Linux ready; Cisco start!

linux/configs/-opt-dns/db.172

@@ -0,0 +1,20 @@
+; /opt/dns/db.172 file
+; Configured by Maxim
+$TTL 604800
+@	IN	SOA	skill39.wsr.	root.skill39.wsr. (
+				1			; Serial
+				604800		; Refresh
+				86400		; Retry
+				2419200	; Expire
+				604800 )	; Negative Cache TTL
+
+@	IN	NS	l-srv.skill39.wsr.
+
+10.20	IN	PTR	l-srv.skill39.wsr.
+2.50	IN	PTR	l-rtr-a.skill39.wsr.
+2.55	IN	PTR	l-rtr-b.skill39.wsr.
+
+; L-FW 
+1.20	IN	PTR	l-fw.skill39.wsr.
+1.50	IN	PTR	l-fw.skill39.wsr.
+1.55	IN	PTR	l-fw.skill39.wsr.

linux/configs/-opt-dns/db.192

@@ -0,0 +1,19 @@
+; /opt/dns/db.192 file
+; Configured by Maxim
+$TTL 604800
+@	IN	SOA	skill39.wsr.	root.skill39.wsr. (
+				1			; Serial
+				604800		; Refresh
+				86400		; Retry
+				2419200	; Expire
+				604800 )	; Negative Cache TTL
+
+@	IN	NS	l-srv.skill39.wsr.
+
+10.20	IN	PTR	r-srv.skill39.wsr.
+2.10	IN 	PTR	r-rtr.skill39.wsr.
+100.100	IN	PTR	r-cli.skill39.wsr.
+
+; R-FW
+1.10	IN	PTR	r-fw.skill39.wsr.
+1.20	IN	PTR	r-fw.skill39.wsr.

linux/configs/-opt-dns/skill39.db

@@ -0,0 +1,31 @@
+; /opt/dns/skill39.db file
+; Configured by Maxim
+$TTL 604800
+@	IN	SOA	l-srv.skill39.wsr.	root.skill39.wsr. (
+				1			; Serial
+				604800		; Refresh
+				86400		; Retry
+				2419200		; Expire
+				604800 )	; Negative Cache TTL
+
+@	IN	NS	l-srv.skill39.wsr.
+
+; LEFT
+l-fw	IN	A	10.10.10.1
+		IN	A	172.16.20.1
+		IN	A	172.16.50.1
+		IN	A	172.16.55.1
+l-srv	IN	A	172.16.20.10
+l-rtr-a	IN	A	172.16.50.2
+l-rtr-b	IN	A	172.16.55.2
+server	IN	CNAME	l-srv
+
+; RIGHT
+r-fw	IN	A	20.20.20.100
+		IN	A	192.168.10.1
+		IN	A	192.168.20.1
+r-srv	IN	A	192.168.20.10
+r-rtr	IN	A	192.168.10.2
+r-cli	IN	A	192.168.100.100
+www	IN	CNAME	r-fw
+

linux/configs/base-config-CentOS.sh

@@ -0,0 +1,55 @@
+# !!!!! 
+# VMWare не может вставить русские буквы, так что исключайте их при копировании
+# !!!!!
+
+# Для смены порядка чтения "DNS"
+
+nano /etc/nsswitch.conf
+
+# Ответы DNS сервера должны иметь более высокий приоритет.
+# В строке, которая начинается с "hosts: ", меняем местами слова files и dns.
+
+CONFIG_FILE_VERSION="1.1"
+
+# HOSTS config
+
+HOSTS="/etc/hosts"; rm $HOSTS; touch $HOSTS
+echo -e "# ${HOSTS} file.\n# Configured by Maxim; v${CONFIG_FILE_VERSION}\n\n" >> $HOSTS
+echo -e "# Default values\n127.0.0.1\tlocalhost\n::1\tip6-localhots ip6-loopback\nff02::1\tip6-allnodes\nff02::2\tip6-allrouters\n" >> $HOSTS
+echo -e "# Work values\n172.16.20.10\tl-srv l-srv.skill39.wsr\n10.10.10.1\tl-fw l-fw.skill39.wsr\n172.16.50.2\tl-rtr-a l-rtr-a.skill39.wsr\n172.16.55.2\tl-rtr-b l-rtr-b.skill39.wsr\n172.16.200.61\tl-cli-b l-cli-b.skill39.wsr\n20.20.20.5\tout-cli out-cli.skill39.wsr\n20.20.20.100\tr-fw r-fw.skill39.wsr\n192.168.20.10\tr-srv r-srv.skill39.wsr\n192.168.10.2\tr-rtr r-rtr.skill39.wsr\n192.168.100.100\tr-cli r-cli.skill39.wsr">> $HOSTS 
+echo -e "20.20.20.10\tisp" >> $HOSTS
+
+cat $HOSTS
+
+# YUM config
+
+cd /media/
+sh -c "rm -rf *"
+mkdir CentOS; mkdir cdrom
+cd /etc/
+mkdir yum.repos.d-default/
+mv ./yum.repos.d/CentOS* ./yum.repos.d-default/
+cd yum.repos.d/
+sh -c "rm -rf *"
+REPO_FILE="/etc/yum.repos.d/CentOS-Media.repo"
+touch $REPO_FILE
+echo -e "# ${REPO_FILE} file.\n# Configured by Maxim; v${CONFIG_FILE_VERSION}\n" >> $REPO_FILE
+echo -e "[c7-media]\nname=CentOS-$releasever - Media\nbaseurl=file:///media/CentOS/\n\t\tfile:///media/cdrom/\ngpgcheck=1\nenabled=1\ngpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7"  >> $REPO_FILE
+
+cat $REPO_FILE
+
+# /dev/sr0 CentOS-7-x86_64-DVD-1810.iso
+# /dev/sr1 Additional.iso
+
+mount /dev/sr0 /media/CentOS
+mount /dev/sr1 /media/cdrom
+
+yum install lynx vim net-tools dhclient bash-completion tcpdump curl nfs-utils cifs-utils sshpass bind-utils -y
+yum install zsh git -y
+
+# SSH config
+
+SSH_CONFIG="/etc/ssh/sshd_config"
+cp $SSH_CONFIG $SSH_CONFIG.old
+sed -ie 's/#PermitRoot.*/PermitRootLogin yes/' $SSH_CONFIG
+systemctl restart sshd.service

linux/configs/base-config-Debian.sh

@@ -0,0 +1,37 @@
+# !!!!! 
+# VMWare не может вставить русские буквы, так что исключайте их при копировании
+# !!!!!
+
+# Для смены порядка чтения "DNS"
+
+nano /etc/nsswitch.conf
+
+# Ответы DNS сервера должны иметь более высокий приоритет.
+# В строке, которая начинается с "hosts: ", меняем местами слова files и dns.
+
+CONFIG_FILE_VERSION="1.1"
+
+# HOSTS config
+
+HOSTS="/etc/hosts"; rm $HOSTS; touch $HOSTS
+echo -e "# ${HOSTS} file.\n# Configured by Maxim; v${CONFIG_FILE_VERSION}\n\n" >> $HOSTS
+echo -e "# Default values\n127.0.0.1\tlocalhost\n::1\tip6-localhots ip6-loopback\nff02::1\tip6-allnodes\nff02::2\tip6-allrouters\n" >> $HOSTS
+echo -e "# Work values\n172.16.20.10\tl-srv l-srv.skill39.wsr\n10.10.10.1\tl-fw l-fw.skill39.wsr\n172.16.50.2\tl-rtr-a l-rtr-a.skill39.wsr\n172.16.55.2\tl-rtr-b l-rtr-b.skill39.wsr\n172.16.200.61\tl-cli-b l-cli-b.skill39.wsr\n20.20.20.5\tout-cli out-cli.skill39.wsr\n20.20.20.100\tr-fw r-fw.skill39.wsr\n192.168.20.10\tr-srv r-srv.skill39.wsr\n192.168.10.2\tr-rtr r-rtr.skill39.wsr\n192.168.100.100\tr-cli r-cli.skill39.wsr">> $HOSTS 
+echo -e "10.10.10.10\tisp" >> $HOSTS
+
+cat $HOSTS
+
+
+# APT config
+
+apt-cdrom add
+apt install tcpdump bind9 ssh nfs-common network-manager curl lynx net-tools vim bind9utils cifs-utils -y
+apt install zsh git -y
+
+# SSH config
+
+SSH_CONFIG="/etc/ssh/sshd_config"
+cp $SSH_CONFIG $SSH_CONFIG.old
+sed -ie 's/#PermitRoot.*/PermitRootLogin yes/' $SSH_CONFIG
+systemctl restart ssh.service
+

