What are your first *nix steps?

fouadChk

Member
ajeroth said:
  1. https://sanctum.geek.nz/arabesque/vi-mode-in-bash/.https://help.ubuntu.com/community/SSH/OpenSSH/Keys
From experience, trying anything else without these first three is like pulling teeth.

It seems like a good plan. A missing point though is setting and enabling iptables (the firewall) right after login in for the first time. Setting up a key-based password-less authentication is of paramount importance too. Screen (or tmux) are essential when session persistence is necessary (to avoid interrupting long running tasks like updating the system or similar.)

All in all, you're on the right path.
 

catcher

New member
Code:
#!/bin/bash

#######################################################################################
# This script sets /etc/hosts file, changes root password, sets the hostname,
# creates user catcher, sets up ssh keys for catcher and root, updates apt-get source
# file, updates OS and installs basing set of packages

#######################################################################################
# TODO: Timestamping

#######################################################################################
# Environment setup

TTicRootPass=password
TTicCatcPass=password
export DEBIAN_FRONTEND=noninteractive
TTicPackList=`cat /home/catcher/scripts/instconf-base-files/TTicPackList`
TTicFilesPath=/home/catcher/scripts/instconf-base-files
TTicPackList=`cat /home/catcher/scripts/instconf-base-files/TTicPackList`
TTLog=/var/log/TTinstconf-base-`date +"$Y$m$d$H$M$S"`.log

#######################################################################################
# Code BEGIN

# Checking parameters

if [ "$#" != "1" ]; then
? ? ? ? echo "[ERR0] - Incorrect number of parameters"
? ? ? ? echo
? ? ? ? echo "instconf-base - HDCS base system installation script"
? ? ? ? echo
? ? ? ? echo "Usage:"
? ? ? ? echo "instconf-base host"
? ? ? ? echo "host\t- hostname of the installed node"
? ? ? ? echo
? ? ? ? echo "Mind that script exits with exit code 1, if no parameters are set"
? ? ? ? echo "or incorrect number of parameters is set"
? ? ? ? exit 1
fi

echo "[INFO] - This is HDCS Base system installation and configuration script."

# Setting hostname

#echo "[INFO] - Setting hostname"
#echo $1 > /etc/hostname
#echo "[ OK ] - Hostname set"

# Hostname setting check

#TTicHostF=`cat /etc/hostname`

#if [ "$1" != "$TTicHostF" ]; then
# echo "[ERR0] - Setting writing hostname into /etc/hostname file failed"
# exit 4
#fi

# Changing root password

#echo "[INFO] - Changing root password"
#echo "root:$TTicRootPass"|chpasswd

#if [ "$?" != "0" ]; then
# echo "[ERR0] - Changing root password failed"
# exit 5
#fi

#echo "[ OK ] - Root password changed"

# Verifying if existing /etc/hosts file already has HDCS Namespace in it

#echo "[INFO] - Verifying existing hosts file"
#TTicExistingHostsFileCheck=`grep "HDCS Namespace" /etc/hosts 2> /dev/null |wc -l`

#if [ "$TTicExistingHostsFileCheck" != "0" ]; then
# echo "[ERR0] - HDCS Namespace already imported! Exiting!"
# exit 2
#else
# echo "[ OK ] - Existing hosts file seems OK"
#fi

# Appending a newline and downloaded namespace into /etc/hosts

#echo "[INFO] - Importing namespace into hosts file"

# Backing up existing hosts file

#mkdir /root/backup 2> /dev/null
#cp /etc/hosts /root/backup/hosts-backup-`date +"%Y%m%d%H%M%S"`

# Adding HDCS namespace to /etc/hosts file

#echo >> /etc/hosts
#cat $TTicFilesPath/TThosts >> /etc/hosts
#echo "[ OK ] - Namespace imported"

# Verifying if imported successfuly

#echo "[INFO] - Verifying imported data"
#TTicImportedHostsCheck=`grep "HDCS Namespace" /etc/hosts 2> /dev/null |wc -l`

#if [ "$TTicImportedHostsCheck" = "1" ]; then
# echo "[ OK ] - Imported Data Seems OK"
#else
# echo "[ERR0] - Imported data NOT OK! Exiting!"
# exit 3
#fi

