Kickstart - Seamus Murray's Notes about Linux and System Engineering

#  kickstart file created by Seamus Nov 29 2006


#  The following tasks are AutoMagicly configured with this script



#  The hard disks will be zeroed but you will be prompted for a partition scheme
#  User and Group accounts for the unix team will be added
#  The Unix team will be granted FULL Sudo access
#  The Message Of The Day will be set
#  the (CTRL/ALT/DEL) key combination will be disabled on the physical console 
#  Xinetd will be disabled (wont start up automatically)
#  Various Services will be disabled (wont start up automatically)
#  Various default redhat user accounts will be deleted
#  Remote loggin to the root account via SSH will be disabled
#  The ntpdaemon will be configured started and synced
#  The mondo packages and configuration files will be installed
#  The nagios agents will be installed
#  The strange label created by the installer for the swap partition is changed in the fstab file
#  A custom grub splash screen is copied



#  There is a separate file for configuring host for oracle

# dont forget that during the post install script phase you can switch to virtual terminal 3 and 4 
# and see what the script is doing. This is why there are so many echo's in this file





#System  language
lang en_AU

#Language modules to install
langsupport en_AU

#System keyboard
keyboard us

#System mouse
mouse

#Sytem timezone
timezone Moon/Crater

#Root password
rootpw --iscrypted xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

#Reboot after installation
reboot

#Use text mode install
text

#Install OS instead of upgrade
install

#Use NFS installation Media

nfs --server=xxx.xxx.com  --dir=/u1/Distros/rhes4u3/install

#System bootloader configuration
bootloader --location=mbr

#Clear the Master Boot Record
zerombr yes


# the following line will cause KickStart to ignor SAN disks during the OS install
ignoredisk --drives=sda,sdb,sdc,sdd,sde,sdf,sdg,sdh


#Partition clearing information
clearpart --all --initlabel 
part / --fstype ext3 --size 20480 --asprimary 
part /boot --fstype ext3 --size 150 --asprimary 
#part swap --size 4096
#part swap --size 8192
part swap --size 5120
part /var --fstype ext3 --size 5120
part /opt --fstype ext3 --size 25600
part /usr --fstype ext3 --size 5120 --asprimary 
part /tmp --fstype ext3 --size 5120
part /backup  --fstype ext3 --size 1 --grow

#System authorization infomation
auth  --useshadow  --enablemd5

#Network information
network --bootproto=dhcp --device=eth0

#Firewall configuration
firewall --disabled

#Do not configure XWindows
skipx

#Package install information
%packages --resolvedeps
@ base-x
@ text-internet
#@ ftp-server
#@ web-server
#@ development-tools
#@ admin-tools
#@ system-tools
kernel-smp
-system-config-httpd
-webalizer
lvm2
grub
-postfix
-squid
-spamassassin
-cadaver
-fetchmail
e2fsprogs
mkisofs
busybox
cdrecord

#oracle needs the following
binutils
compat-db
control-center
gcc
gcc-c++
glibc
glibc-common
gnome-libs
libstdc++
libstdc++-devel
make
pdksh
sysstat
xscreensaver
libaio

# docuemntum needs the following
#compat-libstdc++-296
#compat-libstdc++-33
compat-gcc-32
compat-gcc-32-c++



########### POST CONFIGURATIONS BEGIN AT THIS POINT ##############


%post
#

echo "setting time"
ntpdate ntp.ntp.com



echo "# disable the startup of unnecessary services"

chkconfig microcode_ctl off
chkconfig netfs off
chkconfig saslauthd off
chkconfig mdmonitor off
chkconfig mdmpd off
chkconfig irda off
chkconfig psacct off
chkconfig isdn off
chkconfig pcmcia off
chkconfig autofs off
#chkconfig portmap off
#chkconfig nfs off
#chkconfig nfslock off
chkconfig cups off
chkconfig dc_client off
chkconfig arptables_jf off
chkconfig dc_server off
chkconfig bcm5820 off
chkconfig squid off
chkconfig named off
chkconfig tux off
chkconfig cups off


echo  "removing unnecessary user accounts"

userdel lp
userdel sync
userdel shutdown
userdel halt
userdel mail
userdel news
userdel uucp
userdel operator
userdel games
userdel gopher
userdel ftp
userdel nscd
userdel rpc
userdel rpcuser
userdel mailnull
userdel xfs
userdel gdm
userdel desktop
userdel squid
userdel named

userdel ldap
userdel netdump

echo "#"
echo "# Disabling SSH ROOT login"
echo "#"
cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
sed -e "s/\#PermitRootLogin/PermitRootLogin\ no\#/" /etc/ssh/sshd_config.bak > /etc/ssh/sshd_config
echo;echo



echo "# Creating /etc/ntp.conf file..."

cp /etc/ntp.conf /etc/ntp.conf.bak




cat <<EOF >/etc/ntp.conf

# this file was created by the XXXX Custom kickstart script
# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default nomodify notrap noquery

restrict 127.0.0.1
driftfile /var/lib/ntp/drift
broadcastdelay  0.008
keys            /etc/ntp/key

# add Time servers
server 10.10.10.10

EOF



echo "# SYNC WITH NTP SERVER"
service ntpd stop
ntpdate 10.10.10.10

echo "# STARTING NTP SERVICE"

/etc/init.d/ntpd start


echo "# Configuring Console access rights"

cat <<EOF >/etc/default/console
CONSOLE=/dev/console
PASSREQ=YES
PATH=/usr/bin:
RETRIES=2
SLEEPTIME=4
SUPATH=/usr/sbin:/usr/bin:
SYSLOG=YES
SYSLOG_FAILED_LOGINS=2
TIMEOUT=60
UMASK=027
EOF


echo "# Configuring Password Parameters"

cat <<EOF >/etc/default/passwd
MAXWEEKS=5
MINWEEKS=0
PASSLENGTH=7
EOF



touch /.rhosts /.netrc /etc/hosts.equiv
chmod 0 /.rhosts /.netrc /etc/hosts.equiv


echo "# Setup admin user accounts and passwords"


groupadd -g 2000 UNIX
useradd XXXXX -u 99999 -c "XXXXX XXXXX " -p 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXx' -d /home/XXXXX





echo "# Creating SUDO permissions for UNIX team..."

cat <<EOF >/etc/sudoers

# sudoers file.
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the sudoers man page for the details on how to write a sudoers file.
#

# Host alias specification

# User alias specification

# Cmnd alias specification

# Defaults specification

# User privilege specification
root    ALL=(ALL) ALL
XXXXX   ALL=(ALL) ALL


# Uncomment to allow people in group wheel to run all commands
# %wheel    ALL=(ALL)   ALL

# Same thing without a password
# %wheel    ALL=(ALL)   NOPASSWD: ALL

# Samples
# %users  ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
# %users  localhost=/sbin/shutdown -h now

#aaron  ALL= /usr/bin /sbin/mount /cdrom,/sbin/umount /cdrom

EOF




# the following is to stop windows admins accidentally rebooting linux boxes when they share a KVM with windows
echo "#"
echo "# Disabling shutdown (CTRL/ALT/DEL)"
echo "#"
mv /etc/inittab /etc/inittab.bak
sed -e "s/^pf:/#pf:/" -e "s/^pr:/#pr:/" -e "s/^ca:/#ca:/"  /etc/inittab.bak > /etc/inittab
chmod 700 /etc/inittab
chown root:root /etc/inittab
echo;echo


#echo "#"
#echo "# Disable xinetd"
#echo "#"
#for service in `ls -1 /etc/xinetd.d`; do chkconfig $service off; done
#echo ;echo



echo " creating MOTD"
echo "" > /etc/motd
echo "+----------------------------------------------------+" >> /etc/motd
echo "| This system is the property of ME                  |" >> /etc/motd
echo "+----------------------------------------------------+" >> /etc/motd
echo "">> /etc/motd