linux/configs/config-all.sh

@@ -0,0 +1,403 @@
+# !!!!! 
+# VMWare не может вставить русские буквы, так что исключайте их при копировании
+# !!!!!
+
+# План работы
+# hostnames -> hosts -> apt/yum -> ip -> gre -> frr -> dhcp -> dhcp-relay ->
+# -> primary DNS -> DDNS -> secondary DNS  
+
+# File version: 2.0
+CONFIG_FILE_VERSION="2.0"
+
+HOSTS="/etc/hosts"; rm $HOSTS; touch $HOSTS
+echo -e "# ${HOSTS} file.\n# Configured by Maxim; v${CONFIG_FILE_VERSION}\n\n" >> $HOSTS
+echo -e "# Default values\n127.0.0.1\tlocalhost\n::1\tip6-localhots ip6-loopback\nff02::1\tip6-allnodes\nff02::2\tip6-allrouters\n" >> $HOSTS
+echo -e "# Work values\n172.16.20.10\tl-srv l-srv.skill39.wsr\n10.10.10.1\tl-fw l-fw.skill39.wsr\n172.16.50.2\tl-rtr-a l-rtr-a.skill39.wsr\n172.16.55.2\tl-rtr-b l-rtr-b.skill39.wsr\n172.16.200.61\tl-cli-b l-cli-b.skill39.wsr\n20.20.20.5\tout-cli out-cli.skill39.wsr\n20.20.20.100\tr-fw r-fw.skill39.wsr\n192.168.20.10\tr-srv r-srv.skill39.wsr\n192.168.10.2\tr-rtr r-rtr.skill39.wsr\n192.168.100.100\tr-cli r-cli.skill39.wsr">> $HOSTS 
+
+cat $HOSTS
+
+# echo -e "20.20.20.10\tisp" >> $HOSTS	# Organisation RIGHT
+# echo -e "10.10.10.10\tisp" >> $HOSTS	# Organisation LEFT
+
+# Для смены порядка чтения "DNS"
+
+sed -ie "s/^hosts:\t*/hosts:\t\tdns files [NOTFOUND=return] # old:/" /etc/nsswitch.conf
+
+SSH_CONFIG="/etc/ssh/sshd_config"
+cp $SSH_CONFIG $SSH_CONFIG.old
+sed -ie 's/#PermitRoot.*/PermitRootLogin yes/' $SSH_CONFIG
+systemctl restart ssh.service
+
+# Эта настройка для FW и RTR 
+
+echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf; shutdown -r 0
+
+# Настройка debian 
+
+apt-cdrom add
+apt-get install tcpdump bind9 ssh nfs-common network-manager curl lynx net-tools vim bind9utils cifs-utils -y
+
+# CentOS yum repo Config
+
+cd /media/
+sh -c "rm -rf *"
+mkdir CentOS
+mkdir cdrom
+
+cd /etc/
+
+mkdir yum.repos.d-default/
+mv ./yum.repos.d/CentOS* ./yum.repos.d-default/
+
+cd yum.repos.d/
+sh -c "rm -rf *"
+REPO_FILE="/etc/yum.repos.d/CentOS-Media.repo"
+touch $REPO_FILE
+
+echo -e "# ${REPO_FILE} file.\n# Configured by Maxim; v${CONFIG_FILE_VERSION}\n" >> $REPO_FILE
+echo "[c7-media]"  >> $REPO_FILE
+echo -e "name=CentOS-$releasever - Media"  >> $REPO_FILE
+echo "baseurl=file:///media/CentOS/"  >> $REPO_FILE
+echo -e "\t\tfile:///media/cdrom/"  >> $REPO_FILE
+echo "gpgcheck=1"  >> $REPO_FILE
+echo "enabled=1"  >> $REPO_FILE
+echo "gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7"  >> $REPO_FILE
+
+cat $REPO_FILE
+
+# Проверить устройства можно командой blkid
+# Имя образа будет указано в lable="<ISO-NAME>"
+
+# /dev/sr0 Это [datastore1] _ISO/Additional.iso
+# /dev/sr1 Это [datastore1] _ISO/CentOS-7-x86_64-DVD-1810.iso
+
+mount -L "CDROM" /media/cdrom
+mount -L "CentOS 7 x86_64" /media/CentOS
+
+yum install lynx vim net-tools dhclient bash-completion tcpdump curl nfs-utils cifs-utils sshpass bind-utils libcares* -y
+
+# firewall вырубить на всех, кроме R-FW
+
+systemctl stop firewalld &&  systemctl disable firewalld
+# systemctl start firewalld && systemctl enable firewalld
+
+# R-FW
+
+firewall-cmd --permanent --zone=external --add-service=gre
+firewall-cmd --permanent --zone=external --add-interface=ens160
+firewall-cmd --permanent --zone=trusted --add-interface=ens192
+firewall-cmd --permanent --zone=trusted --add-interface=ens224
+firewall-cmd --permanent --zone=trusted --add-interface=gre1
+firewall-cmd --permanent --zone=external --add-port=22/tcp
+firewall-cmd --permanent --zone=external --add-port=22/udp
+firewall-cmd --permanent --zone=external --add-forward-port=port=53:proto=tcp:toport=53:toaddr=192.168.20.10
+
+firewall-cmd --reload
+
+# firewall-cmd --permanent --zone=external --add-masquerade
+# firewall-cmd --permanent --zone=trusted --add-interface=tunnel
+# firewall-cmd --permanent --zone=external --add-service=http
+# firewall-cmd --permanent --zone=external --add-service=https
+# firewall-cmd --permanent --zone=external --add-service=ssh
+
+# L-FW
+
+# iptables методичка
+# -A - добавить правило в цепочку;
+# -С - проверить все правила;
+# -D - удалить правило;
+# -I - вставить правило с нужным номером;
+# -L - вывести все правила в текущей цепочке;
+# -S - вывести все правила;
+# -F - очистить все правила;
+# -N - создать цепочку;
+# -X - удалить цепочку;
+# -P - установить действие по умолчанию.
+# -s - указать ip адрес устройства-отправителя пакета;
+# -d - указать ip адрес получателя;
+# -i - входной сетевой интерфейс;
+# -o - исходящий сетевой интерфейс;
+# -j - выбрать действие, если правило подошло.
+
+# P:
+# INPUT - Входящие паекты
+# OUTPUT - Исходящие пакеты
+# FORWARD - Паокеты пересылки
+
+# j:
+# ACCEPT - разрешить прохождение пакета дальше по цепочке правил;
+# DROP - удалить пакет;
+# REJECT - отклонить пакет, отправителю будет отправлено сообщение, что пакет был отклонен;
+# LOG - сделать запись о пакете в лог файл;
+# QUEUE - отправить пакет пользовательскому приложению.
+# REDIRECT - Перенаправлять на ...
+# ...
+
+# t:
+# raw - предназначена для работы с сырыми пакетами, пока они еще не прошли обработку;
+# mangle - предназначена для модификации пакетов;
+# nat - обеспечивает работу nat, если вы хотите использовать компьютер в качестве маршрутизатора;
+# filter - основная таблица для фильтрации пакетов, используется по умолчанию.
+
+apt install iptables-persistent -y 
+
+# Reset rules
+iptables -F 
+iptables -t nat -F
+iptables -t mangle -F
+iptables -t filter -F
+
+# Default rules
+iptables -A INPUT -i lo -j ACCEPT
+iptables -A OUTPUT -o lo -j ACCEPT
+iptables -P INPUT ACCEPT
+iptables -P OUTPUT ACCEPT
+iptables -P FORWARD ACCEPT
+
+iptables -t nat -A POSTROUTING -o ens256 -j MASQUERADE
+iptables -t nat -A PREROUTING -i ens160 -p udp --dport 53 -j DNAT --to-destination 172.16.20.10
+# iptables -t nat -A PREROUTING -i ens256 -j DNAT --to-destination 172.16.20.10
+
+
+echo "AllowUsers ssh_p root ssh_c" >> /etc/ssh/sshd_config
+
+adduser ssh_p
+# p_hss
+
+adduser ssh_c
+# c_hss
+
+apt install frr -y
+
+systemctl stop frr; systemctl disable frr;
+sed -ie 's/ospfd=no/ospfd=yes/' /etc/frr/daemons; 
+sed -ie 's/zebra=no/zebra=yes/' /etc/frr/daemons; 
+systemctl start frr; systemctl enable frr;
+
+vtysh
+
+# frr config
+conf t 
+	ip forw
+	router ospf    
+		network 172.16.20.0/24 area 0    
+		network 172.16.50.0/30 area 0    
+		network 172.16.55.0/30 area 0    
+		network 10.5.5.0/30 area 0    
+		network 5.5.5.0/27 area 0    
+		passive-interface ens160
+		passive-interface ens256
+		exit
+	exit
+write
+exit
+
+
+# L-RTR-A
+
+apt install frr
+
+systemctl stop frr; systemctl disable frr;
+sed -ie 's/ospfd=no/ospfd=yes/' /etc/frr/daemons; 
+sed -ie 's/zebra=no/zebra=yes/' /etc/frr/daemons; 
+systemctl start frr; systemctl enable frr;
+
+vtysh
+
+# frr config
+conf t 
+	ip forw
+	router ospf    
+		network 172.16.50.0/30 area 0
+		network 172.16.100.0/24 area 0
+		passive-interface esn224
+		exit
+	exit
+write
+exit
+
+apt install isc-dhcp-server -y
+
+# Пишем интерфейсы
+nano /etc/default/isc-dhcp-server
+
+nano /etc/dhcp/dhcpd.conf
+# ( Файл находится в этой директории )
+
+# Включаем isc-dhcp-server и переагружаем
+systemctl start isc-dhcp-server && systemctl enable isc-dhcp-server; shutdown -r 0
+
+# L-RTR-B
+
+apt install frr
+
+systemctl stop frr; systemctl disable frr;
+sed -ie 's/ospfd=no/ospfd=yes/' /etc/frr/daemons; 
+sed -ie 's/zebra=no/zebra=yes/' /etc/frr/daemons; 
+systemctl start frr; systemctl enable frr;
+
+vtysh
+
+# frr config
+conf t 
+	ip forw
+	router ospf    
+		network 172.16.55.0/30 area 0    
+		network 172.16.200.0/24 area 0
+		passive-interface ens224
+		exit
+	exit
+write
+exit
+
+apt install isc-dhcp-relay
+
+# R-FW
+
+yum install /media/cdrom/lib* /media/cdrom/frr* -y
+
+systemctl stop frr; systemctl disable frr;
+sed -ie 's/ospfd=no/ospfd=yes/' /etc/frr/daemons; 
+sed -ie 's/zebra=no/zebra=yes/' /etc/frr/daemons; 
+systemctl start frr; systemctl enable frr;
+
+vtysh
+
+# frr config
+conf t
+	ip forwarding
+	router ospf
+		network 192.168.20.0/24 area 0    
+		network 192.168.10.0/30 area 0    
+		network 10.5.5.0/30 area 0    
+		network 5.5.5.0/27 area 0
+		passive-interface ens160
+		passive-interface ens224
+		exit
+	exit
+write
+exit
+
+# R-RTR
+
+yum install /media/cdrom/lib* /media/cdrom/frr* -y
+
+systemctl stop frr; systemctl disable frr;
+sed -ie 's/ospfd=no/ospfd=yes/' /etc/frr/daemons; 
+sed -ie 's/zebra=no/zebra=yes/' /etc/frr/daemons; 
+systemctl start frr; systemctl enable frr;
+
+vtysh
+
+# frr config
+conf t
+	ip forwarding
+	router ospf
+		network 192.168.10.0/30 area 0
+		network 192.168.100.0/24 area 0
+		passive-interface ens192
+		exit
+	exit
+write
+exit
+
+# L-SRV
+
+apt install bind9
+nano /etc/bind/named.conf.options
+
+// /etc/bind/named.conf.options file
+options {
+	directory "/var/cache/bind";   
+	forwarders { 10.10.10.10; }; 
+	dnssec-validation no;
+	listen-on port 53 { any; };
+	listen-on-v6 { none; };
+	allow-transfer { any; };
+	allow-recursion { any; };
+	recursion yes;
+};
+
+mkdir /opt/dns
+cp /etc/bind/db.local /opt/dns/skill39.db
+cp /etc/bind/db.127 /opt/dns/db.172
+cp /etc/bind/db.127 /opt/dns/db.192
+chown -R bind:bind /opt/dns
+
+nano /etc/apparmor.d/usr.sbin.named
+
+# /opt/dns/** rw,
+
+systemctl restart apparmor.service
+
+nano /etc/bind/named.conf.default-zones
+
+zone "skill39.wsr" {
+	type master;
+	allow-transfer { any; };
+	allow-update { 172.16.50.2; };
+	file "/opt/dns/skill39.db";
+};
+zone "16.172.in-addr.arpa" { 
+	type master; 
+	allow-transfer { any; };
+	allow-update { 172.16.50.2; };
+	file "/opt/dns/db.172";
+};
+zone "168.192.in-addr.arpa" { 
+	type master; 
+	allow-transfer { any; }; 
+	file "/opt/dns/db.192";
+};
+
+nano /opt/dns/skill39.db
+# ( Файл находится в этой директории )
+
+nano /opt/dns/db.172
+# ( Файл находится в этой директории )
+
+nano /opt/dns/db.192
+# ( Файл находится в этой директории )
+
+systemctl restart bind9
+
+# R-SRV
+
+# Disable SELinux
+setenforce 0
+sed -ie 's/SELINUX=enforcing /SELINUX=permissive/' /etc/selinux/config; 
+getenforce
+
+yum install bind
+
+mkdir /opt/dns
+chown named:named /opt/dns
+
+
+# R-SRV
+
+yum install bind 
+
+nano /etc/bind/named.conf.default-zones
+
+mkdir /opt/dns; chown -R named:named /opt/dns
+touch /opt/dns/skill39.db; chown -R named:named /opt/dns/skill39.db
+touch /opt/dns/db.172; chown -R named:named /opt/dns/db.172
+touch /opt/dns/db.192; chown -R named:named /opt/dns/db.192
+
+zone "skill39.wsr" {
+	type slave;
+	masters { 172.16.20.10; };
+	file "/opt/dns/skill39.db";
+};
+zone "16.172.in-addr.arpa" { 
+	type slave; 
+	masters { 172.16.20.10; };
+	file "/opt/dns/db.172";
+};
+zone "168.192.in-addr.arpa" { 
+	type slave; 
+	masters { 172.16.20.10; };
+	file "/opt/dns/db.192";
+};
+

