How to setup SSH Passwordless login using SSH key phrases, this is required for tasks such as Rsync Backup or being able to transfer files from one box to another without entering authentication credentials.
How to setup SSH keys without a login password
On your Linux box enter:
1
ssh-keygen -t rsa
Accept the default options and push enter when it asks you for a passphrase:
123456
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
You should now have a public and private key in ~.ssh we need to copy the public key (never give out your private key!) to the server we wish to access via our SSH passwordless login setup:
You will then get prompted for the password on the remote server, enter it and ssh-copy-id will copy your key over and install it with the correct permissions.
You should now be able to login via SSH without a password with:
I accepted all the defaults and entered the my mail address and SMTP server info when prompted. You will be asked what type of OSSEC install you require during the install process, I selected local for the purpose of this guide.
You are about to start the installation process of the OSSEC HIDS.
You must have a C compiler pre-installed in your system.
If you have any questions or comments, please send an e-mail
to [email protected](or [email protected]).
- System: Linux linuxmoz 2.6.32-33-server
- User: root
- Host: linuxmoz
-- Press ENTER to continue or Ctrl-C to abort. --
1- What kind of installation do you want (server, agent, local or help)? server
- Server installation chosen.
2- Setting up the installation environment.
- Choose where to install the OSSEC HIDS [/var/ossec]:
- Installation will be made at /var/ossec .
3- Configuring the OSSEC HIDS.
3.1- Do you want e-mail notification? (y/n)[y]:
- What's your e-mail address? myemailaddress - What's your SMTP server ip/host? localhost
3.2- Do you want to run the integrity check daemon? (y/n)[y]: y
- Running syscheck (integrity check daemon).
3.3- Do you want to run the rootkit detection engine? (y/n)[y]: y
- Running rootcheck (rootkit detection).
3.4- Active response allows you to execute a specific
command based on the events received. For example,
you can block an IP address or disable access fora specific user.
More information at:
https://www.ossec.net/en/manual.html#active-response
- Do you want to enable active response? (y/n)[y]:
- Active response enabled.
- By default, we can enable the host-deny and the
firewall-drop responses. The first one will add
a host to the /etc/hosts.deny and the second one
will block the host on iptables (if linux) or on
ipfilter (if Solaris, FreeBSD or NetBSD).
- They can be used to stop SSHD brute force scans,
portscans and some other forms of attacks. You can
also add them to block on snort events, for example.
- Do you want to enable the firewall-drop response? (y/n)[y]:
- firewall-drop enabled (local)for levels >= 6
- Default white list for the active response:
- 10.0.3.1
- Do you want to add more IPs to the white list? (y/n)? [n]:
3.5- Do you want to enable remote syslog (port 514 udp)? (y/n)[y]:
- Remote syslog enabled.
3.6- Setting the configuration to analyze the following logs:
-- /var/log/messages
-- /var/log/auth.log
-- /var/log/syslog
-- /var/log/mail.info
-- /var/log/dpkg.log
-- /var/log/apache2/error.log (apache log) -- /var/log/apache2/access.log (apache log) - If you want to monitor any other file, just change
the ossec.conf and add a new localfile entry.
Any questions about the configuration can be answered
by visiting us online at https://www.ossec.net .
If you on a default install of Ubuntu your network settings will be pulled via DHCP and your file will look similar to:
12345678910
# This file describes the network interfaces available on your system# and how to activate them. For more information, see interfaces(5).# The loopback network interfaceauto lo
iface lo inet loopback
# The primary network interfaceauto eth0
iface eth0 inet dhcp
Comment the existing info out and add the following Ubuntu static IP address info so it looks like:
The ultimate Vi cheat sheet for anyone learning Vi Commands or the Vi editor in general. Keep this guide close by when using the editor and you will learn how to use Vi in no time. Vim commands will be the same as Vi for the most part – Windows however has Gvim which allows some GUI interaction.
I – Inserts text at the beginning of the text line, not the beginning column of the vi screen
a – Appends to the end of the right of the cursor
A – Appends at the end of the current line
o – Begins a new line below the current line
O – Drops the current line and begins a new one in its place
Vi Replace
cw – Vi replace a single word from the current cursor position. To replace a whole word, you put the cursor on the the first character of the word.
c$ – replace the current line but doesn’t extend to change the rest of a wrapped sentence on the screen
r – Vi Replace the character under the cursor
R – Replaced the text on the same line until Esc is pressed, but it doesn’t change text on the next line. Instead, it pushes to ahead of the current changes.
