Linux operating system configuration scripts trust

Others 2019-05-28 23:54:13 views: null

++++++++++++++++++++++++++++++++++++++++++++++++++
title: Linux operating system configuration script mutual trust
time: May 28, 2019
++++++++++++++++++++++++++++++++++ ++++++++++++++++
mutual_trust.sh # individual trust configuration configuration script
------------------------- -----------------------
#! / usr / bin / env bash
# the Configure Mutual Trust
# v1.0 by Bruce
# 2019 Nian 5 Yue 20 Ri

# install expect software
rpm -qa |grep expect &> /dev/null
if [ $? -ne 0 ] ; then
  yum -y install expect &>/dev/null
  if [ $? -ne 0 ] ; then
    echo "expect install failed..."
    exit
  fi
fi

# create muautl trust user
while read user_inform
do
  root_ip=`echo $user_inform |awk '{print $1}'`
  trust_users=`echo $user_inform |awk '{print $2}'`
  trust_users_pass=`echo $user_inform |awk '{print $3}'`
  root_pass=`echo $user_inform |awk '{print $4}'`
  /usr/bin/expect <<-CREATEUSER
  spawn ssh root@$root_ip
  expect {
    "yes/no" { send "yes\r";exp_continue }
    "password:" { send "$root_pass\r" }
  }
  expect "#" {
    send "id $trust_users && echo '$trust_users is exists' || (useradd $trust_users;echo $trust_users_pass |passwd --stdin $trust_users)\r"
    send "exit\r"
  }
  expect eof
  CREATEUSER
done &>/dev/null </tmp/check/inform.txt

# create ssh-keygen
# find local system ipaddr for searching username about mutual trust
key_ip=`ip a |grep 'inet ' |grep 'eth' |awk '{print $2}' |awk -F"/" '{print $1}'`
key_user=`grep $key_ip /tmp/check/inform.txt |awk '{print $2}'`
# assign the user's UID to the key_user_id if the user exists
id $key_user &>/dev/null
if [ $? -ne 0 ] ; then
  echo "$key_user is not exist...."
  exit
else
  key_user_id=`id $key_user |awk -F"(" '{print $1}' |awk -F"=" '{print $2}'`
fi
# Determine the user's home directory based on UID
if [ $key_user_id -eq 0 ] ; then
  home_dir="/root"
else
  home_dir="/home/$key_user"
fi
# change the user for creating ssh-key
su - $key_user <<-EOF
if [ ! -f $home_dir/.ssh/id_rsa ] ; then
  ssh-keygen -P "" -f $home_dir/.ssh/id_rsa &>/dev/null
  if [ $? -ne 0 ] ; then
    echo "ssh-keygen create failed..."
    exit
  fi
fi
EOF

# Configure one-way mutual trust
while read line
do
# get some information about host's groups
local_ip=`ip a |grep 'inet ' |grep 'eth' |awk '{print $2}' |awk -F"/" '{print $1}'`
local_trust_user=`grep $local_ip /tmp/check/inform.txt |awk '{print $2}'`
trust_ip=`echo $line |awk '{print $1}'`
trust_user=`echo $line |awk '{print $2}'`
trust_password=`echo $line |awk '{print $3}'`
# change ther user for copying ssh-key to other host
su - $local_trust_user <<-ENDCOMMAND
  /usr/bin/expect <<-EOF
  spawn ssh-copy-id $trust_user@$trust_ip
  expect {
    "yes/no" { send "yes\r";exp_continue }
    "password:" { send "$trust_password\r" }
  }
  expect eof
  EOF
ENDCOMMAND
done &>/dev/null < /tmp/check/inform.txt
————————————————————————————————————————————

 

start.sh # trust configure the startup script
------------------------------------------ - #
/ usr / bin / env bash!
# Remote the configure Others One-Way Mutual Trust
# v1.0 by Bruce
# 2019 Nian 5 Yue 20 Ri