linux/configs/l-/dhcpd.conf

@@ -0,0 +1,31 @@
+# /etc/dhcp/dhcpd.conf file
+# L-RTR-A
+default-lease-time 600;
+max-lease-time 7200;
+
+ddns-update-style interim;
+update-static-leases on;
+zone skill39.wsr. {  
+	primary 172.16.20.10;
+}
+zone 16.172.in-addr.arpa. {  
+	primary 172.16.20.10;
+}
+authoritative;
+
+option domain-name "skill39.wsr";
+option domain-name-servers 172.16.20.10, 192.168.20.10;
+
+subnet 172.16.50.0 netmask 255.255.255.252 {}
+subnet 172.16.100.0 netmask 255.255.255.0 { 
+	range 172.16.100.65 172.16.100.75; 
+	option routers 172.16.100.1;
+}
+subnet 172.16.200.0 netmask 255.255.255.0 { 
+	range 172.16.200.65 172.16.200.75; 
+	option routers 172.16.200.1;
+}
+host lclib { 
+	hardware ethernet 00:0C:29:1D:2C:06;  
+	fixed-address 172.16.200.61;
+}

linux/configs/l-/l-fw.sh

@@ -0,0 +1,71 @@
+HS="/etc/hostname"
+rm $HS; touch $HS
+echo "L-FW" >> $HS
+H="/etc/hosts"; rm $H; touch $H
+echo -e "# ${H} file.\n# Configured by Maxim\n\n" >> $H
+echo -e "# Default values\n127.0.0.1\tlocalhost\n::1\tip6-localhots ip6-loopback\nff02::1\tip6-allnodes\nff02::2\tip6-allrouters\n" >> $H
+echo -e "# Work values\n172.16.20.10\tl-srv l-srv.skill39.wsr\n10.10.10.1\tl-fw l-fw.skill39.wsr\n172.16.50.2\tl-rtr-a l-rtr-a.skill39.wsr\n172.16.55.2\tl-rtr-b l-rtr-b.skill39.wsr\n172.16.200.61\tl-cli-b l-cli-b.skill39.wsr\n20.20.20.5\tout-cli out-cli.skill39.wsr\n20.20.20.100\tr-fw r-fw.skill39.wsr\n192.168.20.10\tr-srv r-srv.skill39.wsr\n192.168.10.2\tr-rtr r-rtr.skill39.wsr\n192.168.100.100\tr-cli r-cli.skill39.wsr">> $H 
+echo -e "10.10.10.10\tisp" >> $H
+echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
+iptables -F
+iptables -t nat -F
+apt-cdrom add
+
+apt install frr iptables-persistent tcpdump ssh nfs-common network-manager curl lynx net-tools vim bind9utils cifs-utils -y
+
+sed -ie "s/^hosts:\t*/hosts:\t\tdns files [NOTFOUND=return] # old:/" /etc/nsswitch.conf
+SSHC="/etc/ssh/sshd_config"
+cp $SSHC $SSHC.old
+sed -ie 's/#PermitRoot.*/PermitRootLogin yes/' $SSHC
+echo "AllowUsers ssh_p root ssh_c" >> $SSHC
+iptables -t nat -A POSTROUTING -o ens256 -j MASQUERADE
+iptables -t nat -A PREROUTING -i ens256 -p udp --dport 53 -j DNAT --to-destination 172.16.20.10
+
+nmcli con del id ens192
+nmcli con del id ens224
+nmcli con del id ens256
+nmcli con del id ens160
+nmcli con del id gre1
+
+nmcli con add con-name ens192 ifname ens192 autoconnect yes type ethernet ip4 "172.16.50.1/30"
+nmcli con mod ens192 +ipv4.dns 172.16.20.10 +ipv4.dns 192.168.20.10 +ipv4.dns-search "skill39.wsr"
+nmcli con add con-name ens224 ifname ens224 autoconnect yes type ethernet ip4 "172.16.55.1/30"
+nmcli con mod ens224 +ipv4.dns 172.16.20.10 +ipv4.dns 192.168.20.10 +ipv4.dns-search "skill39.wsr"
+nmcli con add con-name ens256 ifname ens256 autoconnect yes type ethernet ip4 "172.16.20.1/24"
+nmcli con mod ens256 +ipv4.dns 172.16.20.10 +ipv4.dns 192.168.20.10 +ipv4.dns-search "skill39.wsr"
+nmcli con add con-name ens160 ifname ens160 autoconnect yes type ethernet ip4 "10.10.10.1/24" gw4 10.10.10.10
+nmcli con mod ens160 +ipv4.dns 172.16.20.10 +ipv4.dns 192.168.20.10 +ipv4.dns-search "skill39.wsr"
+nmcli con add type ip-tunnel ip-tunnel.mode gre con-name gre1 ifname gre1 autoconnect yes remote 20.20.20.100 local 10.10.10.1
+nmcli con mod gre1 ipv4.method manual ip-tunnel.ttl 64 +ipv4.addresses "10.5.5.1/30" 
+
+nmcli con up ens192 ifname ens192
+nmcli con up ens224 ifname ens224
+nmcli con up ens256 ifname ens256
+nmcli con up ens160 ifname ens160
+nmcli con up gre1 ifname gre1
+
+systemctl stop frr; systemctl disable frr;
+sed -ie 's/ospfd=no/ospfd=yes/' /etc/frr/daemons; 
+sed -ie 's/zebra=no/zebra=yes/' /etc/frr/daemons; 
+systemctl start frr; systemctl enable frr;
+
+vtysh
+conf t
+	ip forw
+	router ospf    
+		network 172.16.20.0/24 area 0    
+		network 172.16.50.0/30 area 0    
+		network 172.16.55.0/30 area 0    
+		network 10.5.5.0/30 area 0    
+		network 5.5.5.0/27 area 0    
+		passive-interface ens160
+		passive-interface ens256
+		exit
+	exit
+write
+exit
+useradd ssh_p -p p_hss
+useradd ssh_c -p c_hss
+systemctl disable chronyd ; systemctl stop chronyd
+shutdown -r 0
+