# Creating user catcher and setting it's password

echo "[INFO] - Creating user catcher"
#adduser --disabled-login --gecos Tomas catcher
#
#if [ "$?" != "0" ]; then
# echo "[WARN] - User creation failed (user catcher)"
#fi

chmod 700 /home/catcher

if [ "$?" != "0" ]; then
echo "[ERR0] - ACL securing catcher's home (chmod 700) failed"
exit 6
fi

echo "[ OK ] - Done creating user catcher"
#echo "[INFO] - Setting catcher's password"
#echo "catcher:$TTicCatcPass"|chpasswd

#if [ "$?" != "0" ]; then
# echo "[ERR0] - Changing catcher's password failed"
# exit 7
#fi

#echo "[ OK ] - Catcher's password set"

# Downloading catcher's rsa keys and known_hosts file from conman storage
# and copying them into .ssh of catcher

#echo "[INFO] - Setting up .ssh files for catcher"
#mkdir /home/catcher/.ssh 2> /dev/null
#chown catcher:catcher /home/catcher/.ssh
#chmod 700 /home/catcher/.ssh
#cat $TTicFilesPath/id_rsac > /home/catcher/.ssh/id_rsa
#cat $TTicFilesPath/id_rsac.pub > /home/catcher/.ssh/id_rsa.pub
#cat $TTicFilesPath/authorized_keys > /home/catcher/.ssh/authorized_keys
#chown catcher:catcher /home/catcher/.ssh/*
#chmod 600 /home/catcher/.ssh/authorized_keys
#chmod 600 /home/catcher/.ssh/id_rsa
#chmod 640 /home/catcher/.ssh/id_rsa.pub
#echo "[ OK ] - Done setting up .ssh files for catcher"

# Downloading root's rsa keys and known_hosts file from conman storage
# and copying them into .ssh of root

#echo "[INFO] - Setting up .ssh files for root"
#mkdir /root/.ssh 2> /dev/null
#chown root:root /root/.ssh
#chmod 700 /root/.ssh
#cat $TTicFilesPath/id_rsar > /root/.ssh/id_rsa
#cat $TTicFilesPath/id_rsar.pub > /root/.ssh/id_rsa.pub
#chown root:root /root/.ssh/*
#chmod 600 /root/.ssh/id_rsa
#chmod 640 /root/.ssh/id_rsa.pub
#echo "[ OK ] - Done setting up .ssh files for root"

# Downloading sources file from conman storage and replacing existing
# /etc/apt/sources.list with it

echo "[INFO] - Installing apt sources file"
mkdir /root/backup 2> /dev/null
cp /etc/apt/sources.list /root/backup/sources.list-backup-`date +"%Y%m%d%H%M%S"`
cat $TTicFilesPath/TTicSL > /etc/apt/sources.list
echo "[ OK ] - Apt sources files installed"

# Update the OS before installing new packages

echo "[INFO] - Updating OS"
apt-get -y --force-yes update > $TTLog 2>&1

if [ "$?" != "0" ]; then
echo "[ERR0] - 'apt-get update' failed in the first run"
exit 8
fi

apt-get -q -y --force-yes upgrade > /dev/null 2>&1

if [ "$?" != "0" ]; then
echo "[ERR0] - 'apt-get -q -y upgrade' failed"
exit 9
fi

echo "[ OK ] - OS update done"

# Downloading the list of packages for base installation from conman remote storage
# and installing them

echo "[INFO] - Installing packages"
apt-get -q -y --force-yes install $TTicPackList > $TTLog 2>&1

if [ "$?" != "0" ]; then
echo "[ERR0] - 'apt-get -q -y install' failed"
exit 10
fi

echo "[ OK ] - Packages installed"

# All seems to be done and OK, informing and exiting

echo "[INFO] - Installation of base system is done. Exiting"

exit 0

When the above script finishes, i have my basic system installed and configured. If i need the machine to be used as a desktop too, i have another, similar script:
Code:
#!/bin/bash

#############################################################################################
# This script imports x2go keyring, x2go repository data, installs x2go client and a bunch of
# other software, sets up catcher's configuration (some .config files, documents, icedove,
# .bash* files, .x2go and .xscreensaver), installs scripts and sets up ACLs

