# CentOS 7 一鍵安裝指令檔
#
# 目的, 安裝 webmin , 設定適當防火牆及啟用程式
#
# 這是註解說明
#
# 由 root 身份執行
cd
# 建立 webmin 網路安裝設定檔
touch /etc/yum.repos.d/webmin.repo
echo '[Webmin]' > /etc/yum.repos.d/webmin.repo
echo 'name=Webmin Distribution Neutral' >> /etc/yum.repos.d/webmin.repo
echo '#baseurl=http://download.webmin.com/download/yum' >> /etc/yum.repos.d/webmin.repo
echo 'mirrorlist=http://download.webmin.com/download/yum/mirrorlist' >> /etc/yum.repos.d/webmin.repo
echo 'enabled=1' >> /etc/yum.repos.d/webmin.repo
# 建立 webmin PGP key
touch jcameron-key.asc
echo -----BEGIN PGP PUBLIC KEY BLOCK----- > jcameron-key.asc
echo Version: GnuPG v1.0.7 (GNU/Linux) >> jcameron-key.asc
echo >> jcameron-key.asc
echo mQGiBDx9wR0RBACR3xGPTkG5Staj7EVeiVJDrYXIPF28MGCrOEGw04tQmQTALz0E >> jcameron-key.asc
echo YEcyfvui7KScrpHmZpy70PwgwxUDPUMik7vvRiUa9RRbJsDYyom06NGk+Z4dURhn >> jcameron-key.asc
echo DeNRhcBrNBfyMvUY7HSJ2JP9jhQDWb8Lo1i231tvlnY0tNudVsP484ax6wCgrBwW >> jcameron-key.asc
echo myad6TLYaETj0+AxGJxYgikD/iERqNF60x+WyfEH/SIOuKGlV/QoxmqOePn2gj9V >> jcameron-key.asc
echo DWiOOAZ9DDWD6DpRNK/UVZRD1MK37HU1ePv7i92DTL9yIbyJwFcZNkEyMU3t+GBj >> jcameron-key.asc
echo zf4YvaQnvtA09EdQNsC1GXxNXqYkVmTE1dHH83UK+chaXRoDQ6O9KD9SFE2vsj1d >> jcameron-key.asc
echo z9VPBACPgmuVcUKXag6ZBY+SBColQzwyZfXtTOCnBh0HP4HOjU4G6CRTcAgLQrdM >> jcameron-key.asc
echo 1Uu29Al7TaE2p8HZb37dVoTRntM+Nf5O+2dX5iHA6ncdozKGftuXQMC7z9758nUi >> jcameron-key.asc
echo 2E4Svo9hmroM+NKonpZByt6TilhDXrPIcNYHlNsxpTAxq+lnw7QjSmFtaWUgQ2Ft >> jcameron-key.asc
echo ZXJvbiA8amNhbWVyb25Ad2VibWluLmNvbT6IVwQTEQIAFwUCPH3BHQULBwoDBAMV >> jcameron-key.asc
echo AwIDFgIBAheAAAoJENl6OukR9jxRQZEAoIHxngo/LxLBeFF9cpEViVGgChRIAJ90 >> jcameron-key.asc
echo zwqcBfw02su5AavnXjv6HxXF8bkBDQQ8fcEqEAQAx88aO9zI912/tbsNjLhDXpq0 >> jcameron-key.asc
echo WMw5F6fUUlwYpkaspPwWZ3UgDJaR1+oL3xnJKlD1Eu5x9B3r+rxYyoFpXubWz4R6 >> jcameron-key.asc
echo sL1u4kMRb347+fv140dE/RGFNEmqefZDeysz1TQG1Sskyyf7sV2KRUmI8wJTwg3n >> jcameron-key.asc
echo IOtbyOoE3XlxI5FUrW8AAwUD/iEBdIH5DYB/FnOb/EkP3G3kCXGgTdZk7UA9HPKB >> jcameron-key.asc
echo dV7JckgSicpi/mX898LxQrr0jyb6nyi2900OgQUQArrviTnp37j4ciQj214gTHzf >> jcameron-key.asc
echo ssA40O5QR4t915z6wS4Ml+fAc5ZOeL6EQxiP+x+rz6h9+Mc8rawowY+7sBnvVw5O >> jcameron-key.asc
echo YoVXiEYEGBECAAYFAjx9wSoACgkQ2Xo66RH2PFH+ZgCggAyuOLaoE9t9tyJbifEz >> jcameron-key.asc
echo /YzvqYwAnj85Ehe8EmnKuor/k/TPtKl4MzDm >> jcameron-key.asc
echo =oxvD >> jcameron-key.asc
echo -----END PGP PUBLIC KEY BLOCK----- >> jcameron-key.asc
# 匯入
rpm --import jcameron-key.asc
# selinux 改為 permissive
setenforce 0
/bin/rm -f /etc/selinux/config
echo '# This file controls the state of SELinux on the system.' > /etc/selinux/config
echo '# SELINUX= can take one of these three values: ' >> /etc/selinux/config
echo '# enforcing - SELinux security policy is enforced.' >> /etc/selinux/config
echo '# permissive - SELinux prints warnings instead of enforcing.' >> /etc/selinux/config
echo '# disabled - No SELinux policy is loaded.' >> /etc/selinux/config
echo 'SELINUX=permissive ' >> /etc/selinux/config
echo '# SELINUXTYPE= can take one of these two values:' >> /etc/selinux/config
echo '# targeted - Targeted processes are protected,' >> /etc/selinux/config
echo '# mls - Multi Level Security protection.-' >> /etc/selinux/config
echo 'SELINUXTYPE=targeted' >> /etc/selinux/config
echo "setenforce 0" >> /etc/rc.local
# 設定防火牆 Firewall-cmd
/usr/bin/firewall-cmd --add-port=10000/tcp --permanent
/usr/bin/firewall-cmd --add-service=samba --permanent
/usr/bin/firewall-cmd --add-service=samba-client --permanent
/usr/bin/firewall-cmd --add-service=http --permanent
/usr/bin/firewall-cmd --add-service=https --permanent
/usr/bin/firewall-cmd --add-service=ftp --permanent
/usr/bin/firewall-cmd --reload
# 關不需要的服務, 啟動部份所需服務
/usr/bin/systemctl disable postfix
/usr/bin/systemctl stop postfix
#/usr/bin/systemctl enable smb
#/usr/bin/systemctl enable nmb
# 參考 smb.conf 設定 selinux
setsebool -P samba_domain_controller on
setsebool -P samba_enable_home_dirs on
setsebool -P samba_export_all_rw on
setsebool -P use_samba_home_dirs on
# 安裝 webmn 並更新
yum -y install webmin
yum -y update
yum clean all
沒有留言:
張貼留言