post-install/script at main · mbarnes-code/post-install · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
#post install for linux
!/bin/bash

#stage1: updates and installs
apt-get update
apt-get dist-upgrade
apt-get install smhain checksecurity chkrootkit rkhunter tiger systraq snort psad ufw keepnote OpenVPN vitualbox-guest* -y
apt-get install selinux-basics auditd selinux-utils setools -y
apt-get install ruby-full rubygems -y

#stage2:turn off the ethernet connection
service network-manager stop


#stage2: add another user
useradd -m admin -G sudo -s /bin/bash

#stage 3: file permissions
chown root:root /etc/anacrontab
chmod og-rwx /etc/anacrontab
chown root:root /etc/crontab
chmod og-rwx /etc/crontab
chown root:root /etc/cron.hourly
chmod og-rwx /etc/cron.hourly
chown root:root /etc/cron.daily
chmod og-rwx /etc/cron.daily
chown root:root /etc/cron.weekly
chmod og-rwx /etc/cron.weekly
chown root:root /etc/cron.monthly
chmod og-rwx /etc/cron.monthly
chown root:root /etc/cron.d
chmod og-rwx /etc/cron.d
#Set the right and permissions on “/var/spool/cron” for “root crontab”
chown root:root /var/spool/cron
#Set User/Group Owner and Permission on “passwd” file
chmod 644 /etc/passwd
chown root:root /etc/passwd
chmod 644 /etc/group
chown root:root /etc/group
#Set User/Group Owner and Permission on the “shadow” file
chmod 600 /etc/shadow
chown root:root /etc/shadow


#lock the boot directory
chown root:root /etc/fstab
sed -i "LABLE=/BOOT   /boot		ext2	defaults,ro 	1 2" /etc/fstab
chown root:root /etc/grub.d
chmod og-rwx /etc/grub.d
#require authentication for single user mode (for centos)
#sed -i "/SINGLE/s/sushell/sulogin/" /etc/sysconfig/init
#sed -i "/PROMPT/s/yes/no/" /etc/sysconfig/init

#last stage:
#SELINUX enforcing
sestatus
selinux-activate
check-selinux-installation
reboot
#restart the internet connection
service network-manager start