def __init__(self, serverConfig): self.serverConfig = serverConfig self.mountPoints = [] self.initManager = SystemD() self.filesystem = "ext4"
class InstallerConfig: def __init__(self, serverConfig): self.serverConfig = serverConfig self.mountPoints = [] self.initManager = SystemD() self.filesystem = "ext4" # self.serverConfig['networkInfo']['eth0Name'] # self.serverConfig['networkInfo']['publicIp'] # self.serverConfig['networkInfo']['broadcast'] # self.serverConfig['networkInfo']['netmask'] # self.serverConfig['networkInfo']['gateway'] # self.serverConfig['networkInfo']['nameserver'] # self.serverConfig['disks'] # self.serverConfig['enableRaid'] # self.serverConfig['hostname'] def activateLocalNetwork(self): try: os.system("ifconfig " + self.serverConfig['networkInfo']['eth0Name'] + " " + self.serverConfig['networkInfo']['publicIp'] + " broadcast " + self.serverConfig['networkInfo']['broadcast'] + " netmask " + self.serverConfig['networkInfo']['netmask'] + " up") os.system("route add default gw " + self.serverConfig['networkInfo']['gateway']) os.system('echo "nameserver ' + self.serverConfig['networkInfo']['nameserver'] + '" > /etc/resolv.conf') except IndexError: os.system('') def syncSystemClock(self): os.system("service ntpd stop") os.system("ntpdate -s time.nist.gov") os.system("service ntpd start") def installStage3(self, type): os.system("cd /mnt/gentoo") if type == "amd64-hardened+nomultilib": os.system("wget $( echo http://distfiles.gentoo.org/releases/amd64/autobuilds/`curl http://distfiles.gentoo.org/releases/amd64/autobuilds/latest-stage3-amd64-hardened+nomultilib.txt -q | tail -n 1` )") elif type == "amd64-nomultilib": os.system("wget $( echo http://distfiles.gentoo.org/releases/amd64/autobuilds/`curl http://distfiles.gentoo.org/releases/amd64/autobuilds/latest-stage3-amd64-nomultilib.txt -q | tail -n 1` )") os.system("tar xjpf stage3*.tar.bz2") # os.system("rm -rf stage3*.tar.bz2") os.system("echo \"nameserver 8.8.8.8\" > /mnt/gentoo/etc/resolv.conf") os.system("wget '' -O /mnt/gentoo/usr/src/.config") # os.system('mount -t proc proc /mnt/gentoo/proc') # os.system('mount --rbind /sys /mnt/gentoo/sys') # os.system('mount --rbind /dev /mnt/gentoo/dev') # os.system('chroot /mnt/gentoo /bin/bash') def installPortage(self): f = open('/etc/portage/make.conf') f.write(( "# These settings were set by the catalyst build script that automatically\n" "# built this stage.\n" "# Please consult /usr/share/portage/config/make.conf.example for a more\n" "# detailed example.\n" "" )) cFlags = "-O2" makeOps = "" numCpus = 1 try: if self.serverConfig['compileNative']: cFlags += " -march=native" except IndexError: cFlags += "" try: if not self.serverConfig['isLowMemoryEnvironment']: cFlags += " -pipe" except IndexError: cFlags += "" try: makeOps = "-j" + self.serverConfig['numCpus'] numCpus = self.serverConfig['numCpus'] except IndexError: cFlags += "" f.write(( "CFLAGS=\"" + cFlags + "\"\n" "MAKEOPS=\"" + makeOps + "\"\n" "\n" "EMERGE_DEFAULT_OPTS=\"--jobs=" + numCpus + " --load-average=" + numCpus + "\n" "\n" "USE=\"" + self.serverConfig['useFlags'] + "\"\n" "\n" "GENTOO_MIRRORS=\"ftp://ftp.ussg.iu.edu/pub/linux/gentoo http://ftp.ucsb.edu/pub/mirrors/linux/gentoo/\"\n" "SYNC=\"rsync://rsync25.us.gentoo.org/gentoo-portage\"\n" )) try: if self.serverConfig['mode'] == "unstable": arch = "~" + arch except IndexError: arch = self.serverConfig['arch'] f.write(( "RUBY_TARGETS=\"ruby19\"\n" "\n" "CXXFLAGS=\"${CFLAGS}\"\n" "\n" "PORTDIR=\"/usr/portage\"\n" "DISTDIR=\"${PORTDIR}/distfiles\"\n" "PKGDIR=\"${PORTDIR}/packages\"\n" )) f.close() os.system("echo 'sys-apps/dbus -systemd' > /etc/portage/package.use") os.system("echo 'sys-kernel/gentoo-sources ~amd64' > /etc/portage/package.accept_keywords") os.system("echo '' > /etc/portage/package.mask") os.system("emerge-webrsync") os.system("emerge --sync") def eselect(self, item, num): if item == "gcc-config": os.system("gcc-config -l") os.system("gcc-config " + num) else: os.system("eselect " + item + " list") os.system("eselect " + item + " set " + num) os.system("env-update && source /etc/profile") def setTonezone(self, timezone): os.system("echo 'America/Los_Angeles' > /etc/timezone") os.system("emerge --config sys-libs/timezone-data") def setLocale(self, locale): os.system(("echo 'en_US ISO-8859-1" "en_US.UTF-8 UTF-8' > /etc/locale.gen")); os.system("env-update && source /etc/profile") os.system("locale-gen") def multiEmerge(self, allApps): cmdToRun = "emerge " for app in allApps: cmdToRun += app + " " os.system(cmdToRun) for app in allApps: self.emerge(app, true) def emerge(self, app, configOnly = False): # Compile application phase if app == "pip:aws": os.system("pip install awscli") elif app == "sshd": os.system('') elif app == "php:composer": os.system("curl -sS https://getcomposer.org/installer | php -- --install-dir=/bin") os.system("mv /bin/composer.phar /usr/local/bin/composer") else: if not configOnly: os.system("emerge " + app) # Activate Service Phase if app in ('ntp', 'app-emulation/open-vm-tools', 'cronie', 'sshd', 'iptables', 'fail2ban', 'dev-db/redis', 'www-servers/apache', 'app-antivirus/clamav', 'dev-db/mongodb', 'mariadb', 'mysql', 'iptables', 'syslog-ng', 'sys-fs/mdadm', 'lvm2', 'app-emulation/libvirt'): self.initManager.activateService(app) # Post-config (where applicable) if app == 'app-emulation/open-vm-tools': os.system("mkdir -p /mnt/hgfs") elif app == "sys-fs/mdadm": os.system("mdadm --examine --scan > /etc/mdadm.conf") elif app == "conky": os.system("rm -rf /etc/conky/conky.conf") os.system("wget 'http://71.19.151.36/conky.conf' -O /etc/conky/conky.conf") elif app == "genkernel": os.system("rm /usr/share/genkernel/arch/x86_64/kernel-config") os.system("ln -s /usr/src/linux/.config /usr/share/genkernel/arch/x86_64/kernel-config") elif app == "mariadb": os.system("emerge --config dev-db/mariadb") elif app == "app-forensics/chkrootkit": os.system("echo '0 3 * * * /usr/sbin/chkrootkit\n' >> /var/spool/cron/crontabs/root") os.system("chown root:crontab /var/spool/cron/crontabs/root") elif app == "sudo": os.system("chmod +w /etc/sudoers") os.system("echo '%admin ALL=(ALL) ALL\n' >> /etc/sudoers") os.system("chmod -w /etc/sudoers") elif app == "app-antivirus/clamav": os.system("paxctl -m /usr/sbin/clamd /usr/bin/freshclam /usr/bin/clamconf") os.system("freshclam") elif app == "www-servers/apache": os.system(("echo '" "" "ServerName " + self.serverConfig['hostname'] + "" "KeepAlive On" "MaxKeepAliveRequests 100" "KeepAliveTimeout 15" "" "StartServers 8" "MinSpareServers 5" "MaxSpareServers 20" "ServerLimit 256" "MaxClients 256" "MaxRequestsPerChild 4000" "" "' >> /etc/apache2/httpd.conf")) os.system("sed -i 's/-D DEFAULT_VHOST -D INFO/-D DEFAULT_VHOST -D INFO -D PHP5/g' /etc/conf.d/apache2") def