Vi Delete
x – Deletes a single character under the cursor
X – Deletes a single character before the cursor
dw – Deletes a single word that’s currently under the cursor, from the cursor position onward.
Vi Delete Line
dd – Vi delete line, regardless of the cursors position on the line
D – Deletes all text from the cursor position to the end of the line
dL – Deletes all text from the cursor position to the end of the screen
dG – Deletes all text from the cursor to the EOF
d^ – Deletes all text from the beginning of the line to the cursor
Vi Copy & Paste
Commands for Vi copy & paste:
yy – Vi copy line – copies a line of text to the unnamed buffer
3yy – Copies 3 lines of text to the unnamed buffer
yw – Copies a word (under the cursor) to the unnamed buffer
3yw – Copies 3 words to the unnamed buffer
P – Pastes the contents 0f the unnamed buffer to the right of the cursor
p – Pastes the contents of the unnamed buffer to the left of the cursor
Navigation Within a File
This may confuse you to start with,
H – This is the left arrow; it’s easy to remember because it’s the leftmost key in the four key set
J – Use this for the down arrow; I remember this by thinking of jown instead of down.
K – This is the up arrow; I remember this by thinking of kup for up.
L – Use this for the right arrow; I remember this as L is right, which I always thought sounded dumb, it’s alright on the right side of the keyboard…
Vi Page Down
Ctrl+F – Vi page down – Moves forward a page
Ctrl+D – Moves forward half a page
Vi Page Up
Ctrl+B – Vi page up – Moves back a page
Ctrl+U – Moves backward a half-page
Named and Unnamed Buffers
“ayy – Pulls a line the named buffer (a), overwriting the current contents
“Ayy – Appends the current line to the buffer
“A3yy – Pulls three lines from the current cursor position and appends the lines to the A buffer
“ap – Pastes the a buffer to the right of the cursor (the case of the buffer letter is meaningless)
Vi Search
How to perform a Vi Search.
N – Vi Search forward
Shift+N – Search Backward
Vi Search and Replace
:s/bob/BOB/ – Replaces the first instance of bob with BOB
:s/bob/BOB/g – Replaces all instances of bob with BOB in that line (note g stands for global)
:%s/bob/BOB/g – Replaces all instances of bob with BOB in that file no matter how many exist or how many changes made to each line
Vi Search for Part of a Word
A fuzzy search allows you to find something that you only know part of, for example if you wanted to find all instances of lines starting with the word “Uber” you would use the following:
1
/^Uber
To find all instances of the word “ninja” at the end of a line you would use:
1
/ninja$
In some instances you’ll need to find what’s called a metacharacter. For example, say you wanted to find the instances in a file for the asterisk character (*), because it stands for many characters. You could use something like this:
1
/The \* character
Another example might be finding the text ninja, with the period being treated only as a period. Otherwise, you’d find ninjas, ninja?, ninja! and so on. To find JUST ninja you would use the following:
1
/ninja\.
Finally, matching a range of characters is handy, such as trying to find all instances of the version number string v2.9. You either have to perform several searches of use something like this:
1
/v2.[1-9]
The square brackets denote a single character, stretching from the first character to the one after the dash. If you wanted instead to find all versions of the word the, including THE, THe and tHE, you would use the following:
1
/ [tT][hH [eE]
Options in Vi
set number
set tabstop=5
set noh1search
The above code should be placed in the .exrc file which is located in the users home dir.
There are more than 60 options available in vi, to view them all type
1
:set all
To find out about an options status type
1
:set optionname?
:set number – turns on line numbers
:set nonumber – turns the number option off
Advanced Vi commands
How to run external commands in vi:
Say for example you want to run “ls -l” inside of vi as you can’t remember a file name, you would enter:
1
:! ls -l
Pressing enter or command will return you to the vi session. If the output is more than one screen it is piped to the more command.
