKzQfm5/t/HYvf4CSux jgr@lihas.de ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA0b0hckiy71cCccM4L0ElbUagbtcZkXPtPS4C1APVS7w4NwVFlccjUqjUzM+dGtZVrz92iJnl42bJe1CAyDWhaktJo5h/QsaqXSObq941rLiFOoS4/fcU+p1RwVSauW0H3obYsqnSH6oXKwMAqWXyH1vH2mbU9DpnNjnM+NVLVsF1khz7UojokUP5YRtDwlsTQRCh+BXPdKeGxYISrdPKK8l091GXvIYwKls0TonlQlu/ldFSs690DV/0t++y9eEzTs2pw0IdYMnoDxMrIulLXeb86tzui08dLQqtn8dsFN98n4D8ADmZz1kuVCxP2ZbmYGP7wO9D6E4c2jlq9LksIQ== rbe@lihas.de ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDHUZlKHY1mHpm70dEzrkf5yFTPYo2p9X7uHHoal7QaoDioPvXKmLzDhtRz7r+cfxrBrAokk0Ub4TRFaS2+tgwHgpTu7ESC7vV2u3vCBFqr90vmy1ZTr9IoXZpjJjxEvkMwxEJqmJcFoWTZi/+Bnfrh3qT6oV1Yv1BAxOYeAlWYjiCfW3T+0EJ/sdKcXduQJDoe7Z/jsif8eLAxZZuiHV57uLVHBDt1RLSQJvr+RWWn82LnPcvaq2AhBgp1B371vR0XhnK4cWEKp6QbMnl2ikemzngp/OtZbvD3JcXBjfMq2iaBFMdY1VRC6pHJ6RtjwkcQ564gAFpJVLWQb6RxZYPT jgr@laptop01.lihas.de ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDXBLWS5jKu0L+bqRPZ8le74xPjn/81Zy23+bd5z3tT87uL53ojtIyOakoS5ZzeTs2aIF+e/7VSLezWS5sT7N3/laNFgbykQKeyPcWOdc0ZCpHxBCTqm266T1cXVorMlycxQZoYkfPZjR4t+K0YFQeuwTbzu/JM4pJr2Rwce7CcE3TJoL+qvu6CQgg627fN51chNz2h8xq6Ylo35r46YSxoqQLpxLKlaAn/ytAMQvqNpjYGUUZDWYBVmB0oY2gxt77jKmKmk0RVpcQPmBM109vEyXBYRS8gcJYGCg+u6ejc5Z7ohK1x4504AKn9ViLNtW8CGjHVNg1oClslkw5BaOaV ubu@cato EOF #rm /etc/rc6.d/*reboot* apt-get -y upgrade # clean up packet cache apt-get clean apt-get autoremove