setInitManager(self, manager): if manager.getName == "systemd": os.system(("echo '" "sys-apps/dbus -systemd' >> /etc/portage/package.use")) self.emerge(manager.getName) os.system("sed -i 's/sys-apps\/dbus -systemd/ /g' /etc/portage/package.use") os.system("emerge sys-apps/dbus") else: self.emerge(manager.getName) self.initManager = manager def updateAll(self): os.system("emerge --update --deep --with-bdeps=y @world") os.system("emerge @preserved-rebuild") os.system("emerge --changed-use --deep world") def installNetwork(self): os.system("echo '" + self.serverConfig['hostname'] + "' > /etc/hostname") os.system("echo 'hostname=\"" + self.serverConfig['hostname'] + "\"' > /etc/conf.d/hostname") os.system("echo \"127.0.0.1 localhost " + self.serverConfig['hostname'] + "\n::1 localhost\n\" > /etc/hosts") os.system("cd /etc/conf.d") try: self.initManager.activateNetwork(self.server, self.serverConfig['networkInfo']['publicIp']) except IndexError: this.emerge("net-misc/dhcpcd") def emergeIptablesFirewall(self, rules): self.emerge("iptables") os.system(('echo "*filter' ':INPUT ACCEPT [0:0]' ':FORWARD ACCEPT [0:0]' ':OUTPUT ACCEPT [82:5518]' ':RH-Firewall-1-INPUT - [0:0]' '-A INPUT -j RH-Firewall-1-INPUT' '-A INPUT -i ' + self.serverConfig['networkInfo']['eth0Name'] + ' -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT' '-A FORWARD -j RH-Firewall-1-INPUT' '-A OUTPUT -o ' + self.serverConfig['networkInfo']['eth0Name'] + ' -m state --state RELATED,ESTABLISHED -j ACCEPT' '-A RH-Firewall-1-INPUT -i lo -j ACCEPT' '-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT' '-A RH-Firewall-1-INPUT -p esp -j ACCEPT' '-A RH-Firewall-1-INPUT -p ah -j ACCEPT' '-A RH-Firewall-1-INPUT -i ' + self.serverConfig['networkInfo']['eth0Name'] + ' -p tcp -m tcp --sport 1024:65535 --dport 443 -m state --state NEW -j ACCEPT' '-A RH-Firewall-1-INPUT -i ' + self.serverConfig['networkInfo']['eth0Name'] + ' -p tcp -m tcp --sport 1024:65535 --dport 80 -m state --state NEW -j ACCEPT' '-A RH-Firewall-1-INPUT -i ' + self.serverConfig['networkInfo']['eth0Name'] + ' -p tcp -m tcp --sport 1024:65535 --dport 22 -m state --state NEW -j ACCEPT' '-A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT' '-A RH-Firewall-1-INPUT -s 71.19.151.32/28 -i ' + self.serverConfig['networkInfo']['eth0Name'] + ' -j ACCEPT' '-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-port-unreachable' 'COMMIT" > /var/lib/iptables/rules-save')) def installGrub2(self, device): packagesToInstall = { "sys-boot/grub" } if self.server.enableRaid: packagesToInstall.append("sys-fs/mdadm") packagesToInstall.append("lvm2") packagesToInstall.append("genkernel") self.multiEmerge(packagesToInstall); if self.server.enableRaid: for dev in device: os.system("grub2-install " + dev) else: os.system("grub2-install " + device) os.system(("echo '" "GRUB_CMDLINE_LINUX=\"init=/usr/lib/systemd/systemd\"" "' >> /etc/default/grub")) cmdLineDefault = "rootfstype=ext4"; if self.server.enableRaid: cmdLineDefault += " domdadm dolvm" elif self.site.hasAppFlag("PIXO/SECURE_TOOLS"): cmdLineDefault += " apparmor=1 security=apparmor" os.system(("echo '" "GRUB_CMDLINE_LINUX_DEFAULT=\"" + cmdLineDefault + "\"" "' >> /etc/default/grub")) # use GenKernel to create initramfs if self.server.enableRaid: os.system("genkernel --lvm --mdadm --install initramfs") os.system("grub2-mkconfig -o /boot/grub/grub.cfg")