[Community Manager]

The team is debugging this issue, we will keep you informed. Thanks for notifying us Marc.

[Community Manager]

To ensure patches don’t disrupt business operations, I follow a structured approach: patches are thoroughly tested in a controlled environment to detect compatibility issues, prioritized based on risk, and rolled out gradually with continuous monitoring. I coordinate with stakeholders to schedule deployments during low-impact windows and always have backups and rollback plans ready. Leveraging automated tools ensures efficiency, and post-deployment validation confirms systems function as expected. This proactive and iterative process balances security with operational continuity.

[Community Manager]

Based on detected vulnerability, SanerNow calculates an easily exploitable percentage.
If your exploit percentage is high, your hygiene score will be lower.

It will always be a good practice to keep that percentage low by patching regularly

Let me know if this could help you

[Community Manager]

As of now, SanerNow has integrations with FreshDesk and ServiceNow

In future we will also integrate with other ticketing systems like JIRA, Zendesk etc

[Community Manager]

SanerNow addresses this challenge effectively by providing a streamlined patch management solution. It automatically identifies outdated or vulnerable macOS and Adobe applications, downloads the necessary patches, and applies them without requiring manual intervention.

This process ensures that your systems are always up-to-date, reducing the risk of vulnerabilities being exploited while saving time and effort for IT administrators. By automating the patching process, SanerNow minimizes downtime and enhances the overall security posture of your organization.

Want to experience this seamless automation firsthand? Start your free trial today or schedule a demo with our experts to see how SanerNow can simplify your patch management process.

We’re here to help you secure your systems without the hassle!

[Community Manager]

Thank you for sharing this useful information! Setting the hostname, local hostname, and computer name correctly is indeed a best practice, especially for maintaining clarity in network environments and ensuring smooth connectivity.

Your provided commands are spot on for Mac users who may encounter this issue. I’d like to add a small note:

Before setting the names, it’s a good idea to verify the current settings using:

sudo scutil –get HostName
sudo scutil –get LocalHostName
sudo scutil –get ComputerName

This helps to confirm if changes are necessary.

[Community Manager]

Ubuntu Repo Final

echo “#################################################################################################################”
echo -e “\033[1;31mChecking the reachability of primary URLs… Please be patient\033[0m”
echo “#################################################################################################################”
echo “”

# Check if lsb_release command is available
if command -v lsb_release > /dev/null; then
ubuntu_version=$(lsb_release -rs)
echo “Ubuntu version: $ubuntu_version”
else
echo “lsb_release command not found. Unable to determine Ubuntu version.”
fi

hosts=(
“archive.ubuntu.com”
“security.ubuntu.com”
)

for host in “${hosts[@]}”; do
if ping -c 1 “$host” >/dev/null 2>&1; then
echo -e “\033[1;32m$host is reachable.\033[0m”
else
echo -e “\033[1;31m$host is not reachable.\033[0m”
fi
done

echo “”

if sudo apt-get -y install curl > /dev/null 2>&1; then
echo “curl has been successfully installed.”
else
echo “Failed to install curl.”
fi

echo “”
echo “”

echo “Checking reachability of primary URLs…”

URLS=(
“http://archive.ubuntu.com”
“http://security.ubuntu.com”
)

reachable_count=0
attempted_count=${#URLS[@]}
reachable=true

for url in “${URLS[@]}”; do
echo “Checking $url…”

# Check port 80 (HTTP)
curl -sI “$url” > /dev/null
http_status=$?

# Check port 443 (HTTPS)
curl -sI “$url” –insecure > /dev/null
https_status=$?

if [ $http_status -eq 0 ] || [ $https_status -eq 0 ]; then
echo “Reachable: $url”
((reachable_count++))
else
echo “Not Reachable: $url”
reachable=false
fi

echo “”
done

echo “Attempted: $attempted_count”
echo “Reachable: $reachable_count”

echo “”

if [ “$reachable” = true ]; then
echo -e “\033[1;32mPre-requisite Check Completed successfully. Script Execution will continue \033[0m”
echo “”
else
echo -e “\033[1;31mPre-requisite failure: do you still want to Proceed. Press Enter to proceed.\033[0m”
echo “”
read -r
fi

############################################################################## PRE RE-Requiste tools#############################################################################################

echo -e “\033[1;31mStarted the Ubuntu Repo Creation… Please be Patient\033[0m\n”
echo “#################################################################################################################”
echo “”
echo -e “\x1b[30;44m Downloading the Pre-Requistite tools and Applications \x1b[m”

# Function to check the success of an application installation
check_installation() {
app_name=$1
if [ $? -eq 0 ]; then
echo “$app_name installed successfully.”
else
echo “$app_name installation failed.”
read -p “Do you want to continue? (y/n): ” choice
if [ “$choice” != “y” ]; then
echo “Exiting…”
exit 1
else
echo “Continuing…”
fi
fi
}

echo “Updating package list…”
sudo apt-get update
check_installation “Package Update”

echo “Installing wget…”
sudo apt-get -y install wget
check_installation “wget”

echo “Installing curl…”
sudo apt-get -y install curl
check_installation “curl”

echo “Installing net-tools…”
sudo apt-get -y install net-tools
check_installation “net-tools”

echo “Installing vim…”
sudo apt-get -y install vim
check_installation “vim”

echo “Installing cron…”
sudo apt install cron
check_installation “cron”

echo “Enabling cron service…”
sudo systemctl enable cron
check_installation “Enable cron service”

echo “Starting cron service…”
sudo systemctl start cron.service
check_installation “Start cron service”

echo “”
echo -e “\x1b[30;44m Installing Apache Application \x1b[m”
echo “”
sudo apt install apache2 -y
check_installation “Apache Application”
echo -e “\033[1;31mInstallation Completed \033[0m\n”

echo -e “\x1b[30;44m Enabling Apache Application \x1b[m”
sudo systemctl enable apache2
check_installation “Enable Apache”
echo -e “\033[1;31mEnabling the Apache Completed\033[0m\n”

echo -e “\x1b[30;44m Checking the Apache service is in running state \x1b[m”
STATUS=”$(systemctl is-active apache2)”
if [ “${STATUS}” = “active” ]; then
echo “Apache is running…..”
else
echo ” Apache is not running…. so exiting ”
exit 1
fi

################################################################### Validations ########################################################################################################

# Function to check the success of a command execution
check_command() {
command_description=$1
if [ $? -eq 0 ]; then
echo “$command_description completed successfully.”
else
echo “$command_description failed.”
read -p “Do you want to continue? (y/n): ” choice
if [ “$choice” != “y” ]; then
echo “Exiting…”
exit 1
else
echo “Continuing…”
fi
fi
}

echo -e “\x1b[30;44mCreating the Repo Root Directory and owning the permissions. PLease enter the partition where teh suficient storage space is there to download the updates\x1b[m”
sudo mkdir -p /opt/apt-mirror
sudo chown www-data:www-data /opt/apt-mirror
check_command “Create Repo Root Directory and Set Permissions”

echo -e “\x1b[30;44mInstalling APT Mirror application \x1b[m”
sudo apt install apt-mirror -y
sudo apt update
check_command “Install APT Mirror Application”

echo -e “\x1b[30;44mBacking up /etc/apt/mirror.list \x1b[m”
sudo cp /etc/apt/mirror.list /etc/apt/mirror.list.bak
check_command “Backup /etc/apt/mirror.list”

echo -e “\x1b[30;44mMaking var folder \x1b[m”
sudo mkdir -p /opt/apt-mirror/ubuntu/var
check_command “Create var folder”

echo -e “\x1b[30;44mCopying post script into /opt/apt-mirror/ubuntu/var/ and Configuring the /etc/apt/mirror.list… Please be Patient…..\x1b[m”
sudo cp /var/spool/apt-mirror/var/postmirror.sh /opt/apt-mirror/ubuntu/var/
sudo mv /etc/apt/mirror.list /etc/apt/mirror.list.bak
rm -rf /etc/apt/mirror.list
check_command “Copy post script and Configure /etc/apt/mirror.list”

echo -e “\033[1;31mFile Copied and Backup is done \033[0m\n”

############################################################# HANDLING APT MIRROR LIST WITH INPUTS #####################################################################################

echo -e “\x1b[30;44mUpdating the /etc/apt/mirror.list file \x1b[m”

# Prompt the user for the OS versions
echo “Now enter the Ubuntu Verion numbers”
echo “For APT Mirror List Configuration, please specify the desired OS versions. Choose only the necessary versions to minimize storage space utilization? (e.g., 18,20,22)”
read os_versions

 

# Split the input into an array
IFS=’,’ read -ra os_versions_array <<< “$os_versions”

# Validate the user input
for os_version in “${os_versions_array[@]}”; do
if [ “$os_version” != “18” ] && [ “$os_version” != “20” ] && [ “$os_version” != “22” ]; then
echo “Invalid OS version selected: $os_version. Exiting…”
exit 1
fi
done

# Append configuration based on the selected OS versions
echo “set base_path /opt/apt-mirror” >> /etc/apt/mirror.list
echo “set nthreads 20” >> /etc/apt/mirror.list
echo “set _tilde 0” >> /etc/apt/mirror.list

for os_version in “${os_versions_array[@]}”; do
if [ “$os_version” == “22” ]; then
echo “### Ubuntu Jammy Jellyfish 22.04” >> /etc/apt/mirror.list
echo “deb http://archive.ubuntu.com/ubuntu jammy main restricted universe multiverse” >> /etc/apt/mirror.list
echo “deb http://archive.ubuntu.com/ubuntu jammy-security main restricted universe multiverse” >> /etc/apt/mirror.list
echo “deb http://archive.ubuntu.com/ubuntu jammy-updates main restricted universe multiverse” >> /etc/apt/mirror.list
echo “deb http://archive.ubuntu.com/ubuntu jammy-backports main restricted universe multiverse” >> /etc/apt/mirror.list
elif [ “$os_version” == “20” ]; then
echo “### Ubuntu Focal 20.04” >> /etc/apt/mirror.list
echo “deb http://archive.ubuntu.com/ubuntu focal main restricted universe multiverse” >> /etc/apt/mirror.list
echo “deb http://archive.ubuntu.com/ubuntu focal-security main restricted universe multiverse” >> /etc/apt/mirror.list
echo “deb http://archive.ubuntu.com/ubuntu focal-updates main restricted universe multiverse” >> /etc/apt/mirror.list
echo “deb http://archive.ubuntu.com/ubuntu focal-backports main restricted universe multiverse” >> /etc/apt/mirror.list
elif [ “$os_version” == “18” ]; then
echo “### Ubuntu Bionic 18.04” >> /etc/apt/mirror.list
echo “deb http://archive.ubuntu.com/ubuntu bionic main restricted universe multiverse” >> /etc/apt/mirror.list
echo “deb http://archive.ubuntu.com/ubuntu bionic-security main restricted universe multiverse” >> /etc/apt/mirror.list
echo “deb http://archive.ubuntu.com/ubuntu bionic-updates main restricted universe multiverse” >> /etc/apt/mirror.list
echo “deb http://archive.ubuntu.com/ubuntu bionic-backports main restricted universe multiverse” >> /etc/apt/mirror.list
fi
done

echo “clean http://archive.ubuntu.com/ubuntu&#8221; >> /etc/apt/mirror.list

echo -e “\033[1;31mUpdated the Configuration\033[0m\n”

echo -e “\x1b[30;44mConfigure Apache … Please be Patient….. \x1b[m”
cd /var/www/html/
cd /var/www/html/
cd /var/www/html/
echo “$PWD”
ln -s /opt/apt-mirror/mirror/archive.ubuntu.com/ubuntu/ ./ubuntu
ls -ltra
echo -e “\033[1;31mConfiguration Done\033[0m\n”
##################################################################################################################################################################

 

# Prompt the user for the Ubuntu releases
echo “Specify the required Ubuntu releases for Daily Sync in /root/ubuntucnf.sh (e.g., 18, 20, 22).”
read user_releases

# Split the input into an array
IFS=’,’ read -ra user_releases_array <<< “$user_releases”

# Validate the user input
for user_release in “${user_releases_array[@]}”; do
if [ “$user_release” != “18” ] && [ “$user_release” != “20” ] && [ “$user_release” != “22” ]; then
echo “Invalid Ubuntu release selected: $user_release. Exiting…”
exit 1
fi
done

# Generate the content for ubuntucnf.sh based on the selected releases
cat > “/root/ubuntucnf.sh” <<EOF

EOF

# Generate configurations and append to ubuntucnf.sh
generate_configs() {
for user_release in “${user_releases_array[@]}”; do
case “$user_release” in
18)
release=”bionic”
;;
20)
release=”focal”
;;
22)
release=”jammy”
;;
*)
# Handle invalid input
echo “Invalid Ubuntu release selected: $user_release. Exiting…”
exit 1
;;
esac

# Append configurations for the selected release
cat >> “/root/ubuntucnf.sh” <<EOF
# Specify the Ubuntu release
release=”${release}”

# Function to download and process CNF files
download_cnf() {
for p in “\${release}”{,-{security,updates,backports}}/{main,restricted,universe,multiverse}; do
>&2 echo “\${p}”
wget -q -c -r -np -R “index.html*” “http://archive.ubuntu.com/ubuntu/dists/\${p}/cnf/Commands-amd64.xz”
done
}

# Function to download and process DEP11 icon files
download_dep11_icons() {
for p in “\${release}”{,-{security,updates,backports}}/{main,restricted,universe,multiverse}; do
>&2 echo “\${p}”
wget -q -c -r -np -R “index.html*” “http://archive.ubuntu.com/ubuntu/dists/\${p}/dep11/icons-64×[email protected]”
wget -q -c -r -np -R “index.html*” “http://archive.ubuntu.com/ubuntu/dists/\${p}/dep11/icons-64×64.tar.gz”
wget -q -c -r -np -R “index.html*” “http://archive.ubuntu.com/ubuntu/dists/\${p}/dep11/icons-48×48.tar.gz”
done
}

# Function to download and process binary packages for i386 architecture
download_binary_packages() {
for p in “\${release}”{,-{security,updates,backports}}/{main,restricted,universe,multiverse}; do
>&2 echo “\${p}”
wget -q -c -r -np -R “index.html*” “http://archive.ubuntu.com/ubuntu/dists/\${p}/binary-i386/Packages.gz”
gunzip archive.ubuntu.com/ubuntu/dists/\${p}/binary-i386/Packages.gz
done
}

# Execute the functions for the selected release
download_cnf
download_dep11_icons
download_binary_packages

# Copy downloaded files to the mirror directory
#cp -r /root/archive.ubuntu.com/ubuntu/dists/ /opt/apt-mirror/mirror/archive.ubuntu.com/ubuntu/

# Remove temporary files
#rm -rf /root/archive.ubuntu.com

EOF
done
}

# Generate configurations and append to ubuntucnf.sh
generate_configs

# Make ubuntucnf.sh executable
chmod +x “/root/ubuntucnf.sh”

cat > /root/dailysync.sh << ‘EOF’
#!/bin/bash

log_file=”/root/apt_update.log”

log() {
echo “$(date ‘+%Y-%m-%d %H:%M:%S’) – $*” >> “$log_file”
}

check_apt_update() {
log “Running apt-get update…”
update_output=$(sudo apt-get update)

if [ $? -eq 0 ]; then
log “APT update successful.”
return 0
else
log “APT update failed.”
log “$update_output”
return 1
fi
}

log “Script ran on ($(date ‘+%Y-%m-%d %H:%M:%S’))”

check_apt_update

max_retries=5

for i in $(seq 1 $max_retries); do
log “Running apt-mirror…”
/usr/bin/apt-mirror >> “$log_file” 2>&1
log “Running ubuntucnf.sh…”
/root/ubuntucnf.sh >> “$log_file”

if [ $? -eq 0 ]; then
log “Copying downloaded files to the mirror directory…”
cp -r /root/archive.ubuntu.com/ubuntu/dists/ /opt/apt-mirror/mirror/archive.ubuntu.com/ubuntu/
else
log “ubuntucnf.sh failed. Skipping copy operation.”
fi

log “Removing temporary files…”
rm -rf /root/archive.ubuntu.com

sleep 50

check_apt_update
if [ $? -eq 0 ]; then
log “Scripts completed successfully. Exiting.”
exit 0
else
log “Retry $i of $max_retries…”
fi

sleep 50

done

log “Maximum retries reached. Scripts and APT-GET update failed.”
exit 1
EOF

chmod +x /root/dailysync.sh

# Prompt the user for further actions
echo “Configurations for selected Ubuntu releases have been appended to /root/ubuntucnf.sh.”
echo “The script has been made executable. You can manually run the script or add it to your cron jobs.”

################################################################################ HANDLING APT-MIRROR AND CRON JOB ##############################################################################################
sudo chmod +x /root/ubuntucnf.sh
ls -ltra /root/ubuntucnf.sh

echo -e “\x1b[30;44mCreating the configuration for the daily sync using Contab … This will run on everday at 1 AM and 1 PM hours….. \x1b[m”
rm /tmp/cron.bak
echo -e “0 5,17 * * * bash /root/dailysync.sh > /root/dailysync_lastrun.log 2>&1” >> /tmp/cron.bak
crontab /tmp/cron.bak
crontab -l
echo -e “\033[1;31mCron Job Created\033[0m\n”

echo -e “\x1b[30;44mStarting the apt-mirror. This will replicate the packages from Public Ubuntu Repo to the Local Ubuntu Repo….. This will take time, please be patient\x1b[m”
sudo apt-mirror
sudo cp /var/spool/apt-mirror/var/postmirror.sh /opt/apt-mirror/var/
sudo apt-mirror
echo -e “\x1b[30;44mUbuntu Repo Sync Completed…… Please point the client devices to the Repo.\x1b[m”

 

[Community Manager]

RHEL_9 Manual

echo “#################################################################################################################”
echo -e “\033[1;31mChecking the reachability of primary URLs… Please be patient\033[0m”
echo “#################################################################################################################”

echo “Checking if RHEL is registered…”

redhat_release=”/etc/redhat-release”

if [ -e “$redhat_release” ] && grep -qi “Red Hat Enterprise Linux” “$redhat_release”; then
echo “RHEL is registered.”
else
echo “RHEL is not registered. Please register your system before proceeding.”
exit 1
fi

echo “”

echo “Checking the status of subscription-manager repositories…”

# Run subscription-manager repos –list and store the output in a variable
repo_list_output=$(sudo subscription-manager repos –list)

# Function to check if a repository is listed and print its status
check_repo() {
repo_name=$1
if [[ $repo_list_output =~ “$repo_name” ]]; then
echo “Repository $repo_name is listed.”
else
echo “Repository $repo_name is not listed.”
read -p “Do you want to continue? (y/n): ” choice
if [ “$choice” != “y” ]; then
echo “Exiting…”
exit 1
else
echo “Continuing without $repo_name…”
fi
fi
}

# Check repositories and print their status
check_repo “rhel-9-for-x86_64-baseos-rpms”
check_repo “rhel-9-for-x86_64-appstream-rpms”
echo “”
echo “”

echo “Checking reachability of primary URLs…”

URLS=(
“https://access.redhat.com&#8221;
“https://cdn.datatables.net&#8221;
“https://sso.redhat.com&#8221;
“https://access.cdn.redhat.com&#8221;
“https://static.redhat.com&#8221;
“https://www.redhat.com&#8221;
“https://cdn.jsdelivr.net&#8221;
“https://code.jquery.com/&#8221;
“https://dl.fedoraproject.org&#8221;
)

reachable_count=0
attempted_count=${#URLS[@]}
reachable=true

for url in “${URLS[@]}”; do
echo “Checking $url…”

# Check port 80 (HTTP)
curl -sI “$url” > /dev/null
http_status=$?

# Check port 443 (HTTPS)
curl -sI “$url” –insecure > /dev/null
https_status=$?

if [ $http_status -eq 0 ] || [ $https_status -eq 0 ]; then
echo “Reachable: $url”
((reachable_count++))
else
echo “Not Reachable: $url”
reachable=false
fi

echo “”
done

echo “Attempted: $attempted_count”
echo “Reachable: $reachable_count”

if [ “$reachable” = true ]; then

echo “”
echo -e “\033[1;32mPre-requisite Check Completed successfully. Script Execution will continue \033[0m”
echo “”
else
echo -e “\033[1;31mPre-requisite failure: do you still want to Proceed. Press Enter to proceed.\033[0m”
echo “”
read -r
fi

echo “#################################################################################################################”
echo -e “\033[1;31mStarted the RHEL 9 Repo Creation… Please be Patient\033[0m”
echo “#################################################################################################################”

echo “”
echo -e “\x1b[30;44m Downloading the Pre-Requistite tools and Applications \x1b[m”
echo “”
sudo yum check-update
sudo yum install -y wget
sudo yum install -y curl
sudo yum install -y openssh-server
sudo yum install -y net-tools
sudo yum install -y vim
sudo yum install -y cronie
sudo yum install -y tree

# Get OS version
os_version=$(cat /etc/redhat-release | cut -d’.’ -f1 | awk ‘{print $NF}’)

echo “”
# Print OS version with a full green line
echo -e “\e[32mThe OS version running on the device is: $os_version\e[0m”

# Additional logic for RHEL 9
if [ “$os_version” = “9” ]; then
echo -e “\e[32m”
echo “#############################################################################################”
echo ” RED_HAT 9 REPO Creation”
echo “#############################################################################################”
echo -e “\e[0m”
fi

################################################# NGINX ######################################################################################

echo -e “\x1b[30;44m Installing Nginx HTTP server\x1b[m”

echo “”
echo -e “Do you want to have the EPEL (Extra Packages for Enterprise Linux)? Below are the advantages and disadvantages of having it:”
echo “”
echo -e “\e[32mAdvantages:\e[0m”
echo “- Provides additional community-supported packages not included in the default RHEL repositories.”
echo “- Expands software options for users.”

echo “”
echo -e “\e[31mDisadvantages:\e[0m”
echo “- Community-supported packages may not have the same level of testing and support as official RHEL packages.”
echo “- Security and stability depend on the community’s maintenance and updates.”
echo “”
echo “”
read -p “Do you want to download and install the EPEL_release package? (y/n): ” proceed_epel
if [ “$proceed_epel” == “y” ]; then
echo -e “\e[32mDownloading and installing the EPEL_release package…\e[0m\n”
sudo yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm
sudo yum install -y epel-release
echo -e “\e[32mEPEL (Extra Packages for Enterprise Linux) in RHEL (Red Hat Enterprise Linux) provides additional community-supported packages not included in the default RHEL repositories, expanding software options for users.\e[0m\n”
fi

echo “”
echo -e “\e[32mInstalling Nginx WebServer\e[0m”
echo “”
# Proceo d with Nginx installation regardless of the EPEL installation status
sudo yum install -y nginx
if [ $? -ne 0 ]; then
echo -e “\033[1;31mInstallation Failed\033[0m\n”
read -p “Do you want to proceed with the installation of Nginx? (y/n): ” proceed_nginx
if [ “$proceed_nginx” != “y” ]; then
echo “Exiting…”
exit 1
fi
fi

echo -e “\e[32mInstallation Completed\e[0m”

####################################################################################################################################

echo “”

echo -e “\x1b[30;44m Starting the Nginx and Enabling the Application \x1b[m”
sudo systemctl start nginx
sudo systemctl enable nginx

if [ $? -ne 0 ]; then
echo -e “\033[1;31mFailed to start Nginx or enable the service\033[0m\n”
read -p “Do you want to proceed? (y/n): ” proceed
if [ “$proceed” != “y” ]; then
echo “Exiting…”
exit 1
fi
fi

echo “”
echo -e “\e[32mEnabling the Nginx Completed\e[0m”
echo “”

echo -e “\x1b[30;44m Checking the Nginx service status \x1b[m”
STATUS=”$(systemctl is-active nginx)”

if [ “${STATUS}” != “active” ]; then
echo “Nginx service is not running.”
read -p “Do you want to proceed? (y/n): ” PROCEED

if [ “${PROCEED}” != “y” ]; then
echo “Exiting…”
exit 1
fi
else

echo -e “\e[32mNginx service is running……..\e[0m”
fi

echo “”

echo -e “\x1b[30;44m Handling the Firewall rules to permit inbound packets on HTTP and HTTPS \x1b[m”

echo “”

echo “Handling the Firewall Settings and performing actions on unmask,starting and enable firewalld”

 

# Function to check if a command was successful
check_command_status() {
if [ $? -eq 0 ]; then
echo “Command successful.”
else
echo “Command failed.”
read -p “Do you want to continue? (y/n): ” choice
if [ “$choice” != “y” ]; then
echo “Exiting.”
exit 1
fi
fi
}

# Unmask firewalld
sudo systemctl unmask firewalld
check_command_status

# Start firewalld
sudo systemctl start firewalld
check_command_status

# Enable firewalld
sudo systemctl enable firewalld
check_command_status

echo “”

echo “All commands executed successfully.”

echo “”

echo “Allow web traffic over HTTP in Firewall”
sudo firewall-cmd –zone=public –permanent –add-service=http
echo “Allow web traffic over HTTPS in Firewall”
sudo firewall-cmd –zone=public –permanent –add-service=https
sudo firewall-cmd –permanent –add-port={80/tcp,443/tcp}
echo “Reloading Firewall Configuration”
sudo firewall-cmd –reload
if [ $? -ne 0 ]; then
echo -e “\033[1;31mFailed to configure the firewall\033[0m\n”
read -p “Do you want to proceed? (y/n): ” proceed
if [ “$proceed” != “y” ]; then
echo “Exiting…”
exit 1
fi
fi
echo “”

echo -e “\e[32mFirewall Configuration done\e[0m”

echo “”

#######################################################################################################################################

#To check if the Nginx is setup fine

ip_address=$(ip addr show $(ip route | awk ‘/default/ { print $5 }’) | grep “inet” | head -n 1 | awk ‘/inet/ {print $2}’ | cut -d’/’ -f1)
# Check if the input is a valid IPv4 address
if [[ $ip_address =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
# If valid, append http:// and print the result
http_ip=”http://$ip_address/&#8221;
echo -e “\033[1;32mPlease access the URL to check if the Nginx is setup fine: $http_ip\033[0m\n”
else
echo “Invalid IP address format!”
fi

echo “Pausing the script until you check the Nginx is up and running.”
# Pause until the user presses Enter
read -p “Press Enter to continue…”
read -p “Press Enter to continue…”

echo “”
echo “”

echo “Checking if there are any outdated folder in the /var/cache/dnf/rhel-9-for-x86_64- folders.”

## Deleting Folder /var/cache/dnf/rhel-9-for-x86_64-appstream-rpms-*

# Specify the directory
directory=”/var/cache/dnf/”
# Get today’s date in the format YYYY-MM-DD
today=$(date “+%Y-%m-%d”)

# Print the current directory structure in green
echo -e “\e[32mCurrent Directory Structure:\e[0m”
tree “$directory”

echo “Renaming folders named ‘rhel-9-for-x86_64’ to ‘Backup_duplicate_rhel-9’ created before $today in $directory”
# Use find to locate and rename folders
found_folders=$(find “$directory” -type d -name “rhel-9-for-x86_64” ! -newermt “$today”)

if [ -n “$found_folders” ]; then
echo -e “\e[32mFound matching folders:\e[0m”
echo “$found_folders”

# Rename the folders
echo “$found_folders” | xargs -I {} mv {} {}/Backup_duplicate_rhel-9

echo -e “\e[32mRenaming complete.\e[0m”
else
echo “No duplicate copies found.”
fi

########################################################### Yum Utils #################################################################################
echo “”

echo -e “\x1b[30;44mInstalling the required packages for creating repo \x1b[m”
echo “”
if sudo yum install -y yum-utils createrepo httpd; then
echo -e “\e[32mUpdates done \e[0m”
else
echo “Failed to install required packages. Do you want to proceed to the next step? (y/n)”
read choice
if [ “$choice” != “y” ]; then
exit 1
fi
fi

echo “”

echo -e “\x1b[30;44mCreating directories /var/www/html/rhel9/baseOS and /var/www/html/rhel9/AppStream \x1b[m”
echo “”

# Default directory paths
baseOS_dir=”/var/www/html/rhel9/baseOS”
AppStream_dir=”/var/www/html/rhel9/AppStream”

read -e -p “1. Do you wish to go with the default folder creation under $baseOS_dir and $AppStream_dir? (y/n): ” use_default
echo “”

if [ “$use_default” == “n” ]; then
read -e -p “2. Please enter the directory path for baseOS (hit Enter for default $baseOS_dir): ” custom_baseOS_dir
echo “”
read -e -p ” Please enter the directory path for AppStream (hit Enter for default $AppStream_dir): ” custom_AppStream_dir
echo “”
# Set directory paths based on user input or use defaults
baseOS_dir=${custom_baseOS_dir:-$baseOS_dir}
AppStream_dir=${custom_AppStream_dir:-$AppStream_dir}
fi

echo “”
# Create directories
if mkdir -p “$baseOS_dir” && \
mkdir -p “$AppStream_dir”; then
echo “$baseOS_dir”
echo “$AppStream_dir”
echo -e “\e[32mDirectories created successfully \e[0m”
else
echo “Failed to create directories. Do you want to proceed to the next step? (y/n)”
read choice
if [ “$choice” != “y” ]; then
exit 1
fi
fi

echo “”

echo -e “\x1b[30;44mEnabling the required Repos \x1b[m”
echo “”

# Enable repositories
sudo subscription-manager repos –enable=rhel-9-for-x86_64-baseos-rpms
sudo subscription-manager repos –enable=rhel-9-for-x86_64-appstream-rpms

echo “”

read -p “If the Repos are Enabled. Press Enter to continue… if not Ctrl + c to exit ”
echo “”
echo -e “\e[32mEnabled the Repos successfully \e[0m”
read -p “Press Enter to continue…”

echo “”

echo -e “\x1b[30;44mConfiguring the reposync to synchronize RHEL9\x1b[m”
echo “”
if reposync -p “$baseOS_dir” –download-metadata –repo=rhel-9-for-x86_64-baseos-rpms && \
reposync -p “$AppStream_dir” –download-metadata –repo=rhel-9-for-x86_64-appstream-rpms; then
echo -e “\033[1;31mSynchronization done \033[0m\n”
else
echo “Failed to synchronize repositories. Do you want to proceed to the next step? (y/n)”
read choice
if [ “$choice” != “y” ]; then
exit 1
fi
fi
echo -e “\e[32mReposync completed successfully \e[0m”

echo “”

echo -e “\x1b[30;44mCreate Repodata for each repo\x1b[m”
if createrepo -v “$baseOS_dir” && \
createrepo -v “$AppStream_dir”; then
echo -e “\e[32mCreated Repodata successfully \e[0m”
else
echo “Failed to create Repodata. Do you want to proceed to the next step? (y/n)”
read choice
if [ “$choice” != “y” ]; then
exit 1
fi
fi

########################################################### Yum Utils #################################################################################
read -p “Press Enter to continue…”
read -p “Press Enter to continue…”

 

echo “”
echo -e “\x1b[30;44mConfiguring the updateinfo.xml file for RHEL repo\x1b[m”
# Add your commands for configuring updateinfo.xml here
#FOR AppStream Repo:

 

# Function to prompt for continuation
prompt_continue() {
read -p “Do you want to continue to the next step? (y/n): ” choice
if [ “$choice” != “y” ]; then
exit 1
fi
}

# Function to print in green color
print_green() {
echo -e “\e[32m$1\e[0m”
}

# Function to print in red color
print_red() {
echo -e “\e[31m$1\e[0m”
}

# For AppStream Repo:

# Directory containing the gzipped files
appstream_directory=”$AppStream_dir/repodata/”
cache_directory_pattern=”/var/cache/dnf/rhel-9-for-x86_64-appstream-rpms-*/repodata/”

echo “”
echo “Deleting files with ‘updateinfo’ in the name in $appstream_directory”

# Use rm to delete files
if rm -f “$appstream_directory”*updateinfo*; then
echo “Deletion complete.”
echo “”
else
echo “Failed to delete files. Please check permissions or try again.”
prompt_continue
fi

# Find directories matching the pattern and iterate through them
for cache_directory in $cache_directory_pattern; do
# Check if files exist before proceeding
updateinfo_files=(“$cache_directory”*-updateinfo.xml.gz)
if [ ${#updateinfo_files[@]} -eq 0 ]; then
print_red “No files matching ‘*-updateinfo.xml.gz’ found in $cache_directory.”
continue
fi

echo “”
# List files and prompt to proceed
print_green “The following files were found in $cache_directory:”
ls “$cache_directory”*-updateinfo.xml.gz

prompt_continue

# Use a loop to copy files one by one
for file in “${updateinfo_files[@]}”; do
echo “Copying file: $file”
if cp “$file” “$appstream_directory”; then
echo “Copy successful.”
else
echo “Failed to copy file. Please check permissions or try again.”
prompt_continue
fi
done
done

echo “$PWD”

# Decompress and modify repository metadata
echo “Decompressing files with ‘-updateinfo.xml.gz’ in the name in $appstream_directory”

# Use gzip to decompress files
if gzip -d “$appstream_directory”*-updateinfo.xml.gz; then
echo “Decompression successful.”
else
echo “Failed to decompress files. Please check permissions or try again.”
prompt_continue
fi

echo “Renaming decompressed files to ‘updateinfo.xml'”

# Use mv to rename files
if mv “$appstream_directory”*-updateinfo.xml “$appstream_directory”updateinfo.xml; then
echo “Rename successful.”
else
echo “Failed to rename files. Please check permissions or try again.”
prompt_continue
fi

echo “Modifying repository metadata”

# Use modifyrepo to modify repository metadata
if modifyrepo “$appstream_directory”updateinfo.xml “$appstream_directory”; then
echo “Modification successful.”
else
echo “Failed to modify repository metadata. Please check permissions or try again.”
prompt_continue
fi

echo -e “\e[32mAll steps for AppStream Repo completed successfully. \e[0m”

echo “”

# For BaseOS Repo:

# Directory containing the gzipped files
baseos_directory=”$baseOS_dir/repodata/”
cache_directory_pattern=”/var/cache/dnf/rhel-9-for-x86_64-baseos-rpms-*/repodata/”

echo “Deleting files with ‘-updateinfo’ in the name in $baseos_directory”

# Use rm to delete files
if rm -f “$baseos_directory”*updateinfo*; then
echo “”
echo “Deletion successful.”
else
echo “Failed to delete files. Please check permissions or try again.”
exit 1
fi

# Find directories matching the pattern and iterate through them
for cache_directory in $cache_directory_pattern; do
# Check if files exist before proceeding
updateinfo_files=(“$cache_directory”*-updateinfo.xml.gz)
if [ ${#updateinfo_files[@]} -eq 0 ]; then
print_red “No files matching ‘*-updateinfo.xml.gz’ found in $cache_directory.”
continue
fi
echo “”
# List files and prompt to proceed
print_green “The following files were found in $cache_directory:”
ls “$cache_directory”*-updateinfo.xml.gz

prompt_continue

# Use a loop to copy files one by one
for file in “${updateinfo_files[@]}”; do
echo “Copying file: $file”
if cp “$file” “$baseos_directory”; then
echo “Copy successful.”
else
echo “Failed to copy files. Please check permissions or try again.”
exit 1
fi
done
done

echo “$PWD”

# Decompress and modify repository metadata
echo “Decompressing files with ‘-updateinfo.xml.gz’ in the name in $baseos_directory”

# Use gzip to decompress files
if gzip -d “$baseos_directory”*-updateinfo.xml.gz; then
echo “Decompression successful.”
else
echo “Failed to decompress files. Please check permissions or try again.”
exit 1
fi

echo “Renaming decompressed files to ‘updateinfo.xml'”

# Use mv to rename files
if mv “$baseos_directory”*-updateinfo.xml “$baseos_directory”updateinfo.xml; then
echo “Rename successful.”
else
echo “Failed to rename files. Please check permissions or try again.”
exit 1
fi

echo “Modifying repository metadata”

# Use modifyrepo to modify repository metadata
if modifyrepo “$baseos_directory”updateinfo.xml “$baseos_directory”; then
echo “Modification successful.”
else
echo “Failed to modify repository metadata. Please check permissions or try again.”
exit 1
fi

echo -e “\e[32mAll steps for BaseOS Repo completed successfully. \e[0m”

echo “”

#############################################################################
#mv /etc/nginx/nginx.conf /etc/nginx/nginx.conf.bak2023
#echo -e “\033[1;31m################################ Creating Certificates Folder /etc/nginx/ssl #############################################\033[0m\n”

echo -e “\e[32m################################ Creating Certificates Folder /etc/nginx/ssl ############################################# \e[0m”

################################ Creating Certificates Folder /etc/nginx/ssl #############################################
echo “”
echo -e “\x1b[30;44mCreating directories /etc/nginx/ssl \x1b[m”
ssl_dir=”/etc/nginx/ssl”

if mkdir -p “$ssl_dir”; then
echo “$ssl_dir”
echo -e “\e[32mDirectory created successfully \e[0m”

else
echo “Failed to create the directory. Do you want to proceed to the next step? (y/n)”
read choice
if [ “$choice” != “y” ]; then
exit 1
fi
fi

echo “”
#echo -e “\033[1;31m################################ Creating SSL Certificates using openssl #############################################\033[0m\n”
echo -e “\e[32m################################ Creating SSL Certificates using openssl ############################################# \e[0m”
################################ Creating SSL Certificates using openssl #############################################

# Function to extract the primary IPv4 address
get_primary_ipv4() {
ip route | awk ‘/default/ { print $5 }’ | xargs -I {} ip addr show {} | awk ‘/inet/ {print $2}’ | cut -d’/’ -f1 | head -n 1
}

# Function to check if the input is a valid IPv4 address
is_valid_ipv4() {
local ip=”$1″
if [[ $ip =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
echo “true”
else
echo “false”
fi
}

# Main script
ip_address=$(get_primary_ipv4)

# Check if the input is a valid IPv4 address
if [[ $(is_valid_ipv4 “$ip_address”) == “true” ]]; then
# If valid, append http:// and print the result
http_ip=”$ip_address”
echo “Using IP address: $http_ip”

# Set default values for certificate information
country=”IN”
state=”State”
locality=”City”
organization=”Organization”
organizational_unit=”Organization”
common_name=”$http_ip”
email=”Organization”

# Generate a self-signed certificate using OpenSSL with default values
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
-keyout /etc/nginx/ssl/repo.key -out /etc/nginx/ssl/repo.crt \
-subj “/C=$country/ST=$state/L=$locality/O=$organization/OU=$organizational_unit/CN=$common_name/emailAddress=$email”

echo “SSL certificate generated successfully.”
else
echo “Error: Invalid IPv4 address.”
fi

######################################################################

 

echo -e “\e[32mConfiguration done successfully \e[0m”

echo “”

echo -e “\e[32m################################ Handling the WebServer Configuration and the Defualt WebServer path ############################################ \e[0m”

echo “”
# Default web server path
default_web_server_path=”/var/www/html/rhel9″

# Prompt the user to choose between default and custom paths
read -e -p “Choose an option:
1. Use the default web server path ($default_web_server_path)
2. Specify a custom path for package downloads
Enter ‘1’ to use the default path or ‘2’ to specify a custom path: ” user_choice

echo “”
# Set the root path based on the user’s choice
root_path=””
if [ “$user_choice” == “2” ]; then
read -e -p “Enter the custom root path: ” custom_root_path
root_path=${custom_root_path:-$default_web_server_path}
else
root_path=$default_web_server_path
fi

# Get the IP address
ip_address=$(ip addr show $(ip route | awk ‘/default/ { print $5 }’) | grep “inet” | head -n 1 | awk ‘/inet/ {print $2}’ | cut -d’/’ -f1)

# Check if the input is a valid IPv4 address
if [[ $ip_address =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
# If valid, append http:// and print the result
http_ip=”$ip_address”

nginx_config=”server {
listen 80;
server_name $http_ip;
root $root_path;

location / {
index index.php index.html index.htm;
autoindex on; #enable listing of directory index

return 301 https://\$server_name\$request_uri;
}
}

server {
listen 443 ssl;
server_name $http_ip; #change test.lab to your real domain or IP address
root $root_path;
ssl_certificate /etc/nginx/ssl/repo.crt;
ssl_certificate_key /etc/nginx/ssl/repo.key;
location / {
index index.php index.html index.htm;
autoindex on; #enable listing of directory index
}
}”

# Write the configuration to the file
echo “$nginx_config” | sudo tee -a /etc/nginx/conf.d/repos.conf > /dev/null

# Check if the file was successfully written
if [[ -s “/etc/nginx/conf.d/repos.conf” ]]; then
echo -e “Configuration written successfully. Configuration file: /etc/nginx/conf.d/repos.conf ”
else
echo -e “\e[31mError: Failed to write the configuration. \e[0m”
fi
else
echo “Invalid IP address format!”
fi

echo “”

echo “”

echo -e “\e[32m################################ Checking the Nginx Conf Settings ############################################# \e[0m”

echo “”
# Continue validation until nginx -t is successful
while true; do
if nginx -t; then
echo “”
echo -e “\e[32mNginx configuration test successful. \e[0m”
break
else
echo -e “\e[31mError: Nginx configuration test failed. \e[0m”
echo “Verify the configuration located at /etc/nginx/conf.d/repos.conf.”
read -p “If you corrected the script, press Enter to recheck. Otherwise, press Ctrl+C to exit.”
fi
done

echo “”

read -p “Press Enter to continue…”

read -p “Press Enter to continue…”

echo “”

#echo -e “\e[32m##################### Since we are using the default file-system location for web content, we are restoring the default SELinux security contexts with restorecon ####################### \e[0m”

 

echo -e “\e[32m##################### Restoring the default SELinux security contexts with restorecon ####################### \e[0m”

echo “”
# Default web server path
default_web_server_path=”/var/www/html/”

# Prompt the user to choose between default and custom paths
read -e -p “Choose an option:

1. Use the default path ($default_web_server_path)
2. Specify a custom path for SELinux security contexts restoration

Enter ‘1’ to use the default path or ‘2’ to specify a custom path: ” user_choice

echo “”
# Set the path based on the user’s choice
path_for_restorecon=””
if [ “$user_choice” == “2” ]; then
read -e -p “Enter the custom path for restorecon (hit Enter for default $default_web_server_path): ” custom_restorecon_path
path_for_restorecon=${custom_restorecon_path:-$default_web_server_path}
else
path_for_restorecon=$default_web_server_path
fi

# Attempt to restore SELinux security contexts
sudo restorecon -R “$path_for_restorecon”

# Check the exit status of the restorecon command
if [ $? -eq 0 ]; then
echo “”
echo -e “SELinux security contexts restored successfully.”

# Add the chcon command here
echo -e “\n\e[32m##################### Setting additional SELinux security contexts with chcon ####################### \e[0m”
chcon -Rt httpd_sys_content_t “$path_for_restorecon”
echo -e “Additional SELinux security contexts set successfully.”

else
echo -e “\e[31mError: Failed to restore SELinux security contexts. \e[0m”
fi

 

echo “”

echo -e “\e[32m############################################################################################################### \e[0m”

read -p “Press Enter to continue…”
echo -e “\e[32m############################################################################################################### \e[0m”

echo “”
echo -e “\x1b[30;44mRestarting the Nginx\x1b[m”
echo “”
systemctl restart nginx
STATUS=”$(systemctl is-active nginx)”
if [ “${STATUS}” = “active” ]; then
echo -e “\e[32mNginx service is running…… \e[0m”
else
echo ” Nginx service is not running…. so exiting ”
exit 1
fi
echo “”
echo -e “\e[32m############################################################################################################### \e[0m”

ip_address=$(ip addr show $(ip route | awk ‘/default/ { print $5 }’) | grep “inet” | head -n 1 | awk ‘/inet/ {print $2}’ | cut -d’/’ -f1)
# Check if the input is a valid IPv4 address
if [[ $ip_address =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
# If valid, append http:// and print the result
http_ip=”http://$ip_address/&#8221;
echo “”
echo -e “\033[1;33mPlease access the URL to check if the Nginx is set up fine and files are visible: $http_ip/baseOS\033[0m\n”

else
echo “Invalid IP address format!”
fi

echo “”

 

echo -e “\033[32m################################ Creating the Daily Sync Cron Job ############################################# \033[0m”

echo “”

log_file=”/var/log/update-repository.log”

echo “echo Update script started at \$(date) >> /var/log/update-repository.log
reposync -p $baseOS_dir –download-metadata –repo=rhel-9-for-x86_64-baseos-rpms
createrepo -v $baseOS_dir
reposync -p $AppStream_dir –download-metadata –repo=rhel-9-for-x86_64-appstream-rpms
createrepo -v $AppStream_dir

rm -rf $AppStream_dir/repodata/*updateinfo* >> /var/log/update-repository.log 2>&1
cp /var/cache/dnf/rhel-9-for-x86_64-appstream-rpms-*/repodata/*-updateinfo.xml.gz $AppStream_dir/repodata/ >> /var/log/update-repository.log 2>&1
gzip -d $AppStream_dir/repodata/*-updateinfo.xml.gz >> /var/log/update-repository.log 2>&1
mv $AppStream_dir/repodata/*-updateinfo.xml $AppStream_dir/repodata/updateinfo.xml >> /var/log/update-repository.log 2>&1
modifyrepo $AppStream_dir/repodata/updateinfo.xml $AppStream_dir/repodata/ >> /var/log/update-repository.log 2>&1

rm -rf $baseOS_dir/repodata/*updateinfo* >> /var/log/update-repository.log 2>&1
cp /var/cache/dnf/rhel-9-for-x86_64-baseos-rpms-*/repodata/*-updateinfo.xml.gz $baseOS_dir/repodata/ >> /var/log/update-repository.log 2>&1
gzip -d $baseOS_dir/repodata/*-updateinfo.xml.gz >> /var/log/update-repository.log 2>&1
mv $baseOS_dir/repodata/*-updateinfo.xml $baseOS_dir/repodata/updateinfo.xml >> /var/log/update-repository.log 2>&1
modifyrepo $baseOS_dir/repodata/updateinfo.xml $baseOS_dir/repodata/ >> /var/log/update-repository.log 2>&1
echo Update script ended at \$(date) >> /var/log/update-repository.log 2>&1” >> “/usr/local/bin/rhel9_updaterepository.sh”

if [ -e “/usr/local/bin/rhel9_updaterepository.sh” ]; then
echo -e “\033[32mScript successfully created. Listing contents:\033[0m”
echo “”
ls -ltra “/usr/local/bin/rhel9_updaterepository.sh”

echo “”
cat “/usr/local/bin/rhel9_updaterepository.sh”
chmod +x “/usr/local/bin/rhel9_updaterepository.sh”
echo “”
echo -e “\033[32mExecution permission set.\033[0m”

echo “”
read -p “Press Enter if you find the script is updated correctly…”
read -p “Press Enter to continue…”
# Create cron job to run at night (replace “0 0” with your desired time)
echo “0 23 * * * /usr/local/bin/rhel9_updaterepository.sh >> /var/log/update-repository.log” | crontab –

echo -e “\033[32mCron jobs created successfully.\033[0m”
else
echo -e “\033[31mError: Script creation failed.\033[0m”
fi

echo “”
echo -e “\e[32m############################################################################################################### \e[0m”
echo “”
echo -e “\e[1;32m +-+-+-+-+ +-+ +-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+
|R|H|E|L| |9| |R|e|p|o| |S|u|c|c|e|s|s|f|u|l|l|y| |C|r|e|a|t|e|d|
+-+-+-+-+ +-+ +-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+ 😊\e[0m”

echo “”
echo -e “\e[32m############################################################################################################### \e[0m”
echo “”

[Community Manager]

RHEL_8 Manual

echo “#################################################################################################################”
echo -e “\033[1;31mChecking the reachability of primary URLs… Please be patient\033[0m”
echo “#################################################################################################################”

echo “Checking if RHEL is registered…”

redhat_release=”/etc/redhat-release”

if [ -e “$redhat_release” ] && grep -qi “Red Hat Enterprise Linux” “$redhat_release”; then
echo “RHEL is registered.”
else
echo “RHEL is not registered. Please register your system before proceeding.”
exit 1
fi

echo “”

echo “Checking the status of subscription-manager repositories…”

# Run subscription-manager repos –list and store the output in a variable
repo_list_output=$(sudo subscription-manager repos –list)

# Function to check if a repository is listed and print its status
check_repo() {
repo_name=$1
if [[ $repo_list_output =~ “$repo_name” ]]; then
echo “Repository $repo_name is listed.”
else
echo “Repository $repo_name is not listed.”
read -p “Do you want to continue? (y/n): ” choice
if [ “$choice” != “y” ]; then
echo “Exiting…”
exit 1
else
echo “Continuing without $repo_name…”
fi
fi
}

# Check repositories and print their status
check_repo “rhel-8-for-x86_64-baseos-rpms”
check_repo “rhel-8-for-x86_64-appstream-rpms”
echo “”
echo “”

echo “Checking reachability of primary URLs…”

URLS=(
“https://access.redhat.com&#8221;
“https://cdn.datatables.net&#8221;
“https://sso.redhat.com&#8221;
“https://access.cdn.redhat.com&#8221;
“https://static.redhat.com&#8221;
“https://www.redhat.com&#8221;
“https://cdn.jsdelivr.net&#8221;
“https://code.jquery.com/&#8221;
“https://dl.fedoraproject.org&#8221;
)

reachable_count=0
attempted_count=${#URLS[@]}
reachable=true

for url in “${URLS[@]}”; do
echo “Checking $url…”

# Check port 80 (HTTP)
curl -sI “$url” > /dev/null
http_status=$?

# Check port 443 (HTTPS)
curl -sI “$url” –insecure > /dev/null
https_status=$?

if [ $http_status -eq 0 ] || [ $https_status -eq 0 ]; then
echo “Reachable: $url”
((reachable_count++))
else
echo “Not Reachable: $url”
reachable=false
fi

echo “”
done

echo “Attempted: $attempted_count”
echo “Reachable: $reachable_count”

if [ “$reachable” = true ]; then

echo “”
echo -e “\033[1;32mPre-requisite Check Completed successfully. Script Execution will continue \033[0m”
echo “”
else
echo -e “\033[1;31mPre-requisite failure: do you still want to Proceed. Press Enter to proceed.\033[0m”
echo “”
read -r
fi

echo “#################################################################################################################”
echo -e “\033[1;31mStarted the RHEL 8 Repo Creation… Please be Patient\033[0m”
echo “#################################################################################################################”

echo “”
echo -e “\x1b[30;44m Downloading the Pre-Requistite tools and Applications \x1b[m”
echo “”
sudo yum check-update
sudo yum install -y wget
sudo yum install -y curl
sudo yum install -y openssh-server
sudo yum install -y net-tools
sudo yum install -y vim
sudo yum install -y cronie
sudo yum install -y tree

# Get OS version
os_version=$(cat /etc/redhat-release | cut -d’.’ -f1 | awk ‘{print $NF}’)

echo “”
# Print OS version with a full green line
echo -e “\e[32mThe OS version running on the device is: $os_version\e[0m”

# Additional logic for RHEL 8
if [ “$os_version” = “8” ]; then
echo -e “\e[32m”
echo “#############################################################################################”
echo ” RED_HAT 8 REPO Creation”
echo “#############################################################################################”
echo -e “\e[0m”
fi

################################################# NGINX ######################################################################################

echo -e “\x1b[30;44m Installing Nginx HTTP server\x1b[m”

echo “”
echo -e “Do you want to have the EPEL (Extra Packages for Enterprise Linux)? Below are the advantages and disadvantages of having it:”
echo “”
echo -e “\e[32mAdvantages:\e[0m”
echo “- Provides additional community-supported packages not included in the default RHEL repositories.”
echo “- Expands software options for users.”

echo “”
echo -e “\e[31mDisadvantages:\e[0m”
echo “- Community-supported packages may not have the same level of testing and support as official RHEL packages.”
echo “- Security and stability depend on the community’s maintenance and updates.”
echo “”
echo “”
read -p “Do you want to download and install the EPEL_release package? (y/n): ” proceed_epel
if [ “$proceed_epel” == “y” ]; then
echo -e “\e[32mDownloading and installing the EPEL_release package…\e[0m\n”
sudo yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
sudo yum install -y epel-release
echo -e “\e[32mEPEL (Extra Packages for Enterprise Linux) in RHEL (Red Hat Enterprise Linux) provides additional community-supported packages not included in the default RHEL repositories, expanding software options for users.\e[0m\n”
fi

echo “”
echo -e “\e[32mInstalling Nginx WebServer\e[0m”
echo “”
# Proceo d with Nginx installation regardless of the EPEL installation status
sudo yum install -y nginx
if [ $? -ne 0 ]; then
echo -e “\033[1;31mInstallation Failed\033[0m\n”
read -p “Do you want to proceed with the installation of Nginx? (y/n): ” proceed_nginx
if [ “$proceed_nginx” != “y” ]; then
echo “Exiting…”
exit 1
fi
fi

echo -e “\e[32mInstallation Completed\e[0m”

####################################################################################################################################

echo “”

echo -e “\x1b[30;44m Starting the Nginx and Enabling the Application \x1b[m”
sudo systemctl start nginx
sudo systemctl enable nginx

if [ $? -ne 0 ]; then
echo -e “\033[1;31mFailed to start Nginx or enable the service\033[0m\n”
read -p “Do you want to proceed? (y/n): ” proceed
if [ “$proceed” != “y” ]; then
echo “Exiting…”
exit 1
fi
fi

echo “”
echo -e “\e[32mEnabling the Nginx Completed\e[0m”
echo “”

echo -e “\x1b[30;44m Checking the Nginx service status \x1b[m”
STATUS=”$(systemctl is-active nginx)”

if [ “${STATUS}” != “active” ]; then
echo “Nginx service is not running.”
read -p “Do you want to proceed? (y/n): ” PROCEED

if [ “${PROCEED}” != “y” ]; then
echo “Exiting…”
exit 1
fi
else

echo -e “\e[32mNginx service is running……..\e[0m”
fi

echo “”

echo -e “\x1b[30;44m Handling the Firewall rules to permit inbound packets on HTTP and HTTPS \x1b[m”

echo “”

echo “Handling the Firewall Settings and performing actions on unmask,starting and enable firewalld”

 

# Function to check if a command was successful
check_command_status() {
if [ $? -eq 0 ]; then
echo “Command successful.”
else
echo “Command failed.”
read -p “Do you want to continue? (y/n): ” choice
if [ “$choice” != “y” ]; then
echo “Exiting.”
exit 1
fi
fi
}

# Unmask firewalld
sudo systemctl unmask firewalld
check_command_status

# Start firewalld
sudo systemctl start firewalld
check_command_status

# Enable firewalld
sudo systemctl enable firewalld
check_command_status

echo “”

echo “All commands executed successfully.”

echo “”

echo “Allow web traffic over HTTP in Firewall”
sudo firewall-cmd –zone=public –permanent –add-service=http
echo “Allow web traffic over HTTPS in Firewall”
sudo firewall-cmd –zone=public –permanent –add-service=https
sudo firewall-cmd –permanent –add-port={80/tcp,443/tcp}
echo “Reloading Firewall Configuration”
sudo firewall-cmd –reload
if [ $? -ne 0 ]; then
echo -e “\033[1;31mFailed to configure the firewall\033[0m\n”
read -p “Do you want to proceed? (y/n): ” proceed
if [ “$proceed” != “y” ]; then
echo “Exiting…”
exit 1
fi
fi
echo “”

echo -e “\e[32mFirewall Configuration done\e[0m”

echo “”

#######################################################################################################################################

#To check if the Nginx is setup fine

ip_address=$(ip addr show $(ip route | awk ‘/default/ { print $5 }’) | grep “inet” | head -n 1 | awk ‘/inet/ {print $2}’ | cut -d’/’ -f1)
# Check if the input is a valid IPv4 address
if [[ $ip_address =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
# If valid, append http:// and print the result
http_ip=”http://$ip_address/&#8221;
echo -e “\033[1;32mPlease access the URL to check if the Nginx is setup fine: $http_ip\033[0m\n”
else
echo “Invalid IP address format!”
fi

echo “Pausing the script until you check the Nginx is up and running.”
# Pause until the user presses Enter
read -p “Press Enter to continue…”
read -p “Press Enter to continue…”

echo “”
echo “”

echo “Checking if there are any outdated folder in the /var/cache/dnf/rhel-8-for-x86_64- folders.”

## Deleting Folder /var/cache/dnf/rhel-8-for-x86_64-appstream-rpms-*

# Specify the directory
directory=”/var/cache/dnf/”
# Get today’s date in the format YYYY-MM-DD
today=$(date “+%Y-%m-%d”)

# Print the current directory structure in green
echo -e “\e[32mCurrent Directory Structure:\e[0m”
tree “$directory”

echo “Renaming folders named ‘rhel-8-for-x86_64’ to ‘Backup_duplicate_rhel-8’ created before $today in $directory”
# Use find to locate and rename folders
found_folders=$(find “$directory” -type d -name “rhel-8-for-x86_64” ! -newermt “$today”)

if [ -n “$found_folders” ]; then
echo -e “\e[32mFound matching folders:\e[0m”
echo “$found_folders”

# Rename the folders
echo “$found_folders” | xargs -I {} mv {} {}/Backup_duplicate_rhel-8

echo -e “\e[32mRenaming complete.\e[0m”
else
echo “No duplicate copies found.”
fi

########################################################### Yum Utils #################################################################################
echo “”

echo -e “\x1b[30;44mInstalling the required packages for creating repo \x1b[m”
echo “”
if sudo yum install -y yum-utils createrepo httpd; then
echo -e “\e[32mUpdates done \e[0m”
else
echo “Failed to install required packages. Do you want to proceed to the next step? (y/n)”
read choice
if [ “$choice” != “y” ]; then
exit 1
fi
fi

echo “”

echo -e “\x1b[30;44mCreating directories /var/www/html/rhel8/baseOS and /var/www/html/rhel8/AppStream \x1b[m”
echo “”

# Default directory paths
baseOS_dir=”/var/www/html/rhel8/baseOS”
AppStream_dir=”/var/www/html/rhel8/AppStream”

read -e -p “1. Do you wish to go with the default folder creation under $baseOS_dir and $AppStream_dir? (y/n): ” use_default
echo “”
if [ “$use_default” == “n” ]; then
read -e -p “2. Please enter the directory path for baseOS (hit Enter for default $baseOS_dir): ” custom_baseOS_dir
echo “”
read -e -p ” Please enter the directory path for AppStream (hit Enter for default $AppStream_dir): ” custom_AppStream_dir

echo “”
# Set directory paths based on user input or use defaults
baseOS_dir=${custom_baseOS_dir:-$baseOS_dir}
AppStream_dir=${custom_AppStream_dir:-$AppStream_dir}
fi

echo “”
# Create directories
if mkdir -p “$baseOS_dir” && \
mkdir -p “$AppStream_dir”; then
echo “$baseOS_dir”
echo “$AppStream_dir”
echo -e “\e[32mDirectories created successfully \e[0m”
else
echo “Failed to create directories. Do you want to proceed to the next step? (y/n)”
read choice
if [ “$choice” != “y” ]; then
exit 1
fi
fi

echo “”

echo -e “\x1b[30;44mEnabling the required Repos \x1b[m”
echo “”

# Enable repositories
sudo subscription-manager repos –enable=rhel-8-for-x86_64-baseos-rpms
sudo subscription-manager repos –enable=rhel-8-for-x86_64-appstream-rpms

echo “”

read -p “If the Repos are Enabled. Press Enter to continue… if not Ctrl + c to exit ”
echo “”
echo -e “\e[32mEnabled the Repos successfully \e[0m”
read -p “Press Enter to continue…”

echo “”

echo -e “\x1b[30;44mConfiguring the reposync to synchronize RHEL8\x1b[m”
echo “”
if reposync -p “$baseOS_dir” –download-metadata –repo=rhel-8-for-x86_64-baseos-rpms && \
reposync -p “$AppStream_dir” –download-metadata –repo=rhel-8-for-x86_64-appstream-rpms; then
echo -e “\033[1;31mSynchronization done \033[0m\n”
else
echo “Failed to synchronize repositories. Do you want to proceed to the next step? (y/n)”
read choice
if [ “$choice” != “y” ]; then
exit 1
fi
fi
echo -e “\e[32mReposync completed successfully \e[0m”

echo “”

echo -e “\x1b[30;44mCreate Repodata for each repo\x1b[m”
if createrepo -v “$baseOS_dir” && \
createrepo -v “$AppStream_dir”; then
echo -e “\e[32mCreated Repodata successfully \e[0m”
else
echo “Failed to create Repodata. Do you want to proceed to the next step? (y/n)”
read choice
if [ “$choice” != “y” ]; then
exit 1
fi
fi

########################################################### Yum Utils #################################################################################
read -p “Press Enter to continue…”
read -p “Press Enter to continue…”

 

echo “”
echo -e “\x1b[30;44mConfiguring the updateinfo.xml file for RHEL repo\x1b[m”
# Add your commands for configuring updateinfo.xml here
#FOR AppStream Repo:

 

# Function to prompt for continuation
prompt_continue() {
read -p “Do you want to continue to the next step? (y/n): ” choice
if [ “$choice” != “y” ]; then
exit 1
fi
}

# Function to print in green color
print_green() {
echo -e “\e[32m$1\e[0m”
}

# Function to print in red color
print_red() {
echo -e “\e[31m$1\e[0m”
}

# For AppStream Repo:

# Directory containing the gzipped files
appstream_directory=”$AppStream_dir/repodata/”
cache_directory_pattern=”/var/cache/dnf/rhel-8-for-x86_64-appstream-rpms-*/repodata/”

echo “”
echo “Deleting files with ‘updateinfo’ in the name in $appstream_directory”

# Use rm to delete files
if rm -f “$appstream_directory”*updateinfo*; then
echo “Deletion complete.”
echo “”
else
echo “Failed to delete files. Please check permissions or try again.”
prompt_continue
fi

# Find directories matching the pattern and iterate through them
for cache_directory in $cache_directory_pattern; do
# Check if files exist before proceeding
updateinfo_files=(“$cache_directory”*-updateinfo.xml.gz)
if [ ${#updateinfo_files[@]} -eq 0 ]; then
print_red “No files matching ‘*-updateinfo.xml.gz’ found in $cache_directory.”
continue
fi

echo “”
# List files and prompt to proceed
print_green “The following files were found in $cache_directory:”
ls “$cache_directory”*-updateinfo.xml.gz

prompt_continue

# Use a loop to copy files one by one
for file in “${updateinfo_files[@]}”; do
echo “Copying file: $file”
if cp “$file” “$appstream_directory”; then
echo “Copy successful.”
else
echo “Failed to copy file. Please check permissions or try again.”
prompt_continue
fi
done
done

echo “$PWD”

# Decompress and modify repository metadata
echo “Decompressing files with ‘-updateinfo.xml.gz’ in the name in $appstream_directory”

# Use gzip to decompress files
if gzip -d “$appstream_directory”*-updateinfo.xml.gz; then
echo “Decompression successful.”
else
echo “Failed to decompress files. Please check permissions or try again.”
prompt_continue
fi

echo “Renaming decompressed files to ‘updateinfo.xml'”

# Use mv to rename files
if mv “$appstream_directory”*-updateinfo.xml “$appstream_directory”updateinfo.xml; then
echo “Rename successful.”
else
echo “Failed to rename files. Please check permissions or try again.”
prompt_continue
fi

echo “Modifying repository metadata”

# Use modifyrepo to modify repository metadata
if modifyrepo “$appstream_directory”updateinfo.xml “$appstream_directory”; then
echo “Modification successful.”
else
echo “Failed to modify repository metadata. Please check permissions or try again.”
prompt_continue
fi

echo -e “\e[32mAll steps for AppStream Repo completed successfully. \e[0m”

echo “”

# For BaseOS Repo:

# Directory containing the gzipped files
baseos_directory=”$baseOS_dir/repodata/”
cache_directory_pattern=”/var/cache/dnf/rhel-8-for-x86_64-baseos-rpms-*/repodata/”

echo “Deleting files with ‘-updateinfo’ in the name in $baseos_directory”

# Use rm to delete files
if rm -f “$baseos_directory”*updateinfo*; then
echo “”
echo “Deletion successful.”
else
echo “Failed to delete files. Please check permissions or try again.”
exit 1
fi

# Find directories matching the pattern and iterate through them
for cache_directory in $cache_directory_pattern; do
# Check if files exist before proceeding
updateinfo_files=(“$cache_directory”*-updateinfo.xml.gz)
if [ ${#updateinfo_files[@]} -eq 0 ]; then
print_red “No files matching ‘*-updateinfo.xml.gz’ found in $cache_directory.”
continue
fi
echo “”
# List files and prompt to proceed
print_green “The following files were found in $cache_directory:”
ls “$cache_directory”*-updateinfo.xml.gz

prompt_continue

# Use a loop to copy files one by one
for file in “${updateinfo_files[@]}”; do
echo “Copying file: $file”
if cp “$file” “$baseos_directory”; then
echo “Copy successful.”
else
echo “Failed to copy files. Please check permissions or try again.”
exit 1
fi
done
done

echo “$PWD”

# Decompress and modify repository metadata
echo “Decompressing files with ‘-updateinfo.xml.gz’ in the name in $baseos_directory”

# Use gzip to decompress files
if gzip -d “$baseos_directory”*-updateinfo.xml.gz; then
echo “Decompression successful.”
else
echo “Failed to decompress files. Please check permissions or try again.”
exit 1
fi

echo “Renaming decompressed files to ‘updateinfo.xml'”

# Use mv to rename files
if mv “$baseos_directory”*-updateinfo.xml “$baseos_directory”updateinfo.xml; then
echo “Rename successful.”
else
echo “Failed to rename files. Please check permissions or try again.”
exit 1
fi

echo “Modifying repository metadata”

# Use modifyrepo to modify repository metadata
if modifyrepo “$baseos_directory”updateinfo.xml “$baseos_directory”; then
echo “Modification successful.”
else
echo “Failed to modify repository metadata. Please check permissions or try again.”
exit 1
fi

echo -e “\e[32mAll steps for BaseOS Repo completed successfully. \e[0m”

echo “”

#############################################################################
#mv /etc/nginx/nginx.conf /etc/nginx/nginx.conf.bak2023
#echo -e “\033[1;31m################################ Creating Certificates Folder /etc/nginx/ssl #############################################\033[0m\n”

echo -e “\e[32m################################ Creating Certificates Folder /etc/nginx/ssl ############################################# \e[0m”

################################ Creating Certificates Folder /etc/nginx/ssl #############################################
echo “”
echo -e “\x1b[30;44mCreating directories /etc/nginx/ssl \x1b[m”
ssl_dir=”/etc/nginx/ssl”

if mkdir -p “$ssl_dir”; then
echo “$ssl_dir”
echo -e “\e[32mDirectory created successfully \e[0m”

else
echo “Failed to create the directory. Do you want to proceed to the next step? (y/n)”
read choice
if [ “$choice” != “y” ]; then
exit 1
fi
fi

echo “”
#echo -e “\033[1;31m################################ Creating SSL Certificates using openssl #############################################\033[0m\n”
echo -e “\e[32m################################ Creating SSL Certificates using openssl ############################################# \e[0m”
################################ Creating SSL Certificates using openssl #############################################

# Function to extract the primary IPv4 address
get_primary_ipv4() {
ip route | awk ‘/default/ { print $5 }’ | xargs -I {} ip addr show {} | awk ‘/inet/ {print $2}’ | cut -d’/’ -f1 | head -n 1
}

# Function to check if the input is a valid IPv4 address
is_valid_ipv4() {
local ip=”$1″
if [[ $ip =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
echo “true”
else
echo “false”
fi
}

# Main script
ip_address=$(get_primary_ipv4)

# Check if the input is a valid IPv4 address
if [[ $(is_valid_ipv4 “$ip_address”) == “true” ]]; then
# If valid, append http:// and print the result
http_ip=”$ip_address”
echo “Using IP address: $http_ip”

# Set default values for certificate information
country=”IN”
state=”State”
locality=”City”
organization=”Organization”
organizational_unit=”Organization”
common_name=”$http_ip”
email=”Organization”

# Generate a self-signed certificate using OpenSSL with default values
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
-keyout /etc/nginx/ssl/repo.key -out /etc/nginx/ssl/repo.crt \
-subj “/C=$country/ST=$state/L=$locality/O=$organization/OU=$organizational_unit/CN=$common_name/emailAddress=$email”

echo “SSL certificate generated successfully.”
else
echo “Error: Invalid IPv4 address.”
fi

######################################################################

 

echo -e “\e[32mConfiguration done successfully \e[0m”

echo “”

echo -e “\e[32m################################ Handling the WebServer Configuration and the Defualt WebServer path ############################################ \e[0m”

echo “”
# Default web server path
default_web_server_path=”/var/www/html/rhel8″

# Prompt the user to choose between default and custom paths
read -e -p “Choose an option:

1. Use the default web server path ($default_web_server_path)
2. Specify a custom path for package downloads

Enter ‘1’ to use the default path or ‘2’ to specify a custom path: ” user_choice

echo “”
# Set the root path based on the user’s choice
root_path=””
if [ “$user_choice” == “2” ]; then
read -e -p “Enter the custom root path: ” custom_root_path
root_path=${custom_root_path:-$default_web_server_path}
else
root_path=$default_web_server_path
fi

# Get the IP address
ip_address=$(ip addr show $(ip route | awk ‘/default/ { print $5 }’) | grep “inet” | head -n 1 | awk ‘/inet/ {print $2}’ | cut -d’/’ -f1)

# Check if the input is a valid IPv4 address
if [[ $ip_address =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
# If valid, append http:// and print the result
http_ip=”$ip_address”

nginx_config=”server {
listen 80;
server_name $http_ip;
root $root_path;

location / {
index index.php index.html index.htm;
autoindex on; #enable listing of directory index

return 301 https://\$server_name\$request_uri;
}
}

server {
listen 443 ssl;
server_name $http_ip; #change test.lab to your real domain or IP address
root $root_path;
ssl_certificate /etc/nginx/ssl/repo.crt;
ssl_certificate_key /etc/nginx/ssl/repo.key;
location / {
index index.php index.html index.htm;
autoindex on; #enable listing of directory index
}
}”

# Write the configuration to the file
echo “$nginx_config” | sudo tee -a /etc/nginx/conf.d/repos.conf > /dev/null

# Check if the file was successfully written
if [[ -s “/etc/nginx/conf.d/repos.conf” ]]; then
echo -e “Configuration written successfully. Configuration file: /etc/nginx/conf.d/repos.conf ”
else
echo -e “\e[31mError: Failed to write the configuration. \e[0m”
fi
else
echo “Invalid IP address format!”
fi

echo “”

echo “”

echo -e “\e[32m################################ Checking the Nginx Conf Settings ############################################# \e[0m”

echo “”
# Continue validation until nginx -t is successful
while true; do
if nginx -t; then
echo “”
echo -e “\e[32mNginx configuration test successful. \e[0m”
break
else
echo -e “\e[31mError: Nginx configuration test failed. \e[0m”
echo “Verify the configuration located at /etc/nginx/conf.d/repos.conf.”
read -p “If you corrected the script, press Enter to recheck. Otherwise, press Ctrl+C to exit.”
fi
done

echo “”

read -p “Press Enter to continue…”

read -p “Press Enter to continue…”

echo “”

#echo -e “\e[32m##################### Since we are using the default file-system location for web content, we are restoring the default SELinux security contexts with restorecon ####################### \e[0m”

echo -e “\e[32m##################### Restoring the default SELinux security contexts with restorecon ####################### \e[0m”

echo “”
# Default web server path
default_web_server_path=”/var/www/html/”

# Prompt the user to choose between default and custom paths
read -e -p “Choose an option:

1. Use the default path ($default_web_server_path)
2. Specify a custom path for SELinux security contexts restoration

Enter ‘1’ to use the default path or ‘2’ to specify a custom path: ” user_choice

echo “”
# Set the path based on the user’s choice
path_for_restorecon=””
if [ “$user_choice” == “2” ]; then
read -e -p “Enter the custom path for restorecon (hit Enter for default $default_web_server_path): ” custom_restorecon_path
path_for_restorecon=${custom_restorecon_path:-$default_web_server_path}
else
path_for_restorecon=$default_web_server_path
fi

# Attempt to restore SELinux security contexts
sudo restorecon -R “$path_for_restorecon”

# Check the exit status of the restorecon command
if [ $? -eq 0 ]; then
echo “”
echo -e “SELinux security contexts restored successfully.”