Joining lines in vi
Back space only works on current lines, so to join lines in vi you need to position the curser in either line and press Shift+J
Split windows in vi
When you are editing a file and want to see a different section of the file or even a different file altogether, you can use the following:
:split – This splits the window horizontally
:vsplit – this splits the file vertically, with the same file on each side
To switch between the windows, hit Ctrl+W
To edit two files in vi at the same time, open the first file and then type:
1
:split file2
To set the hight of the split window:
1
:15split /blah/file
The above will split the top 15 lines of the screen and display the contents of the /blah/file.
To close the split window, take focus by hitting Ctrl+W and then enter :close
Or to close all the other split windows, take focus of the main window and enter:
1
: only
This will close all other windows apart from your window :p
Vi Save
:w – Vi Save, write the file out to disk
Vi Save & Exit
:q – Vi exit – this will close Vi
:wq – Vi save & exit
: x – Vi exit, and prompts it you want to save on exit.
Shift+ZZ – Alternative way to save and exit Vi
:q! – Exits vi and discards and changes you made
:wq! – Vi Save and exit if you are root and do not have the write bit set for the file you are attempting to write.
Misc / Additional
U – Vi Undo, easy to remember, enter U in command mode to undo the last command.
:+X+! – In command mode this will undo everything you have done since the last disk write.
Ctrl+G – Shows the file name, total number of lines and the current position expressed as a percentage of the total number of lines in the file.
Multipliers
Just about any keystroke or action can be done multiple times by prefixing it with a number.
For example to move the curser to line 5 you would press 5g. To move 12 words to the right you would enter 12W.
The following Rsnapshot Ubuntu guide walks you through the process of setting up a fully automated Ubuntu backup solution that meets the following requirements:
Secure – Data is transfered securely using encryption
Automated – Runs each day without any user interaction
Reliable
You can think of Rsnapshot like Apple Time Machine, but on the command line, syncing only what has changed each day and creating snapshots and uses hard links to the old unchanged files to minimize disk space consumption (kind of like a poor mans netaps).
Another advantage of rsnapshot is that it logs into remote servers and pulls the data back over SSH, which means the backup server can sit behind a firewall with no ports forwarded in, this is very important as the server is going to be authenticating to other servers via ssh keys without passphrases.
The following guide walks you through the process of installing Rsnapshot on Ubuntu Linux.
Login as root (or sudo -s if you’re on Ubuntu)
1
aptitude install rsnapshot
This will install Rsnapshot and pull down any packages it depends on.
Open up the file “/etc/rsnapshot.conf” with you’re chosen text editor (I use vi), lets take a look at the first section “snapshot_root” this is the location where Rsnapshot stores it’s backups. By default it places them in the root directory, but I have changed mine to “/backup/snapshots/”.
123
# All snapshots will be stored under this root directory.#snapshot_root /backup/snapshots/
Next I uncommented “no_create_root 1” this stops rsnapshot creating the snapshot_root dir, (meaning you have to create it yourself). The benefit of this being, if your backing up to a USB drive and you forget to connect it rsnapshot will not backup to the mount point filling your drive space up and possibly causing a server crash (if you have partitioned incorrectly).
12345
# If no_create_root is enabled, rsnapshot will not automatically create the# snapshot_root directory. This is particularly useful if you are backing# up to removable media, such as a FireWire or USB drive.#no_create_root 1
We are using Linux, so uncomment the “cmd_cp” line.
123456
# LINUX USERS: Be sure to uncomment "cmd_cp". This gives you extra features.# EVERYONE ELSE: Leave "cmd_cp" commented out for compatibility.## See the README file or the man page for more details.#cmd_cp /bin/cp
Next uncomment “cmd_ssh” and give it the correct path to the ssh binary.
123
# Uncomment this to enable remote ssh backups over rsync.#cmd_ssh /usr/bin/ssh
I uncommented the du option as well, cool little tool that shows you the size of each of your snapshots. (remember if you just did a “du -sh *” in the snapshot dir it would read wrong due to the hard linking).
12345
# Uncomment this to specify the path to "du" for disk usage checks.# If you have an older version of "du", you may also want to check the# "du_args" parameter below.#cmd_du /usr/bin/du
This brings us onto Backup Intervals, as you can see I have kept the defaults, so rsnapshot will keep 6 copies of my hourly backup before it starts over writing my old one, 7 copies of my daily backups, 4 of my weekly and 3 monthly backups! Worth noting that rsnapshot will not create the daily.0 backup until hourly.5 has been created in the snapshot_root, the same with weekly and monthly.
