Pre-written script to change CentOS IP addresses

Are there any prewritten scripts out there to change the IP address info of a given machine?

Here is the scenario, I have a distributor who puts together my box, burns my image to the box, then ships it to different data centers in the country.

I want to give the distributor a script that he can use to install the IP addresses.

It can be a Windows Script or a Bash script.
lvnvAsked:
Who is Participating?
 
Kerem ERSOYConnect With a Mentor PresidentCommented:
Yeah but can't you just connect to the host and change the root password once they have finished configuring the IP?  You can start with a default password to start.

Or better you create a user with sudo all privilege. Once he'd login the system for the first time he sts up the networking then you'd connect nd revoke the privliege to him.. So that Ho won't know root password.
0
 
Kerem ERSOYPresidentCommented:
In rehdat linux it is there's no need to write a script. If he edits the file in:

/etc/sysconfig/networking/profiles/default/ifcfg-eth0

and the contents will be something like this:

# Please read /usr/share/doc/initscripts-*/sysconfig.txt
# for the documentation of these parameters.
TYPE=Ethernet
DEVICE=eth0
HWADDR=xx:xx:xx:xx:xx:xx:xx:xx
BOOTPROTO=none
NETMASK=<net_mesk>
IPADDR=>ip.addr>
ONBOOT=yes
USERCTL=no
IPV6INIT=no
PEERDNS=no

Then when the system boots it will have the fixed IP specified in IPADDR and NETMASK with the interface MAC specified in HWADDR.

This is it.
0
 
elf_binCommented:
Just to expand on what KeremE said.
In /etc/sysconfig/network-scripts/ there are ifcfg-ethx (where x is the interface number, 0, 1, 2 etc in multi-homed hosts).  
Generally, they start with a comment about to which interface they apply (so mine has # Intel Corporation 82566DM-2 Gigabit Network Connection).  
Then the device number (i.e.: eth0, eth1 etc), prepended with DEVICE=
Then the boot protocol (BOOTPROTO=) which'll be none for static IP address, dhcp for dhcp and so on.
Next is the MAC address (HWADDR=).
NETMASK= & IPADDR= are the lines where IP address & subnet mask are configured (static only).
DHCP_HOSTNAME= would be the dhcp supplied hostname (if sent).
TYPE=Ethernet is the media type used.
USERCTL=yes|no.  Can the user manipulate the network interface (such as shut it down, bring it up etc.)?
IPV6INIT=yes|no.  Do we want IPv6 support?
PEERDNS=yes|no.  "Peer to peer" DNS queries.
What I'm assuming here is that you're not using the Network Manager tool to manage your interfaces.

So you could use the sed command to change known values into new values.  For example, if the manufacturer ships IPADDR=1.1.1.1 NETMASK=1.1.1.1 you could use this:
sed s/"IPADDR=1.1.1.1"/"IPADDR=192.168.2.1"/ /etc/sysconfig/network-scripts/ ifcfg-eth0 | sed s/"NETMASK=1.1.1.1"/"NETMASK=1.1.1.1"/ - > /etc/sysconfig/network-scripts/ifcfg-eth0.new

You could use the ip command to add | remove or manage interfaces and addresses.
You could use system-config-network-cmd to add | remove or manage interfaces and addresses.

But the obvious choice is why don't you just use DHCP?  That's what it's there for!

Hope this helps.
0
Cloud Class® Course: Amazon Web Services - Basic

Are you thinking about creating an Amazon Web Services account for your business? Not sure where to start? In this course you’ll get an overview of the history of AWS and take a tour of their user interface.

 
lvnvAuthor Commented:
Thanks, I know how to do both of your answers and that's how I've been doing in until now.

HOWEVER, both require root access to the system.  Therein lies the problem.  I don't want to give anyone root access or any shell access at all for that matter.
Remember, they are burning an image of disk, then changing the IP of that image.

If there was a C script that only logged in and changed the info it would be perfect.
0
 
Kerem ERSOYPresidentCommented:
So will you a bit clarify the steps of the process? At what step they burn the cd? D o they change after changing? What does the image file contain? Who uses the CD ?
0
 
lvnvAuthor Commented:
1) I have given the image of a disk to the "manufacturer"
2) they use G4L to copy the image to every new server that I order
3) they ship the new server to a remote location
some of the remote locations allow me to login and change the IP (because they / it uses DHCP)..
Others require me to give them root access so they can change the config files.

I don't like either option.

I'd like a script to give my manufacturer which will update the IP information on each new system without him logging in as root.

I am probably going to end up writing a C script that will do it.  I was hoping that someone on here had seen one already... I can't imagine this is a new problem..
0
 
Kerem ERSOYPresidentCommented:
The problem with script is that: You'd allow a SUID script to the image which is very very very dangerous in that people could later change the script and use it as a vulnerability to exploit. The same goes with the C script since it would need to run with root privileges.
0
 
lvnvAuthor Commented:
Well, as it stands now, they're getting root access so that's worse in my opinion...

but I figured there must be some way to encrypt the username and password in the C script then compile it as a binary...

with root:
they can do whatever they want...

with script:
They'd have to work at decompiling the binary or watching what it does...

0
 
elf_binCommented:
The thing is you'll never know how many times the CD has been used, so you'll never know which I addresses have been assigned.
What I'd do is put something in /etc/rc.local that creates a file somewhere on disk (say /usr/local/var) when it runs.  The idea being run the script if that file is there & don't run it if it isn't there.  That way the script will only run at first boot.  You can put in something that checks and updates an external server to indicate if an IP address has been used or not and setup the networking that way.  I reckon you could even change the root password with it.
Is that the kind of thing you're after?
0
 
tkutherConnect With a Mentor Commented:
Why not use SSH with command restriction.

Just write a script that takes two parameters, reads out the MAC, and changes the ifcfg-eth0 script accordingly

in root's ~/.ssh/authorized_keys put something like this:

command="/path/to/ip-changer.sh $SSH_ORIGINAL_COMMAND" ssh-rsa ....

Open in new window

0
 
tkutherCommented:
..and hand the private key to the customer. All he will be able to do, is execute this script with the parameters, and if the script has the needed sanity checks, this is a quite safe way

(sorry, I failed to find the edit button)
0
 
colinvannConnect With a Mentor Commented:
Hi there,

How about on first boot, you make it ask the person in front of the system to setup networking using system-config-network. After execution it can update the ifcfg-eth0 or which ever interface you wish to configure and then set itself not to run again, rebooting the system to ensure that a clean start occurs...

Place the attached code snippet at the bottom of the /etc/rc.local ( -> /etc/rc.d/rc.local)...

The sleep commands are just there to give the system enough time realize that the last command has exited properly, on fast systems I've seen this be a problem.

This is a clean solution that doesn't risk security at all.

Let me know if you have problems with it,
Colin


# Setup networking and reboot the system without asking for it again
system-config-network
sleep 1
service network restart
sleep 1
# Restore the original rc.local
touch /tmp/rc.local
cat /etc/rc.d/rc.local | grep -v "Setup networking and" | grep -v system-config-network | grep -v sleep | grep -v "service network restart"  |grep -v "Restore the original" |grep -v reboot |grep -v touch > /tmp/rc.local
sleep 1
reboot & mv /tmp/rc.local /etc/rc.d/rc.local

Open in new window

0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.