# Add the chcon command here
echo -e “\n\e[32m##################### Setting additional SELinux security contexts with chcon ####################### \e[0m”
chcon -Rt httpd_sys_content_t “$path_for_restorecon”
echo -e “Additional SELinux security contexts set successfully.”

else
echo -e “\e[31mError: Failed to restore SELinux security contexts. \e[0m”
fi

echo “”

echo -e “\e[32m############################################################################################################### \e[0m”

read -p “Press Enter to continue…”
echo -e “\e[32m############################################################################################################### \e[0m”

echo “”
echo -e “\x1b[30;44mRestarting the Nginx\x1b[m”
echo “”
systemctl restart nginx
STATUS=”$(systemctl is-active nginx)”
if [ “${STATUS}” = “active” ]; then
echo -e “\e[32mNginx service is running…… \e[0m”
else
echo ” Nginx service is not running…. so exiting ”
exit 1
fi
echo “”
echo -e “\e[32m############################################################################################################### \e[0m”

ip_address=$(ip addr show $(ip route | awk ‘/default/ { print $5 }’) | grep “inet” | head -n 1 | awk ‘/inet/ {print $2}’ | cut -d’/’ -f1)
# Check if the input is a valid IPv4 address
if [[ $ip_address =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
# If valid, append http:// and print the result
http_ip=”http://$ip_address/&#8221;
echo “”
echo -e “\033[1;33mPlease access the URL to check if the Nginx is set up fine and files are visible: $http_ip/baseOS\033[0m\n”

else
echo “Invalid IP address format!”
fi

echo “”

echo -e “\033[32m################################ Creating the Daily Sync Cron Job ############################################# \033[0m”

echo “”

log_file=”/var/log/update-repository.log”

echo “echo Update script started at \$(date) >> /var/log/update-repository.log
reposync -p $baseOS_dir –download-metadata –repo=rhel-8-for-x86_64-baseos-rpms
createrepo -v $baseOS_dir
reposync -p $AppStream_dir –download-metadata –repo=rhel-8-for-x86_64-appstream-rpms
createrepo -v $AppStream_dir

rm -rf $AppStream_dir/repodata/*updateinfo* >> /var/log/update-repository.log 2>&1
cp /var/cache/dnf/rhel-8-for-x86_64-appstream-rpms-*/repodata/*-updateinfo.xml.gz $AppStream_dir/repodata/ >> /var/log/update-repository.log 2>&1
gzip -d $AppStream_dir/repodata/*-updateinfo.xml.gz >> /var/log/update-repository.log 2>&1
mv $AppStream_dir/repodata/*-updateinfo.xml $AppStream_dir/repodata/updateinfo.xml >> /var/log/update-repository.log 2>&1
modifyrepo $AppStream_dir/repodata/updateinfo.xml $AppStream_dir/repodata/ >> /var/log/update-repository.log 2>&1

rm -rf $baseOS_dir/repodata/*updateinfo* >> /var/log/update-repository.log 2>&1
cp /var/cache/dnf/rhel-8-for-x86_64-baseos-rpms-*/repodata/*-updateinfo.xml.gz $baseOS_dir/repodata/ >> /var/log/update-repository.log 2>&1
gzip -d $baseOS_dir/repodata/*-updateinfo.xml.gz >> /var/log/update-repository.log 2>&1
mv $baseOS_dir/repodata/*-updateinfo.xml $baseOS_dir/repodata/updateinfo.xml >> /var/log/update-repository.log 2>&1
modifyrepo $baseOS_dir/repodata/updateinfo.xml $baseOS_dir/repodata/ >> /var/log/update-repository.log 2>&1
echo Update script ended at \$(date) >> /var/log/update-repository.log 2>&1” >> “/usr/local/bin/rhel8_updaterepository.sh”

if [ -e “/usr/local/bin/rhel8_updaterepository.sh” ]; then
echo -e “\033[32mScript successfully created. Listing contents:\033[0m”
echo “”
ls -ltra “/usr/local/bin/rhel8_updaterepository.sh”

echo “”
cat “/usr/local/bin/rhel8_updaterepository.sh”
chmod +x “/usr/local/bin/rhel8_updaterepository.sh”
echo “”
echo -e “\033[32mExecution permission set.\033[0m”

echo “”
read -p “Press Enter if you find the script is updated correctly…”
read -p “Press Enter to continue…”
# Create cron job to run at night (replace “0 0” with your desired time)
echo “0 23 * * * /usr/local/bin/rhel8_updaterepository.sh >> /var/log/update-repository.log” | crontab –

echo -e “\033[32mCron jobs created successfully.\033[0m”
else
echo -e “\033[31mError: Script creation failed.\033[0m”
fi
echo “”

echo -e “\e[32m############################################################################################################### \e[0m”
echo “”
echo -e “\e[1;32m +-+-+-+-+ +-+ +-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+
|R|H|E|L| |8| |R|e|p|o| |S|u|c|c|e|s|s|f|u|l|l|y| |C|r|e|a|t|e|d|
+-+-+-+-+ +-+ +-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+ 😊\e[0m”

echo “”
echo -e “\e[32m############################################################################################################### \e[0m”
echo “”

[Community Manager]

RHEL_7 Manual

echo “#################################################################################################################”
echo -e “\033[1;31mChecking the reachability of primary URLs… Please be patient\033[0m”
echo “#################################################################################################################”

echo “Checking if RHEL is registered…”

redhat_release=”/etc/redhat-release”

if [ -e “$redhat_release” ] && grep -qi “Red Hat Enterprise Linux” “$redhat_release”; then
echo “RHEL is registered.”
else
echo “RHEL is not registered. Please register your system before proceeding.”
exit 1
fi

echo “”

echo “Checking the status of subscription-manager repositories…”

# Run subscription-manager repos –list and store the output in a variable
repo_list_output=$(sudo subscription-manager repos –list)

# Function to check if a repository is listed and print its status
check_repo() {
repo_name=$1
if [[ $repo_list_output =~ “$repo_name” ]]; then
echo “Repository $repo_name is listed.”
else
echo “Repository $repo_name is not listed.”
read -p “Do you want to continue? (y/n): ” choice
if [ “$choice” != “y” ]; then
echo “Exiting…”
exit 1
else
echo “Continuing without $repo_name…”
fi
fi
}

# Check repositories and print their status
check_repo “rhel-7-server-rpms”
check_repo “rhel-7-server-optional-rpms”
check_repo “rhel-server-rhscl-7-rpms”
echo “”
echo “”

echo “Checking reachability of primary URLs…”

URLS=(
“https://access.redhat.com&#8221;
“https://cdn.datatables.net&#8221;
“https://sso.redhat.com&#8221;
“https://access.cdn.redhat.com&#8221;
“https://static.redhat.com&#8221;
“https://www.redhat.com&#8221;
“https://cdn.jsdelivr.net&#8221;
“https://code.jquery.com/&#8221;
“https://dl.fedoraproject.org&#8221;
)

reachable_count=0
attempted_count=${#URLS[@]}
reachable=true

for url in “${URLS[@]}”; do
echo “Checking $url…”

# Check port 80 (HTTP)
curl -sI “$url” > /dev/null
http_status=$?

# Check port 443 (HTTPS)
curl -sI “$url” –insecure > /dev/null
https_status=$?

if [ $http_status -eq 0 ] || [ $https_status -eq 0 ]; then
echo “Reachable: $url”
((reachable_count++))
else
echo “Not Reachable: $url”
reachable=false
fi

echo “”
done

echo “Attempted: $attempted_count”
echo “Reachable: $reachable_count”

if [ “$reachable” = true ]; then

echo “”
echo -e “\033[1;32mPre-requisite Check Completed successfully. Script Execution will continue \033[0m”
echo “”
else
echo -e “\033[1;31mPre-requisite failure: do you still want to Proceed. Press Enter to proceed.\033[0m”
echo “”
read -r
fi

echo “#################################################################################################################”
echo -e “\033[1;31mStarted the RHEL 7 Repo Creation… Please be Patient\033[0m”
echo “#################################################################################################################”

echo “”
echo -e “\x1b[30;44m Downloading the Pre-Requistite tools and Applications \x1b[m”
echo “”
sudo yum check-update
sudo yum install -y wget
sudo yum install -y curl
sudo yum install -y openssh-server
sudo yum install -y net-tools
sudo yum install -y vim
sudo yum install -y cronie
sudo yum install -y tree
sudo yum install -y mod_ssl

# Get OS version
os_version=$(cat /etc/redhat-release | cut -d’.’ -f1 | awk ‘{print $NF}’)

echo “”
# Print OS version with a full green line
echo -e “\e[32mThe OS version running on the device is: $os_version\e[0m”

# Additional logic for RHEL 9
if [ “$os_version” = “7” ]; then
echo -e “\e[32m”
echo “#############################################################################################”
echo ” RED_HAT 7 REPO Creation”
echo “#############################################################################################”
echo -e “\e[0m”
fi

################################################# NGINX ######################################################################################

echo -e “\x1b[30;44m Installing Apache HTTP web server\x1b[m”

echo “”
echo -e “Do you want to have the EPEL (Extra Packages for Enterprise Linux)? Below are the advantages and disadvantages of having it:”
echo “”
echo -e “\e[32mAdvantages:\e[0m”
echo “- Provides additional community-supported packages not included in the default RHEL repositories.”
echo “- Expands software options for users.”

echo “”
echo -e “\e[31mDisadvantages:\e[0m”
echo “- Community-supported packages may not have the same level of testing and support as official RHEL packages.”
echo “- Security and stability depend on the community’s maintenance and updates.”
echo “”
echo “”
read -p “Do you want to download and install the EPEL_release package? (y/n): ” proceed_epel
if [ “$proceed_epel” == “y” ]; then
echo -e “\e[32mDownloading and installing the EPEL_release package…\e[0m\n”
sudo yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
sudo yum install -y epel-release
echo -e “\e[32mEPEL (Extra Packages for Enterprise Linux) in RHEL (Red Hat Enterprise Linux) provides additional community-supported packages not included in the default RHEL repositories, expanding software options for users.\e[0m\n”
fi

echo “”
echo -e “\e[32mInstalling Apache WebServer\e[0m”
echo “”
# Proceo d with Nginx installation regardless of the EPEL installation status
sudo yum install -y httpd
if [ $? -ne 0 ]; then
echo -e “\033[1;31mInstallation Failed\033[0m\n”
read -p “Do you want to proceed with the installation of Apache? (y/n): ” proceed_nginx
if [ “$proceed_nginx” != “y” ]; then
echo “Exiting…”
exit 1
fi
fi

echo -e “\e[32mInstallation Completed\e[0m”

####################################################################################################################################

echo “”

echo -e “\x1b[30;44m Starting the Apache HTTP web server and Enabling the Application \x1b[m”
echo “”
sudo systemctl start httpd
sudo systemctl enable httpd

if [ $? -ne 0 ]; then
echo -e “\033[1;31mFailed to start Apache or enable the service\033[0m\n”
read -p “Do you want to proceed? (y/n): ” proceed
if [ “$proceed” != “y” ]; then
echo “Exiting…”
exit 1
fi
fi

echo “”
echo -e “\e[32mEnabling the Apache HTTP web server Completed\e[0m”
echo “”

echo -e “\x1b[30;44m Checking the Apache service status \x1b[m”
echo “”
STATUS=”$(systemctl is-active httpd)”

if [ “${STATUS}” != “active” ]; then
echo “Apache service is not running.”
read -p “Do you want to proceed? (y/n): ” PROCEED

if [ “${PROCEED}” != “y” ]; then
echo “Exiting…”
exit 1
fi
else

echo -e “\e[32mApache service is running……..\e[0m”
fi

echo “”

echo -e “\x1b[30;44m Handling the Firewall rules to permit inbound packets on HTTP and HTTPS \x1b[m”

echo “”

echo “Handling the Firewall Settings and performing actions on unmask,starting and enable firewalld”

 

# Function to check if a command was successful
check_command_status() {
if [ $? -eq 0 ]; then
echo “Command successful.”
else
echo “Command failed.”
read -p “Do you want to continue? (y/n): ” choice
if [ “$choice” != “y” ]; then
echo “Exiting.”
exit 1
fi
fi
}

# Unmask firewalld
sudo systemctl unmask firewalld
check_command_status

# Start firewalld
sudo systemctl start firewalld
check_command_status

# Enable firewalld
sudo systemctl enable firewalld
check_command_status

echo “”

echo “All commands executed successfully.”

echo “”

echo “Allow web traffic over HTTP in Firewall”
sudo firewall-cmd –zone=public –permanent –add-service=http
echo “Allow web traffic over HTTPS in Firewall”
sudo firewall-cmd –zone=public –permanent –add-service=https
sudo firewall-cmd –permanent –add-port={80/tcp,443/tcp}
echo “Reloading Firewall Configuration”
sudo firewall-cmd –reload
if [ $? -ne 0 ]; then
echo -e “\033[1;31mFailed to configure the firewall\033[0m\n”
read -p “Do you want to proceed? (y/n): ” proceed
if [ “$proceed” != “y” ]; then
echo “Exiting…”
exit 1
fi
fi
echo “”

echo -e “\e[32mFirewall Configuration done\e[0m”

echo “”

#######################################################################################################################################

#To check if the Apache is setup fine

ip_address=$(ip addr show $(ip route | awk ‘/default/ { print $5 }’) | grep “inet” | head -n 1 | awk ‘/inet/ {print $2}’ | cut -d’/’ -f1)
# Check if the input is a valid IPv4 address
if [[ $ip_address =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
# If valid, append http:// and print the result
http_ip=”http://$ip_address/&#8221;
echo -e “\033[1;32mPlease access the URL to check if the Apache is setup fine: $http_ip\033[0m\n”
else
echo “Invalid IP address format!”
fi

echo “Pausing the script until you check the Apache is up and running.”
# Pause until the user presses Enter
read -p “Press Enter to continue…”
read -p “Press Enter to continue…”

echo “”
echo “”

##############################################################################
echo “Checking if there are any outdated folder in the /var/cache/yum/x86_64/7Server/rhel-server-* folders.”

# Function to prompt for continuation
prompt_continue() {
read -p “Do you want to continue to the next step? (y/n): ” choice
if [ “$choice” != “y” ]; then
exit 1
fi
}

# Function to print in green color
print_green() {
echo -e “\e[32m$1\e[0m”
}

# Function to print in red color
print_red() {
echo -e “\e[31m$1\e[0m”
}

# Specify the directory
directory=”/var/cache/yum/x86_64/7Server/”

echo “Checking if there are any outdated folders in $directory.”

