From 09cd76148eeb2c52f8a6caf545e7d4783e9f9ac7 Mon Sep 17 00:00:00 2001 From: Darren 'Tadgy' Austin Date: Sat, 20 Aug 2022 21:00:37 +0100 Subject: [PATCH] Some small tidyups to bootstrap. --- bootstrap | 44 +++++++++++++++++++++++++------------------- 1 file changed, 25 insertions(+), 19 deletions(-) diff --git a/bootstrap b/bootstrap index a0e9a85..68df6fd 100755 --- a/bootstrap +++ b/bootstrap @@ -18,9 +18,8 @@ update-ca-certificates # Install root's new crontab. echo "-> Changing root's crontab..." cat root.crontab >/var/spool/cron/crontabs/root -/etc/rc.d/rc.crond restart -# Install the /etc files. +# Install the /etc files (which includes crontabs). echo "-> Copying base files into /etc..." ( cd base-files IFS=$'\n' @@ -31,20 +30,21 @@ echo "-> Copying base files into /etc..." cat "$file" >"/etc/$file" done ) +# Restart crond for new configurations. +echo "-> Restarting crond..." +/etc/rc.d/rc.crond restart + echo "-> Fixing base files' permissions..." # Correct file/directory specific permissions. chmod 755 /etc/cron.daily/update-slackpkg-template chmod 755 /etc/cron.daily/warn-git-status +chmod 755 /etc/cron.daily/warn-smtp-queue chmod 755 /etc/cron.hourly/log-acls chmod 755 /etc/initscript -chmod 755 /etc/profile.d/biff.csh -chmod 755 /etc/profile.d/biff.sh -chmod 755 /etc/profile.d/lang.csh -chmod 755 /etc/profile.d/lang.sh -chmod 755 /etc/profile.d/less.csh -chmod 755 /etc/profile.d/less.sh -chmod 755 /etc/profile.d/optpaths.csh -chmod 755 /etc/profile.d/optpaths.sh +chmod 755 /etc/profile.d/biff.* +chmod 755 /etc/profile.d/lang.* +chmod 755 /etc/profile.d/less.* +chmod 755 /etc/profile.d/optpaths.* chmod 750 /etc/sudoers.d # Install pushover. @@ -59,7 +59,7 @@ read -r -p "----> Enter GPG decryption passphraise (appears in clear text): " PA echo "-> Decrypting /etc/pushover/*.gpg..." for FILE in /etc/pushover/*.gpg; do gpg -d --passphrase "$PASS" -o "/etc/pushover/${FILE%.gpg}" "$FILE" - chmod 640 "$FILE" + chmod 640 "/etc/pushover/${FILE%.gpg}" done unset FILE @@ -94,7 +94,7 @@ fi unset PASS # Re-generate root's password for longer hash. -echo "-> Re-set root's password..." +echo "-> Reset root's password..." passwd root # Make Tadgy's account. @@ -131,12 +131,13 @@ read -r -p "----> Enter GPG encryption passphraise (appears in clear text): " PA gpg -c --passphrase "$PASS" -o /etc/shadow.gpg /etc/shadow gpg -c --passphrase "$PASS" -o /etc/gshadow.gpg /etc/gshadow +# Remove the passphraise from environment. unset PASS # Create log archive directories and move old log files. echo "-> Archiving old logs..." -[ ! -d /var/log/Archived ] && mkdir -m 750 /var/log/Archived -[ ! -d /var/log/Archived/pre-bootstrapping ] && mkdir -m 750 /var/log/Archived/pre-bootstrapping +[[ ! -d /var/log/Archived ]] && mkdir -m 750 /var/log/Archived +[[ ! -d /var/log/Archived/pre-bootstrapping ]] && mkdir -m 750 /var/log/Archived/pre-bootstrapping mv /var/log/{btmp.*,{cron,debug,maillog,messages,secure,spooler,syslog}{,.*}} /var/log/Archived/pre-bootstrapping/ # Restart syslogd. @@ -144,7 +145,7 @@ echo "-> Restarting syslogd for new config..." /etc/rc.d/rc.syslog restart # Restart ntpd. -[ -x /etc/rc.d/rc.ntpd ] && echo "-> Restarting ntpd for new config..." && /etc/rc.d/rc.ntpd restart +[[ -x /etc/rc.d/rc.ntpd ]] && echo "-> Restarting ntpd for new config..." && /etc/rc.d/rc.ntpd restart # Restart sshd. echo "-> Restarting sshd for new config..." @@ -154,12 +155,17 @@ echo "-> Creating optional log files..." touch /var/log/sulog touch /var/log/fail2ban +# Add a complete rc.local if the one on the system isn't customised. +[[ ! "$(md5sum /etc/rc.d/rc.local | cut -d' ' -f1)" == "583386a1a839ae04025629d202781a2c" ]] && { + echo "-> Copying better rc.local..." + cat rc.d/rc.local >/etc/rc.d/rc.local + chmod 755 /etc/rc.d/rc.local +} + # Add an rc.local_shutdown script if it doesn't exist already. -[ ! -e /etc/rc.d/rc.local_shutdown ] && { +[[ ! -e /etc/rc.d/rc.local_shutdown ]] && { echo "-> Creating rc.local_shutdown..." - echo "#!/bin/bash" >/etc/rc.d/rc.local_shutdown - echo "# /etc/rc.d/rc.local_shutdown - Local system shutdown script." >>/etc/rc.d/rc.local_shutdown - echo "# This script will be run when the system is shutdown or rebooted." >>/etc/rc.d/rc.local_shutdown + cat rc.d/rc.local_shutdown >/etc/rc.d/rc.local_shutdown chmod 755 /etc/rc.d/rc.local_shutdown }