6. AutoInstall Cut Discr

Published by |author|
Date: |date| Time |time|
Type script: bash
!/bin/bash
-xv
set -x
https://wiki.debian.org/Microcode
http://hilite.me/ code->html
uncomment | 639!!!!
if [[ -z $STATE ]]; then
exit 3;
fi
user add
echo «****» | mkpasswd -s -H MD5
sudo usermod -p $(echo «» | mkpasswd -s -H MD5) test1
sudo usermod -p $S test1
su -p test1



6.1. 01 AUTO POSTINSTALL

Предупреждение

do postinstall copy wufu & wpa_supplicant.conf + SAMBA


6.1.1. 01.01 PRE-INSTALL EMV AND SETTINGS

d-i preseed/late_command string mkdir -p /target/install/; cp -R /install/* /target/install/; cp -Rf /install/lib/ /target/lib/;

cd /install/
tar -xvf wpa_supplicant-0.7.3.tar.gz
cd ./wpa_supplicant-0.7.3/
./configure
./install


include this boilerplate

https://stackoverflow.com/questions/9639103/is-there-a-goto-statement-in-bash
| GOTO for bash, based upon https://stackoverflow.com/a/31269848/5353461

rm /install/pii2.sh /etc/init.d/
update-rc.d -f pii2.sh remove

 1function jumpto
 2{
 3label=$1
 4cmd=$(sed -n "/$label:/{:a;n;p;ba};" $0 | grep -v ':$')
 5eval "$cmd"
 6exit
 7}
 8function reinterfaces
 9{
10cd /etc/network/


if [[ -n $( egrep -n „^[a-z] || ^| „ interfaces) && TMPS==»0» ]]; then

 1BUF="# This file describes the network interfaces available on your system\n
 2        # and how to activate them. For more information, see interfaces(5).\n
 3        \n
 4        source /etc/network/interfaces.d/*\n
 5        \n
 6        # The loopback network interface\n
 7        auto lo\n
 8        iface lo inet loopback\n
 9        \n
10        # The Primary\n
11        allow-hotplug en\n
12        iface en inet dhcp\n";
13rm interfaces
14touch interfaces
15echo -e $BUF > interfaces;
16}
17
18start=${1:-"start"}
19interface_sh=${2:-"interface_sh"}
20step_one=${3:-"step_one"}
21step_two=${4:-"step_two"}
22step_three=${5:-"step_three"}

+ install wpa_supplicant-0.7.3.tar.gz

 1export LC_ALL=ru_RU.UTF-8
 2FILES="steps.txt"
 3BUF="";
 4TMPS="";
 5COUNT=0;
 6DEB_VER="";
 7NET_EN="";
 8NET_WI="";
 9STATE="0";
10PORT_SSH="4103"
11NET_ARR=();

6.1.2. 01.02 CHECK ROOT PRIVILEGE

 1if [[ $EUID -ne 0 ]]; then
 2        if [[ ${LANG:0:5} -eq 'ru_RU' ]]; then
 3                echo "Ошибка скрипта перезапустите скрипт на root" 1>&2
 4        else
 5                echo "This script must be run as root" 1>&2
 6        fi
 7        exit 1;
 8fi
 9
10if [[ ! -f "$FILES" ]]; then
11        touch steps.txt
12fi

https://askubuntu.com/questions/1705/how-can-i-create-a-select-menu-in-a-shell-script
options=(«Option 1» «Option 2» «Option 3» «Quit»)
select opt in «${options[@]}»

 1select opt in Auto PoluAuto Hands Exit; do
 2case $opt in
 3Auto)
 4                echo -n "Сейчас будет произведена автоматическая настройка ";
 5                sleep 3;
 6                jumpto start
 7;;
 8        Polstart)
 9                echo -n "В разработке...";
10;;
11Hands)
12                echo -n "В разработке...";
13;;
14Exit)
15exit 1;
16;;
17*)
18echo "Недопустимая опция $REPLY";
19;;
20esac
21done


1jumpto $start
2
3start:

Проверка отдельных переменных окружения.
Если переменная, к примеру $USER, не установлена,
+ то выводится сообщение об ошибке.

 1: ${HOSTNAME?} ${USER?} ${HOME?} ${MAIL?}
 2echo
 3echo "Имя машины: $HOSTNAME."
 4echo "Ваше имя: $USER."
 5echo "Ваш домашний каталог: $HOME."
 6echo "Ваш почтовый ящик: $MAIL."
 7echo
 8echo "Если перед Вами появилось это сообщение,"
 9echo "то это значит, что все критические переменные окружения установлены."
10echo
11echo "Сейчас будет установлена postinstall настройка"
12echo
13
14cd /etc/apt/
15cp sources.list sources.tmp

&VERSION_DEBIAN -e mojno off
lsb_release -d | sed -n -e „s/.*(([^)]+))/1/p“
egrep „^[a-z]“ sources.list
sed -i „s/| deb-src http/deb-src http/g“ sources.list
sed -i „s/| deb http/deb http/g“ sources.list
algoritm:
a.0 search deb, deb-src
??? bash buffer
lsb_release -d | sed -n „s/.*([^)])//p“
if then yes ???
next
else
poist | deb, | deb-src naub,security, updates
if yes ???, to ubrat |
else
version + add deb-src, deb http:// … + non-free
a.1 search „contrib /|non-free“ >> test
a.2 if test = 0 ? then
??? nado grep posi, a potom replace with check codename:
lsb_version -da
a.3 else ok

6.1.3. 01.03 SETTINGS /ETC/NETWORK -> INTERFACES [interface_sh]

1TMPS="0";
2interface_sh:
3
4cd /install/
5if [[ -z $(sed -n -e "s/^\(1_settings_interface_with_wifi\).*/\1/p" steps.txt) ]]; then

6.1.3.1. 01.03.01 SETTINGS NETWORK/INTERFACES


1cd /etc/network/

6.1.3.2. 01.03.02 SEARCH INTERFACES

| 2: number

1if [[ ! -f /etc/network/interfaces ]]; then
2        touch interfaces
3fi


1cp interfaces interfaces.back

t.k while 1 step s.b. str !0

 1COUNT=1;
 2NET_EN=""
 3
 4while [[ -n $( ip addr | sed -n -e "s/.*$COUNT\:\s\(.*\)\:\s<.*/\1/p") ]]
 5do
 6NET_ARR[COUNT]=$( ip addr | sed -n -e "s/.*$COUNT\:\s\(.*\)\:\s<.*/\1/p");
 7echo Counter: $COUNT $NET_EN;
 8((COUNT++));
 9done
10
11COUNT=0;

search index arr for WIFI[COUNT] and NETEN[COUNT]

 1for COUNT in ${NET_ARR[@]}
 2do
 3        if [[ -n $(echo $NET_ARR[$COUNT] | sed -n -e 's/en\(.*\).*/\1/p') ]]; then
 4                NET_EN=$COUNT;
 5        fi
 6        if [[ -n $(echo $NET_ARR[$COUNT] | sed -n -e 's/wl\(.*\).*/\1/p') ]]; then
 7                NET_WI=$COUNT;
 8        fi
 9done
10
11COUNT="0";
12
13if [[ -n $NET_EN && -n $NET_WI ]]; then
14        STATE="0";
15elif [[ -n $NET_EN ]]; then
16        STATE="1";
17else
18        echo "Error: not search lan interfaces";
19        sleep 1;
20        exit 2;
21fi;

state => «1» add interfaces only en_*!!!
state => «0» all ok
interfaces.back - zamenit bez .back

proverka interfaces

Jump to label interface_sh

1if [[ -z $( egrep -n '^[a-z] || ^#' interfaces) && $TMPS -eq "0" ]]; then
2reinterfaces
3fi

cat interfaces.back
analys set en wifi to two branch
create interfaces.tmp c orig
empty? yes - add svoi, else search „source“ „allow“ „iface“ +append_wpa
search source and return number line $begin
BEGIN=»0»
END=»0»;
mojet nay4itca kak udalit ostalnye stroki?
https://www.baeldung.com/linux/bash-count-lines-in-file
sed -r -e „/[a-z]/+{1,}*/=“ < interfaces.back
sed -r -e „/.*/+{1,}/ { =; q; }“ < interfaces.back
echo -e «abcnrtan123456789» | sed -r -e „/.*[0-9]/{1,/}/“
sed -r -e „/[a-z]/+{1,}*/{=;q;}“ interfaces.back

-1

https://www.gnu.org/software/sed/manual/html_node/Regular-Expressions.html
str /sources/
COUNT=$(($( sed -r -e „/[a-z]/+{1,}*/{=;q;}“ interfaces.back | sed -n „$=“)-1));
if [[ $(($( sed -r -e „/[a-z]/+{1,}*/{=;q;}“ interfaces | sed -n „$=“)-1)) == «0» ]]; then
1
if [[ $(sed -n -e «$=;» interfaces) == «0» ]]; then
TMPS=»1»;
jumpto interface_sh;
fi

1TMPS="1";

sed -n -e «s/rsa_cert_file=.*$|| rsa_cert_file=.*$/rsa_cert_file=/ssl/certs/vsftpd.crt/p» vsftpd.conf

1if [[ $STATE -eq "0" ]]; then

source /etc/network/interfaces.d/*n
str auto $( sed -n -e «s/(autos).*/1$NET_ARR[$NET_WI]s$NET_ARR[$NET_EN]/p»

