.github/prepare_debian.sh

   1 #!/bin/bash
   2
   3 set -x
   4 set -euo pipefail
   5
   6 export DEBIAN_FRONTEND=noninteractive
   7
   8 source /etc/os-release
   9
  10 if [ ${ID} = "debian" ]; then
  11         if [ -f /etc/apt/sources.list.d/debian.sources  ]; then
  12                 sed "s/main/non-free contrib/g" /etc/apt/sources.list.d/debian.sources > /etc/apt/sources.list.d/debian-nonfree.sources
  13         else
  14                 apt-get update
  15                 apt-get -y install software-properties-common
  16                 apt-add-repository non-free
  17         fi
  18 fi
  19 apt-get update
  20 apt-get -y install perl \
  21         autotools-dev \
  22         libdbi-dev \
  23         libldap2-dev \
  24         libpq-dev \
  25         libradcli-dev \
  26         libnet-snmp-perl \
  27         procps \
  28         libdbi0-dev \
  29         libdbd-sqlite3 \
  30         libssl-dev \
  31         dnsutils \
  32         snmp-mibs-downloader \
  33         libsnmp-perl \
  34         snmpd \
  35         fping \
  36         snmp \
  37         netcat-openbsd \
  38         smbclient \
  39         vsftpd \
  40         apache2 \
  41         ssl-cert \
  42         postfix \
  43         libhttp-daemon-ssl-perl \
  44         libdbd-sybase-perl \
  45         libnet-dns-perl \
  46         slapd \
  47         ldap-utils \
  48         gcc \
  49         make \
  50         autoconf \
  51         automake \
  52         gettext \
  53         faketime \
  54         libmonitoring-plugin-perl \
  55         libcurl4-openssl-dev \
  56         liburiparser-dev \
  57         squid \
  58         openssh-server \
  59         mariadb-server \
  60         mariadb-client \
  61         libmariadb-dev \
  62         cron \
  63         iputils-ping \
  64         iproute2
  65
  66 # remove ipv6 interface from hosts
  67 sed '/^::1/d' /etc/hosts > /tmp/hosts
  68 cp -f /tmp/hosts /etc/hosts
  69 ip addr show
  70 cat /etc/hosts
  71
  72 # apache
  73 a2enmod ssl
  74 a2ensite default-ssl
  75 # replace snakeoil certs with openssl generated ones as the make-ssl-cert ones
  76 # seems to cause problems with our plugins
  77 rm /etc/ssl/certs/ssl-cert-snakeoil.pem
  78 rm /etc/ssl/private/ssl-cert-snakeoil.key
  79 openssl req -nodes -newkey rsa:2048 -x509 -sha256 -days 365 -nodes -keyout /etc/ssl/private/ssl-cert-snakeoil.key -out /etc/ssl/certs/ssl-cert-snakeoil.pem -subj "/C=GB/ST=London/L=London/O=Global Security/OU=IT Department/CN=$(hostname)"
  80 service apache2 restart
  81
  82 # squid
  83 cp tools/squid.conf /etc/squid/squid.conf
  84 service squid start
  85
  86 # mariadb
  87 service mariadb start || service mysql start
  88 mysql -e "create database IF NOT EXISTS test;" -uroot
  89
  90 # ldap
  91 sed -e 's/cn=admin,dc=nodomain/'$(/usr/sbin/slapcat|grep ^dn:|awk '{print $2}')'/' -i .github/NPTest.cache
  92 service slapd start
  93
  94 # sshd
  95 ssh-keygen -t rsa -N "" -f ~/.ssh/id_rsa
  96 cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
  97 service ssh start
  98 sleep 1
  99 ssh-keyscan localhost >> ~/.ssh/known_hosts
 100 touch ~/.ssh/config
 101
 102 # start one login session, required for check_users
 103 ssh -tt localhost </dev/null >/dev/null 2>/dev/null &
 104 disown %1
 105
 106 # snmpd
 107 service snmpd stop
 108 mkdir -p /var/lib/snmp/mib_indexes
 109 sed -e 's/^agentaddress.*/agentaddress 127.0.0.1/' -i /etc/snmp/snmpd.conf
 110 service snmpd start
 111
 112 # start cron, will be used by check_nagios
 113 cron
 114
 115 # postfix
 116 cat <<EOD >> /etc/postfix/master.cf
 117 smtps     inet  n       -       n       -       -       smtpd
 118   -o smtpd_tls_wrappermode=yes
 119 EOD
 120 service postfix start
 121
 122 # start ftpd
 123 service vsftpd start
 124
 125 # hostname
 126 sed "/NP_HOST_TLS_CERT/s/.*/'NP_HOST_TLS_CERT' => '$(hostname)',/" -i /src/.github/NPTest.cache
 127
 128 # create some test files to lower inodes
 129 for i in $(seq 10); do
 130     touch /media/ramdisk2/test.$i
 131 done