# Get today’s date in the format YYYY-MM-DD
today=$(date “+%Y-%m-%d”)

# Print the current directory structure in green
echo -e “\e[32mCurrent Directory Structure:\e[0m”
tree “$directory”

echo “Renaming folders named ‘rhel-server’ to ‘Backup_duplicate_rhel-server’ created before $today in $directory”

# Use find to locate and rename folders
found_folders=$(find “$directory” -type d -name “rhel-server” ! -newermt “$today”)

if [ -n “$found_folders” ]; then
echo -e “\e[32mFound matching folders:\e[0m”
echo “$found_folders”

# Rename the folders
echo “$found_folders” | xargs -I {} mv {} {}/Backup_duplicate_rhel-server/

echo -e “\e[32mRenaming complete.\e[0m”
prompt_continue
else
echo “No duplicate copies found.”
fi

########################################################### Yum Utils #################################################################################
echo “”

echo -e “\x1b[30;44mInstalling the required packages for creating repo \x1b[m”
echo “”
if sudo yum install -y yum-utils createrepo httpd; then
echo -e “\e[32mUpdates done \e[0m”
else
echo “Failed to install required packages. Do you want to proceed to the next step? (y/n)”
read choice
if [ “$choice” != “y” ]; then
exit 1
fi
fi

echo “”

echo -e “\x1b[30;44mCreating directories /var/www/html/rhel7/server, /var/www/html/rhel7/rhscl, and /var/www/html/rhel7/main \x1b[m”
echo “”

# Define directories
server_dir=”/var/www/html/rhel7/server”
rhscl_dir=”/var/www/html/rhel7/rhscl”
main_dir=”/var/www/html/rhel7/main”

read -e -p “1. Do you wish to go with the default folder creation under $server_dir, $rhscl_dir, and $main_dir? (y/n): ” use_default
echo “”
if [ “$use_default” == “n” ]; then
read -e -p “2. Please enter the directory path for server (hit Enter for default $server_dir): ” custom_server_dir
echo “”
read -e -p ” Please enter the directory path for rhscl (hit Enter for default $rhscl_dir): ” custom_rhscl_dir
echo “”
read -e -p ” Please enter the directory path for main (hit Enter for default $main_dir): ” custom_main_dir
echo “”
# Set directory paths based on user input or use defaults
server_dir=${custom_server_dir:-$server_dir}
rhscl_dir=${custom_rhscl_dir:-$rhscl_dir}
main_dir=${custom_main_dir:-$main_dir}
fi

echo “”
# Create directories
if mkdir -p “$server_dir” && \
mkdir -p “$rhscl_dir” && \
mkdir -p “$main_dir”; then
echo “$server_dir”
echo “$rhscl_dir”
echo “$main_dir”
echo -e “\e[32mDirectories created successfully \e[0m”
else
echo -e “\e[31mError: Failed to create directories. \e[0m”
echo “Do you want to proceed to the next step? (y/n)”
read choice
if [ “$choice” != “y” ]; then
exit 1
fi
fi

echo “”

echo -e “\x1b[30;44mEnabling the required Repos \x1b[m”
echo “”

# Enable repositories
sudo subscription-manager repos –enable=rhel-7-server-rpms
sudo subscription-manager repos –enable=rhel-7-server-optional-rpms
sudo subscription-manager repos –enable=rhel-server-rhscl-7-rpms

echo “”

read -p “If the Repos are Enabled. Press Enter to continue… if not Ctrl + c to exit ”
echo “”
echo -e “\e[32mEnabled the Repos successfully \e[0m”
read -p “Press Enter to continue…”

echo “”

################################################## reposync for RHEL7 ###################################################
echo -e “\x1b[30;44mConfiguring reposync to synchronize RHEL7\x1b[m”
echo “”
if reposync –gpgcheck -l –repoid=rhel-7-server-optional-rpms –download_path=$server_dir –downloadcomps –download-metadata &&
reposync –gpgcheck -l –repoid=rhel-server-rhscl-7-rpms –download_path=$rhscl_dir –downloadcomps –download-metadata &&
reposync –gpgcheck -l –repoid=rhel-7-server-rpms –download_path=$main_dir –downloadcomps –download-metadata; then
echo -e “\e[32mReposync completed successfully \e[0m”
else
echo -e “\e[31mError: Failed to synchronize repositories. \e[0m”
echo “Do you want to proceed to the next step? (y/n)”
read choice
if [ “$choice” != “y” ]; then
exit 1
fi
fi

echo “”

####################################### createrepo ##############################################
echo -e “\x1b[30;44mCreate Repodata for each repo\x1b[m”
touch “$server_dir/comps.xml”
echo “”

# Check if the file is created successfully
if [ -e “$server_dir/comps.xml” ]; then
echo -e “\e[32mcomps.xml file created successfully \e[0m”
else
echo -e “\e[31mError: Failed to create comps.xml file. \e[0m”
echo “Do you want to proceed to the next step? (y/n)”
read choice
if [ “$choice” != “y” ]; then
exit 1
fi
fi
echo “”

if createrepo -v “$server_dir” -g “$server_dir/comps.xml” &&
createrepo -v “$rhscl_dir” &&
createrepo -v “$main_dir”; then
echo -e “\e[32mCreated Repodata successfully \e[0m”
else
echo -e “\e[31mError: Failed to create Repodata. \e[0m”
echo “Do you want to proceed to the next step? (y/n)”
read choice
if [ “$choice” != “y” ]; then
exit 1
fi
fi

 

########################################################### Yum Utils #################################################################################
read -p “Press Enter to continue…”
read -p “Press Enter to continue…”

echo “”
echo -e “\x1b[30;44mConfiguring the updateinfo.xml file for RHEL repo\x1b[m”
# Add your commands for configuring updateinfo.xml here
###########################################################

 

#==============================================================================
#REPOSITORY CONFIG FOR rhel-7-server-optional-rpms to “server” FOLDER:
#==============================================================================

server_directory=”$server_dir/repodata/”

echo “”
# Function to prompt for continuation
prompt_continue() {
read -p “Do you want to continue to the next step? (y/n): ” choice
if [ “$choice” != “y” ]; then
exit 1
fi
}

# Function to print in green color
print_green() {
echo -e “\e[32m$1\e[0m”
}

# Function to print in red color
print_red() {
echo -e “\e[31m$1\e[0m”
}

# Directory containing the gzipped files
#server_directory=”/var/www/html/rhel7/server/repodata/”

echo “”
echo “Deleting files with ‘updateinfo’ in the name in $server_directory”

# Use rm to delete files
if rm -f “$server_directory”*updateinfo*; then
print_green “Deletion complete.”
echo “”
else
print_red “Failed to delete files. Please check permissions or try again.”
prompt_continue
fi

# Directory containing the gzipped files in cache
cache_directory_pattern=”/var/cache/yum/x86_64/7Server/rhel-7-server-optional-rpms/”

# Find files matching the pattern
updateinfo_files=(“$cache_directory_pattern”*-updateinfo.xml.gz)

# Check if files exist before proceeding
if [ ${#updateinfo_files[@]} -eq 0 ]; then
print_red “No files matching ‘*-updateinfo.xml.gz’ found in $cache_directory_pattern.”
exit 1
fi

echo “”
# List files and prompt to proceed
print_green “The following files were found in $cache_directory_pattern:”
ls “${updateinfo_files[@]}”

prompt_continue

# Use a loop to copy files one by one
for file in “${updateinfo_files[@]}”; do
echo “Copying file: $file”
if cp “$file” “$server_directory”; then
print_green “Copy successful.”
else
print_red “Failed to copy file. Please check permissions or try again.”
prompt_continue
fi
done

echo “$PWD”

# Decompress and modify repository metadata
echo “Decompressing files with ‘-updateinfo.xml.gz’ in the name in $server_directory”

# Use gzip to decompress files
if gzip -d “$server_directory”*-updateinfo.xml.gz; then
print_green “Decompression successful.”
else
print_red “Failed to decompress files. Please check permissions or try again.”
prompt_continue
fi

echo “Renaming decompressed files to ‘updateinfo.xml'”

# Use mv to rename files
if mv “$server_directory”*-updateinfo.xml “$server_directory”updateinfo.xml; then
print_green “Rename successful.”
else
print_red “Failed to rename files. Please check permissions or try again.”
prompt_continue
fi

echo “Modifying repository metadata”

# Use modifyrepo to modify repository metadata
if modifyrepo “$server_directory”updateinfo.xml “$server_directory”; then
print_green “Modification successful.”
else
print_red “Failed to modify repository metadata. Please check permissions or try again.”
prompt_continue
fi

echo -e “\e[32mAll steps completed successfully for rhel-7-server-optional-rpms to “server” folder. \e[0m”

 

############################################################

echo “”

#=============================================================================
#REPOSITORY CONFIG FOR rhel-7-server-rpms to “Main” FOLDER:
#=#===========================================================================

main_directory=”$main_dir/repodata/”

# Function to prompt for continuation
prompt_continue() {
read -p “Do you want to continue to the next step? (y/n): ” choice
if [ “$choice” != “y” ]; then
exit 1
fi
}

# Function to print in green color
print_green() {
echo -e “\e[32m$1\e[0m”
}

# Function to print in red color
print_red() {
echo -e “\e[31m$1\e[0m”
}

# Directory containing the gzipped files
#main_directory=”/var/www/html/rhel7/main/repodata/”

echo “”
echo “Deleting files with ‘updateinfo’ in the name in $main_directory”

# Use rm to delete files
if rm -f “$main_directory”*updateinfo*; then
print_green “Deletion complete.”
echo “”
else
print_red “Failed to delete files. Please check permissions or try again.”
prompt_continue
fi

# Directory containing the gzipped files in cache
cache_directory_pattern=”/var/cache/yum/x86_64/7Server/rhel-7-server-rpms/”

# Find files matching the pattern
updateinfo_files=(“$cache_directory_pattern”*-updateinfo.xml.gz)

# Check if files exist before proceeding
if [ ${#updateinfo_files[@]} -eq 0 ]; then
print_red “No files matching ‘*-updateinfo.xml.gz’ found in $cache_directory_pattern.”
exit 1
fi

echo “”
# List files and prompt to proceed
print_green “The following files were found in $cache_directory_pattern:”
ls “${updateinfo_files[@]}”

prompt_continue

# Use a loop to copy files one by one
for file in “${updateinfo_files[@]}”; do
echo “Copying file: $file”
if cp “$file” “$main_directory”; then
print_green “Copy successful.”
else
print_red “Failed to copy file. Please check permissions or try again.”
prompt_continue
fi
done

echo “$PWD”

# Decompress and modify repository metadata
echo “Decompressing files with ‘-updateinfo.xml.gz’ in the name in $main_directory”

# Use gzip to decompress files
if gzip -d “$main_directory”*-updateinfo.xml.gz; then
print_green “Decompression successful.”
else
print_red “Failed to decompress files. Please check permissions or try again.”
prompt_continue
fi

echo “Renaming decompressed files to ‘updateinfo.xml'”

# Use mv to rename files
if mv “$main_directory”*-updateinfo.xml “$main_directory”updateinfo.xml; then
print_green “Rename successful.”
else
print_red “Failed to rename files. Please check permissions or try again.”
prompt_continue
fi

echo “Modifying repository metadata”

# Use modifyrepo to modify repository metadata
if modifyrepo “$main_directory”updateinfo.xml “$main_directory”; then
print_green “Modification successful.”
else
print_red “Failed to modify repository metadata. Please check permissions or try again.”
prompt_continue
fi

echo -e “\e[32mAll steps completed successfully for rhel-7-server-rpms to “Main” folder \e[0m”

 

echo “”

##################################################################################
#==============================================================================
#REPOSITORY CONFIG FOR rhel-server-rhscl-7-rpms to “rhscl” FOLDER:
#==============================================================================

rhscl_directory=”$rhscl_dir/repodata/”

# Function to prompt for continuation
prompt_continue() {
read -p “Do you want to continue to the next step? (y/n): ” choice
if [ “$choice” != “y” ]; then
exit 1
fi
}

# Function to print in green color
print_green() {
echo -e “\e[32m$1\e[0m”
}

# Function to print in red color
print_red() {
echo -e “\e[31m$1\e[0m”
}

# Directory containing the gzipped files
#rhscl_directory=”/var/www/html/rhel7/rhscl/repodata/”

echo “”
echo “Deleting files with ‘updateinfo’ in the name in $rhscl_directory”

# Use rm to delete files
if rm -f “$rhscl_directory”*updateinfo*; then
print_green “Deletion complete.”
echo “”
else
print_red “Failed to delete files. Please check permissions or try again.”
prompt_continue
fi

# Directory containing the gzipped files in cache
cache_directory_pattern=”/var/cache/yum/x86_64/7Server/rhel-server-rhscl-7-rpms/”

# Find files matching the pattern
updateinfo_files=(“$cache_directory_pattern”*-updateinfo.xml.gz)

# Check if files exist before proceeding
if [ ${#updateinfo_files[@]} -eq 0 ]; then
print_red “No files matching ‘*-updateinfo.xml.gz’ found in $cache_directory_pattern.”
exit 1
fi

echo “”
# List files and prompt to proceed
print_green “The following files were found in $cache_directory_pattern:”
ls “${updateinfo_files[@]}”

prompt_continue

# Use a loop to copy files one by one
for file in “${updateinfo_files[@]}”; do
echo “Copying file: $file”
if cp “$file” “$rhscl_directory”; then
print_green “Copy successful.”
else
print_red “Failed to copy file. Please check permissions or try again.”
prompt_continue
fi
done

echo “$PWD”

# Decompress and modify repository metadata
echo “Decompressing files with ‘-updateinfo.xml.gz’ in the name in $rhscl_directory”

# Use gzip to decompress files
if gzip -d “$rhscl_directory”*-updateinfo.xml.gz; then
print_green “Decompression successful.”
else
print_red “Failed to decompress files. Please check permissions or try again.”
prompt_continue
fi

echo “Renaming decompressed files to ‘updateinfo.xml'”

# Use mv to rename files
if mv “$rhscl_directory”*-updateinfo.xml “$rhscl_directory”updateinfo.xml; then
print_green “Rename successful.”
else
print_red “Failed to rename files. Please check permissions or try again.”
prompt_continue
fi

echo “Modifying repository metadata”

# Use modifyrepo to modify repository metadata
if modifyrepo “$rhscl_directory”updateinfo.xml “$rhscl_directory”; then
print_green “Modification successful.”
else
print_red “Failed to modify repository metadata. Please check permissions or try again.”
prompt_continue
fi

echo “”
echo -e “\e[32mAll steps completed successfully for rhel-server-rhscl-7-rpms to “rhscl” folder. \e[0m”