#############################################################################################
# TODO: Error checking
# TODO: Usage message and display
# TODO: Parameter set check

#############################################################################################
# Environment setup
TTin=/var/log/TTinstall.log
export DEBIAN_FRONTEND=noninteractive
TTicPackList=`cat /home/catcher/scripts/instconf-desktop-files/TTicPackList`

#############################################################################################
# Code BEGIN

# Copying files over to /root/

cp /home/catcher/scripts/instconf-desktop-files/* /root/


# Installing a bunch of software

echo "[INFO] - Installing software"

apt-get -y --force-yes install $TTicPackList >> $TTin 2>&1
echo "[ OK ] - Software installed"

# Importing catcher's .config structure

echo "[INFO] - Setting up catcher"

mkdir /home/catcher/.config
chown catcher:catcher /home/catcher/.config
cd
pigz -d /root/dotconfig.tar.gz
tar xf /root/dotconfig.tar
cp -r /root/dotconfig/.config/* /home/catcher/.config/
chown -R catcher:catcher /home/catcher/.config
echo "[ OK ] - Catcher set up"

# Importing Documents

echo "[INFO] - Copying data"

cd
pigz -d documents.tar.gz
tar xf documents.tar
mkdir /home/catcher/Documents
chown catcher:catcher /home/catcher/Documents
mv Documents/* /home/catcher/Documents/
chown -R catcher:catcher /home/catcher/Documents
echo "[ OK ] - Data copyied"

# Allowing catcher to do anything without a password

echo "[INFO] - Setting up sudoers"

echo >> /etc/sudoers
echo "catcher ? ?ALL=NOPASSWD: ALL" >> /etc/sudoers
echo "[ OK ] - Sudoers updated"

# Importing catcher's icedove config

#echo "[INFO] - Setting up icedove configuration"
#cd
#pigz -d ./icedove.tar.gz
#tar xf ./icedove.tar
#mv ./icedove /home/catcher/.icedove
#chown -R catcher:catcher /home/catcher/.icedove
#echo "[ OK ] - Icedove config imported"

# Importing .bash files

echo "[INFO] - Importing .bash* files"
cd
pigz -d ./dotbash.tar.gz
tar xf ./dotbash.tar
cp ./dotbash/r.bashrc /root/.bashrc
cp ./dotbash/c.bashrc /home/catcher/.bashrc
chown catcher:catcher /home/catcher/.bash*
chmod 600 /home/catcher/.bash*
echo "[ OK ] - rc files and history imported for root and catcher"

# Importing some more data for catcher

echo "[INFO] - Importing Notes, Firefox, recents, x2go and such for catcher"

cd
pigz -d moredots.tar.gz
tar xf moredots.tar
mkdir -p /home/catcher/.local/share/notes/Notes

for i in `ls ./moredots/`; do
mv ./moredots/$i /home/catcher/.local/share/notes/Notes/
done

chown -R catcher:catcher /home/catcher/.local
mv ./moredots/.mozilla /home/catcher/.mozilla
chown -R catcher:catcher /home/catcher/.mozilla

echo "[ OK ] - Notes, Firefox, recents, xscreensaver and x2go config imported for catcher"

#echo "[INFO] - Installing x2go client and importing x2goclient config"

# Running external script

#/home/catcher/scripts/instconf-x2goclient

#echo "[ OK ] - x2go client and config setup done"

# Setting up Terminal rc

echo "[INFO] - Setting up terminal rc for catcher"

mkdir -p /home/catcher/.config/Terminal 2> /dev/null
cp /home/catcher/scripts/instconf-desktop-files/terminalrc /home/catcher/.config/Terminal/
chown catcher:catcher /home/catcher/.config/Terminal/terminalrc
chmod 644 /home/catcher/.config/Terminal/terminalrc

echo "[ OK ] - terminalrc for catcher set up"

# Linking scripts into /usr/bin

#echo "[INFO] - Scripts ACL + linking to ?/usr/bin"

#for i in `file /home/catcher/scripts/*|grep "Bourne-Again shell script"|awk '{print $1}'|sed 's/://g'`; do
# chmod +x $i
# ln -s $i /usr/bin/`echo $i|awk -F/ '{print $NF}'` > /dev/null 2>&1
#done

#echo "[ OK ] - Scripts done"

# Setting ACL

echo "[INFO] - Setting ACL"
chown -R catcher:catcher /home/catcher
chmod -R 700 /home/catcher
chmod -R 700 /root
echo "[ OK ] - ACL setup done"

# Removing temporary files

echo "[INFO] - Cleaning up"

rm -rf /root/dotconfig*
rm -rf /root/documents*
rm -rf /root/scripts.tar
rm -rf /root/dotbash*
rm -rf /root/moredots*
rm -rf /root/icedove.tar

echo "[ OK ] - All is clean now"

# All seems to be done and OK, exiting

echo "[INFO] - All done, exiting"

exit 0

These are the first 2 steps i do with a new OS installation. Depending on what i want and what i don't want to be done, i'm editing the scripts (mostly commenting out and uncommenting) by hand before i run them.

The second script allowed me to skip the personal configuration of the XFCE environment, which always took a lot of time. Now it's done in a second.

Regards,
catcher
 

fouadChk

Member
catcher said:
The first thing i do with a fresh Linux install (base system only, no GUI) is that i run a script i have been developing for years now:
(.....................)

Regardless of those scripts content (don't have the time check on them,) what you did (i.e. developing your own setup_scripts) is what every self-respecting sysAdmin must do. I'm pretty sure this kind of tradition is starting to fade away due to the ever-increasing list of automation tools and all sort of point_&_click GUIs/Panels.

Kudos.
 

joknight

New member
Since I'm not administering any large scale installations, and just running a linux server for the home, first steps involve apt-get update, apt-get upgrade and apt-get dist-upgrade. Then SSH keys are setup for passwordless SSH login and drivers compiled for the rocketraid card. Once the mechanical storage is available, apt-get samba and setup users/shares. I run a website at home for my own reference, so apache, php and mysql installed and setup (no scripts yet, unfortunately haven't had the time, and I seem to change my mind rather frequently as to how I want to set it up! Oh...almost forgot the ClamAV and freshclam. Can't be too cautious.
 

dmull

New member
joknight said:
Since I'm not administering any large scale installations, and just running a linux server for the home, first steps involve apt-get update, apt-get upgrade and apt-get dist-upgrade. Then SSH keys are setup for passwordless SSH login and drivers compiled for the rocketraid card. Once the mechanical storage is available, apt-get samba and setup users/shares. I run a website at home for my own reference, so apache, php and mysql installed and setup (no scripts yet, unfortunately haven't had the time, and I seem to change my mind rather frequently as to how I want to set it up! Oh...almost forgot the ClamAV and freshclam. Can't be too cautious.

Need to start somewhere, and this is the somewhere! You sound so much like me. I like to tinker! Answer me this, how often do you reinstall as you feel it starts to get cluttered?

Do you like Ubuntu or Debian based OS?
 

joknight

New member
dmull said:
joknight said:
Since I'm not administering any large scale installations, and just running a linux server for the home, first steps involve apt-get update, apt-get upgrade and apt-get dist-upgrade. Then SSH keys are setup for passwordless SSH login and drivers compiled for the rocketraid card. Once the mechanical storage is available, apt-get samba and setup users/shares. I run a website at home for my own reference, so apache, php and mysql installed and setup (no scripts yet, unfortunately haven't had the time, and I seem to change my mind rather frequently as to how I want to set it up! Oh...almost forgot the ClamAV and freshclam. Can't be too cautious.

Need to start somewhere, and this is the somewhere! You sound so much like me. I like to tinker! Answer me this, how often do you reinstall as you feel it starts to get cluttered?

Do you like Ubuntu or Debian based OS?
 

dmull

New member
I bet I reinstall at least once a month. I never really understood why, but I do. I prefer CentOS installations as I am more fimilar with the OS.
 

Genesis

Administrator
Staff member
I remember when I started my VPS for the first time that I completely wore out the OS reinstallation button. :p

I have a feeling when I'm going to try out Sentora one of these days, it's probably going to be some of the same.
 

dmull

New member
Seems to be running very smooth. I have not touched the OS reinstall button in over two weeks! lol
 

smarthome

New member
I think first is to get ssh working.

Then it would be configure editor to my liking.

Install missing packages.

Try to run a vnc server if possible.