scripts on startup, shutdown and initial settings to virtual machines, maybe useful for
all poor man like me, but currently just only for me own .
-
-
- Firewall setting (firewalld) .
- SSH port number setting (sshd) .
- only use Public Key Authentication .
- enable to login as Root directly .
- generate SSH key pair .
-
- install daemonized Hubot .
-
- a VM instance need to could be accessible to internet .
- all commands need you are "root" or you listed in "wheel" .
cat <<_EOT_|bash
declare -r locale_lang=ja_JP.utf8
declare -r timezone=Asia/Tokyo
declare -r ssh_port_number=
declare -r ssh_config_options=
declare -r ssh_key_passphrase=
declare -r ssh_keygen_options='-t ed25519'
declare -r ifttt_api_key=${IFTTT_API_KEY:-}
declare -r platform='unknown'
declare -r project='unknown'
declare -r instance="$(hostname)"
declare -r eventName='statechanged'
declare -r status='started'
# vars of server status notification using Slack and HUBOT
declare -r slackbot_user='shockwave'
declare -r slackbot_group='decepticons'
declare -ir slackbot_uid=1101
declare -ir slackbot_gid=1111
declare -r hubot_slack_token=${HUBOT_SLACK_TOKEN:-}
declare -r hubot_owner_domain='example.com'
declare -r hubot_home="/home/${slackbot_user}/hubot-${slackbot_user}"
declare -r hubot_name="slackbot-${slackbot_user}"
declare -r hubot_desc='server status notifierer generated by Cogman .'
declare -r hubot_owner="${slackbot_user} ${slackbot_user}.${instance,,}.${project,,}.${platform,,}@${hubot_owner_domain}"
declare -ir hubot_heroku_keepalive=1
source <(curl -fLsS https://github.com/furplag/cogman/raw/main/el.startup.sh)
_EOT_localctl set-locale LANG="${LANG_TO_CHANGE}"timedatectl set-timezone "${Area/City}"Set "Permissive" to SELinux .
sed -i -e 's/^SELINUX=.*/#\0\nSELINUX=Permissive/' /etc/selinux/config && \
setenforce 0ssh_port_number=${the_port_number_you_decide_to_change:-23456}
# add another port number of SSH to the list of SELinux allows .
[[ $(semanage port -l | grep ssh_port_t | grep ${ssh_port_number} |wc -l) -lt 1 ]] && \
setenforce 1 && \
semanage port -a -t ssh_port_t -p tcp ${ssh_port_number} && \
setenforce 0
# add SSH with another TCP port number to Firewall services .
cat /usr/lib/firewalld/services/ssh.xml >/etc/firewalld/services/ssh-port-modified.xml && \
sed -i -e "s@\(short>\).*\(<\/\)@\1SSH via $ssh_port_number\2@" \
-e "s/port=\".*\"/port=\"$ssh_port_number\"/" /etc/firewalld/services/ssh-port-modified.xml
# accept TCP port number \"${ssh_port_number}\" on Firewall .
firewall-cmd --add-service=ssh-port-modified --permanent && \
firewall-cmd --reloadyou should test to can be connect the server using new port before you logged out from current session .
| setting | default | change to |
|---|---|---|
| AddressFamily | any | inet (v4 only) |
| Port | 22 | the port number you decide to change . |
| PermitRootLogin | no | without-password |
| PubkeyAuthentication | yes | yes |
| PasswordAuthentication | yes | no |
| PermitEmptyPasswords | no | no |
| ChallengeResponseAuthentication | yes | no |
| GSSAPIAuthentication | yes | no |
| UsePAM | yes | yes |
| UseDNS | yes | no |
ssh_port_number=${the_port_number_you_decide_to_change:-23456}
cat /etc/ssh/sshd_config > /etc/ssh/sshd_config.ofDefault && \
sed -i -e "s/^#\?Port/Port ${ssh_port_number}\n#\0/" \
-e 's/^#\?PermitRootLogin .*/PermitRootLogin without-password\n#\0/' \
-e 's/^#\?PubkeyAuthentication .*/PubkeyAuthentication yes\n#\0/' \
-e 's/^#\?PasswordAuthentication .*/PasswordAuthentication no\n#\0/' \
-e 's/^#\?PermitEmptyPasswords .*/PermitEmptyPasswords no\n#\0/' \
-e 's/^#\?ChallengeResponseAuthentication .*/ChallengeResponseAuthentication no\n#\0/' \
-e 's/^#\?GSSAPIAuthentication .*/GSSAPIAuthentication no\n#\0/' \
-e 's/^#\?UsePAM .*/UsePAM yes\n#\0/' \
-e 's/^#\?UseDNS .*/GSSAPICleanupCredentials no\n#\0/' \
-e 's/^#\+/#/' \
/etc/ssh/sshd_config && \
systemctl reload sshd
# systemctl status sshd[[ -d ~/.ssh ]] || mkdir -p ~/.ssh
# variable
ssh_passphrase=${set_password_that_have_enough_strength:-$(mkpasswd -l 14 -d 2 -s 2)}
echo -e "remember that, the passphrase is \"${ssh_passphrase}\" ."
ssh-keygen -t Ed25519 -N ${ssh_passphrase} -C "${HOSTNAME}.ssh.key" -f ~/.ssh/${HOSTNAME}.ssh.key && \
cat ~/.ssh/${HOSTNAME}.ssh.key.pub >> ~/.ssh/authorized_keys && \
mv ~/.ssh/${HOSTNAME}.ssh.key ~/.ssh/${HOSTNAME}.private.key && \
mv ~/.ssh/${HOSTNAME}.ssh.key.pub ~/.ssh/${HOSTNAME}.public.key && \
chmod -R 600 ~/.ssh && \
chmod -R 400 ~/.ssh/*.key- Redis installed and running .
- Node.js and npm installed .
you can receive notification of server startup, shutdown and any some way .
Create IFTTT like that as below .
IF This: webhook named as "${some_event_you_gazing}" event fired . Then That: send a email message from "Webhooks via IFTTT" to you .
Note: you should create endpoints of "send email" per events you need to receive notification . See also IFTTT webhook documentation, for more information .
curl -X POST "https://maker.ifttt.com/trigger/${event_name}/with/key/${key_of_ifttt_webhook_api}" \
-H "Content-Type: application/json" -d \
"{\"value1\":\"${platform}\",\"value2\":\"${project}\",\"value3\":\"${instance}\"}"Code is under MIT License.
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent