RHEL 6 Hardening with shell scripts

Latest response

I'm a Systems Administrator; but I'm new to Shell Scripting. I have a task of hardening quite a number of servers - more than 20. To reduce the work load, I thought of writing shell scripts that would automate most of the things to be done. The organization wants the CIS Benchmark for RHEL 6 to be followed. I wrote 2 scripts, and tried running them. But it seems they are not working. I get the error the following errors:

-bash command not found --when I execute the script with its name. I did the chmod +x

the script runs when I run it with: sh script.sh
but I get these issues:
in /etc/fstab or /etc/tab
usage chkconfig [--list] [--type ] [name] ---shows me usage of chkconfig

Here is my script. what am I doing wrong ?

#!/bin/bash
# Title:    RHEL 6 Hardening
# Author:   Oageng Escobar Baruti
# Date:     24/08/2015
#
# DESCRIPTION: DISABLE / REMOVE / STOP / START / CONFIGURE
#
# Configure File Systems
cp /etc/fstab /etc/fstab.`date +%d%m%Y_%H:%M.%S`
mount -o remount,nodev /tmp
mount -o remount,nosuid /tmp
mount -o remount,noexec /tmp
mount --bind /tmp /var/tmp
mount -o remount,nodev /home
mount -o remount,nodev /dev/shm
mount -o remount,nosuid /dev/shm
mount -o remount,noexec /dev/shm
#
# Disable / Stop Unneccessary Services / Daemons
chkconfig rhnsd off
chkconfig chargen-dgram off
chkconfig chargen-stream off
chkconfig daytime-dgram off
chkconfig daytime-stream off
chkconfig echo-dgram off
chkconfig echo-stream off
chkconfig tcpmux-server off
chkconfig avahi-daemon off
chkconfig cups off
chkconfig nfslock off
chkconfig rpcgssd off
chkconfig rpcbind off
chkconfig rpcidmapd off
chkconfig rpcsvcgssd off
#
#
# Start Important Services
#
#
# Remove Uncessary / Unneeded Packages / Programs
yum erase mcstrans
yum erase telnet-server
yum erase telnet
yum erase rsh-server
yum erase rsh
yum erase ypbind
yum erase ypserv
yum erase tftp
yum erase tftp-server
yum erase talk
yum erase talk-server
yum erase xinetd
yum erase dhcp
yum erase openldap-servers
yum erase openldap-clients
yum erase bind
yum erase vsftpd
yum erase httpd
yum erase dovecot
yum erase samba
yum erase squid
yum erase net-snmp
yum erase setroubleshoot
yum remove xorg-x11-server-common
#
# Configure Networking / Firewalls
#chkconfig iptables on
chkconfig iptables off
chkconfig ip6tables off
#
#
yum install tcp_wrappers
#
OB
Log in to join the conversation

Responses

Robert Krátký's picture Red Hat Guru 3240 points
26 August 2015 9:26 AM

Hi,

You're probably getting command not found because you're not specifying the path to the script. Unless the script is in a directory that Bash searches for executables (the $PATH environment variable), it doesn't know about it. So, to run a script that's in the same directory you're in, use:

./script_name.sh

About the other problems: Could you please describe the /etc/fstab and chkconfig errors in more detail? I'm not sure I understand what's happening from your description.

Btw, you can specify multiple parameters after the -o option of the mount command. For example:

mount -o remount,nodev,nosuid,noexec /tmp
OB Community Member 65 points
26 August 2015 9:34 AM

When I use:

./script_name.sh

I get this error:
-bash: ./script_name: /bin/bash^M: bad interpreter: No such file or directory

Robert Krátký's picture Red Hat Guru 3240 points
26 August 2015 9:35 AM

It just occurred to me (after reading your other question)... What editor are you using to write these scripts? It looks like the end of lines could be behind the problem (adding an unseen character that gets interpreted by Bash, thus causing errors).

OB Community Member 65 points
26 August 2015 9:39 AM

chkconfig seems not to execute. I receive this text from the shell proompt:

chkconfig version 1.3.49.3 - Copyright (C) 1997-2000 Red Hat, Inc.
This may be freely redistributed under the terms of the GNU Public License.

usage:   chkconfig [--list] [--type <type>] [name]
         chkconfig --add <name>
         chkconfig --del <name>
         chkconfig --override <name>
         chkconfig [--level <levels>] [--type <type>] <name> <on|off|reset|resetpriorities>
chkconfig version 1.3.49.3 - Copyright (C) 1997-2000 Red Hat, Inc.
This may be freely redistributed under the terms of the GNU Public License.

probably trying to show me how to use chkconfig properly. But when I run the same commands manually at the shell prompt; they execute without problems. From the script, they seem to fail.

OB Community Member 65 points
26 August 2015 9:42 AM

notepad++ on Windows. but I viewed the script with vi. I didn't see any characters. how can I purify it ?

Siem Korteweg's picture Guru 1450 points
26 August 2015 9:44 AM

Please use

tr -d "^M" <command >new_command

use control V followed by control M to get ^M

OB Community Member 65 points
26 August 2015 10:15 AM

where do I use this. Please illustrate with examples. I'm still a novice with shell scripts.

tr -d "^M" <command >new_command
use control V followed by control M to get ^M
OB Community Member 65 points
26 August 2015 10:35 AM

anybody who can help with getting my script above to run ?

Siem Korteweg's picture Guru 1450 points
26 August 2015 10:49 AM

Issue the tr command in an interactive shell in the directory where your script is. It reads from stdin (in the example redirected from your command script) and writes the result on stdout (in the example redirected to the file new_command). Then chmod u+x new_command and run ./new_command.

Jamie Bainbridge's picture Red Hat Guru 7257 points
26 August 2015 12:49 PM

Windows/DOS and UNIX/Linux have different line endings. DOS format is CR and LF, which are Carriage Return then Line Feed. UNIX line endings are just LF, Line Feed. You can't see these easily in a text editor, but they are there.

You can read more about this at: https://en.wikipedia.org/wiki/Newline

The ^M you are seeing is the shell trying to run your command with the wrong line ending.

You can solve this in several ways, all of which involve replacing the CR with nothing.

You could go to Notepad++ and save your file with UNIX line endings instead of DOS line endings, then copy the file back over.

You could use this substitution in sed, do it in the same place as your script:

sed -i 's/\r$//' script.sh

This means "find all instances of \r (the Carriage Return) before the end of a line, and replace the CR with nothing".

This will leave the Line Feed character \n so your files will be converted from DOS to UNIX.

The backslash here is known as an escape character: https://en.wikipedia.org/wiki/Escape_character.

OB Community Member 65 points
26 August 2015 2:06 PM

Thank you very much. The solution to remove the unwanted characters fixed my problems. Now I can run the scripts without any issues.
Thank you everybody.

sed -i 's/\r$//' script.sh
OB Community Member 65 points
26 August 2015 2:10 PM

1 last thing: How can I output the results of the entire script to a text file ?

can I do this:

./script_name >> /destination/text_file
OB Community Member 65 points
26 August 2015 3:39 PM

Yes. Thanks again

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.