Skip to content

alexwoehr/configure_server

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Functions

  • Setup SELinux on amazon linuxc
  • Format system according to a secure partitioning scheme. Limit log partition so it does not take down the rest of your system. Limit actions on mount points as much as possible.
  • Examines the system for over 40 points from the NSA guidelines for securing RHEL
  • Install varnish, mysql, and apache in chroot jails.

Steps to Execute Process Automatically

  • Create new amazon linux server, M3.large
  • Setup three drives, xvda with 24 GB, xvdb with 24 GB, and xvde with 960 GB
  • Start server, log in, and set root password
  • Execute from your machine: yes | batch_setup_server.sh <ROOT_PASSWORD>
  • Restart the server when all is said and done.

Steps to Demonstrate Entire Process Manually

  • Create new amazon linux server, M3.large
  • Setup three drives, xvda with 24 GB, xvdb with 24 GB, and xvde with 960 GB
  • Start server and log in
  • update server and restart (you need the updated kernel)
  • Install git
  • Clone this repository
  • Execute: install.sh
  • Execute: cd /var/lib/setup_script
  • Execute: yes | ./setup_selinux.sh
  • Execute: shutdown -r now
  • Log in again
  • Execute: yes | ./setup_partitions.sh
  • Execute: shutdown -r now
  • Log in again
  • Execute: yes | ./setup_hardening.sh
  • Execute: ./install_varnish_chroot.sh
  • Execute: ./install_mysql_chroot.sh
  • Execute: ./install_apache_chroot.sh
  • You are all setup!

Greetings. Welcome to Setup Script.

DO THIS FIRST After unzipping the archive, run "./install.sh" to setup and configure these scripts.

This directory is useful for setting up a new server with basic scripts for installing, configuring firewalls, and hardening a server.

After setting up on the server, this directory may be deleted if you choose.

DIRECTORY CONTENTS Initial, setup scripts are directly in the directory.

Subdirectories:

  • scripts: add_ftp.sh -- this adds an ftp user, based on our configuration
  • samples: sample configuration, meant as starters for various services
  • data: data used by different sections of the script

SYSTEM EFFECTS

install.sh:

  • Creates and copies files from setup directory to /var/lib/setup_script
  • Creates /var/run/setup_script to store temporary files for our scripts setup_all.sh:
  • TODO
  • Execute all setup scripts in the right order setup_selinux.sh:
  • Modifies grub.conf and SELinux configuration
  • Enables SELinux
  • You should reboot after running this file, as other scripts assume SELinux setup_partitions.sh:
  • Optional
  • You should run this immediately after running setup, if you're going to run it at all
  • Sets up partitions according to SETUP_DIR/data/partition_cmds.txt
  • Generates filesystems in the new partitions according to SETUP_DIR/data/filesystem_generations_cmds.txt
  • Adds new partitions to fstab based on fstab_template.txt setup_hardening.sh:
  • TODO: FINISH
  • May be run on a server in operation to harden security settings
  • Currently tested for RHEL and Amazon Linux
  • Completes most checkpoints of NSA hardening guide for RHEL
  • Creates an undo script in its TMP_DIR that can undo most changes. install_all_scripts.sh:
  • Install links for all scripts in LIB_DIR/scripts
  • These are scripts you may want to run to manage the server during normal operation.

System Assumptions

About

configure and harden a server

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages