sidharrell · May 12, 2018 02:26
diff --git a/newDOserver b/newDOserver
 #!/bin/bash
 ## The ip address XXX.XXX.XXX.XXX/32 below needs to be replaced by the jump box address
 ## This locks down the server post-creation and sets it up with a 'sidney' user, since that is my local user, it makes it
 ## convenient to log in without the centos@
 ## also, I'm curling 404's from http://wiseyacht.com/ as my crude verification that it's finished, cause I can tail that
 ## apache log

 useradd sidney
 cp -r ~centos/.ssh ~sidney
 chown -R sidney. ~sidney/.ssh
 cp /etc/sudoers.d/90-cloud-init-users /etc/sudoers.d/sidney
 sed -i 's/centos/sidney/g' /etc/sudoers.d/sidney

 yum -y install epel-release
 rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
 yum -y install https://centos7.iuscommunity.org/ius-release.rpm
 rpm --import /etc/pki/rpm-gpg/IUS-COMMUNITY-GPG-KEY
 yum install -y vim iftop htop iotop curl nmap firewalld fail2ban wget mlocate pwgen telnet tcpdump traceroute php72u-bcmath php72u-cli php72u-common php72u-fpm httpd php72u-fpm-httpd php72u-gd.php72u-json php72u-mbstring php72u-mysqlnd php72u-opcache php72u-pdo php72u-xml php72u-json
 cat <<EOD > /etc/firewalld/zones/public.xml
 <?xml version="1.0" encoding="utf-8"?>
 <zone>
  <short>Public</short>
  <description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>
  <service name="ssh"/>
  <rule family="ipv4">
    <source invert="True" address="XXX.XXX.XXX.XXX/32"/>
    <drop/>
  </rule>
 </zone>
 EOD
 systemctl start firewalld && systemctl enable firewalld

 curl http://wiseyacht.com/firewallisup
 yum -y update
 curl http://wiseyacht.com/updatescompleted
	#!/bin/bash
	## The ip address XXX.XXX.XXX.XXX/32 below needs to be replaced by the jump box address
	## This locks down the server post-creation and sets it up with a 'sidney' user, since that is my local user, it makes it
	## convenient to log in without the centos@
	## also, I'm curling 404's from http://wiseyacht.com/ as my crude verification that it's finished, cause I can tail that
	## apache log

	useradd sidney
	cp -r ~centos/.ssh ~sidney
	chown -R sidney. ~sidney/.ssh
	cp /etc/sudoers.d/90-cloud-init-users /etc/sudoers.d/sidney
	sed -i 's/centos/sidney/g' /etc/sudoers.d/sidney

	yum -y install epel-release
	rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
	yum -y install https://centos7.iuscommunity.org/ius-release.rpm
	rpm --import /etc/pki/rpm-gpg/IUS-COMMUNITY-GPG-KEY
	yum install -y vim iftop htop iotop curl nmap firewalld fail2ban wget mlocate pwgen telnet tcpdump traceroute php72u-bcmath php72u-cli php72u-common php72u-fpm httpd php72u-fpm-httpd php72u-gd.php72u-json php72u-mbstring php72u-mysqlnd php72u-opcache php72u-pdo php72u-xml php72u-json
	cat <<EOD > /etc/firewalld/zones/public.xml
	<?xml version="1.0" encoding="utf-8"?>
	<zone>
	<short>Public</short>
	<description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>
	<service name="ssh"/>
	<rule family="ipv4">
	<source invert="True" address="XXX.XXX.XXX.XXX/32"/>
	<drop/>
	</rule>
	</zone>
	EOD
	systemctl start firewalld && systemctl enable firewalld

	curl http://wiseyacht.com/firewallisup
	yum -y update
	curl http://wiseyacht.com/updatescompleted