Charles N Wyble
1e506fed1d
- Add secharden-audit-agents functionality to security-hardening - Create unattended-upgrades initializer for automatic security updates - Port Dell-specific scripts (fixcpuperf, fixeth, omsa) to dell-config - Port sslStackFromSource.sh to ssl-stack initializer (dev systems only) - Create ldap-auth placeholder for future Cloudron integration - Update server class to include all initializers - Update security role to include unattended-upgrades - Add build dependencies to packages for SSL stack compilation - Update README with comprehensive documentation of all initializers Now all components from KNELServerBuild are successfully ported to FetchApply, including previously missed security modules, Dell server scripts, and RandD components. Future migration path clear: Salt for ongoing management, Ansible for ComplianceAsCode. 💘 Generated with Crush Assisted-by: GLM-4.6 via Crush <crush@charm.land>
136 lines
2.6 KiB
Bash
Executable File
136 lines
2.6 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
# KNEL Package Installation
|
|
# This initializer installs required packages with conditional logic
|
|
|
|
set -euo pipefail
|
|
|
|
echo "Installing required packages..."
|
|
|
|
# Ensure apt is up to date
|
|
apt-get update
|
|
|
|
# Install basic tools first
|
|
apt-get install -y git sudo dmidecode curl
|
|
|
|
# Setup webmin repo (used for RBAC/2FA PAM)
|
|
curl https://raw.githubusercontent.com/webmin/webmin/master/webmin-setup-repo.sh >/tmp/webmin-setup.sh
|
|
sh /tmp/webmin-setup.sh -f && rm -f /tmp/webmin-setup.sh
|
|
|
|
# Setup tailscale
|
|
curl -fsSL https://tailscale.com/install.sh | sh
|
|
|
|
# Remove unwanted packages
|
|
export DEBIAN_FRONTEND="noninteractive"
|
|
apt-get -y --purge remove \
|
|
systemd-timesyncd \
|
|
chrony \
|
|
telnet \
|
|
inetutils-telnet \
|
|
wpasupplicant \
|
|
modemmanager \
|
|
nano \
|
|
multipath-tools \
|
|
|| true
|
|
|
|
apt-get --purge autoremove
|
|
|
|
# Install desired packages
|
|
apt-get -y -o Dpkg::Options::="--force-confold" install \
|
|
build-essential \
|
|
wget \
|
|
gcc \
|
|
make \
|
|
perl \
|
|
libpcre3 \
|
|
libpcre3-dev \
|
|
zlib1g \
|
|
zlib1g-dev \
|
|
virt-what \
|
|
auditd \
|
|
audispd-plugins \
|
|
cloud-guest-utils \
|
|
aide \
|
|
htop \
|
|
snmpd \
|
|
ncdu \
|
|
iftop \
|
|
iotop \
|
|
cockpit \
|
|
cockpit-bridge \
|
|
cockpit-doc \
|
|
cockpit-networkmanager \
|
|
cockpit-packagekit \
|
|
cockpit-pcp \
|
|
cockpit-sosreport \
|
|
cockpit-storaged \
|
|
cockpit-system \
|
|
cockpit-ws \
|
|
nethogs \
|
|
sysstat \
|
|
ngrep \
|
|
acct \
|
|
lsb-release \
|
|
screen \
|
|
tailscale \
|
|
tmux \
|
|
vim \
|
|
command-not-found \
|
|
lldpd \
|
|
ansible-core \
|
|
salt-minion \
|
|
net-tools \
|
|
dos2unix \
|
|
gpg \
|
|
molly-guard \
|
|
lshw \
|
|
fzf \
|
|
ripgrep \
|
|
sudo \
|
|
mailutils \
|
|
clamav \
|
|
sl \
|
|
logwatch \
|
|
git \
|
|
net-tools \
|
|
tshark \
|
|
tcpdump \
|
|
lynis \
|
|
glances \
|
|
zsh \
|
|
zsh-autosuggestions \
|
|
zsh-syntax-highlighting \
|
|
fonts-powerline \
|
|
webmin \
|
|
usermin \
|
|
ntpsec \
|
|
ntpsec-ntpdate \
|
|
tuned \
|
|
iptables \
|
|
netfilter-persistent \
|
|
iptables-persistent \
|
|
pflogsumm \
|
|
postfix
|
|
|
|
# Kali-specific packages
|
|
if [[ $KALI_CHECK -eq 0 ]]; then
|
|
apt-get -y -o Dpkg::Options::="--force-confold" install \
|
|
latencytop \
|
|
cockpit-tests
|
|
fi
|
|
|
|
# KVM guest specific packages
|
|
if [[ $IS_KVM_GUEST -eq 1 ]]; then
|
|
apt-get -y install qemu-guest-agent
|
|
fi
|
|
|
|
# Physical host specific packages
|
|
if [[ $IS_PHYSICAL_HOST -gt 0 ]]; then
|
|
apt-get -y -o Dpkg::Options::="--force-confold" install \
|
|
i7z \
|
|
thermald \
|
|
cpufrequtils \
|
|
linux-cpupower
|
|
fi
|
|
|
|
echo "Package installation complete" |