 1if [[ -z $(sed -n -e "s/\(source \/etc\/network\/interfaces/\\).*/\1/p" interfaces) ]]; then
 2                TMPS="1";
 3                reinterfaces;
 4fi
 5
 6if [[ -z $(sed -n -e "s/\(auto\slo\).*/\1/p" interfaces) ]]; then
 7                TMPS="1";
 8                reinterfaces;
 9fi
10sed -i -e "s/\(auto\s\).*/\1$NET_WI $NET_EN/g" interfaces

str iface NET_EN

1if [[ -z $( sed -n -e "s/\(iface\slo\).*/\1/p" interfaces) ]]; then
2                TMPS="1";
3                reinterfaces;
4fi

TMPS=$(sed -n -e «/(ifaceslo).*/{=;q;}» interfaces)
sed -i -e «$TMPS s/(ifaces).*/1$NET_EN inet dhcp/g» interfaces

1sed -i -e "s/iface\slo.*/iface $NET_EN inet dhcp/g" interfaces

str allow-hotplug

1if [[ -z $( sed -n -e "s/\(allow-hotplug\s\).*/\1/p" interfaces) ]]; then
2                TMPS="1";
3                reinterfaces;
4fi
5sed -i -e "s/\(allow-hotplug\s\).*/\1$NET_WI/g" interfaces

str iface NET_WI

1if [[ -z $( sed -n -e "s/\(iface\s\).*/\1/p" interfaces) ]]; then
2                TMPS="1";
3                reinterfaces;
4fi

str auto
TMPS=$(sed -n -e «/(ifaces[en]).*/{=;q;}» interfaces)

1sed -i -e "$a s/\(iface\s\).*/\1$NET_WI inet dhcp/g" interfaces

sed -n -e «s/(ifaces[en]).*/1$NET_ARR[$NET_WI] inet dhcp/g» interfaces

1sed '$a wpa-conf \/home\/rootsu\/wpa_supplicant.conf' interfaces >> interfaces;

if [[-z $( sed -n -e «s/(autos).*/1/p» interfaces) ]]; then
jumpto interface_sh;
fi
systemctl restart wpa_supplicant@$NET_ARR[$NET_WI]

1systemctl restart wpa_supplicant

sed -n -e «s/(autos).*/1$NET_ARR[$NET_WI]s$NET_ARR[$NET_EN]/g» interfaces
str iface NET_EN
if [[-z $( sed -n -e «s/(ifaces).*/1/p» interfaces) ]]; then
jumpto interface_sh;
fi
sed -n -e «s/(ifaces).*/1$NET_ARR[$NET_WI] inet dhcp/g» interfaces
str allow-hotplug

1else
2
3if [[ -z $(sed -n -e "s/\(source \/etc\/network\/interfaces/\\).*/\1/p" interfaces) ]]; then
4                TMPS="1";
5                reinterfaces;
6fi

str auto $( sed -n -e «s/(autos).*/1$NET_ARR[$NET_WI]s$NET_ARR[$NET_EN]/p»

1if [[ -z $(sed -n -e "s/\(auto\slo\).*/\1/p" interfaces) ]]; then
2                TMPS="1";
3                reinterfaces;
4fi
5sed -i -e "s/\(auto\s\).*/\1$NET_EN/g" interfaces

str iface NET_EN

1if [[ -z $(sed -n -e "s/\(iface\slo\).*/\1/p" interfaces) ]]; then
2                TMPS="1";
3                reinterfaces;
4fi
5sed -i -e "s/iface\slo.*/iface $NET_EN inet dhcp/g" interfaces

str allow-hotplug

1if [[ -z $(sed -n -e "s/\(allow-hotplug\s\).*/\1/p" interfaces) ]]; then
2                TMPS="1";
3                reinterfaces;
4fi
5sed -i -e "s/\(allow-hotplug\s\).*/\1$NET_EN/g" interfaces

str iface NET_WI

1if [[ -z $(sed -n -e "s/\(iface\s\).*/\1/p" interfaces) ]]; then
2                TMPS="1";
3                reinterfaces;
4fi

TMPS=$(sed -n -e «/(ifaces[en]).*/{=;q;}» interfaces);

1sed -i -e "$a s/\(iface\s\).*/\1$NET_EN inet dhcp/g" interfaces

sed -n -e «s/(ifaces[en]).*/1$NET_ARR[$NET_WI] inet dhcp/g» interfaces
sed „$a wpa-conf /home/rootsu/wpa_supplicant.conf“ interfaces >> interfaces;
sed -n -e «s/(allow.*s).*/1$NET_ARR[$NET_WIFI]sinetsdhcp/g» interfaces

if [[ $STATE -eq «0» ]]; then fi

1fi

6.1.3.3. 01.03.02 restart service

1systemctl restart networking
2
3cd /install/
4echo -e "1_settings_interface_with_wifi" >> steps.txt
5fi

6.1.4. 01.04 Update distribution

1step_one:
2
3cd /install/
4if [[ -z $(sed -n -e "s/^\(1_src_list\).*/\1/p" steps.txt) ]]; then
5
6cd /etc/apt/
7if [[ -z $( lsb_release -d | sed -n -e 's/.*(\([^\)]\+\))/\1/p') ]]; then

echo «Error: not defined version DebianOS, wait 3 sec»;

1        DEB_VER=$(cat /etc/os-release | sed -n -e "s/.*(\([^\)].*\))\"$/\1/p");
2        DEB_VER=$(echo $DEB_VER | sed -n -e "s/\([a-z]*\)$//p")
3else
4        DEB_VER=$( lsb_release -d | sed -n -e 's/.*(\([^\)]\+\))/\1/p')
5fi;

cd /etc/apt/;
rm sources.tmp;
touch sources.tmp

main, contrib, non-free
main — здесь находятся пакеты соответствующие DFSG-compliant (Debian Free Software Guidelines) не требуют дополнительное ПО из других источников. Это часть дистрибутива Debian. Полностью свободны для любого использования.
contrib — смешанные пакеты которые содержат не только свободные пакеты DFSG-compliant но и пакеты из других веток например non-free.
non-free — не свободное программное обеспечение. Не соответствует DFSG.
check null string ???? dob add usloviya proverki ft http


1if [[ -n $(egrep -n '^[a-z] && ^#' sources.list) && -n $( sed -n -e "s/^deb http:\/\/ftp//p" sources.list) && -n $( sed -n -e "s/^deb-src http:\/\/ftp//p" sources.list) && -n $( sed -n -e "s/^deb http:\/\/deb//p" sources.list) && -n $( sed -n -e "s/^deb-src http:\/\/deb//p" sources.list) ]]; then
2STATE="1";
3rm sources.list;

touch sources.tmp;

 1BUF="#deb cdrom:[Debian GNU/Linux _*_ - Official amd64 NETINST 20210814-10:07]/ * main\ndeb http://ftp.debian.org/debian/ $DEB_VER main non-free contrib\ndeb-src http://ftp.debian.org/debian/ $DEB_VER main non-free contrib\n
 2\ndeb http://security.debian.org/debian-security/ $DEB_VER-security main contrib non-free \ndeb-src http://security.debian.org/debian-security/ $DEB_VER-security main contrib non-free \n
 3\n# *-updates, to get updates before a point release is made; \r\n# see https://www.debian.org/doc/manuals/debian-reference/ch02.en.html#_updates_and_backports \ndeb http://deb.debian.org/debian/ $DEB_VER-updates main contrib non-free \ndeb-src http://deb.debian.org/debian/ $DEB_VER-updates main contrib non-free \n
 4\n
 5        # This system was installed using small removable media \n
 6        # (e.g. netinst, live or single CD). The matching \"deb cdrom\" \n
 7        # entries were disabled at the end of the installation process. \n
 8        # For information about how to configure apt package sources, \n
 9        # see the sources.list(5) manual. \n"
10echo -e $BUF > sources.list;
11echo "Info: sources.list is null";
12sleep 1;

Waits 5 seconds.
sed -i „34s/AAA/BBB/“ file_name

1else

The first part of it is an «address», i.e. the following command only applies to lines matching it. The ! negates the condition, i.e. the command will only be applied to lines not matching the address. So, in other words, Replace Hello by Hello world! on lines that don’t contain Hello world!.
sed -n -e „s/.*bullseye-[a-z](.)/1/p“ sources.tmp
The pattern [a-z]* matches zero or more characters in the range a to z (the actual characters are dependent on the current locale). There are zero such characters at the very start of the string 123 abc (i.e. the pattern matches), and also four of them at the start of this is a line.
If you need at least one match, then use [a-z][a-z]* or [a-z]{1,}, or enable extended regular expressions with sed -E and use [a-z]+.

 1 sed -i -e "s/$DEB_VER\s.*$/$DEB_VER main contrib non-free/g" sources.list
 2 sed -i -e "s/\(\/\s$DEB_VER\-[a-z]*\).*/\1 main contrib non-free/g" sources.list
 3fi;
 4
 5echo -e "y\n" | apt-get update;
 6echo -e "y\n" | apt-get full-upgrade;
 7if [ $? -ne 0 ]; then
 8 echo "Error: full upgrade error!!!"
 9 exit 1
10fi
11echo -e "y\ny\ny\ny\n" | apt-get install console-setup;
12cd /install/
13echo -e "1_src_list" >> steps.txt
14
15fi

6.1.5. 01.05 Install drivers


 1step_two:
 2
 3cd /install/
 4if [[ -z $(sed -n -e "s/^\(2_install_driver\).*/\1/p" steps.txt) ]]; then
 5
 6if [[ $(lspci | grep VGA | sed -n -e "s/.*\[\(.*\)\/.*/\1/p") == "AMD" ]]; then
 7        echo -e "y\n" | apt-get install libdrm-amdgpu1
 8        echo -e "y\n" | apt-get install xserver-xorg-video-amdgpu
 9else
10        echo -e "y\n" | apt-get install nvidia-driver firmware-misc-nonfree nvidia-settings
11fi

apt-get install firmware-linux | apt-get install firmware-linux-nonfree | apt-get install firmware-linux | apt-get install firmware-realtek | apt-get install libdrm-amdgpu1 | apt-get install xserver-xorg-video-amdgpu | apt-get install man

1echo -e "y\n" | apt-get install firmware-linux
2
3if [[ $(lspci | grep Ethernet | sed -n -e "s/.*ller:\s\([a-zA-Z]\+\s\).*/\1/p") == "Realtek" ]]; then
4echo -e "y\n" | apt-get install firmware-realtek
5fi
6echo -e "y\n" | apt-get install firmware-linux-nonfree
7echo -e "y\n" | apt-get install firmware-iwlwifi
8echo -e "y\n" | apt-get install man

6.1.5.1. 01.05.01 Install SElinux utils & acl

1echo -e "y\n" | apt-get install acl
2echo -e "y\n" | apt-get install setools policycoreutils selinux-basics selinux-utils selinux-policy-default selinux-policy-mls auditd policycoreutils-python-utils semanage-utils audispd-plugins
3echo -e "y\n" | apt-get install mcstrans
4
5systemctl enable auditd
6systemctl start auditd

policycoreutils-gui

1touch /.autorelabel
2selinux-activate
3
4if [ $? -ne 0 ]; then
5 echo "Error: install driver failed!!!"
6 exit 1
7fi
8
9echo -e "2_install_driver" >> steps.txt

6.1.5.2. 01.05.02 Reboot

1reboot
2fi

6.1.6. 01.06 Install git && nanorc [step_three]

1if [[ -z $(sed -n -e "s/^\(3_nanorc\).*/\1/p" steps.txt) ]]; then

nano /etc/rc.local
setupcon

1echo -e "y\n" | apt-get install git
2if [ ? -ne 0 ]; then
3 echo "Error: error install git!!!"
4 exit 1;
5fi
6cd /install
7git clone git://git.savannah.gnu.org/nano.git; cd nano;./autogen.sh;./configure; make install

rm -Rf /nano/
rmdir /nano/
git clone https://github.com/nanorc/nanorc.git
cd nanorc
make install
exit 1;
make list all autogen
cat ~/.nano/syntax/ALL.nanorc
rm ~/.nanorc
touch ~/.nanorc
echo -e „include ~/.nano/syntax/ALL.nanorc“ >> ~/.nanorc
| TeX
echo -e „include «/usr/share/nano/patch.nanorc' >> ~/.nanorc
| POV-Ray
echo -e „include «/usr/share/nano/pov.nanorc' >> ~/.nanorc
| Perl
echo -e „include «/usr/share/nano/perl.nanorc' >> ~/.nanorc
| Nanorc files
echo -e „include «/usr/share/nano/nanorc.nanorc' >> ~/.nanorc
| Python
echo -e „include «/usr/share/nano/python.nanorc' >> ~/.nanorc
| C/C++
echo -e „include «/usr/share/nano/c.nanorc' >> ~/.nanorc
| Groff
echo -e „include «/usr/share/nano/groff.nanorc“ >> ~/.nanorc
| Assembler
echo -e „include «/usr/share/nano/asm.nanorc“ >> ~/.nanorc
| Ruby
echo -e „include «/usr/share/nano/ruby.nanorc“ >> ~/.nanorc
| Manpages
echo -e „include «/usr/share/nano/man.nanorc“ >> ~/.nanorc
| HTML
echo -e „include «/usr/share/nano/html.nanorc“ >> ~/.nanorc
| Bourne shell scripts
echo -e „include «/usr/share/nano/sh.nanorc“ >> ~/.nanorc
| Sun Java
echo -e „include «/usr/share/nano/java.nanorc“ >> ~/.nanorc
| Sun php
echo -e „include «/usr/share/nano/php.nanorc“ >> ~/.nanorc
| Sun perl
echo -e „include «/usr/share/nano/perl.nanorc“ >> ~/.nanorc
| sql
echo -e „include «/usr/share/nano/sql.nanorc“ >> ~/.nanorc
| asm
echo -e „include «/usr/share/nano/asm.nanorc“ >> ~/.nanorc
include «/usr/share/nano/*.nanorc»

1find /usr/share/nano -name '*.nanorc' -printf "include %p\n" > ~/.nanorc

for i in ls /usr/share/nano
do
echo «include /usr/share/nano/$i» >> ~/.nanorc
done
rm -Rf /nanorc/
rmdir /nanorc/

1fi
2echo -e "3_nanorc" >> steps.txt


6.1.7. 01.07 Copy dir


1if [[ -z $(sed -n -e "s/^\(4_copy_sh\).*/\1/p" steps.txt) ]]; then


1cd /install/
2cp -Rf /install/home/* /home/
3cp -Rf /install/home/rootsu/.bashrc ~root
4cp -Rf /install/home/rootsu/.profile ~root
5cp -Rf /install/home/rootsu/.cmd_shell.sh ~root
6
7cp -Rf /install/home/rootsu/* ~root
8chmod ug+rwx -Rf ~root

cp -Rf /install/home/admin/.bashrc /root/
cp /etc/nanorc ~/.nanorc

1echo -e "4_copy_sh" >> steps.txt
2fi

exit 1;
cp -Rf /install/home/ /home/ | -> rootsu, admin
https://superuser.com/questions/904001/how-to-install-tar-xz-file-in-ubuntu


6.1.8. 01.08 Install utils [step_five]

1if [[ -z $(sed -n -e "s/^\(5_install_util_wd\).*/\1/p" steps.txt) ]]; then


1echo "y\n" | apt-get install build-essential
2if [ $? -ne 0 ]; then
3 echo "Error: error install gcc-utils!!!"
4 exit 1
5fi
6
7add-apt-repository-get ppa:ubuntu-toolchain-r/test && apt update

https://pcp.io/docs/guide.html
apt-get install gcc-snapshot && apt-get install gcc-11g++-11
update-alternatives –install /usr/bin/gcc gcc /usr/bin/gcc-9 60 –slave /usr/bin/g++ g++ /usr/bin/g++-9

1echo -e "y\n" | apt-get install python
2echo -e "y\n" | apt-get install python3
3echo -e "y\n" | apt-get install tmux;
4echo -e "y\n" | apt-get install net-tools
5echo -e "y\n" | apt-get install manpages-dev;
6echo -e "y\n" | apt-get install wpa_supplicant;
7echo -e "y\n" | apt-get install mc;
8echo -e "y\n" | apt-get install ncdu;
echo -e «yn» | apt-get install monitorix;
 1echo -e "y\n" | apt-get install netdata;
 2echo -e "y\n" | apt-get install systat;
 3echo -e "y\n" | apt-get install iftop;
 4echo -e "y\n" | apt-get install htop;
 5echo -e "y\n" | apt-get install sudo;
 6echo -e "y\n" | apt-get install iptraf;
 7echo -e "y\n" | apt-get install ntp
 8systemctl enable ntp;
 9systemctl enable start;
10sudo systemctl unmask samba;
11cp /install/etc/sudoers /etc/sudoers
12echo -e "y\n" | apt-get install nmon;
13echo -e "y\n" | apt-get install nmap;
14echo -e "y\n" | apt-get install safe-rm
15echo -e "y\n" | apt-get install aptitude
16echo -e "y\n" | apt-get install btrfs-progs
echo -e «yn» | apt-get install iptables
 1iptables –F
 2echo -e "y\n" | apt-get install cifs-utils
 3echo -e "y\n" | apt-get install samba
 4echo -e "y\n" | apt-get install smbfs
 5echo -e "y\n" | apt-get install whois
 6echo -e "y\n" | apt-get install lsof
 7echo -e "y\n" | apt-get install mkpasswd
 8echo -e "y\n" | apt-get install wget
 9echo -e "y\n" | apt-get install tree
10echo -e "y\n" | apt-get install autofs
11echo -e "y\n" | apt-get install gpg
12echo -e "y\n" | apt-get install rsync
13echo -e "y\n" | apt-get install ca-certificates
14echo -e "y\n" | apt-get install shared-mime-info
15echo -e "y\n" | apt-get install wget genisoimage xorriso isolinux hwinfo
16echo -e "y\n" | apt-get install hddtemp lm-sensors
17echo -e "y\n" | apt-get install at
18echo -e "y\n" | apt-get install pip
19echo -e "y\n" | apt-get install xz-utils
20echo -e "y\n" | apt-get install curl
21echo -e "y\n" | apt-get install sphinx
22echo -e "y\n" | apt-get install smartmontools
23echo -e "y\n" | apt-get install python3-sphinx
24echo -e "y\n" | apt-get install nfs-common
25echo -e "y\n" | apt-get install build-essential libssl-dev libffi-dev python3-dev
26echo -e "y\n" | apt-get install python3-venv
27echo -e "y\n" | apt-get install mdadm
28echo -e "y\n" | apt-get install hdparm
29echo -e "y\n" | apt-get install hddtemp lm-sensors psensor
30echo -e "y\n" | apt-get install stress
31systemctl enable mdadm
32update-initramfs -u
33
34python3 -m venv env

pip install mkdocs
pip install -U mkdocs
pip install mkdocs-rtd-dropdown

1pip install --upgrade myst-parser
2pip install sphinx-autodocgen
3pip install Pygments
4pip install sphinx-intl
5pip install lumache
6pip install django
7pip install django-docs
8pip install sphinxnotes-strike
9pip install sphinx_rtd_theme
Install Sphinx
1pip install -U sphinx
2python -m venv .venv
echo -e «yn» | apt-get install anacron
1systemctl enable cron
systemctl enable anacron
echo -e «yn» | apt-get install postfix
Nmap Ngrep VnStat Iptraf-ng NetHogs Iotop dd dh netcat
1systemctl enable autofs
systemctl start autofs
echo -e «yn» | apt-get install selinux-basics selinux-policy-default auditd
echo -e «yn» | apt-get install setools policycoreutils selinux-basics selinux-utils selinux-policy-default selinux-policy-mls auditd policycoreutils-python-utils semanage-utils
setroubleshoot selinux-policy-targeted
1apt-get install openssh-server -y
2if [ $? -ne 0 ]; then
3 echo "Error: error install setup-utils!!!"
4 exit 1
5fi
exit 1;

Update settings LOCALE

locale -a
 1update-locale LC_TIME=ru_RU.UTF-8;
 2update-locale LC_ALL=ru_RU.UTF-8;
 3update-locale LANG=ru_RU.UTF-8;
 4sed -n -e "s/\(=\).*/\1\"$ru_RU.UTF-8\"/p" /etc/default/locale
 5update-locale;
 6
 7cp -Rf /install/etc/* /etc
 8if [ $? -ne 0 ]; then
 9 echo "Error: copy install to etc"
10 exit 1
11fi
12cd /install/
13echo -e "5_install_util_wd" >> steps.txt
exit 1;

echo «Press ESC key to quit and reboot»
read a single character
while read -r -n1 key
do
if input == ESC key
if [[ $key == $“e“ ]];
then
reboot;
fi
done
1fi
dpkg -i xz-utils_5.2.4-1_amd64.deb
tar -xvf wpa_supplicant-0.7.3.tar.gz
cd ./wpa_supplicant-0.7.3/
mv /install/.config /install/wpa_supplicant-0.7.3/wpa_supplicant/
bash make
exit 1;
tar -xvf console-setup_1.205.tar.xz
cd ./console-setup-1.205.tar.xz/
./configure
./install
cp -Rf /install/etc/default/console-setup /etc/default/


if [ -f /etc/resolv.conf ]; then
jumpto STEP_TWO_AFTER;
fi
1step_three:
Search
add-apt-repository ppa:un-brice/ppa
apt-get update
apt-get install shake-fs

6.1.9. 01.09 Install driver opt and acc [step_six]

1step_four:
2cd /install/
3if [[ -z $(sed -n -e "s/^\(7_driver_opt\).*/\1/p" steps.txt) ]]; then

6.1.9.1. 01.09.01 create disk /opt/

6.1.9.2. 01.09.02 search /dev/s**

touch fdiskhdd.txt;
fdisk -l > fdiskhdd.txt
STATE=$(sed -n -e «s/.*(/dev/s[a-z]*[0-9]).*/1/p» fdiskhdd.txt);
if [[ -z $(sed -n -e «s/.*(/dev/s[a-z]*).*/1/p» fdiskhdd.txt) ]]; then
STATE=$(sed -n -e «s/.*(/dev/s[a-z]*).*/1/p» fdiskhdd.txt);
fi

OPTIONS: g , w

echo «ngnnn1n2048nnw» | fdisk $STATE –wipe AUTO
1

Create fs

mkfs.ext4 $STATE /opt


6.1.9.3. 01.09.03 mount /dev/s**

mount -t ext4 $(sudo fdisk -l | sed -n -e «s/.*(/dev/s[a-z]*[0-9]).*/1/p») /opt
1
shd=$(sudo fdisk -l | sed -n -e «s/.*(/dev/s[a-z]*[0-9]).*/1/p» | sed „s///\//g“)
1
S1=$(sudo blkid | sed -n -e «s/$shd:s(.*).*/1/p» | sed -n -e «s/$shd:s([=a-zA-Z_]*)/1/p;s/UUID=(.*)sB.*/1/p» | sed „s/"/\»/g“)
1
S1=$(sudo blkid | sed -n -e «s/$shd:s(.*).*/1/p» | sed -n -e «s/UUID=(.*)sB.*/1/p» | sed „s/"/\»/g“)
1
sed -i -e «$ a UUID=$S1 /opt/ ext4 defaults 0 2» /etc/fstab
1cd /install/
2touch fdisk.txt
3fdisk -l | sed -n -e "s/.*\(\/dev\/s[a-z]*[0-9]\).*/\1/p" > fdisk.txt
4
5filename='fdisk.txt'
6n=1
7while read line; do
reading each line
1shd=$(echo $line | sed 's/\//\\\//g')
2S1=$(blkid | sed -n -e "s/$shd:\s\(.*\).*/\1/p" | sed -n -e "s/.*UUID=\(.*\)\sB.*/\1/p" | sed 's/\"/\\"/g')
3TMPS=$(echo $line | sed -n -e "s/^\/dev\/\([a-z]*[0-9]\).*/\1/p")
4chown admin_share:technics -Rf "/mnt/$TMPS"
5chmod ugo+rwx -Rf "/mnt/$TMPS"
6semanage fcontext -a -t public_content_rw_t "/mnt/$TMPS(/.*)?";
7
8setfacl -m u:admin_share:rwx,u:admin:rwx,u:pub_share:rwx,g:admins:rw,g:technics:rw -R "/mnt/$TMPS";
setfacl -m u:admin_share:rwx,u:admin:rwx,u:pub_share:rwx,g:admins:rw,g:technics:rw -R «/mnt/$TMPS»;
1chcon -Rv -t public_content_rw_t "/mnt/$TMPS";
setfacl -m u:admin_share:rwx,u:admin:rwx,u:pub_share:rwx -R «/mnt/$TMPS»;
setfacl -m g:admins:rw,g:technics:rw -R «/mnt/$TMPS»;
1chmod go+rwx -R "/mnt/$TMPS";
2if [[ -n $S1 ]]; then
3        sed -i -e "$ a UUID\=$S1        \/mnt\/$TMPS    ext4    defaults        0       2" /etc/fstab
4fi
sed -i -e «s/^UUID="b90071b5-8949-4a72-b836-63756e4c7b1d".*$/| /g» /etc/fstab
1done < $filename
2sudo mount -a
if [[ -z $STATE ]]; then
exit 3;
fi
1_1_3_2 create disk /dev/s**

https://www.computerhope.com/unix/fdisk.htm
https://superuser.com/questions/332252/how-to-create-and-format-a-partition-using-a-bash-script

1echo -e "7_driver_opt" >> steps.txt
2fi


1cd /install/

| in-target mkfs.ext4 /dev/sdb1 ;
in-target echo «/dev/sdb1 /srv ext4 nodiratime 0 2» >> /etc/fstab
???
fdisk
mkfs


1_1_4 editor /etc/apt/sources.list
add info ro «contrib non-free|

copy sources.list -> sources.tmp

1
https://www.baeldung.com/linux/run-script-on-startup

cp /install/pii2.sh /etc/init.d/
chkconfig –add pii2.sh
update-rc.d pii2.sh defaults

touch /install/step_two.txt

Posle del!!!
https://serverfault.com/questions/32438/disable-a-service-from-starting-at-all-runlevels
1

Jump to label interface_sh


6.1.10. 01.10 Create users and groups

1if [[ -z $(sed -n -e "s/^\(9_user_settings\).*/\1/p" steps.txt) ]]; then
2
3STEP_TWO_AFTER:

cp sources.tmp sources.list;

6.1.10.1. 01.10.01 Create users and groups

cp -Rf /install/home/rootsu/.cmd_shell.sh ~/.cmd_shell.sh
cp -Rf /install/home/rootsu/.bashrc ~/.bashrc
cp -Rf /install/home/rootsu/.bashrc /home/admin/
cp -Rf /install/home/rootsu/.cmd_shell.sh /home/admin/
В
 1 groupadd -g 1000 admins
 2 groupadd -g 2000 exp_users
 3 groupadd -g 3000 pro_users
 4 groupadd -g 4000 moderators
 5 groupadd -g 5000 technics
 6 groupadd -g 6000 ps_users
 7 groupadd -g 7000 others
 8 useradd -u 1100 -g admins -c "admin" -s /bin/bash -p $(echo "********" | mkpasswd -s -H MD5) -m admin
 9
10 useradd -u 1200 -g admins -c "admin" -s /bin/bash -p $(echo "********" | mkpasswd -s -H MD5) -m admin_tech
11usermod -aG sudo,technics,root admin
12usermod -aG sudo,technics,root admin_tech
13
14cp /install/home/rootsu/.bashrc /home/admin/
15cp /install/home/rootsu/.profile /home/admin/
16cp /install/home/rootsu/.cmd_shell.sh /home/admin/
17
18 useradd -u 2100 -g exp_users -s /bin/bash -c "far_exp" -p $(echo "********" | mkpasswd -s -H MD5) -m far_exp
19 useradd -u 3100 -g pro_users -s /bin/bash -c "far_pro" -p $(echo "********" | mkpasswd -s -H MD5) -m far_pro
20 useradd -u 4100 -g moderators -s /bin/bash -c "far_moderator" -p $(echo "********" | mkpasswd -s -H MD5) -m far_mod
21 useradd -u 5100 -g technics -d /opt/SAMBA_SHARE/ -s /bin/false -c "technical admin_share" -p $(echo "********" | mkpasswd -s -H MD5) admin_share
22 useradd -u 5200 -g technics -d /opt/SAMBA_SHARE/ -s /bin/false -c "technical pub_share" -p $(echo "********" | mkpasswd -s -H MD5) pub_share
23 useradd -u 6100 -g ps_users -s /bin/bash -c "far_user" -p $(echo "********" | mkpasswd -s -H MD5) -m far_user
useradd -u 6100 -g users -s /bin/bash -c «test» -p «» -m test
1useradd -g ps_users -c "tom" -s /bin/bash -p $(echo "********" | mkpasswd -s -H MD5) -m tom
smbpasswd -a -w «» admin_share
1echo -e "********\n********" | smbpasswd -a admin_share
2echo -e "********\n********" | smbpasswd -a pub_share
3smbpasswd -e admin_share
4smbpasswd -e pub_share
smbpasswd -a -w «» pub_share
if [ $? -ne 0 ]; then********

fi
 1mkdir /opt/SAMBA_SHARE
 2mkdir /mnt/SMB
 3mkdir /mnt/SMB/SOFT_2TBSEAGREEN
 4mkdir /mnt/SMB/SOFT_3TBSEASYAN
 5mkdir /media/admin
 6chown admin:admins /media/admin
 7chown -R :technics /opt/ /opt/SAMBA_SHARE /mnt/SMB
 8chown -R admin_share:technics /opt/ /opt/SAMBA_SHARE /mnt/SMB
 9chmod ug+rw /opt/ /opt/SAMBA_SHARE /mnt/SMB
10setfacl -m u:pub_share:rwx,u:admin_share:rwx -R "/mnt/SMB";
chown -R admin_share:technics,pub_share:technics /mnt/SMB
1

6.1.10.2. 01.10.02 Create ssh_ssl

https://www.cyberciti.biz/tips/checking-openssh-sshd-configuration-syntax-errors.html

6.1.10.3. 01.10.03 Install ssh settings

1cd /etc/ssh/
2
3cp sshd_config sshd_config.tmp

| Port 22

1 sed -i -e "s/#Port\s.*$\|Port\s.*$/Port $PORT_SSH/g" sshd_config

HostKey

1 sed -i -e "s/#HostKey/HostKey/g" sshd_config

PubkeyAuthentification

1 sed -i -e "s/#PubkeyAuthentication\s.*$\|PubkeyAuthentication\s.*$/PubkeyAuthentication yes/g" sshd_config

| SysLogFacility

1 sed -i -e "s/#SysLogFacility\s.*$\|SysLogFacility\s.*$/SysLogFacility AUTHPRIV/g" sshd_config

| LogLevel

1 sed -i -e "s/#LogLevel\s.*$\|LogLevel\s.*$/#LogLevel INFO/g" sshd_config

| LogLevel

1 sed -i -e "s/#LoginGraceTime\s.*$\|LoginGraceTime\s.*$/LoginGraceTime 2m/g" sshd_config

| PermitRootLogin

1 sed -i -e "s/#PermitRootLogin\s.*$\|PermitRootLogin\s.*$/PermitRootLogin yes/g" sshd_config

| StrictModes

1 sed -i -e "s/#StrictModes\s.*$\|StrictModes\s.*$/StrictModes no/g" sshd_config

| MaxAuthTries

1 sed -i -e "s/#MaxAuthTries\s.*$\|MaxAuthTries\s.*$/MaxAuthTries 3/g" sshd_config

| MaxAuthTries

1 sed -i -e "s/#MaxSessions\s.*$\|MaxSessions\s.*$/MaxSessions 3/g" sshd_config


| AuthorizedKeysFile

1 sed -i -e "s/#AuthorizedKeysFile\s.*$\|AuthorizedKeysFile\s.*$/AuthorizedKeysFile \/home\/rootsu\/.ssh\/authorized_keys \/home\/%u\/.ssh\/authorized_keys/g" sshd_config

| PasswordAuthentication no

1 sed -i -e "s/#PasswordAuthentication\s.*$\|PasswordAuthentication\s.*$/PasswordAuthentication no/g" sshd_config

| PermitEmptyPasswords no

1 sed -i -e "s/#PermitEmptyPasswords\s.*$\|PermitEmptyPasswords\s.*$/PermitEmptyPasswords no/g" sshd_config

| ChallengeResponseAuthentification

sed -n -e «s/ChallengeResponseAuthentication.*$|| ChallengeResponseAuthentication.*$/ChallengeResponseAuthentification yes/p» sshd_config.tmp
1 sed -i -e "s/ChallengeResponseAuthentication.*$\|#ChallengeResponseAuthentication.*$/ChallengeResponseAuthentication yes/g" sshd_config

| UsePAM yes

sed -n -e «s/| UsePAMs.*$|UsePAMs.*$/UsePAM yes/p» sshd_config.tmp
1 sed -i -e "s/#UsePAM\s.*$\|UsePAM\s.*$/UsePAM yes/g" sshd_config

| AllowTcpForwarding yes

1 sed -i -e "s/#AllowTcpForwarding\s.*$\|AllowTcpForwarding\s.*$/AllowTcpForwarding yes/g" sshd_config

| X11Forwarding yes

1 sed -i -e "s/#X11Forwarding\s.*$\|X11Forwarding\s.*$/X11Forwarding yes/g" sshd_config

| X11DisplayOffset yes

1 sed -i -e "s/#X11DisplayOffset\s.*$\|X11DisplayOffset\s.*$/X11DisplayOffset 10/g" sshd_config

| PrintMotd no

1 sed -i -e "s/#PrintMotd\s.*$\|PrintMotd\s.*$/PrintMotd yes/g" sshd_config

| Subsystem

1 sed -i -e "s/Subsystem\s/#Subsystem\s/g" sshd_config



1systemctl restart ssh

6.1.10.4. 01.10.04 Create users ssh


1sudo bash ~/.cmd_shell.sh --mode "ssh_keygen" --uadd "tom" --gadd "ps_users" --pwd "debian"
2bash ~/.cmd_shell.sh --mode "ssh_keygen" --uadd "admin" --gadd "admins" --pwd "debian"


6.1.10.5. 01.10.05 Create SAMBA



 1mount -v -t cifs //192.168.1.1/SOFT_2TBSEAGREEN//mnt/SMB/SOFT_2TBSEAGREEN -o credentials=/home/rootsu/.smbusers,defcontext="system_u:object_r:samba_share_t:s0";
 2mount -v -t cifs //192.168.1.1/SOFT_3TBSEASYAN//mnt/SMB/SOFT_3TBSEASYAN -o credentials=/home/rootsu/.smbusers,defcontext="system_u:object_r:samba_share_t:s0";
 3
 4cp -Rf /install/etc/autofs /etc/
 5cp -Rf /install/etc/autofs.conf /etc/
 6cp -Rf /install/etc/samba /etc/
 7cp -Rf /install/lib/ /lib/
 8chmod 644 -Rf /etc/autofs/
 9
10systemctl restart autofs
11systemctl restart smbd

6.1.10.6. 01.10.06 Install and settings firewall


6.1.10.7. 01.10.07 Install other soft


6.1.10.8. 01.10.08 Extended nano




6.1.10.9. 01.10.09 cp ers


1echo -e "y" | apt-get install ntfs-3g;
exit 1;

6.1.10.10. 01.10.10 Install vsftp

1echo -e "y" | sudo apt install vsftpd
2
3cd /etc/
4sudo cp /etc/vsftpd.conf/etc/vsftpd.conf_default
Listen=YES
1sed -i -e "s/listen=.*$/listen=YES/g" vsftpd.conf
listen_ipv6=
1sed -i -e "s/listen_ipv6=.*$/listen_ipv6=NO/g" vsftpd.conf
annonymous_enable=NO
1sed -i -e "s/#anonymous_enable=.*$\|anonymous_enable=.*$/anonymous_enable=NO/g" vsftpd.conf
anon_upload_enable=NO
1sed -i -e "s/#anon_upload_enable=.*$\|anon_upload_enable=.*$/anon_upload_enable=NO/g" vsftpd.conf
anon_mkdir_write_enable=NOanon_mkdir_write_enable=YES
1sed -i -e "s/anon_mkdir_write_enable=.*$\|#anon_mkdir_write_enable=.*$/anon_mkdir_write_enable=NO/g" vsftpd.conf
write_enable=YES
1sed -i -e "s/#write_enable=.*$\|write_enable=.*$/write_enable=YES/g" vsftpd.conf
local_umask=022
1sed -i -e "s/#local_umask=.*$\|local_umask=.*$/local_umask=022/g" vsftpd.conf
connect_from_port 20
1sed -i -e "s/connect_from_port_20=.*$/connect_from_port_20=NO/g" vsftpd.conf
local_umask=022
1sed -i -e "s/#ascii_upload_enable=.*$\|ascii_upload_enable=.*$/ascii_upload_enable=YES/g" vsftpd.conf
ascii_upload_enable=YES
1sed -i -e "s/#ascii_upload_enable=.*$\|ascii_upload_enable=.*$/ascii_upload_enable=YES/g" vsftpd.conf
ascii_download_enable=YES
1sed -i -e "s/#ascii_download_enable=.*$\|ascii_download_enable=.*$/ascii_download_enable=YES/g" vsftpd.conf
ftpd_banner=
1sed -i -e "s/#ftpd_banner=.*$\|ftpd_banner=.*$/ftpd_banner=Welcome to $HOSTNAME!!!/g" vsftpd.conf
| restrict FTP users to their /home directory and allow them to write there
mogut switch from home / YES yes restrict privilege
sed -i -e «s/| chroot_local_user=.*$|chroot_local_user=.*$/chroot_local_user=YES/g» vsftpd.conf
1sed -i -e "0,/#chroot_local_user=.*$\|chroot_local_user=.*$/ s//chroot_local_user=YES/g" vsftpd.conf
is_recurse_enable -R
1sed -i -e "s/#ls_recurse_enable=.*$\|ls_recurse_enable=.*$/ls_recurse_enable=YES/g" vsftpd.conf
chroot_list_file=/etc/vsftpd.chroot_list/
1sed -i -e "s/#chroot_list_file=.*$\|chroot_list_file=.*$/chroot_list_file=\/home\/rootsu\/vsftpd.chroot_list/g" vsftpd.conf
ut8 fs
1sed -i -e "s/#utf8_filesystem=.*$\|utf8_filesystem=.*$/utf8_filesystem=YES/g" vsftpd.conf
pam_service_name off
1sed -i -e "s/pam_service_name=.*$/#pam_service_name=vsftpd/g" vsftpd.conf
rsa_cert_file=/
1sed -i -e "s/rsa_cert_file=.*$\|#rsa_cert_file=.*$/rsa_cert_file=\/etc\/ssl\/certs\/vsftpd.crt/g" vsftpd.conf
This option specifies the location of the RSA certificate to use for SSL
encrypted connections.
rsa_private_key_file=
1sed -i -e "s/rsa_private_key_file=.*$\|#rsa_private_key_file=.*$/rsa_private_key_file=\/etc\/ssl\/private\/vsftpd.key/g" vsftpd.conf
ssl_enable=NO
1sed -i -e "s/ssl_enable=.*$\|#ssl_enable=.*$/ssl_enable=YES/g" vsftpd.conf
force_dot_files=YES
1sed -i -e "$ a force_dot_files=YES" vsftpd.conf
background=YES
pasv_port
sed -i -e «$ a pasv_min_port=49000» vsftpd.conf
sed -i -e «$ a pasv_max_port=55000» vsftpd.conf
allow_anon_ssl=NO
1sed -i -e "$ a allow_anon_ssl=NO" vsftpd.conf
force_local_data_ssl=YES
1sed -i -e "$ a force_local_data_ssl=NO" vsftpd.conf
force_local_logins_ssl=YES
1sed -i -e "$ a force_local_logins_ssl=YES" vsftpd.conf
ssl_tlsv1_1=YES
sed -i -e «$ a ssl_tlsv1_1=YES» vsftpd.conf
ssl_tlsv1_2=YES
1sed -i -e "$ a ssl_sslv3=YES" vsftpd.conf
ssl_tlsv1_1=NO
ssl_tlsv1_2=YES
ssl_tlsv1=NO
ssl_sslv2=NO
ssl_sslv3=NO
ssl_tlsv1=NO
sed -i -e «$ a ssl_tlsv1=NO» vsftpd.conf
ssl_tlsv2=NO
sed -i -e «$ a ssl_sslv2=NO» vsftpd.conf
ssl_sslv3=NO
sed -i -e «$ a ssl_sslv3=NO» vsftpd.conf
require_ssl_reuse=YES
1sed -i -e "$ a require_ssl_reuse=YES" vsftpd.conf
ssl_ciphers=HIGH
1sed -i -e "$ a ssl_ciphers=HIGH" vsftpd.conf
| | | Problems have been reported with EPSV. The only way to disable EPSV mode in vsftpd appears to be to disallow the EPSV and EPRT commands, so that a client will recieve a «550 Permission Denied» response to any EPSV command and hopefully drop back to regular PASV. Unfortunately the «cmds_denied» blacklisting option was only introduced in vsftpd 2.1. We therefore have to take a whitelisting approach using the «cmds_allowed» option. The list below basicly includes everything except the commands needed for EPSV.
1sed -i -e "$ a cmds_allowed=ABOR,CWD,RMW,DELE,LIST,MDTM,MKD,NLST,PASS,PASV,PORT,PWD,QUIT,RETR,RMD,RNFR,RNTO,SITE,SIZE,STOR,TYPE,USER,CDUP,HELP,MODE,NOOP,STAT,STOU,STRU" vsftpd.conf
USERLIST
1sed -i -e "$ a userlist_enable=YES" vsftpd.conf
userlist_deny
1sed -i -e "$ a userlist_deny=NO" vsftpd.conf
userlist_enable
1sed -i -e "$ a userlist_enable=YES" vsftpd.conf
userlist_file=/home/rootsu/vsftpd-virtual_user/vsftpd_user
1sed -i -e "$ a userlist_file=/home/rootsu/vsftpd-virtual_user/vsftpd_user" vsftpd.conf
user_config_dir=/
1sed -i -e "$ a user_config_dir=/home/rootsu/vsftpd-virtual_user/" vsftpd.conf
chown_uploads=YES
1sed -i -e "$ a chown_uploads=YES" vsftpd.conf
chown_username=nobody
1sed -i -e "$ a chown_username=nobody" vsftpd.conf
Запретить /etc/vsftpd.userlist вход в список пользователей
userlist_enable=YES
userlist_deny=YES
userlist_file=/etc/vsftpd.user_list
set it to YES to turn on TCP wappers
1sed -i -e "$ a tcp_wrappers=YES" vsftpd.conf
set maximum allowed connections per single IP address (0 = no limits)
1sed -i -e "$ a max_per_ip=10" vsftpd.conf
Enable the userlist
1sed -i -e "$ a userlist_enable=YES" vsftpd.conf
Allow the local users to login to the FTP (if they’re in the userlist)
1sed -i -e "$ a local_enable=YES" vsftpd.conf
Allow virtual users to use the same privileges as local users
1sed -i -e "$ a virtual_use_local_privs=YES" vsftpd.conf
Allow virtual users to use the same privileges as local users
sed -i -e «$ a pam_service_name=vsftpd» vsftpd.conf
FTP port 21
1sed -i -e "$ a listen_port=21" vsftpd.conf
PAM SHell off
1cd /etc/pam.d/
2sed -i -e "s/auth       required        pam_shells.so.*$\|#auth required        pam_shells.so.*$/#auth  required        pam_shells.so/g" vsftpd
echo -e «RUnRussianSaratovn$HOSTNAME Ltd.nnadminnn» | openssl req -x509 -nodes -days 365 -newkey rsa:4096 -keyout /etc/ssl/private/vsftpd.key -out /etc/ssl/certs/vsftpd.crt
bag 500 OOPS: priv_sock_get_int.
echo „seccomp_sandbox=NO“ >> /etc/vsftpd/vsftpd.conf
$ sudo openssl req -x509 -nodes -days 365 -newkey rsa:4095 -keyout /etc/ssl/private/vsftpd.pem -out /etc/ssl/private/vsftpd.pem
1echo -e "RU\nRussia\nSaratov\n$HOSTNAME Ltd.\nWSB-IOT-Embedded\nadmin\nfar1803@ya.ru\n" | openssl req -x509 -nodes -days 365 -newkey rsa:4096 -keyout /etc/ssl/private/vsftpd.key -out /etc/ssl/certs/vsftpd.crt
2
3chmod 770 /home/rootsu/vsftpd-virtual_user
4chmod 770 /home/rootsu/vsftpd.chroot_list
5chmod 750 -R /home/rootsu
List of FTP commands

ABOR - Abort an active file transfer.
ACCT - Account information.
ADAT - Authentication/Security Data (RFC 2228)
ALLO - Allocate sufficient disk space to receive a file.
APPE - Append.
AUTH - Authentication/Security Mechanism (RFC 2228)
CCC - Clear Command Channel (RFC 2228)
CDUP - Change to Parent Directory.
CONF - Confidentiality Protection Command (RFC 697)
CWD - Change working directory.
DELE - Delete file.
ENC - Privacy Protected Channel (RFC 2228)
EPRT - Specifies an extended address and port to which the server should connect. (RFC 2428)
EPSV - Enter extended passive mode. (RFC 2428)
FEAT - Get the feature list implemented by the server. (RFC 2389)
HELP - Returns usage documentation on a command if specified, else a general help document is returned.
LAND - Language Negotiation (RFC 2640)
LIST - Returns information of a file or directory if specified, else information of the current working directory is returned.
LPRT - Specifies a long address and port to which the server should connect. (RFC 1639)
LPSV - Enter long passive mode. (RFC 1639)
MDTM - Return the last-modified time of a specified file. (RFC 3659)
MIC - Integrity Protected Command (RFC 2228)
MKD - Make directory.
MLST - Lists the contents of a directory if a directory is named. (RFC 3659)
MODE - Sets the transfer mode (Stream, Block, or Compressed).
NLST - Returns a list of file names in a specified directory.
NOOP - No operation (dummy packet; used mostly on keepalives).
OPTS - Select options for a feature. (RFC 2389)
PASS - Authentication password.
PASV - Enter passive mode.
PBSZ - Protection Buffer Size (RFC 2228)
PORT - Specifies an address and port to which the server should connect.
PWD - Print working directory. Returns the current directory of the host.
QUIT - Disconnect.
REIN - Re initializes the connection.
REST - Restart transfer from the specified point.
RETR - Retrieve (download) a remote file.
RMD - Remove a directory.
RNFR - Rename from.
RNTO - Rename to.
SITE - Sends site specific commands to remote server.
SIZE - Return the size of a file. (RFC 3659)
SMNT - Mount file structure.
STAT - Returns the current status.
STOR - Store (upload) a file.
STOU - Store file uniquely.
STRU - Set file transfer structure.
SYST - Return system type.
TYPE - Sets the transfer mode (ASCII/Binary).
USER - Authentication username.
1iptables -F
2sudo systemctl restart vsftpd
3sudo systemctl enable vsftpd
4iptables –F
sudo ufw allow 20/tcp
sudo ufw allow 21/tcp
1cp -Rf /home/admin/.ssh/ /media/admin/ssh
2
3cp -Rf /home/tom/.ssh/ /media/admin/ssh2
4chown -Rf admin:admins /media/admin/ /home/admin/
5
6echo -e "9_user_settings" >> steps.txt
7fi
rm /install/steps.txt
1

6.1.11. 01.11 Settings permissive SELinux

seinfo -t
 1if [[ -z $(sed -n -e "s/^\(10_SELinux_settings\).*/\1/p" steps.txt) ]]; then
 2
 3semanage fcontext -a -s system_u "/home/rootsu(/.*)?";
 4semanage fcontext -a -t user_home_dir_t "/home/rootsu(/.*)?";
 5chcon -Rv -u system_u -t user_home_dir_t "/home/rootsu/";
 6
 7semanage fcontext -a -t ftpd_etc_t "/home/rootsu/vsftpd-virtual_user";
 8chcon -Rv -t ftpd_etc_t "/home/rootsu/vsftpd-virtual_user";
 9semanage fcontext -a -t ftpd_etc_t "/home/rootsu/vsftpd.chroot_list(/.*)?";
10chcon -Rv -t ftpd_etc_t "/home/rootsu/vsftpd.chroot_list";
11semanage fcontext -a -t samba_etc_t "/home/rootsu/smbuser.conf";
12chcon -Rv -t samba_etc_t "/home/rootsu/smbuser.conf";
13semanage fcontext -a -t samba_etc_t "/home/rootsu/.smbusers";
14chcon -Rv -t samba_etc_t "/home/rootsu/.smbusers";
15semanage fcontext -a -u system_u "/home(/.*)?";
16chcon -Rv -u system_u "/home/";
semanage fcontext -a -t user_home_dir_t «/home/admin(/.*)?»;
chcon -Rv -t user_home_dir_t «/home/admin»;
 1chcon -Rv -t public_content_rw_t "/media/admin";
 2semanage fcontext -a -t public_content_rw_t "/media/admin(/.*)?";
 3
 4setfacl -m u:admin:rwx,u:admin_share:rwx -R "/media/admin";
 5setfacl -m g:admins:rw -R "/media/admin";
 6chmod go-rwx -R "/media/admin";
 7
 8semanage fcontext -a -t public_content_rw_t "/opt(/.*)?"
 9chcon -Rv -t public_content_rw_t "/opt/";
10chmod o-rwx -R "/opt/SAMBA_SHARE/";
11setfacl -m g:technics:rwx -R "/opt/SAMBA_SHARE/";
12setfacl -m u:pub_share:rwx,u:admin_share:rwx -R "/opt/SAMBA_SHARE/";
13
14setsebool -P ssh_sysadm_login on
setsebool -P allow_use_cifs on
setsebool -P allow_use_nfs on
 1setsebool -P httpd_use_cifs on
 2setsebool -P allow_ftpd_use_nfs 1
 3setsebool -P allow_ftpd_use_cifs 1
 4setsebool -P ftpd_connect_db 1
 5
 6setsebool -P ftp_home_dir on
 7setsebool -P allow_ftpd_full_access on
 8setsebool -P ftpd_use_passive_mode on
 9
10semanage port -a -t ssh_port_t -p tcp 4103
11semanage port -a -t smbd_port_t -p tcp 445
12semanage port -a -t ftp_port_t -p tcp 21
13
14cd ~
15semodule -i mountlocv1v2.pp
16
17COUNT=1;
18ip addr | sed -n -e "s/.*1\:\s\(.*\)\:\s<.*/\1/p"
19while [[ -n $( ip addr | sed -n -e "s/.*$COUNT\:\s\(.*\)\:\s<.*/\1/p") ]]
20do
21semanage interface -a -t netif_t -r s0-s0:c0.c1023 $( ip addr | sed -n -e "s/.*$COUNT\:\s\(.*\)\:\s<.*/\1/p")
22((COUNT++));
23done

Опасно

Set this is Settings to SELinux boot_t permissive for disabled boot DebianOS!!!

semanage permissive -a sshd_t
1semanage permissive -a boot_t
setsebool -P allow_execmem 1
setsebool -P allow_execheap 1
setsebool -P allow_user_mysql_connect 1
1setsebool -P cron_can_relabel 1
2setsebool -P fcron_crond 1
3setsebool -P cron_userdomain_transition 1
4setsebool -P cron_manage_all_user_content 1
5setsebool -P cron_read_all_user_content 1
6setsebool -P cron_read_generic_user_content 1
setsebool -P samba_run_unconfined 1
1setsebool -P allow_mount_anyfile 1
2setsebool -P webadm_manage_user_files 1
3setsebool -P webadm_read_user_files 1
setsebool -P use_nfs_home_dirs 1
1setsebool -P samba_export_all_ro 1
2setsebool -P samba_export_all_rw 1
3setsebool -P dhcpc_manage_samba 1
4setsebool -P samba_create_home_dirs 1
5setsebool -P samba_enable_home_dirs 1
6setsebool -P samba_share_fusefs 1
7setsebool -P samba_share_nfs 1
8setsebool -P use_samba_home_dirs 1
setsebool -P use_samba_nfs_dirs 1
1setsebool -P virt_use_samba 1
2setsebool -P virt_use_nfs 1
3setsebool -P samba_portmapper 1
4setsebool -P systemd_tmpfiles_manage_all 1
5setsebool -P cron_manage_generic_user_content 1
setsebool -P nscd_use_shm 1
 1setsebool -P use_nfs_home_dirs 1
 2
 3setsebool -P sudo_all_tcp_connect_http_port 1
 4setsebool -P git_cgi_enable_homedirs 1
 5setsebool -P git_cgi_use_cifs 1
 6setsebool -P git_cgi_use_nfs 1
 7setsebool -P git_session_bind_all_unreserved_ports 1
 8setsebool -P git_session_send_syslog_msg 1
 9setsebool -P git_session_users 1
10setsebool -P git_system_enable_homedirs 1
11setsebool -P git_system_use_cifs 1
12setsebool -P git_system_use_nfs 1
13
14systemctl enable mcstrans
15systemctl start mcstrans
16systemctl reenable fstrim.timer
17systemctl reenable fstrim.timer
18systemctl start fstrim.service
19systemctl start fstrim.timer
setenforce 0
1cd /etc/selinux
systemctl disable auditd
1sed -i -e "s/SELINUX=permissive\|SELINUX=default/SELINUX=enforcing/g" config
ROLE=sysadm_r
TYPE=sysadm_sudo_t ROLE=sysadm_r
 1sed -i -e "s/%sudo.*$/%sudo     ALL=(root) ROLE=sysadm_r NOPASSWD:ALL/g" /etc/sudoers
 2sed -i -e "s/%admins.*$/%admins ALL=(root) NOPASSWD:ALL/g" /etc/sudoers
 3sed -i -e "s/admin.*$/admin     ALL=(root) NOPASSWD:ALL/g" /etc/sudoers
 4
 5sed -i -e '1 a session  required        pam_selinux.so  close' /etc/pam.d/sshd
 6sed -i -e '$a session   required        pam_selinux.so  multiple open' /etc/pam.d/sshd >> /etc/pam.d/sshd
 7sed -i -e '$a session   required        pam_access.so' /etc/pam.d/sshd >> /etc/pam.d/sshd
 8
 9sed -i -e '$a -a exit,always -S open -F auid>=0' /etc/audit/audit.rules
10
11chmod o-x "/etc/systemd/system.conf";
rm /install/pii2.sh /etc/init.d/
update-rc.d -f pii2.sh remove
chmod o-rw -R «/etc/»;
1chmod o-rwx -R "/boot/";
chmod o-rwx «/var/»;
chmod o-rwx «/sys/»;
1chmod o-rwx -R "/srv/";
2chmod o-rwx -R "/mnt/";
chmod o-rwx «/proc/»;
1semanage fcontext -a -t tmp_t "/tmp(/.*)?"
2chcon -t tmp_t -R "/tmp"
3chmod o-rwx -R "/tmp/";
4chmod o-rwx "/media/";
chmod o-rw «/dev/»;
chmod o+r «/etc/profile»;
chmod o+rx -R «/etc/profile.d/»;
chmod o+rx «/etc/bash.bashrc»;
chmod o+r «/etc/nanorc»;
chmod o+r «/etc/passwd»;
chmod o+r «/etc/passwd-«;
chmod o+r «/etc/group»;
chmod o+r «/etc/hostname»;
chmod o+rx «/etc/console-setup»;
1semanage fcontext -a -t system_cron_spool_t "/var/spool/cron(/.*)?"
2chcon -t system_cron_spool_t -Rv /var/spool/cron/
3
4chmod o-r -R "/home/";
5chmod o-x -R "/home/rootsu" "/home/admin/";
chmod o-r «/usr/bin/»;
1echo "deb https:\\\download.webmin.com\download\repository sarge contrib" >> /etc/apt/sources.list
nvidia-uninstall
1cd ~
grep AVC /var/log/audit/audit.log | audit2allow -m loaderlocalv4 > loaderlocalv4.te
grep AVC altlog.log | audit2allow -m loaderlocalv4 > loaderlocalv4.te
checkmodule -M -m -o loaderlocalv1.mod loaderlocalv1.te
semodule_package -o loaderlocalv1.pp -m loaderlocalv1.mod
$(find . -type f -name „*.pp“)
 1semodule -i loaderlocalv1.pp
 2semodule -i loaderlocalv2.pp
 3semodule -i loaderlocalv3.pp
 4semodule -i loaderlocalv4.pp
 5semodule -i sudotev1.pp
 6semodule -i sudotev2.pp
 7semodule -i sudotev3.pp
 8semodule -i sudotev4.pp
 9semodule -i sudotev5.pp
10semodule -i sudotevb1.pp
11semodule -i sudotevb2.pp
12semodule -i sudotev70522v21.pp
13semodule -i sudotevcrondv1.pp
14semodule -i sphinxtev1.pp
15semodule -i nodegcc_app1.pp
16semanage permissive -a boot_t
17semanage permissive -a crond_t
18semanage permissive -a crontab_t
19semanage permissive -a system_crontab_t
20semanage module -d permissive_boot_t
semanage module -r permissive_boot_t
1semanage user -m -R "system_r sysadm_r staff_r" -r "s0-s0:c0.c1023" sysadm_u
semanage user -m -R «system_r» -r «s0-s0:c0.c1023» system_u
1semanage login -a -s sysadm_u -r "s0-s0:c0.c1023" admin
2semanage login -a -s sysadm_u -r "s0-s0:c0.c1023" admin_tech
3semanage login -a -s sysadm_u -r "s0-s0:c0.c1023" %admins
semanage login -m -s sysadm_u -r «s0-s0:c0.c1023» root
semanage login -a -s sysadm_u -r «s0-s0:c0.c1023» %root
1semanage login -a -s unconfined_u -r "s0-s0:c0.c1023" %sudo
2semanage login -a -s user_u tom
touch log.log
journalctl -xe >> log.log
grep AVC log.log | audit2allow -m sudotev1 > sudotev1.te
checkmodule -M -m -o sudotev1.mod sudotev1.te
semodule_package -o sudotev1.pp -m sudotev1.mod
1
semodule -i sudotev1.pp
 1update-initramfs -k all -u
 2update-grub
 3
 4echo -e "y\n" | apt-get install apt-transport-https
 5echo -e "y\n" | apt-get install perl libnet-ssleay-perl openssl libauthen-pam-perl libpam-runtime libio-pty-perl apt-show-versions python unzip
 6cd /root
 7wget https://download.webmin.com/jcameron-key.asc
 8cat jcameron-key.asc | gpg --dearmor >/usr/share/keyrings/jcameron-key.gpg
 9cd /install/
10wget http://prdownloads.sourceforge.net/webadmin/webmin_1.991_all.deb
11dpkg --install webmin_1.991_all.deb
12mkdir /var/webmin/.webmin
13chmod 755 /var/webmin/.webmin
14semanage fcontext -a -t tmp_t "/var/webmin/.webmin";
15chcon -Rv -t tmp_t "/var/webmin/.webmin";
echo -e «yn» | apt-get install apt-transport-https
echo -e «yn» | apt-get update
echo -e «yn» | apt-get install webmin
1semanage port -a -t http_port_t -p tcp 10000
2semanage port -a -t http_port_t -p tcp 20000
3
4systemctl enable webmin
5cp -Rf /install/etc/webmin/etc/
6systemctl start webmin

