#!/usr/bin/env bash dir=$(readlink -f $(dirname $0)); dist=$(echo $dir | sed -re 's,/.*/([^/]+/[^/]+)$,\1,') GUEST_RELEASE=$dist [ -z "$http_proxy" ] && http_proxy="" [ -z "$https_proxy" ] && https_proxy="" set -eu #http_proxy=http://193.49.118.36:8080 #https_proxy=http://193.49.118.36:8080 installAll() { vdn-ssh -t root@$GUEST_NAME " export http_proxy=$http_proxy apt-get update -y; apt-get dist-upgrade -y; apt-get install rsync git mingetty " preInstallForTgz installModulesReseaux installDocker installLamp #installNagios3 #installBackportKernel # NE FONCTIONNE PAS, pas utile. #installVdn installForTgz } ## ### Modules réseaux-1 et réseaux-2 ### ### installModulesReseaux() { # Bad to stretch from squeeze # php5 php5-mysql smbfs cifs-utils console-tools dhcp3-client samba-doc dhcp3-server sux fuse-utils gproftpd xsmbrowser netkit-ping heartbeat-gui hapm # Aucune version du paquet smbfs n'est disponible, mais il existe dans la base #de données. Cela signifie en général que le paquet est manquant, qu'il est devenu obsolète #ou qu'il n'est disponible que sur une autre source #Cependant les paquets suivants le remplacent : # cifs-utils #Aucune version du paquet samba-doc n'est disponible, mais il existe dans la base #de données. Cela signifie en général que le paquet est manquant, qu'il est devenu obsolète #ou qu'il n'est disponible que sur une autre source #Cependant les paquets suivants le remplacent : # winbind smbclient samba-testsuite samba-common-bin samba-common samba # registry-tools libsmbclient libpam-winbind DEBS="less ssh mingetty rsync net-tools haveged rng-tools dnsutils zerofree" #DEBS="$DEBS dhcp3-client dhcp3-server sux fuse-utils gproftpd xsmbrowser netkit-ping heartbeat-gui hapm" #DEBS="$DEBS python-gtk-vnc" #console-tools console-data console-common DEBS="$DEBS vim slirp nfs-common nfs-kernel-server" DEBS="$DEBS sshfs psmisc bsdutils strace busybox-static" DEBS="$DEBS tcpdump wireshark-gtk nmap" DEBS="$DEBS manpages" DEBS="$DEBS curlftpfs ftp curl dillo" DEBS="$DEBS libapache2-mod-php apache2-doc" DEBS="$DEBS xbase-clients" DEBS="$DEBS lynx psmisc file strace lsof telnet links links2" DEBS="$DEBS iputils-ping" DEBS="$DEBS rsync dialog" DEBS="$DEBS firefox-esr" DEBS="$DEBS nautilus" DEBS="$DEBS user-mode-linux" DEBS="$DEBS openvpn" DEBS="$DEBS quagga proftpd isc-dhcp-server" DEBS="$DEBS busybox-static rpcbind debootstrap" DEBS="$DEBS user-mode-linux" DEBS="$DEBS vim-gtk gedit" DEBS="$DEBS gpm vde2" DEBS="$DEBS spice-vdagent" DEBS="$DEBS gcc make autoconf uidmap pkg-config glib-2.0-dev \ glib-2.0 libglib2.0-dev dpkg-dev \ libcap-dev libcap2 libseccomp2 libseccomp-dev" # TP Pascal : DEBS="$DEBS john hashcat sqlmap php default-mysql-server webcheck" echo "apt-get..." vdn-ssh -t root@$GUEST_NAME " export http_proxy=$http_proxy echo ========== apt-get install -y $DEBS " # cas de lighttpd vdn-ssh -t root@$GUEST_NAME " export http_proxy=$http_proxy apt-get install -y lighttpd systemctl disable lighttpd " # disable services local l="ModemManager NetworkManager