12345678910
########################################## BACKUP INTERVALS ## Must be unique and in ascending order ## i.e. hourly, daily, weekly, etc. ##########################################interval hourly 6
interval daily 7
interval weekly 4
interval monthly 3
Global Options
The defaults for these are normally fine, however I wanted to a bit more verbosity until I am happy the backup system is working. I changed the setting to 4 instead of 3, 4 displays the commands on the command line as if you were entering them by hand, this was good enough for me!
12345678
# Verbose level, 1 through 5.# 1 Quiet Print fatal errors only# 2 Default Print errors and warnings only# 3 Verbose Show equivalent shell commands being executed# 4 Extra Verbose Show extra verbose information# 5 Debug mode Everything#verbose
“logfile”, I uncommented this as logs are always handy for finding out what went wrong :)
1234
# If you enable this, data will be written to the file you specify. The# amount of data written is controlled by the "loglevel" parameter.#logfile /var/log/rsnapshot
“exclude” After running my first backup it became apparent that I had a bunch of VMWare disk image files in my home dir, so I excluded them with:
123456789
# The include and exclude parameters, if enabled, simply get passed directly# to rsync. If you have multiple include/exclude patterns, put each one on a# separate line. Please look up the --include and --exclude options in the# rsync man page for more details on how to specify file name patterns.##include ???#include ???#exclude ???exclude /home/kjs/vmware-disks/
The next thing I configured was the backup points, what I wanted backed up from each of my machines, starting with the localhost.
Now I want to backup my email server “the-death-star”, so I configured my backup server to pull it’s data in over SSH (kinda of like when that Star Destroyer pulled in the Millennium Falcon with it’s tractor beam, yeah… Kind of…).
This is the end of the config file editing, now it’s time to give your config a test with:
1
rsnapshot configtest
This should come back and say “Syntax OK” unless you messed something up, in which case it will tell you the line it errors on, so go back and fix it!
Ubuntu SSH Keys Setup
It’s all great pulling in the data over SSH but we need to be able to login automatically to our remote servers.
I use remote root logins for my servers, as I am backing up files in locations like /etc/passwd which are only readable by root, yes there are ways around this, but I do not want this document to get to complex.
We need to setup SSH keys without passphrases, otherwise we are going to get prompted each time the backup runs for the pass phrase.
Creating SSH keys for key based authentication
Create the key pair, this will create the public and private keys (never give your private key out!).
1
ssh-keygen -t rsa
Accept all the default, just push enter when it asks you for a passphrase
123456
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
You should now have a set of keys in /root/.ssh/ now we need to copy them to the remote machine we want to login to, in this case the-death-star.techspotting.org so this would be the command:
You will then get prompted for the password for your account on the remote host, go ahead and enter it, ssh-copy-id will then copy the key to the correct dir and sort out the correct file system permissions, cool huh?
Give it a test and make sure it’s working:
1
ssh the-death-star.linuxmoz.com
If you look in “/etc/cron.d/rsnapshot” you should see a file that looks like this:
1234567891011
# This is a sample cron file for rsnapshot.# The values used correspond to the examples in /etc/rsnapshot.conf.# There you can also set the backup points and many other things.## To activate this cron file you have to uncomment the lines below.# Feel free to adapt it to your needs.# 0 */4 * * * root /usr/bin/rsnapshot hourly# 30 3 * * * root /usr/bin/rsnapshot daily# 0 3 * * 1 root /usr/bin/rsnapshot weekly# 30 2 1 * * root /usr/bin/rsnapshot monthly
Providing you are happy with the default cron config (which I was) remove the comments so it looks like this:
1234567891011
# This is a sample cron file for rsnapshot.# The values used correspond to the examples in /etc/rsnapshot.conf.# There you can also set the backup points and many other things.## To activate this cron file you have to uncomment the lines below.# Feel free to adapt it to your needs.0 */4 * * * root /usr/bin/rsnapshot hourly
30 3 * * * root /usr/bin/rsnapshot daily
0 3 * * 1 root /usr/bin/rsnapshot weekly
30 2 1 * * root /usr/bin/rsnapshot monthly
Now you have enabled cron to backup your files using rsnapshot, you had better make sure it is going to work!