 

echo “”

#############################################################################
#mv /etc/nginx/nginx.conf /etc/nginx/nginx.conf.bak2023
#echo -e “\033[1;31m################################ Creating Certificates Folder /etc/nginx/ssl #############################################\033[0m\n”

echo -e “\e[32m################################ Creating Certificates Folder /etc/httpd/ssl ############################################# \e[0m”

################################ Creating Certificates Folder /etc/nginx/ssl #############################################
echo “”
#echo -e “\x1b[30;44mCreating directories /etc/httpd/ssl \x1b[m”
ssl_dir=”/etc/httpd/ssl”
echo “”
if mkdir -p “$ssl_dir”; then
echo “$ssl_dir”
echo -e “\e[32mDirectory created successfully \e[0m”

else
echo “Failed to create the directory. Do you want to proceed to the next step? (y/n)”
read choice
if [ “$choice” != “y” ]; then
exit 1
fi
fi

echo “”
#echo -e “\033[1;31m################################ Creating SSL Certificates using openssl #############################################\033[0m\n”
echo -e “\e[32m################################ Creating SSL Certificates using openssl ############################################# \e[0m”
################################ Creating SSL Certificates using openssl #############################################
echo “”
# Function to extract the primary IPv4 address
get_primary_ipv4() {
ip route | awk ‘/default/ { print $5 }’ | xargs -I {} ip addr show {} | awk ‘/inet/ {print $2}’ | cut -d’/’ -f1 | head -n 1
}

# Function to check if the input is a valid IPv4 address
is_valid_ipv4() {
local ip=”$1″
if [[ $ip =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
echo “true”
else
echo “false”
fi
}

# Main script
ip_address=$(get_primary_ipv4)

# Check if the input is a valid IPv4 address
if [[ $(is_valid_ipv4 “$ip_address”) == “true” ]]; then
# If valid, append http:// and print the result
http_ip=”$ip_address”
echo “Using IP address: $http_ip”

# Set default values for certificate information
country=”IN”
state=”State”
locality=”City”
organization=”Organization”
organizational_unit=”Organization”
common_name=”$http_ip”
email=”Organization”

# Generate a self-signed certificate using OpenSSL with default values
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
-keyout /etc/httpd/ssl/repo.key -out /etc/httpd/ssl/repo.crt \
-subj “/C=$country/ST=$state/L=$locality/O=$organization/OU=$organizational_unit/CN=$common_name/emailAddress=$email”

echo “SSL certificate generated successfully.”
else
echo “Error: Invalid IPv4 address.”
fi

echo “”
######################################################################

 

echo -e “\e[32mConfiguration done successfully \e[0m”

echo “”

echo -e “\e[32m################################ Handling the WebServer Configuration and the Default WebServer path ############################################ \e[0m”

echo “”
# Default web server path
default_web_server_path=”/var/www/html/rhel7/”

# Prompt the user to choose between default and custom paths
read -e -p “Choose an option:

1. Use the default web server path ($default_web_server_path)
2. Specify a custom path for package downloads

Enter ‘1’ to use the default path or ‘2’ to specify a custom path: ” user_choice

echo “”
# Set the root path based on the user’s choice
root_path=””
if [ “$user_choice” == “2” ]; then
read -e -p “Enter the custom root path: ” custom_root_path
root_path=${custom_root_path:-$default_web_server_path}
else
root_path=$default_web_server_path
fi

# Get the IP address
ip_address=$(ip addr show $(ip route | awk ‘/default/ { print $5 }’) | grep “inet” | head -n 1 | awk ‘/inet/ {print $2}’ | cut -d’/’ -f1)

# Check if the input is a valid IPv4 address
if [[ $ip_address =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
# If valid, append http:// and print the result
http_ip=”$ip_address”

apache_config=”# Load SSL module
<IfModule !mod_ssl.c>
LoadModule ssl_module modules/mod_ssl.so
</IfModule>

<VirtualHost *:80>
ServerName $http_ip
DocumentRoot $root_path

<Directory $root_path>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>

RewriteEngine On
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [L,R=301]
</VirtualHost>

<VirtualHost *:443>
ServerName $http_ip
DocumentRoot $root_path

<Directory $root_path>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>

SSLEngine on
SSLCertificateFile /etc/httpd/ssl/repo.crt
SSLCertificateKeyFile /etc/httpd/ssl/repo.key

ErrorLog /var/log/httpd/error.log
CustomLog /var/log/httpd/access.log combined
</VirtualHost>
”

# Write the configuration to the file
echo “$apache_config” | sudo tee -a /etc/httpd/conf.d/repos.conf > /dev/null

# Check if the file was successfully written
if [[ -s “/etc/httpd/conf.d/repos.conf” ]]; then
echo -e “Configuration written successfully. Configuration file: /etc/httpd/conf.d/repos.conf ”
else
echo -e “\e[31mError: Failed to write the configuration. \e[0m”
fi
else
echo “Invalid IP address format!”
fi

echo “”

echo “”

echo -e “\e[32m################################ Checking the Apache Conf Settings ############################################# \e[0m”

echo “”
# Continue validation until apachectl configtest is successful
while true; do
if apachectl configtest; then
echo “”
echo -e “\e[32mApache configuration test successful. \e[0m”
break
else
echo -e “\e[31mError: Apache configuration test failed. \e[0m”
echo “Verify the Apache configuration.”
read -p “If you corrected the script, press Enter to recheck. Otherwise, press Ctrl+C to exit.”
fi
done

echo “”

read -p “Press Enter to continue…”

read -p “Press Enter to continue…”

echo “”

#echo -e “\e[32m##################### Since we are using the default file-system location for web content, we are restoring the default SELinux security contexts with restorecon ####################### \e[0m”
echo -e “\e[32m##################### Restoring the default SELinux security contexts with restorecon ####################### \e[0m”

echo “”
# Default web server path
default_web_server_path=”/var/www/html/”

# Prompt the user to choose between default and custom paths
read -e -p “Choose an option:

1. Use the default path ($default_web_server_path)
2. Specify a custom path for SELinux security contexts restoration

Enter ‘1’ to use the default path or ‘2’ to specify a custom path: ” user_choice

echo “”
# Set the path based on the user’s choice
path_for_restorecon=””
if [ “$user_choice” == “2” ]; then
read -e -p “Enter the custom path for restorecon (hit Enter for default $default_web_server_path): ” custom_restorecon_path
path_for_restorecon=${custom_restorecon_path:-$default_web_server_path}
else
path_for_restorecon=$default_web_server_path
fi

# Attempt to restore SELinux security contexts
sudo restorecon -R “$path_for_restorecon”

# Check the exit status of the restorecon command
if [ $? -eq 0 ]; then
echo “”
echo -e “SELinux security contexts restored successfully.”

# Add the chcon command here
echo -e “\n\e[32m##################### Setting additional SELinux security contexts with chcon ####################### \e[0m”
chcon -Rt httpd_sys_content_t “$path_for_restorecon”
echo -e “Additional SELinux security contexts set successfully.”

else
echo -e “\e[31mError: Failed to restore SELinux security contexts. \e[0m”
fi

echo “”

echo -e “\e[32m############################################################################################################### \e[0m”

read -p “Press Enter to continue…”

echo “”
echo -e “\x1b[30;44mRestarting the Apache\x1b[m”
echo “”
systemctl restart httpd
STATUS=”$(systemctl is-active httpd)”
if [ “${STATUS}” = “active” ]; then
echo -e “\e[32mApache service is running…… \e[0m”
else
echo -e “\e[31mApache service is not running…. exiting. \e[0m”
exit 1
fi

echo -e “\e[32m############################################################################################################### \e[0m”

ip_address=$(ip addr show $(ip route | awk ‘/default/ { print $5 }’) | grep “inet” | head -n 1 | awk ‘/inet/ {print $2}’ | cut -d’/’ -f1)
# Check if the input is a valid IPv4 address
if [[ $ip_address =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
# If valid, append http:// and print the result
http_ip=”http://$ip_address/&#8221;
echo “”
echo -e “\033[1;33mPlease access the URL to check if the Apache is set up fine and files are visible: $http_ip/\033[0m\n”

else
echo “Invalid IP address format!”
fi

echo “”

echo -e “\033[32m################################ Creating the Daily Sync Cron Job ############################################# \033[0m”

echo “”

log_file=”/var/log/update-repository.log”

echo “echo Update script started at \$(date) >> /var/log/update-repository.log

reposync –gpgcheck -l –repoid=rhel-7-server-rpms –download_path=$main_dir –downloadcomps –download-metadata
createrepo –update $main_dir
reposync –gpgcheck -l –repoid=rhel-7-server-optional-rpms –download_path=$server_dir –downloadcomps –download-metadata
createrepo –update $server_dir
reposync –gpgcheck -l –repoid=rhel-server-rhscl-7-rpms –download_path=$rhscl_dir –downloadcomps –download-metadata
createrepo –update $rhscl_dir

# Server Directory >> /var/log/update-repository.log 2>&1
rm -rf $server_dir/repodata/*updateinfo* >> /var/log/update-repository.log 2>&1
cp /var/cache/yum/x86_64/7Server/rhel-7-server-optional-rpms/*-updateinfo.xml.gz $server_dir/repodata/ >> /var/log/update-repository.log 2>&1
gzip -d $server_dir/repodata/*-updateinfo.xml.gz >> /var/log/update-repository.log 2>&1
mv $server_dir/repodata/*-updateinfo.xml $server_dir/repodata/updateinfo.xml >> /var/log/update-repository.log 2>&1
modifyrepo $server_dir/repodata/updateinfo.xml $server_dir/repodata/ >> /var/log/update-repository.log 2>&1

# Main Directory >> /var/log/update-repository.log 2>&1
rm -rf $main_dir/repodata/*updateinfo*
cp /var/cache/yum/x86_64/7Server/rhel-7-server-rpms/*-updateinfo.xml.gz $main_dir/repodata/ >> /var/log/update-repository.log 2>&1
gzip -d $main_dir/repodata/*-updateinfo.xml.gz >> /var/log/update-repository.log 2>&1
mv $main_dir/repodata/*-updateinfo.xml $main_dir/repodata/updateinfo.xml >> /var/log/update-repository.log 2>&1
modifyrepo $main_dir/repodata/updateinfo.xml $main_dir/repodata/ >> /var/log/update-repository.log 2>&1

# RHSCL Directory >> /var/log/update-repository.log 2>&1
rm -rf $rhscl_dir/repodata/*updateinfo* >> /var/log/update-repository.log 2>&1
cp /var/cache/yum/x86_64/7Server/rhel-server-rhscl-7-rpms/*-updateinfo.xml.gz $rhscl_dir/repodata/ >> /var/log/update-repository.log 2>&1
gzip -d $rhscl_dir/repodata/*-updateinfo.xml.gz >> /var/log/update-repository.log 2>&1
mv $rhscl_dir/repodata/*-updateinfo.xml $rhscl_dir/repodata/updateinfo.xml >> /var/log/update-repository.log 2>&1
modifyrepo $rhscl_dir/repodata/updateinfo.xml $rhscl_dir/repodata/ >> /var/log/update-repository.log 2>&1

echo Update script ended at \$(date) >> /var/log/update-repository.log 2>&1” >> “/usr/local/bin/rhel7_updaterepository.sh”

if [ -e “/usr/local/bin/rhel7_updaterepository.sh” ]; then
echo -e “\033[32mScript successfully created. Listing contents:\033[0m”
echo “”
ls -ltra “/usr/local/bin/rhel7_updaterepository.sh”

echo “”
cat “/usr/local/bin/rhel7_updaterepository.sh”
chmod +x “/usr/local/bin/rhel7_updaterepository.sh”
echo “”
echo -e “\033[32mExecution permission set.\033[0m”

echo “”
read -p “Press Enter if you find the script is updated correctly…”
read -p “Press Enter to continue…”
# Create cron job to run at night (replace “0 0” with your desired time)
echo “0 23 * * * /usr/local/bin/rhel7_updaterepository.sh >> /var/log/update-repository.log” | crontab –

echo -e “\033[32mCron jobs created successfully.\033[0m”
else
echo -e “\033[31mError: Script creation failed.\033[0m”
fi
echo “”

echo -e “\e[32m############################################################################################################### \e[0m”
echo “”
echo -e “\e[1;32m +-+-+-+-+ +-+ +-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+
|R|H|E|L| |7| |R|e|p|o| |S|u|c|c|e|s|s|f|u|l|l|y| |C|r|e|a|t|e|d|
+-+-+-+-+ +-+ +-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+ 😊\e[0m”

echo “”
echo -e “\e[32m############################################################################################################### \e[0m”
echo “”

echo “If you are not able to access the repo from browser, please login and check /etc/httpd/conf/httpd.conf and update to the releavnt User”

[Community Manager]

Let’s take a look at 5 main factors that affects a cyber hygiene score in your network:

• System/ Software /OS Vulnerabilities: These are weaknesses within the network that, if exploited, can lead to unauthorized access or damage.
• Misconfigurations: Incorrect settings, like open ports or excessive user permissions, often leave systems exposed.
• Posture Anomaly: A deviation from the expected security posture (e.g., unusual network traffic or unauthorized access attempts) can indicate a compromised system or a misconfiguration.
• Missing Patches: Unpatched systems and applications create vulnerabilities that are prime targets for attackers.
• Prioritized Risks: Identifying and ranking risks based on potential impact and likelihood allows for efficient resource allocation.

These five factors are primary causes of an unstable network, as they expose systems to security gaps, disruptions, and potential breaches. Together, they create weaknesses that can lead to frequent outages, data exposure, and inconsistent performance across the network.

SanerNow’s approach to evaluating a cyber hygiene score stands out due to its comprehensive model that evenly weights five key factors: prioritized risks, missing patches, posture anomalies, vulnerabilities, and misconfigurations. Unlike other vendors that typically only consider vulnerabilities, misconfigurations, and security controls, SanerNow’s model provides a more holistic view of your network.

Here’s a detailed view of it:

[Community Manager]

SecPod can help implement the solution for larger deployments. We can as well train your team to perform these deployments. We have good amount of experience in deploying larger deployments.

[Community Manager]

Our USP is an integrated platform for detection, assessment, prioritization, and remediation of vulnerabilities, misconfigurations, security controls, posture anomalies and other risks, all from one single console. We reduce 90-day assessment/remediation cycles to a daily routine, which is an unrivalled offering to our MSSP customers.

[Community Manager]

We look at unique devices added on the platform and discovered by our agents.

[Community Manager]

Reports can be filtered by Hostname on the product UI. We also have hostname and IP Address relationship accessible through APIs.

[Author]

Posts