Skip to content

provisiondata/pdsiss

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

47 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
autopgsqlbackup.sh
autopgsqlbackup.sh
 
 
banner
banner
 
 
harden.sh
harden.sh
 
 
init_docker_vm.sh
init_docker_vm.sh
 
 
screen.md
screen.md
 
 

Repository files navigation

Shell Scripts

Miscelaneous CentOS 7 shell scripts for the PDSI networking environment

All scripts should be written so that they can be run repeatedly. E.G. If a script fails to run in it's entirety, fix the issue and run it again.

harden.sh

Basic hardening for internal servers (non-public facing)

  • Set DNS resolvers to our internal caching resolvers
  • Install fail2ban and set it to monitor SSH
  • Disable root login (Console and SSH. Use su or sudo)
  • Set ssh login legal banner
  • Restrict /root directory to root user
  • Set minimum password length
  • Set default password hashing algorithm to SHA-512
  • Kick inactive users after 20 minutes
  • Restrict cron and at to root user.

Run as root:

# curl -sL https://raw.githubusercontent.com/provisiondata/pdsiss/master/harden.sh | bash -

Don't forget to add the pdsiroot user and record the password in KeePass:

# useradd pdsiroot
# passwd pdsiroot
# usermod -aG wheel pdsiroot

init_docker_vm.sh

Installs and configures docker for participation in our swarm. Does not automatically join the swarm.

Run as root:

# curl -sL https://raw.githubusercontent.com/provisiondata/pdsiss/master/init_docker_vm.sh | bash -
# usermod -aG docker pdsiroot

About

Miscelaneous CentOS 7 shell scripts and cheat sheets for the PDSI networking environment

provisiondata.com

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages