hq-r hostnamectl set-hostname hq-r apt-repo rm all apt-get update nano /etc/net/sysctl.conf - forvard 1 nano /etc/net/ifaces/ens192/ipv4address - 4.4.4.2/30 nano /etc/net/ifaces/ens192/ipv4route - default via 4.4.4.1 nano /etc/net/ifaces/ens192/resolv.conf - nameserver 8.8.8.8 nano /etc/net/ifaces/ens192/options - no no cp nano /etc/net/ifaces/ens192/options nano /etc/net/ifaces/ens224/options nano /etc/net/ifaces/ens192/ipv4address - 192.168.100.1/26 systemctl disable --now NetworkManager systemctl restart network apt-get install alterator-dhcp systemctl restart ahttpd alteratord apt-get install alterator-net-iptables systemctl restart ahttpd alteratord mkdir /etc/net/ifaces/iptunnel nano /etc/net/ifaces/iptunnel/ipv4address - 10.5.5.1/30 nano /etc/net/ifaces/iptunnel/options - systemctl restart network apt-get install -y strongswan nano /etc/strongswan/ipsec.conf - milky nano /etc/strongswan/ipsec.secrets - 10.5.5.1 10.5.5.2 : PSK "P@ssw0rd" systemctl enable --now strongswan-starter.service ipsec ipsec status apt-get -y install frr nano /etc/frr/daemons - ospfd=yes systemctl enable --now frr vtysh systemctl restart frr apt-get -y install iperf3 iperf3 -c 4.4.4.1 -f M mkdir /opt/networkbackup nano /opt/networkbackup/script - milky chmod +x /opt/networkbackup/script EDITOR=nano crontab -e - 01 12 * * * /opt/networkbackup/script apt-get install -y chrony systemctl enable --now chronyd nano /etc/chrony.conf - milky systemctl restart chronyd apt-get install alterator-openvpn-server systemctl restart ahttpd alteratord Команды ОБЯЗАТЕЛЬНО от юзера, а не рута ssh-keygen ssh-copy-id user@3.3.3.10 ssh-copy-id user@172.16.100.1 ssh-copy-id user@172.16.100.10 ssh-copy-id user@192.168.100.10 Далее команды от рута nano /etc/openssh/sshd_config - milky scp /etc/openssh/sshd_config user@5.5.5.2:/tmp/123 scp /etc/openssh/sshd_config user@172.16.100.10:/tmp/123 scp -P 192 /etc/openssh/sshd_config user@192.168.100.10:/tmp/123 scp /etc/openssh/sshd_config user@3.3.3.10:/tmp/123 systemctl restart sshd br-r hostnamectl set-hostname hq-r apt-repo rm all apt-get update nano /etc/net/sysctl.conf - forvard 1 nano /etc/net/ifaces/ens192/ipv4address - 4.4.4.2/30 nano /etc/net/ifaces/ens192/ipv4route - default via 4.4.4.1 nano /etc/net/ifaces/ens192/resolv.conf - nameserver 8.8.8.8 nano /etc/net/ifaces/ens192/options - no no cp nano /etc/net/ifaces/ens192/options nano /etc/net/ifaces/ens224/options nano /etc/net/ifaces/ens192/ipv4address - 192.168.100.1/26 systemctl disable --now NetworkManager systemctl restart network apt-get install alterator-net-iptables systemctl restart ahttpd alteratord mkdir /etc/net/ifaces/iptunnel nano /etc/net/ifaces/iptunnel/ipv4address - 10.5.5.2/30 nano /etc/net/ifaces/iptunnel/options - systemctl restart network apt-get install -y strongswan nano /etc/strongswan/ipsec.conf - milky nano /etc/strongswan/ipsec.secrets - 10.5.5.1 10.5.5.2 : PSK "P@ssw0rd" systemctl enable --now strongswan-starter.service ipsec ipsec status apt-get -y install frr nano /etc/frr/daemons - ospfd=yes systemctl enable --now frr vtysh systemctl restart frr apt-get -y install iperf3 iperf3 -c 5.5.5.1 -f M mkdir /opt/networkbackup nano /opt/networkbackup/script - milky chmod +x /opt/networkbackup/script EDITOR=nano crontab -e - 01 12 * * * /opt/networkbackup/script nano /etc/ntpd.conf Команды ОБЯЗАТЕЛЬНО от юзера, а не рута ssh-keygen ssh-copy-id user@3.3.3.10 ssh-copy-id user@192.168.100.1 ssh-copy-id user@172.16.100.10 ssh-copy-id user@192.168.100.10 -p 192 Далее команды от рута cat /tmp/123 > /etc/openssh/sshd_config systemctl restart sshd ФАЕРВОЛ!!! hq-srv apt-get install freeipa-server freeipa-server-dns ipa-server-install - yes enter enter enter no enter enter ... values yes nano /etc/bind/ipa-options-ext.conf Первые две строчки просто раскомментируем и меняем то что в фигурных скобках на any, а allow-query { any; }; дописываем вручную systemctl restart bind apt-get install alterator-ca systemctl restart ahttpd alteratord scp /home/user/Загрузки/ca-root.pem user@3.3.3.10:/tmp ssh user@3.3.3.10 su- cat /tmp/ca-root.pem > /etc/net/ifaces/tun0/ovpnca apt-get install samba -y systemctl enable --now smb nmb mkdir /opt/branch mkdir /opt/network mkdir /opt/admin chmod 777 /opt/branch chmod 777 /opt/network chmod 777 /opt/admin nano /etc/samba/smb.conf - milky потом пользователи freeipa теперь samba smbpasswd -a admin smbpasswd -a network-admin smbpasswd -a branch-admin systemctl restart smb nmb проверка: ctrl+L smb://hq-srv.hq.work/network apt-get install -y docker-engine docker-compose systemctl enable --now docker Монтируем диск с докер образами apt-get update Загружаем образа для докера, копируем docker-compose файл docker load -i /media/ALTLinux/.disk/demo-docker.tar cat /media/ALTLinux/.disk/wiki.yml > wiki.yml Запускаем контейнеры docker-compose -f wiki.yml up -d localhost:8080 cat /home/user/Загрузки/LocalSettings.php > /root/LocalSettings.php nano LocalSettings.php - wgServer - "4.4.4.2"; nano wiki.yml - # docker-compose -f wiki.yml stop docker-compose -f wiki.yml up -d перенаправь порт hq-r на 8080 Команды ОБЯЗАТЕЛЬНО от юзера, а не рута ssh-keygen ssh-copy-id user@3.3.3.10 ssh-copy-id user@172.16.100.1 ssh-copy-id user@172.16.100.10 ssh-copy-id user@192.168.100.1 Далее команды от рута cat /tmp/123 > /etc/openssh/sshd_config systemctl restart sshd apt-get install clamav clamav-db clamav-db-daily systemctl enable --now clamav-daemon.service nano /root/clamav_scan - milky #!/bin/bash clamscan -r / --quiet --log=/var/log/clamav/scan-$(date +%Y-%m-%d).log chmod +x /root/clamav_scan Запуск по расписанию: EDITOR=nano crontab -e Каждый день в час ночи запускать сканирование: 1 1 * * * /root/clamav_scan > /dev/null br-srv apt-get install task-auth-freeipa mdadm --create /dev/md0 --level=5 --raid-devices=3 /dev/sdb /dev/sdc /dev/sdd lsblk mkfs.ext4 /dev/md0 mount /dev/md0 /mnt/raid genfstab -U /mnt/raid >> /etc/fstab Нужно немного отредактировать сгенерированную строчку nano /etc/fstab - /dev/md0 /mnt/raid ext4 rw,relatime,stripe=256 0 1 mount -a df apt-get install -y deploy deploy moodle reboot Пароль можно посмотреть в файле /var/www/webapps/moodle/config.php dbpass = 'password' http://localhost/moodle Команды ОБЯЗАТЕЛЬНО от юзера, а не рута ssh-keygen ssh-copy-id user@3.3.3.10 ssh-copy-id user@192.168.100.1 ssh-copy-id user@172.16.100.1 ssh-copy-id user@192.168.100.10 -p 192 Далее команды от рута cat /tmp/123 > /etc/openssh/sshd_config systemctl restart sshd apt-get install -y cups-pdf ПРИТНЕР!!! cli systemctl enable --now sshd apt-get install task-auth-freeipa Команды ОБЯЗАТЕЛЬНО от юзера, а не рута ssh-keygen ssh-copy-id user@5.5.5.2 ssh-copy-id user@192.168.100.1 Далее команды от рута cat /tmp/123 > /etc/openssh/sshd_config systemctl restart sshd br-m root apt-get update apt-get install mariadb-server zabbix-server-mysql fping systemctl enable --now mysqld user mysql -uroot -p reate database zabbix character set utf8 collate utf8_bin; grant all privileges on zabbix.* to zabbix@localhost identified by 'toor'; quit; mysql -uzabbix -ptoor zabbix < /usr/share/doc/zabbix-common-database-mysql-*/schema.sql mysql -uzabbix -ptoor zabbix < /usr/share/doc/zabbix-common-database-mysql-*/images.sql mysql -uzabbix -ptoor zabbix < /usr/share/doc/zabbix-common-database-mysql-*/data.sql root apt-get install apache2 apache2-mod_php8.1 systemctl enable --now httpd2 apt-get install php8.1 php8.1-mbstring php8.1-sockets php8.1-gd php8.1-xmlreader php8.1-mysqlnd-mysqli php8.1-ldap php8.1-openssl nano /etc/php/8.1/apache2-mod_php/php.ini - milky systemctl restart httpd2 nano  /etc/zabbix/zabbix_server.conf - milky systemctl enable --now zabbix_mysql apt-get install zabbix-phpfrontend-apache2 zabbix-phpfrontend-php8.1 ln -s /etc/httpd2/conf/addon.d/A.zabbix.conf /etc/httpd2/conf/extra-enabled/ service httpd2 restart chown apache2:apache2 /var/www/webapps/zabbix/ui/conf http:///zabbix zabbix toor zabbix_server Admin zabbix AGENT systemctl start zabbix-agent systemctl enable --now zabbix-agent netstat -pnltu nano /etc/zabbix/zabbix_agentd.conf - milky после добавления на сервер: systemctl restart zabbix_agentd