Every time I setup a new server, I follow a series of steps on each server in order to get updates, set passwd, remove login via root user, customize a familiar environment (bashrc) and secure the server.
Is it possible to do all that using a script? The setup could include:
-
distro upgrades and updates
apt-get update
apt-get upgrade
-
adding users
adduser deployer
adduser deployer sudo
mkdir /home/deployer/.ssh
chmod 700 /home/deployer/.ssh
touch /home/deployer/.ssh/authorization_keys
deployer passwd
su deployer
cd to /home/deployer/.ssh/
sudo chown deployer .ssh/
-
Executing commands on local machine:
ssh-copy-id root@hostname.com
ssh-copy-id deployer@hostname.com
-
logging back onto server:
chmod 400 /home/deployer/.ssh/authorized_keys
chown deployer:deployer /home/deployer -R
5..6…7.. Customizing bashrc, editing sshd_config, installing ufw & logwatch
Best Answer
Use a Kickstart or equivalent process to manage the build. Use a configuration management product like Puppet to deploy your settings.
You can also use a little bit of scripting magic to kick off the configuration management at the end of your build to make it a seamless experience.
My script sets a static IP, configures OSSEC and performs a couple puppet runs to sort out all the dependencies then runs a yum update (I'm primarily a CentOS user).
It's possible to cobble together other methods of getting the same results but I've found this to be the most flexible method I've worked with.