NetworkManager-dispatcher NetworkManager-wait-online anacron apparmor autovt@ bgpd dbus-fi.w1.wpa_supplicant1 dbus-org.freedesktop.Avahi dbus-org.freedesktop.ModemManager1 dbus-org.freedesktop.nm-dispatcher dbus-org.freedesktop.timesync1 getty@ hddtemp isisd lighttpd lm-sensors network-manager nfs-kernel-server nmbd openbsd-inetd openvpn ospf6d ospfd pimd portmap pppd-dns ripd ripngd rpcbind rsync smbd speech-dispatcher syslog systemd-timesyncd udisks2 wpa_supplicant zebra nfs-blkmap uml-utilities apache2 proftpd isc-dhcp-server nfs-server" vdn-ssh -t root@$GUEST_NAME "for i in $l; do echo \"Disable \$i\"; systemctl disable \$i; done" # services (enable) : #l="avahi-daemon console-setup cron inetd keyboard-setup networking rsyslog ssh sshd uml-utilities" #l="$l apache2 haveged isc-dhcp-server nfs-server proftpd" } installBackportKernel() { local kvers=$(vdn-ssh root@$GUEST_NAME uname -r) if ! vdn-ssh root@$GUEST_NAME "grep -q backport /etc/apt/sources.list"; then vdn-ssh root@$GUEST_NAME 'echo "deb http://ftp.debian.org/debian buster-backports main" >> /etc/apt/sources.list' fi vdn-ssh -t root@$GUEST_NAME "apt-get update; apt-get -y install linux-image-5.3.0-0.bpo.2-amd64" vdn-ssh -t root@$GUEST_NAME 'grep -v buster-backports /etc/apt/sources.list > /tmp/o; mv /tmp/o /etc/apt/sources.list' vdn-ssh -t root@$GUEST_NAME "apt-get update; apt-get -y install --reinstall linux-image-amd64; update-initramfs -u -k $kvers" } installDocker() { set +u [ -z "$http_proxy" ] && http_proxy="" || : [ -z "$https_proxy" ] && https_proxy="" || : set -u # désactive le service docker, Voir les scripts de post-configuration # n'ajoute aucun utilisateur au groupe docker par défaut. Voir les scripts de post-configuration vdn-ssh -t root@$GUEST_NAME " export http_proxy=$http_proxy export https_proxy=$https_proxy apt-get update apt-get -y install apt-transport-https ca-certificates curl gnupg2 software-properties-common curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add - apt-key fingerprint 0EBFCD88 add-apt-repository \"deb [arch=amd64] https://download.docker.com/linux/debian \$(lsb_release -cs) stable\" apt-get update apt-get -y install docker-ce docker-ce-cli containerd.io docker-compose curl -L https://raw.githubusercontent.com/docker/compose/1.24.1/contrib/completion/bash/docker-compose -o /etc/bash_completion.d/docker-compose systemctl mask containerd docker " } installLamp() { vdn-ssh root@$GUEST_NAME " export http_proxy=$http_proxy apt-get -y install apache2 php mariadb-server libapache2-mod-php php-gd php-mysql systemctl disable mariadb mysql " } preInstallForTgz() { echo "Set /etc/modprobe.d/blacklist-floppy.conf..." vdn-ssh root@$GUEST_NAME "f=/etc/modprobe.d/blacklist-floppy.conf; ! grep -q floppy \$f && echo \"blacklist floppy\" >> \$f || :" echo "Set /etc/initramfs-tools/modules..." vdn-ssh root@$GUEST_NAME "f=/etc/initramfs-tools/modules; ! grep -q ne2k_pci \$f && echo ne2k_pci >> \$f || :" vdn-ssh root@$GUEST_NAME "f=/etc/initramfs-tools/modules; ! grep -q 8390 \$f && echo 