# call script mutual_trust.sh
bash /tmp/check/mutual_trust.sh

# Redefine the separator
IFS_OLD=$IFS
IFS='
'

# remote some file about configuration mutual trust and exec mutual_trust.sh
for inform in `cat /tmp/check/inform.txt`
do
# echo $inform
# find local system ipaddr for searching username about mutual trust
key_ip=`ip a |grep 'inet ' |grep 'eth' |awk '{print $2}' |awk -F"/" '{print $1}'`
key_user=`grep $key_ip /tmp/check/inform.txt |awk '{print $2}'`
hosts_ip=`echo $inform |awk '{print $1}'`
hosts_user=`echo $inform |awk '{print $2}'`
hosts_root_pass=`echo $inform |awk '{print $4}'`
if [ "$hosts_ip" != "$key_ip" ] ; then
  sleep 1
else
  continue
fi
# remote translate some file
su - $key_user <<-START
  ssh $hosts_user@$hosts_ip <<-EOF
  mkdir /tmp/check
  EOF
  scp -r /tmp/check/mutual_trust.sh $hosts_user@$hosts_ip:/tmp/check/mutual_trust.sh
  scp -r /tmp/check/inform.txt $hosts_user@$hosts_ip:/tmp/check/inform.txt
START
# exec nutual_trust.sh
/usr/bin/expect <<-SSHROOT
  spawn ssh root@$hosts_ip
  expect {
    "yes/no" { send "yes\r";exp_continue }
    "password:" { send "$hosts_root_pass\r" }
  }
  expect "#" {
    send "cd /tmp/check/;sh /tmp/check/mutual_trust.sh\r"
    send "rm -rf /tmp/check/\r"
    send "exit\r"
  }
  expect eof
SSHROOT
done &>/dev/null < /tmp/check/inform.txt

# restore separator
IFS=$IFS_OLD
—————————————————————————————————————————


inform.txt # server information
-----------------------------------------
192.168. tom tom wxsec.com 44.100
192.168.44.150 tom tom wxsec.com
192.168.44.200 tom tom wxsec.com
---------------------------- -------------

 

readme.txt # script uses the guidance document
-----------------------------------------
1 The script file contains the following:
start.sh # mutual trust and configure the startup script
mutual_trust.sh #-way trust configuration script
inform.txt # configure trust configuration file
readme.txt # script uses the guidance document

2. Profile Description:
configuration content is divided into four columns:
the first column: the host name or IP address of the host, if the host name, you need to manually configure Address Resolution hostsIP
the second column: the username you need to configure mutual trust, script to create mutual trust and provide the user based on the user's
third column: configure the required mutual trust and user passwords, scripts are automatically added to the account password
fourth column: root password for the user's host, easy to operate some of the need to use the root of execution

3. The script uses the method:
# tar zxvf mutual_trust.tar.gz
# # vim inform.txt edit and configure profiles
# sh start.sh

4. Note:
After completing the trust, the script will automatically clear the / tmp / check files in that directory and the foot itself created by the script configuration.
But local script execution server does not automatically remove the server in order to avoid information leakage, mutual trust and follow the configuration manually delete the local / tmp / check and files in the directory.
Intermediate script outputs information have all been redirected to the null device / dev / null in, such as the need to process information, you can open .sh script file can be deleted redirection.
------------------------------------------

Guess you like

Origin www.cnblogs.com/lv1572407/p/10939171.html
Recommended
Ranking
#2019110700005
What materials and procedures are required for patent transfer
What is the blockchain Ethereum triplet state root transaction root receipt root
Front-end study notes 04 --- About the insertion of html pictures and videos
Documents required for the filing of WeChat Mini Programs in special industries, the filing process of WeChat Mini Programs in special industries, how to file WeChat Mini Programs in special industries
2017 Qingdao-site tournament I The Squared Mosquito Coil
[BZOJ3165][HEOI2013]Segment (line segment tree without marking)
Kettle series: KettleEasyExpand, an open source Kettle universal plugin by Ma Jinju
The latest tutorial on making framework for iOS
DAX Section 6: Statistical Functions
Daily
More
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)

Code World

© 2018 codetd.com