[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now


Pre-written script to change CentOS IP addresses

Posted on 2009-05-20
Medium Priority
Last Modified: 2013-12-16
Are there any prewritten scripts out there to change the IP address info of a given machine?

Here is the scenario, I have a distributor who puts together my box, burns my image to the box, then ships it to different data centers in the country.

I want to give the distributor a script that he can use to install the IP addresses.

It can be a Windows Script or a Bash script.
Question by:lvnv
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
  • +2
LVL 30

Expert Comment

by:Kerem ERSOY
ID: 24439136
In rehdat linux it is there's no need to write a script. If he edits the file in:


and the contents will be something like this:

# Please read /usr/share/doc/initscripts-*/sysconfig.txt
# for the documentation of these parameters.

Then when the system boots it will have the fixed IP specified in IPADDR and NETMASK with the interface MAC specified in HWADDR.

This is it.
LVL 10

Expert Comment

ID: 24439706
Just to expand on what KeremE said.
In /etc/sysconfig/network-scripts/ there are ifcfg-ethx (where x is the interface number, 0, 1, 2 etc in multi-homed hosts).  
Generally, they start with a comment about to which interface they apply (so mine has # Intel Corporation 82566DM-2 Gigabit Network Connection).  
Then the device number (i.e.: eth0, eth1 etc), prepended with DEVICE=
Then the boot protocol (BOOTPROTO=) which'll be none for static IP address, dhcp for dhcp and so on.
Next is the MAC address (HWADDR=).
NETMASK= & IPADDR= are the lines where IP address & subnet mask are configured (static only).
DHCP_HOSTNAME= would be the dhcp supplied hostname (if sent).
TYPE=Ethernet is the media type used.
USERCTL=yes|no.  Can the user manipulate the network interface (such as shut it down, bring it up etc.)?
IPV6INIT=yes|no.  Do we want IPv6 support?
PEERDNS=yes|no.  "Peer to peer" DNS queries.
What I'm assuming here is that you're not using the Network Manager tool to manage your interfaces.

So you could use the sed command to change known values into new values.  For example, if the manufacturer ships IPADDR= NETMASK= you could use this:
sed s/"IPADDR="/"IPADDR="/ /etc/sysconfig/network-scripts/ ifcfg-eth0 | sed s/"NETMASK="/"NETMASK="/ - > /etc/sysconfig/network-scripts/ifcfg-eth0.new

You could use the ip command to add | remove or manage interfaces and addresses.
You could use system-config-network-cmd to add | remove or manage interfaces and addresses.

But the obvious choice is why don't you just use DHCP?  That's what it's there for!

Hope this helps.

Author Comment

ID: 24443548
Thanks, I know how to do both of your answers and that's how I've been doing in until now.

HOWEVER, both require root access to the system.  Therein lies the problem.  I don't want to give anyone root access or any shell access at all for that matter.
Remember, they are burning an image of disk, then changing the IP of that image.

If there was a C script that only logged in and changed the info it would be perfect.
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

LVL 30

Expert Comment

by:Kerem ERSOY
ID: 24444474
So will you a bit clarify the steps of the process? At what step they burn the cd? D o they change after changing? What does the image file contain? Who uses the CD ?

Author Comment

ID: 24444825
1) I have given the image of a disk to the "manufacturer"
2) they use G4L to copy the image to every new server that I order
3) they ship the new server to a remote location
some of the remote locations allow me to login and change the IP (because they / it uses DHCP)..
Others require me to give them root access so they can change the config files.

I don't like either option.

I'd like a script to give my manufacturer which will update the IP information on each new system without him logging in as root.

I am probably going to end up writing a C script that will do it.  I was hoping that someone on here had seen one already... I can't imagine this is a new problem..
LVL 30

Expert Comment

by:Kerem ERSOY
ID: 24444908
The problem with script is that: You'd allow a SUID script to the image which is very very very dangerous in that people could later change the script and use it as a vulnerability to exploit. The same goes with the C script since it would need to run with root privileges.

Author Comment

ID: 24445541
Well, as it stands now, they're getting root access so that's worse in my opinion...

but I figured there must be some way to encrypt the username and password in the C script then compile it as a binary...

with root:
they can do whatever they want...

with script:
They'd have to work at decompiling the binary or watching what it does...

LVL 30

Accepted Solution

Kerem ERSOY earned 672 total points
ID: 24445687
Yeah but can't you just connect to the host and change the root password once they have finished configuring the IP?  You can start with a default password to start.

Or better you create a user with sudo all privilege. Once he'd login the system for the first time he sts up the networking then you'd connect nd revoke the privliege to him.. So that Ho won't know root password.
LVL 10

Expert Comment

ID: 24448233
The thing is you'll never know how many times the CD has been used, so you'll never know which I addresses have been assigned.
What I'd do is put something in /etc/rc.local that creates a file somewhere on disk (say /usr/local/var) when it runs.  The idea being run the script if that file is there & don't run it if it isn't there.  That way the script will only run at first boot.  You can put in something that checks and updates an external server to indicate if an IP address has been used or not and setup the networking that way.  I reckon you could even change the root password with it.
Is that the kind of thing you're after?

Assisted Solution

tkuther earned 664 total points
ID: 24457104
Why not use SSH with command restriction.

Just write a script that takes two parameters, reads out the MAC, and changes the ifcfg-eth0 script accordingly

in root's ~/.ssh/authorized_keys put something like this:

command="/path/to/ip-changer.sh $SSH_ORIGINAL_COMMAND" ssh-rsa ....

Open in new window


Expert Comment

ID: 24457112
..and hand the private key to the customer. All he will be able to do, is execute this script with the parameters, and if the script has the needed sanity checks, this is a quite safe way

(sorry, I failed to find the edit button)

Assisted Solution

colinvann earned 664 total points
ID: 24458148
Hi there,

How about on first boot, you make it ask the person in front of the system to setup networking using system-config-network. After execution it can update the ifcfg-eth0 or which ever interface you wish to configure and then set itself not to run again, rebooting the system to ensure that a clean start occurs...

Place the attached code snippet at the bottom of the /etc/rc.local ( -> /etc/rc.d/rc.local)...

The sleep commands are just there to give the system enough time realize that the last command has exited properly, on fast systems I've seen this be a problem.

This is a clean solution that doesn't risk security at all.

Let me know if you have problems with it,

# Setup networking and reboot the system without asking for it again
sleep 1
service network restart
sleep 1
# Restore the original rc.local
touch /tmp/rc.local
cat /etc/rc.d/rc.local | grep -v "Setup networking and" | grep -v system-config-network | grep -v sleep | grep -v "service network restart"  |grep -v "Restore the original" |grep -v reboot |grep -v touch > /tmp/rc.local
sleep 1
reboot & mv /tmp/rc.local /etc/rc.d/rc.local

Open in new window


Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The purpose of this article is to show how we can create Linux Mint virtual machine using Oracle Virtual Box. To install Linux Mint we have to download the ISO file from its website i.e. http://www.linuxmint.com. Once you open the link you will see …
The purpose of this article is to demonstrate how we can upgrade Python from version 2.7.6 to Python 2.7.10 on the Linux Mint operating system. I am using an Oracle Virtual Box where I have installed Linux Mint operating system version 17.2. Once yo…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
Suggested Courses

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question