8390 >> \$f || :" vdn-ssh root@$GUEST_NAME "f=/etc/initramfs-tools/modules; ! grep -q virtio_net \$f && echo virtio_net >> \$f || :" vdn-ssh root@$GUEST_NAME "f=/etc/initramfs-tools/modules; ! grep -q overlay \$f && echo overlay >> \$f || :" vdn-ssh root@$GUEST_NAME "f=/etc/initramfs-tools/modules; ! grep -q aufs \$f && echo aufs >> \$f || :" echo "Create /etc/initramfs-tools/scripts/local-bottom/overlay.sh ..." cat << EOF | vdn-ssh root@$GUEST_NAME "cat > /etc/initramfs-tools/scripts/local-bottom/overlay.sh" #!/bin/sh listDisks() { if [ "\$EMULATOR" = linux ]; then ls /dev/ubd[[:lower:]] # | grep -E 'udb[[:lower:]]r?' else ls /dev/?d[[:lower:]] fi } PREREQ="" prereqs() { echo "\$PREREQ" } case \$1 in prereqs) prereqs exit 0 ;; esac ! grep -E -q 'vdn-mode=(tgz|overlay)' /proc/cmdline && { echo "*** local-bottom/overlay.sh : exit (no mode tgz or overlay)" >&2 exit 0 } echo echo "*** local-bottom/overlay.sh ***" echo "Extract configuration..." listDisks confDisk=\$(listDisks | tail -n 1) echo confDisk=\$confDisk mkdir /vdn tar -C / -xvzf \$confDisk if [ \$? -ne 0 ]; then echo "Erreur lors de l'extraction de la configuration" >&2 echo "Lancement d'un shell pour inspection..." >&2 export PS1="initramfs:\w# " /bin/sh -i fi if [ -e /etc/vdn/mount-root ]; then sh /etc/vdn/mount-root else echo "/etc/vdn/mount-root introuvable !" >&2 echo "ARRÊT du système !">&2 while :; do sleep 1000; done fi EOF vdn-ssh root@$GUEST_NAME chmod 755 /etc/initramfs-tools/scripts/local-bottom/overlay.sh } installForTgz() { echo "Install for tgz..." local kvers kvers=$(vdn-ssh root@$GUEST_NAME ls /lib/modules | sort -Vr | head -n1) [ -z "$kvers" ] && { echo "Warning : /lib/modules is empty !" >&2 kvers=$(vdn-ssh root@$GUEST_NAME uname -r) echo "Use current kernel : $kvers" } rsync -e vdn-ssh root@$GUEST_NAME:/boot/vmlinuz-$kvers $VDN_PATH/files # initramfs (created it if necessary) vdn-ssh root@$GUEST_NAME " rm -f /boot/initrd.img-$kvers.keep if [ -e /boot/initrd.img-$kvers ]; then cp /boot/initrd.img-$kvers /boot/initrd.img-$kvers.keep fi echo \"update-initramfs ...\" >&2 update-initramfs -u -k $kvers #cat /etc/initramfs-tools/scripts/local-bottom/overlay.sh rm /etc/initramfs-tools/scripts/local-bottom/overlay.sh cp /boot/initrd.img-$kvers /boot/initrd-tgz.img-$kvers if [ -e /boot/initrd.img-$kvers.keep ]; then mv /boot/initrd.img-$kvers.keep /boot/initrd.img-$kvers fi " rsync -e vdn-ssh root@$GUEST_NAME:/boot/initrd-tgz.img-$kvers $VDN_PATH/files } installNagios1() { # from https://www.itzgeek.com/how-tos/linux/debian/how-to-install-nagios-on-debian-9-stretch.html vdn-ssh root@$GUEST_NAME " export http_proxy=$http_proxy apt update apt install -y build-essential apache2 php openssl perl make php-gd libgd2-xpm-dev libapache2-mod-php libperl-dev libssl-dev daemon wget apache2-utils unzip useradd nagios groupadd nagcmd usermod -a -G nagcmd nagios usermod -a -G nagcmd www-data cd /tmp/ wget https://assets.nagios.com/downloads/nagioscore/releases/nagios-4.4.5.tar.gz tar -zxvf nagios-4.4.5.tar.gz cd /tmp/nagios-4.4.5/ ./configure --with-nagios-group=nagios --with-command-group=nagcmd --with-httpd_conf=/etc/apache2/sites-enabled/ make all make install make install-init make install-config make install-commandmode make install-webconf " } installNagios2() { ### sudo nano /usr/local/nagios/etc/objects/contacts.cfg vdn-ssh root@$GUEST_NAME " export http_proxy=$http_proxy #sed -i -re 's/^.*email.*$/email root@localhost ;/' /usr/local/nagios/etc/objects/contacts.cfg htpasswd -c /usr/local/nagios/etc/htpasswd.users nagiosadmin a2enmod cgi systemctl restart apache2 cd /tmp wget https://nagios-plugins.org/download/nagios-plugins-2.2.1.tar.gz tar -zxvf /tmp/nagios-plugins-2.2.1.tar.gz cd /tmp/nagios-plugins-2.2.1/ ./configure --with-nagios-user=nagios --with-nagios-group=nagios make make install /usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg " } installNagios3() { vdn-ssh root@$GUEST_NAME " export http_proxy=$http_proxy apt install -y nagios-nrpe-server nagios-plugins apt -y install nagios-nrpe-plugin " } installVdn() { vdn-ssh root@$GUEST_NAME " export http_proxy=$http_proxy cd /tmp rm -Rf vdn git clone http://opale.u-clermont1.fr/vdn/git/vdn.git echo "vdn/bin/vdn-prepare $GUEST_RELEASE" vdn/bin/vdn-prepare $GUEST_RELEASE " } # début des fonctions synopsis() { cat << EOF Usage : `basename $0` [-i identity] system EOF } help() { cat << EOF `basename $0` prepare un système virtuel pour fonctionner en mode DIRECT. `synopsis` Une identification par clé pour ssh est mise en place (cf. -i identity) pour éviter les identification par mot de passe lors des connexions ssh de l'hôte vers l'invité nécessaires à l'opération. Les mots de passes sont fixés de façon aléatoire -h : affiche cette aide -i identity : chemin de la clé publique à utiliser. EOF } usage() { synopsis exit 2 } args() { local opt while getopts "hi:" opt; do case $opt in h) help; exit 0;; i) IDENTITY="$OPTARG";; ?) usage;; esac done shift $(($OPTIND - 1)) [ $# -ne 1 ] && usage GUEST_NAME="$1" if echo $GUEST_NAME | grep -q '/'; then error "$GUEST_NAME est un nom de système invalide" fi } # Programme principal VDN_PATH=$(readlink -f $(dirname $0)/../../../../..); . $VDN_PATH/bin/functions.sh args "$@" PROG_DIR=$(readlink -f $(dirname $0)) if ! $VDN_PATH/bin/vdn-alive $GUEST_NAME; then error "Le système $GUEST_NAME n'est pas démarré" fi loadGuestVars $GUEST_NAME foundIdentity=0 for i in $SSH_IDENTITY; do if [ -e $i ]; then IDENTITY=$i foundIdentity=1 fi done [ $foundIdentity = 0 ] && error "Aucune clé SSH !" if vdn-ssh -n -o PasswordAuthentication=no root@$GUEST_NAME exit 0 ; then vdn-ssh-copy-id -i $IDENTITY root@$GUEST_NAME fi #echo "apt-get..." #vdn-ssh root@$GUEST_NAME apt-get install rsync net-tools #echo "Set /etc/initramfs-tools/modules..." #vdn-ssh root@$GUEST_NAME "f=/etc/initramfs-tools/modules; ! grep -q ne2k_pci \$f && echo ne2k_pci >> \$f || :" #vdn-ssh root@$GUEST_NAME "f=/etc/initramfs-tools/modules; ! grep -q 8390 \$f && echo 8390 >> \$f || :" #vdn-ssh root@$GUEST_NAME "f=/etc/initramfs-tools/modules; ! grep -q virtio_net \$f && echo virtio_net >> \$f || :" #echo "Set /etc/modprobe.d/blacklist-floppy.conf..." #vdn-ssh root@$GUEST_NAME "f=/etc/modprobe.d/blacklist-floppy.conf; ! grep -q floppy \$f && echo \"blacklist floppy\" >> \$f || :" vdn-ssh -t root@$GUEST_NAME chmod 755 / echo "Add test user to kvm group (for nested)" vdn-ssh root@$GUEST_NAME "addgroup test kvm" echo "Add test user to kvm group (for nested)" vdn-ssh root@$GUEST_NAME "addgroup test docker || :" #echo "Add test user to sudo group" #vdn-ssh root@$GUEST_NAME "addgroup test sudo" echo "Set vim syntax=on" vdn-ssh root@$GUEST_NAME "cat /etc/vim/vimrc | sed -re 's/^.*syntax on.*$/syntax on/' > /etc/vim/vimrc.new" vdn-ssh root@$GUEST_NAME "mv /etc/vim/vimrc.new /etc/vim/vimrc" vdn-ssh root@$GUEST_NAME "cp /etc/vim/vimrc ~/.vimrc" vdn-ssh root@$GUEST_NAME "cp /etc/vim/vimrc /home/test/.vimrc; chown test: /home/test/.vimrc" echo "Allow root autologin on ttyS0" vdn-ssh root@$GUEST_NAME "sed -i -re 's,^ExecStart=.*$,ExecStart=-/sbin/mingetty --noclear --autologin root %I,' /lib/systemd/system/serial-getty@.service" # kernel params (in grub ) echo "Allow net.ifnames=0 in GRUB " vdn-ssh root@$GUEST_NAME "sed -i -re 's,^GRUB_CMDLINE_LINUX_DEFAULT=.*$,GRUB_CMDLINE_LINUX_DEFAULT=\"net.ifnames=0 console=ttyS0\,115200n8\",' /etc/default/grub" echo " 1s timout for menu" vdn-ssh root@$GUEST_NAME "sed -i -re 's,^GRUB_TIMEOUT=.*$,GRUB_TIMEOUT=1,' /etc/default/grub" vdn-ssh root@$GUEST_NAME "update-grub" ########################## export http_proxy=\"$http_proxy\" export https_proxy=\"$https_proxy\" echo "http_proxy:$http_proxy" echo "https_proxy:$https_proxy" #echo "For debug : exit to guit" #vdn-ssh root@$GUEST_NAME installAll vdn-ssh root@$GUEST_NAME "systemctl mask nagios" ########################## echo "Set rc.local..." if [ -e $PROG_DIR/rc.local ]; then vdn-scp -p $PROG_DIR/rc.local root@$GUEST_NAME:/etc vdn-ssh root@$GUEST_NAME chmod 755 /etc/rc.local fi ## Install lxdm #echo "Install lxdm..." # #vdn-ssh -t root@$GUEST_NAME " #apt-get -y install lxdm #apt-get -y remove openbox #" #echo "Default xsession : xfce4 " #vdn-ssh root@$GUEST_NAME "sed -i -re 's,^# session=.*$,session=/usr/bin/startxfce4,' /etc/lxdm/lxdm.conf" #echo "For debug : exit to guit" #vdn-ssh root@$GUEST_NAME # Clear echo "Clear /var/log, history, ..." vdn-ssh -t root@$GUEST_NAME ' export http_proxy=$http_proxy rm -Rf /etc/vdn #for i in $(find /var/log -type f); do cat /dev/null > $i; done find /var/log -name "*.gz" -delete echo "Clear .bash_history" rm -f /root/.bash_history touch /root/.bash_history chmod 600 /root/.bash_history rm -f /home/test/.bash_history touch /home/test/.bash_history chmod 600 /home/test/.bash_history echo "Clear .cache .mozilla" for d in /root /home/test; do rm -Rf $d/.cache rm -Rf $d/.mozilla done echo "Clear authorized_keys" for d in /root /home/test; do rm -f $d/.ssh/authorized_keys rm -f $d/.ssh/authorized_keys done echo "Clear apt-cache..." apt autoremove -y sleep 1 apt-get clean echo end of cleaning ! '