Starting to put together a script to be converted into Chef for setup of server using Bonsaiframework approach,
#!/bin/bash # This is not yet ready to use. # # MINIMAL SOFTWARE ON HOST # sudo apt-get --assume-yes install ntp sudo apt-get update sudo apt-get --assume-yes dist-upgrade sudo apt-get --assume-yes install wget man htop ntp telnet # # allow staff to use sudo # # convert to script similar to below for allow users root for staff # allow staff users to have root access # FIX: Commands should use absolute, not relative paths cd /etc/sudoers.d/ sudo wget www.bonsaiframework.com/tscripts/01_enable_sudo_for_staff sudo chmod o-r 01_enable_sudo_for_staff sudo visudo -f /etc/sudoers.d/01_bonsai_disable_password_auth # # SSH for HOST and CONTAINER # # install ssh sudo apt-get --assume-yes install ssh # disable ssh user password authentication sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.2011-02-12.v0.0.tinpham_about_to_disable_password_auth.bck sudo sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config # ubuntu 14.04 seems to have slow ssh connection issues, fix by removing dns checking # only do if you notice it is slow echo '# Disable reverse DNS lookup to prevent slow login' | sudo tee -a /etc/ssh/sshd_config echo 'UseDNS no' | sudo tee -a /etc/ssh/sshd_config # # MINIMAL SOFTWARE ON CONTAINER # Software below is required to run the other scripts ie download keys # sudo apt-get --assume-yes install mlocate wget # # ACCOUNTS # # Create Staff Users sudo useradd -d /home/tin.pham -m -g staff -u 2000 -c "Support Tin Pham" -s /bin/bash tin.pham sudo usermod -a -G adm tin.pham sudo passwd tin.pham sudo su - tin.pham mkdir ~/.ssh chmod 700 ~/.ssh touch ~/.ssh/authorized_keys chmod 600 ~/.ssh/authorized_keys cd ~/.ssh wget www.bonsaiframework.com/tscripts/publicKey.tin.pham cat publicKey.tin.pham >> authorized_keys rm publicKey.tin.pham exit # make sure to leave the user sudo useradd -d /home/roderick.fongyee -m -g staff -u 2505 -c "Support Roderick Fongyee" -s /bin/bash roderick.fongyee sudo usermod -a -G adm roderick.fongyee sudo passwd roderick.fongyee sudo su - roderick.fongyee mkdir ~/.ssh chmod 700 ~/.ssh touch ~/.ssh/authorized_keys chmod 600 ~/.ssh/authorized_keys cd ~/.ssh wget www.bonsaiframework.com/tscripts/publicKey.roderick.fongyee cat publicKey.roderick.fongyee >> authorized_keys rm publicKey.roderick.fongyee exit # make sure to leave the user sudo addgroup --gid 3000 serveradmin sudo useradd -d /home/serveradmin -m -g serveradmin -u 3000 -c "Admin catch-all" -s /bin/bash serveradmin sudo usermod -a -G adm serveradmin sudo passwd serveradmin # add public key here if intention is to allow remote login sudo su - serveradmin mkdir ~/.ssh chmod 700 ~/.ssh touch ~/.ssh/authorized_keys chmod 600 ~/.ssh/authorized_keys cd ~/.ssh wget www.bonsaiframework.com/tscripts/publicKey.serveradmin cat publicKey.serveradmin >> authorized_keys rm publicKey.serveradmin exit # make sure to leave the user # restart ssh for the change to take effect, sudo service ssh restart ################ Leave the default account and log into your main account # # CLEANUP # # Logout and delete default ubuntu account for containers # intersting, in an lxc setup, once my main account was created, left and logged back in, it appeared to automatically delete default ubuntu user # test this scenario again sudo userdel -r ubuntu # Make sure to reboot for any kernel updates to take effect sudo reboot