1
rsnapshot -t hourly
Check everything looks sane and nothing nasty is going to happen and repeat for daily, weekly, monthly.
Now it’s time for your first backup!
1
rsnapshot hourly
If you have verbosity set to 4 like me (optional), you will be able to see all the files your backing up flying up the screen! The first backup has to move all the file the snapshot_root so this is going to take some time, depending on the speed of your machine / connection, might be a good time to grab another coffee.
You should start to see files in your snapshot_root, after a few weeks you should see a bunch of hourly., daily., weekly.*
How to install Asterisk on Ubuntu walking you through the process of installing Asterisk 10 on Ubuntu 10.04 LTS.
Here is a video of the install if you would rather watch.
Asterisk is an Enterprise level VoIP PBX telephone system that has many configuration options and can use a wide range of hardware, this guide will walk you through the process of installing Asterisk on Ubuntu 10.04 LTS, which is often a daunting task for Linux Admins.
Specifically this guide will show you how to install Asterisk 10 on Ubuntu LTS 10.04, this guide is a copy and paste tutorial.
Ubuntu Asterisk 10 Install Guide
To start off with make sure that Ubuntu is up to date.
1
aptitude update && aptitude dist-upgrade
Install deps and build tools so that we can compile Asterisk 10 on Ubuntu
Extract the tar archives for Asterisk 10 and DAHDI Tools
1
tar -xvzf asterisk-10.0.0.tar.gz && tar -xvzf dahdi-linux-complete-2.6.0+2.6.0.tar.gz
Build DAHDI Tools on Ubuntu LTS
It is important to build DAHDI tools before we build Asterisk 10
First we must enter the DAHDI directory:
1
cd dahdi-linux-complete-2.6.0+2.6.0/
Build DAHDI Tools with the following commands:
123
make all
make install
make config
Start the DAHDI Tools service with:
1
/etc/init.d/dahdi start
Build / Compile Asterisk 10 on Ubuntu LTS
Next it’s time to build Asterisk 10, change to your Asterisk 10 directory:
1
cd asterisk-10.0.0/
Build Asterisk 10 with:
12
make clean
./configure
Configure your Asterisk options and build with:
123
make menuselect
make
make install
Make Asterisk samples:
12
make samples
make config
Ubuntu Asterisk 10 samples get installed into /etc/asterisk only make samples it you are upgrading Asterisk, if you already have an Asterisk install on Ubuntu then skip this step or it will overwrite your config files.
Start Asterisk with:
1
asterisk -vvvvvvc
That’s it you should now have a working Ubuntu Asterisk 10 install running on Ubuntu 10.04 LTS, now it’s time to setup your phones and outbound SIP trunks.
How to display Linux memory usage on all versions of Linux from the command line. The command free displays the Linux memory info (Virtual memory & physical) the system is currently using including Linux cache memory and swap usage.
To display the memory usage type:
1
free -m
(the -m is optional, it displays the data in Mb’s instead of Kb’s – I personally find this easier).
Linux Memory Usage Command Example
Linux memory info output from free should look similar to this:
Below is an overview of what each memory value means:
Mem
This is real memory (RAM).
Swap
This is memory that the Linux Kernel has swapped out to disk to free up RAM (faster memory), if you are a Windows Admin you would call this “Virtual Memory”.
Total
This show the total memory for Linux Swap and RAM.
Used
Shows the total Linux memory usage for the system, this is often confused and many admins often think there system is out of memory.
Free
Displays the free memory Linux has.
Buffers
Buffers are needed for inter-process communication, such as accessing disks etc a certain amount of memory has to be left in buffers.
Cached
Cached memory is basically a buffer used in RAM for applications to use, it is perfectly normal for free to display a low memory usage and a high cache value.
This guide will walk you through the process of creating a CentOS Kickstart file from scratch for custom / automated CentOS installations.
First of all if you have never seen a kickstart file before look in the /root dir you should see a file called “anaconda-ks.cfg” open it, you should see the parameters you entered during install.