# This will install mondo from an NFS mount and copy the config file

#local mount point for NFS
TEMP_MOUNT=/tmp/software
mkdir $TEMP_MOUNT

# Source of NSF share
NFS_SERVER=xxxxx.xxxxx.com
NFS_SHARE=/u1/software
APP_VERSION=mondo-v2.2
NFS_PATH=$NFS_SHARE/$APP_VERSION/


echo "mounting nfs share to install extra software"

mount $NFS_SERVER:$NFS_SHARE  $TEMP_MOUNT

# create diectories for mondo cd images
mkdir /u1
mkdir /u1/iso
mkdir /u1/iso/tmp
mkdir /u1/mondo



echo "# install of mondo packages"

#echo "installing mkisofs"
#rpm -ivh  $TEMP_MOUNT/$APP_VERSION/mkisofs-2.0-11.i386.rpm

#echo "installing cdrecord"
#rpm -ivh  $TEMP_MOUNT/$APP_VERSION/cdrecord-2.0-11.i386.rpm

echo "installing buffer"
rpm -ivh  $TEMP_MOUNT/$APP_VERSION/buffer-1.19-4.i386.rpm

echo "installing afio"
rpm -ivh  $TEMP_MOUNT/$APP_VERSION/afio-2.4.7-1.i386.rpm

echo "installing mindi"
rpm -ivh  $TEMP_MOUNT/$APP_VERSION/mindi-1.06-266.rhel3.i386.rpm

echo "installing mondo"
rpm -ivh  $TEMP_MOUNT/$APP_VERSION/mondo-2.2.0-2.rhel3.i586.rpm

# copy mondo run script
mkdir /usr/local/admin
cp  $TEMP_MOUNT/$APP_VERSION/mondo.sh /usr/local/admin/mondo
chmod 744 /usr/local/admin/mondo


echo "# Install of Nagios Agent"

# swap this variable from mondo to nagios
APP_VERSION=nagios-agent-2.5.2



rpm -Uvh $TEMP_MOUNT/$APP_VERSION/fping-2.4-1.b2.2.el4.rf.i386.rpm
rpm -Uvh $TEMP_MOUNT/$APP_VERSION/perl-Crypt-DES-2.05-3.2.el4.rf.i386.rpm
rpm -Uvh $TEMP_MOUNT/$APP_VERSION/perl-Digest-SHA1-2.07-5.i386.rpm
rpm -Uvh $TEMP_MOUNT/$APP_VERSION/perl-Digest-HMAC-1.01-13.noarch.rpm
rpm -Uvh $TEMP_MOUNT/$APP_VERSION/perl-Socket6-0.19-1.2.el4.rf.i386.rpm
rpm -Uvh $TEMP_MOUNT/$APP_VERSION/perl-Net-SNMP-5.2.0-1.2.el4.rf.noarch.rpm
rpm -Uvh $TEMP_MOUNT/$APP_VERSION/nagios-plugins-1.4-2.2.el4.rf.i386.rpm

cp $TEMP_MOUNT/$APP_VERSION/nrpe /usr/sbin
cp $TEMP_MOUNT/$APP_VERSION/nrpe.cfg /etc/nagios
cp $TEMP_MOUNT/$APP_VERSION/nrpe.xinetd /etc/xinetd.d/nrpe
echo "nrpe        5666/tcp     #nagios agent" >> /etc/services
useradd nagios
cp $TEMP_MOUNT/$APP_VERSION/check_nrpe /usr/lib/nagios/plugins/
cp $TEMP_MOUNT/$APP_VERSION/check_procs /usr/lib/nagios/plugins/




echo "editing the fstab file to remove the strange LABEL for the swap partition"
# with out changing this mondo restore gets confused

cp /etc/fstab /etc/fstab.bak
cat /etc/fstab.bak | sed s/LABEL\=SW\-/\\/dev\\// > /etc/fstab



echo "fstab has been edited"




echo "installing XXXX custom grub splash screen"
APP_VERSION=grub_custom_XXXX


echo "swapping the redhat grub splash screen with custom logo"
cp /boot/grub/splash.xpm.gz /boot/grub/splash.xpm.gz.orig
cp $TEMP_MOUNT/$APP_VERSION/XXXX_grub_grey.xpm.gz /boot/grub/splash.xpm.gz