6.1.12. 01.12 Optional soft

sudo chmod o-rwx -R «/etc/»;
sudo chmod o-rwx -R «/boot/»;
sudo chmod o-rwx -R «/var/»;
sudo chmod o+rwx «/sys/»;
sudo chmod o+rwx -R «/srv/»;
sudo chmod o+rwx -R «/mnt/»;
sudo chmod o+rwx «/proc/»;
sudo chmod o+rwx -R «/tmp/»;
sudo chmod o+rwx «/media/»;
sudo chmod o+rwx «/dev/»;
chmod o+rx «/etc/profile»;
chmod o+rx «/etc/bash.bashrc»;
chmod o+rx «/etc/nanorc»;
chmod o+rx «/etc/passwd»;
apt-get update

Install transmitter & transmitter gui

https://trendoceans.com/how-to-install-transmission-bittorrent-client-on-linux/
https://pimylifeup.com/raspberry-pi-transmission/
https://help.ubuntu.com/community/TransmissionHowTo
https://fostips.com/remote-control-transmission-debian/
https://habr.com/ru/post/658463/

Nado li ustanavlivatb eto ?
https://github.com/transmission/transmission/blob/main/docs/Building-Transmission.md
for https://build.transmissionbt.com/job/trunk-linux/lastSuccessfulBuild/artifact/transmission-4.0.0-beta.1.dev+r00cc28cf0b.tar.xz
https://github.com/transmission/transmission/blob/main/docs/Building-Transmission.md| building-from-a-tarball
sudo nano /etc/init.d/transmission-daemon
sudo nano /etc/init/transmission-daemon.conf

1echo -e "y\n" | sudo apt-get install transmission
2echo -e "y\n" | sudo apt-get install transmission-cli transmission-common transmission-daemon
enable transmission-daemon.service
1sudo systemctl enable transmission-daemon.service
create catalogue bittorrent_download_store, bittorrent_upload
1mkdir -m 777 /opt/SAMBA_SHARE/bittorrent_download_store
2mkdir -m 777 /opt/SAMBA_SHARE/bittorrent_upload
3mkdir -m 777 /opt/SAMBA_SHARE/bittorrent_watch
4chown debian-transmission:debian-transmission /opt/SAMBA_SHARE/bittorrent_download_store
5chown debian-transmission:debian-transmission /opt/SAMBA_SHARE/bittorrent_upload
6chown debian-transmission:debian-transmission /opt/SAMBA_SHARE/bittorrent_watch
7chown debian-transmission:debian-transmission /opt/SAMBA_SHARE/torrents
8setfacl -m u:admin_share:rwx,u:admin:rwx,u:pub_share:rwx,g:admins:rw,g:technics:rw -R "/opt/";
gpasswd –add pub_share debian-transmission
gpasswd –add admin_share debian-transmission
1sudo usermod -aG debian-transmission admins
2sudo usermod -aG debian-transmission admin_share
create catalogue .transmission_config for config
1cp -R /etc/transmission-daemon/ /opt/.transmission_config
2chown admin_share:technics -R /opt/.transmission_config
settings ext config ???
1chmod -R 775 /opt/.transmission_config
Edit path settings file https://habr.com/ru/post/658463/
sourced by /etc/init.d/transmission-daemon
1sed -i -e "s/CONFIG_DIR=.*$/CONFIG_DIR=\"\/opt\/.transmission_config\/settings.json\"/g" /etc/default/transmission-daemon
2semanage port -a -t http_port_t -p tcp 9091
/etc/init.d/transmission-daemon in individual USER
NAME=transmission-daemon
DAEMON=/usr/bin/$NAME
USER=server
STOP_TIMEOUT=30
sudo systemctl edit transmission-daemon.service

1sudo service transmission-daemon stop
2sed -i -e "s/\"rpc-whitelist\"\:.*$/\"rpc-whitelist\"\: \"127.0.0.1,192.168.*.*\",/g" /var/lib/transmission-daemon/info/settings.json
sed -i -e «s/^"rpc-whitelist":.*$/"rpc-whitelist": "127.0.0.1,192.168.*.*",/g» /opt/.transmission_config/settings.json
1sed -i -e "s/\"rpc-username\"\:.*$/\"rpc-username\"\: \"pub_share\",/g" /var/lib/transmission-daemon/info/settings.json
sed -i -e «s/^"rpc-":.*$/"rpc-username": "pub_share",/g» /opt/.transmission_config/settings.json
1sed -i -e "s/\"rpc-password\"\:.*$/\"rpc-password\"\: \"********\",/g" /var/lib/transmission-daemon/info/settings.json
sed -i -e «s/^"rpc-":.*$/"rpc-password": "****",/g» /opt/.transmission_config/settings.json
1sed -i -e "s/\"download-dir\"\:.*$/\"download-dir\"\: \"\/opt\/SAMBA_SHARE\/torrents\",/g" /var/lib/transmission-daemon/info/settings.json
2sed -i -e "s/\"incomplete-dir\"\:.*$/\"incomplete-dir\"\: \"\/opt\/SAMBA_SHARE\/bittorrent_download_store\",/g" /var/lib/transmission-daemon/info/settings.json
3sed -i -e "s/\"watch-dir\"\:.*$/\"watch-dir\"\: \"\/opt\/SAMBA_SHARE\/bittorrent_watch\",/g" /var/lib/transmission-daemon/info/settings.json
«watch-dir-enabled»: true,
«watch-dir»: «/home/server/torrents»
sudo usermod -a -G debian-transmission technics
sudo service transmission-daemon reload
1service transmission-daemon start


1mdadm --detail --scan | sudo tee -a /etc/mdadm/mdadm.conf
2update-initramfs -u

echo „/dev/md0 /mnt/sde1 ext4 defaults,nofail,discard 1 0“ | tee -a /etc/fstab

1
dpkg –configure -a
apt-get dist-upgrade
1echo -e "\y\n" | apt-get install libpcap-dev
2echo -e "\y\n" | apt-get install sendmail
3cd ~
https://www.linuxfromscratch.org/blfs/view/svn/general/fcron.html
 1wget http://fcron.free.fr/archives/fcron-3.2.1.src.tar.gz
 2tar -xvf fcron-3.2.1.src.tar.gz
 3cd fcron-3.2.1
 4./configure
 5make install
 6cd ..
 7rm -Rf fcron-3.2.1
 8cp -Rf /install/spool/ /usr/local/var/spool/
 9cp -Rf /install/usr/local/ /usr/local/
10
11systemctl enable fcron
12systemctl start fcron
echo -e «yn» | apt-get search gccgo-go
echo -e «yn» | apt-get install gccgo-go
echo -e «yn» | apt-get install golang-go
| https://dshearer.github.io/jobber/doc/v1.4/
git clone https://github.com/dshearer/jobber.git
cd jobber
git checkout v1.4.4
make install
cd ..
rm -Rf jobber
echo -e «yn» | apt-get -f install
1echo -e "y\n" | apt-get autoremove
Display manager: gdm3 sddm
GDM KDM LightDM LXDM МДМ SLIM XDM

sudo systemctl disable mdm.service
sudo systemctl enable sddm.service

kde-full

sudo tasksel install kde-desktop
1setenforce 1
2echo -e "10_SELinux_settings" >> steps.txt
3fi
4echo "Press ESC key to quit"
read a single character
1while read -r -n1 key
2do
if input == ESC key
1if [[ $key == $'\e' ]];
2then
3break;
4fi
5done;
set +x
ls -la
1exit 0;