There are various reasons for automating a CentOS install, the most common being automated server deployment for cloud CentOS servers.
Below is an example of a CentOS kickstart file I used when rolling out a bunch of Fedora (RHEL / CentOS should be similar) laptops with VMWare player installed and a couple of virtual machine images pulled in via wget. I chose to use a kickstart install with scripts over imaging software such as Symantec Ghost for the Linux installs as this enabled me to use the image on various types of hardware and with the tweak of a script I could greatly customise the installs in the future. Microsoft WDS / RIS or Ghost would not allow me this level of flexibility.
#version=DEVELtext
install
cdrom
lang en_US.UTF-8
keyboard uk
timezone --utc Europe/London
rootpw --iscrypted $$nndedddewfooofcerd3r434
selinux --disabled
# Custom user addeduser --name=kevinmitnick --groups=users --password=HackThePlanet
authconfig --enableshadow --passalgo=sha512 --enablefingerprint
firewall --service=ssh
# The following is the partition information you requested# Note that any partitions you deleted are not expressed# here so unless you clear all partitions first, this is# not guaranteed to workclearpart --all --drives=sda
ignoredisk --only-use=sda
part /boot --fstype=ext2 --asprimary --size=500
part /OtherOS --fstype=ext4 --asprimary --size=10240
part swap --asprimary --size=2048
part pv.fedora1000 --grow --asprimary --size=500
volgroup fedora --pesize=32768 pv.fedora1000
logvol /centosVM --fstype=ext4 --name=centosVM --vgname=fedora --size=30720
logvol /home --fstype=ext4 --name=home --vgname=fedora --size=81920
logvol / --fstype=ext4 --name=root --vgname=fedora --size=25600
logvol /windowsVM --fstype=ext4 --name=windowsVM --vgname=fedora --size=40960
bootloader --location=mbr --driveorder=sda --append="nomodeset rhgb quiet"# setup the network with DHCPnetwork --device=eth0 --bootproto=dhcp
# packages that will be installed, anything starting with an @ sign is a yum package group.%packages
@admin-tools
@authoring-and-publishing
@base
@core
@development-libs
@development-tools
@dial-up
@editors
@education
@electronic-lab
@engineering-and-scientific
@eclipse
@fedora-packager
@fonts
@gnome-desktop
@gnome-software-development
@graphical-internet
@graphics
@hardware-support
@input-methods
@java
@java-development
@kde-desktop
@kde-software-development
@legacy-fonts
@office
@online-docs
@printing
@sound-and-video
@system-tools
@text-internet
@x-software-development
@base-x
kpackagekit
system-config-network
scribus
xfsprogs
mtools
gpgme
gpm
rpmdevtools
koji
mercurial
lua
pylint
rpmlint
plague-client
cmake
mock
bzr
pptp
kdeedu-marble
minicom
opencv
yum-priorities
plotutils
openoffice.org-opensymbol-fonts
qtcurve-gtk2
gvfs-obexftp
glibmm24-devel
gnome-vfs2-devel
libsigc++20-devel
libart_lgpl-devel
kdepim
konversation
ImageMagick
digikam
kipi-plugins
kdegraphics
gypsy
gpsd
hdparm
m17n-db-tamil
m17n-db-gujarati
m17n-db-kannada
m17n-db-hindi
gok
m17n-db-oriya
m17n-db-bengali
m17n-contrib-sinhala
m17n-db-assamese
m17n-db-punjabi
iok
m17n-db-telugu
m17n-db-malayalam
xorg-x11-fonts-ISO8859-1-100dpi
urw-fonts
ghostscript-fonts
kdepim
vorbis-tools
amarok
jack-audio-connection-kit
kaffeine
kdemultimedia
vbetool
gssdp
geoclue
createrepo
radeontool
PackageKit-command-not-found
obexftp
enca
festival
ntpdate
xsel
gupnp
rdesktop
fuse
ncftp
mesa-libGLU-devel
xorg-x11-apps
xscreensaver-gl-extras
gdm
xscreensaver-extras
xscreensaver-base
xterm
xorg-x11-resutils
gitk
git-gui
dia
tftp
