def install_rkhunter(email=None): """ Install and configure RootKit Hunter Default section: admin :param email: Email to send reports :type email: str """ opts = dict( email=email or get_envvar('email',section='admin') or err('Email must be set'), ) # install RKHunter apt_get('rkhunter') # send emails on warnings uncomment('/etc/rkhunter.conf', '#MAIL-ON-WARNING=me@mydomain root@mydomain', use_sudo=True) sed('/etc/rkhunter.conf', 'me@mydomain root@mydomain', opts['email'], use_sudo=True) # ignore some Ubuntu specific files uncomment('/etc/rkhunter.conf', '#ALLOWHIDDENDIR=\/dev\/.udev', use_sudo=True) uncomment('/etc/rkhunter.conf', '#ALLOWHIDDENDIR=\/dev\/.static', use_sudo=True) uncomment('/etc/rkhunter.conf', '#ALLOWHIDDENDIR=\/dev\/.initramfs', use_sudo=True)
def install_php(): """Install FastCGI interface for running PHP scripts via Nginx.""" # install php-fpm, php process manager apt_get(['php5-fpm', 'php5-curl', 'php5-mysql', 'php5-gd']) # the command above also pulls in apache, which we cannot remove -> make id not start at bootup sudo('update-rc.d -f apache2 remove') # security harden PHP5 sed('/etc/php5/cgi/php.ini', ';cgi\.fix_pathinfo=1', 'cgi\.fix_pathinfo=0', use_sudo=True) sed('/etc/php5/cgi/php.ini', '; allow_call_time_pass_reference', 'allow_call_time_pass_reference = Off', use_sudo=True) sed('/etc/php5/cgi/php.ini', '; display_errors', 'display_errors = Off', use_sudo=True) sed('/etc/php5/cgi/php.ini', '; html_errors', 'html_errors = Off', use_sudo=True) sed('/etc/php5/cgi/php.ini', '; magic_quotes_gpc', 'magic_quotes_gpc = Off', use_sudo=True) sed('/etc/php5/cgi/php.ini', '; log_errors', 'log_errors = On', use_sudo=True) # restart for changes to apply sudo('/etc/init.d/php5-fpm restart')
def install_sendmail(email=None): """ Prepare a localhost SMTP server for sending out system notifications to admins Default section: admin :param email: Email to send reports :type email: str """ opts = dict( email=email or get_envvar('email',section='admin') or err('Email must be set'), ) # install sendmail apt_get('sendmail') # all email should be sent to maintenance email append('/etc/aliases', 'root: %(email)s' % opts, use_sudo=True)
def install_munin_node(add_to_master=True): """Install and configure Munin node, which gathers system information and sends it to Munin master.""" # install munin-node apt_get('munin-node') # add allow IP to munin-node.conf -> allow IP must be escaped REGEX-style ip = '%(hq)s' % env ip.replace('.', '\\\.') sed('/etc/munin/munin-node.conf', '127\\\.0\\\.0\\\.1', '%s' % ip, use_sudo=True) sudo('service munin-node restart') # add node to munin-master on Headquarters server so # system information is actually collected if add_to_master: with settings(host_string='%(hq)s:22' % env): path = '/etc/munin/munin.conf' append(path, '[%(hostname)s]' % env, use_sudo=True) append(path, ' address %(server_ip)s' % env, use_sudo=True) append(path, ' ', use_sudo=True)
def raid_monitoring(email=None): """ Configure monitoring of our RAID-1 field. If anything goes wrong, send an email! Default section: admin :param email: Email to send reports :type email: str """ opts = dict( email=email or get_envvar('email',section='admin') or err('Email must be set'), ) # enable email notifications from mdadm raid monitor append('/etc/mdadm/mdadm.conf', 'MAILADDR %(email)s' % opts, use_sudo=True) # enable email notification for SMART disk monitoring apt_get('smartmontools') uncomment('/etc/default/smartmontools', '#start_smartd=yes', use_sudo=True)
def install_mysql(password=None): """ Install MySQL database server Default section: mysql :param password: Root mysql password ( ``envdefault="default_password"`` ) :type password: str """ opts = dict( password=password or get_envvar('password',section='mysql',envdefault='default_password') or err("No password for mysql set") ) # first set root password in advance so we don't get the package # configuration dialog sudo('echo "mysql-server-5.0 mysql-server/root_password password %(password)s" | debconf-set-selections' % opts) sudo('echo "mysql-server-5.0 mysql-server/root_password_again password %(password)s" | debconf-set-selections' % opts) # install MySQL along with php drivers for it apt_get('mysql-server mysql-client')
def install_dnsmasq(): """Installs local dns server""" apt_get("dnsmasq") add_startup("dnsmasq")
def install_aiccu(): "Installs aiccu. Hartbeat monitor for sixxs ipv6 tunnel" apt_get("aiccu")
def install_avahi(): """Installs avahi for mdns support""" apt_get("avahi-daemon") add_startup("avahi-daemon")
def install_nginx(nginx_conf=None): """Installs nginx webserver.""" apt_get("ngingx", "ppa:nginx/stable") add_startup("nginx")
def install_finch(): """Installs finch, console client port of pidgin""" apt_get("finch")