Starting to put together a script to be converted into Chef for setup of server using Bonsaiframework approach,
#!/bin/bash # This is not yet ready to use. # # MINIMAL SOFTWARE ON HOST # sudo apt-get --assume-yes install ntp sudo apt-get update sudo apt-get --assume-yes dist-upgrade sudo apt-get --assume-yes install wget man htop # # allow staff to use sudo # # need to convert this to command line, but using visudo for proper locking of this critical file sudo visudo -f /etc/sudoers.d/01_bonsai_disable_password_auth # # SSH for HOST and CONTAINER # # install ssh sudo apt-get --assume-yes install ssh # disable ssh user password authentication sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.2011-02-12.v0.0.tinpham_about_to_disable_password_auth.bck sudo sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config # ubuntu 14.04 seems to have slow ssh connection issues, fix by removing dns checking # only do if you notice it is slow echo '# Disable reverse DNS lookup to prevent slow login' | sudo tee -a /etc/ssh/sshd_config echo 'UseDNS no' | sudo tee -a /etc/ssh/sshd_config # # MINIMAL SOFTWARE ON CONTAINER # sudo apt-get --assume-yes install ntp mlocate # # ACCOUNTS # # Create Staff Users sudo useradd -d /home/tin.pham -m -g staff -u 2000 -c "Support Tin Pham" -s /bin/bash tin.pham sudo usermod -a -G adm tin.pham sudo passwd tin.pham sudo su - tin.pham mkdir ~/.ssh chmod 700 ~/.ssh touch ~/.ssh/authorized_keys chmod 600 ~/.ssh/authorized_keys cd ~/.ssh wget www.bonsaiframework.com/tscripts/publicKey.tin.pham cat publicKey.tin.pham >> authorized_keys rm publicKey.tin.pham sudo useradd -d /home/roderick.fongyee -m -g staff -u 2505 -c "Support Roderick Fongyee" -s /bin/bash roderick.fongyee sudo usermod -a -G adm roderick.fongyee sudo passwd roderick.fongyee sudo su - roderick.fongyee mkdir ~/.ssh chmod 700 ~/.ssh touch ~/.ssh/authorized_keys chmod 600 ~/.ssh/authorized_keys cd ~/.ssh wget www.bonsaiframework.com/tscripts/publicKey.roderick.fongyee cat publicKey.roderick.fongyee >> authorized_keys rm publicKey.roderick.fongyee # allow staff users to have root access # FIX: Commands should use absolute, not relative paths cd /etc/sudoers.d/ sudo wget www.bonsaiframework.com/tscripts/01_enable_sudo_for_staff sudo chmod o-r 01_enable_sudo_for_staff sudo addgroup --gid 3000 serveradmin sudo useradd -d /home/serveradmin -m -g serveradmin -u 3000 -c "Admin catch-all" -s /bin/bash serveradmin sudo usermod -a -G adm serveradmin sudo passwd serveradmin # add public key here if intention is to allow remote login sudo su - serveradmin mkdir ~/.ssh chmod 700 ~/.ssh touch ~/.ssh/authorized_keys chmod 600 ~/.ssh/authorized_keys cd ~/.ssh wget www.bonsaiframework.com/tscripts/publicKey.serveradmin cat publicKey.serveradmin >> authorized_keys rm publicKey.serveradmin # # CLEANUP # # Logout and delete default ubuntu account for containers sudo userdel ubuntu