python-crypto
boost-devel
valgrind
subversion
cvs
thunderbird-lightning
python-sqlite2
asciidoc
glibc-static
tcllib
python-psycopg*
ssh*
perl-ExtUtils-MakeMaker
perl-Net-Telnet
perl-HTML-FromText
libICE.so.6
libSM.so.6
libXmu.so.6
libXp.so.6
libXpm.so.4
libXt.so.6
help2man
cscope
ctags
git
kernel-devel
tftp-server
texlive-latex
texi2html
cmake
transfig
alsa-lib
libXScrnSaver
qt
qt-x11
libasound.so.2
libXss.so.1
libQtDBus.so.4
libQtGui.so.4
pulseaudio
alsa-plugins-pulseaudio
pulseaudio-esound-compat
pulseaudio-libs
pulseaudio-libs-glib2
pulseaudio-module-zeroconf
pulseaudio-libs-zeroconf
xmms-pulse
pulseaudio-module-gconf
wine-pulseaudio
xine-lib-pulseaudio
pulseaudio-utils
pulseaudio-module-bluetooth
padevchooser
paman
paprefs
pavucontrol
pavumeter
ncurses-devel.i686
%end
%post --log=/root/my-post-log
exec < /dev/tty3 > /dev/tty3
chvt 3
echoecho"################################"echo"# Running Post Configuration #"echo"################################"# prevent future yum updates pulling down & install new kernels (and breaking VMware & video drivers).echo"exclude=kernel*" >> /etc/yum.conf
# update the systemyum update -y
# install rpm fusion reporpm -Uvh \https://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-stable.noarch.rpm \https://download1.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-stable.noarch.rpm
# disable rpmfusion repo, to prevent a yum update contaminating the system with rpmfusion rpms.sed -i 's/enabled=1/enabled=0/g' /etc/yum.repos.d/rpmfusion-*
# install video drivers - enabling rpmfusion repos on the command line.yum -y --enablerepo=rpmfusion-nonfree --enablerepo=rpmfusion-free --enablerepo=rpmfusion-free-updates --enablerepo=rpmfusion-nonfree-updates install kmod-nvidia xorg-x11-drv-nvidia-libs.i686 xorg-x11-drv-nvidia-libs.x86_64 akmod-nvidia
# start akmods on bootchkconfig akmods on
# add pcadmin to sudoersecho"kevinmitnick ALL=(ALL) ALL" >> /etc/sudoers
# set perms on vmware partitions so users in the users group can create vm's chown :users /windowsVM && chmod 775 /windowsVM
chown :users /centosVM && chmod 775 /centosVM
# Make sure the system boots X by setting the system to run level 5sed -i 's/id:3:initdefault:/id:5:initdefault:/g' /etc/inittab
# install openvpn & configurewget ftp://$host/pub/VPN/OpenVPN/Linux/openvpnclient-custom-settings-1.6-3.i386.rpm
rpm -ivh openvpnclient-custom-settings-1.6-3.i386.rpm
cd /etc/openvpn/
rm client.conf-*
wget ftp://$host/pub/VPN/OpenVPN/Linux/64bit/client.conf-1
mv client.conf-1 client.conf-0
rm -f /openvpnclient-custom-settings-1.6-3.i386.rpm
# add Kevin Mitnick to group usersusermod -a -G users kevinmitnick
# pull down vmware imagescd /windowsVM/
wget --user=magicinstaller --password=hacktheplanet ftp://magicinstaller:fubar@ftp.$host.com/images/windowsVM.tar.gz
tar -xvzf windowsVM.tar.gz
cd /centosVM/
wget --user=magicinstaller --password=hacktheplanet ftp://magicinstaller:fubar@ftp.$host.com/images/centosVM.tar.gz
tar -xvzf centosVM.tar.gz
# create symlink as instructedcd /usr/lib; ln -s libtinfo.so libtermcap.so.2
# confirm perms are set correctlychown -R :users /windowsVM && chmod -R 775 /windowsVM
chown -R :users /centosVM && chmod -R 775 /centosVM
# swap to console 1chvt 1
Obviously you will need to modify your CentOS kickstart file to suit your requirements however you should be able to get a feel for what you can achieve with a kickstart file. If you are wondering how I got VMWare Player installed, I had to do this manually due to the VMWare licensing agreement in the script.