linux/configs/l-/l-rtr-a.sh

@@ -0,0 +1,53 @@
+HS="/etc/hostname"
+rm $HS; touch $HS
+echo "L-RTR-A" >> $HS
+H="/etc/hosts"; rm $H; touch $H
+echo -e "# ${H} file.\n# Configured by Maxim\n\n" >> $H
+echo -e "# Default values\n127.0.0.1\tlocalhost\n::1\tip6-localhots ip6-loopback\nff02::1\tip6-allnodes\nff02::2\tip6-allrouters\n" >> $H
+echo -e "# Work values\n172.16.20.10\tl-srv l-srv.skill39.wsr\n10.10.10.1\tl-fw l-fw.skill39.wsr\n172.16.50.2\tl-rtr-a l-rtr-a.skill39.wsr\n172.16.55.2\tl-rtr-b l-rtr-b.skill39.wsr\n172.16.200.61\tl-cli-b l-cli-b.skill39.wsr\n20.20.20.5\tout-cli out-cli.skill39.wsr\n20.20.20.100\tr-fw r-fw.skill39.wsr\n192.168.20.10\tr-srv r-srv.skill39.wsr\n192.168.10.2\tr-rtr r-rtr.skill39.wsr\n192.168.100.100\tr-cli r-cli.skill39.wsr">> $H 
+echo -e "10.10.10.10\tisp" >> $H
+echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
+iptables -F 
+apt-cdrom add
+
+apt install frr tcpdump ssh nfs-common network-manager curl lynx net-tools vim bind9utils cifs-utils -y
+
+sed -ie "s/^hosts:\t*/hosts:\t\tdns files [NOTFOUND=return] # old:/" /etc/nsswitch.conf
+SSHC="/etc/ssh/sshd_config"
+cp $SSHC $SSHC.old
+sed -ie 's/#PermitRoot.*/PermitRootLogin yes/' $SSHC
+
+nmcli con add con-name ens192 ifname ens192 autoconnect yes type ethernet ip4 172.16.50.2/30 gw4 172.16.50.1
+nmcli con mod ens192 +ipv4.dns 172.16.20.10 +ipv4.dns 192.168.20.10 +ipv4.dns-search "skill39.wsr"
+nmcli con up ens192 ifname ens192
+nmcli con add con-name ens224 ifname ens224 autoconnect yes type ethernet ip4 172.16.100.1/24 
+nmcli con mod ens224 +ipv4.dns 172.16.20.10 +ipv4.dns 192.168.20.10 +ipv4.dns-search "skill39.wsr"
+nmcli con up ens224 ifname ens224
+
+systemctl stop frr; systemctl disable frr;
+sed -ie 's/ospfd=no/ospfd=yes/' /etc/frr/daemons; 
+sed -ie 's/zebra=no/zebra=yes/' /etc/frr/daemons; 
+systemctl start frr; systemctl enable frr;
+
+vtysh
+conf t
+	router ospf
+		network 172.16.50.0/30 area 0
+		network 172.16.100.0/24 area 0
+		passive-interface esn224
+		exit
+	exit
+write
+exit
+
+apt install isc-dhcp-server -y
+
+sed -ie "s/INTERFACESv4=\"\"/INTERFACESv4=\"ens192 ens224\"/" /etc/default/isc-dhcp-server
+DHC="/etc/dhcp/dhcpd.conf"
+rm $DHC; touch $DHC
+echo -e "# /etc/dhcp/dhcpd.conf file\n# L-RTR-A\ndefault-lease-time 600;\nmax-lease-time 7200;\n\nddns-update-style interim;\nupdate-static-leases on;\nzone skill39.wsr. { primary 172.16.20.10; }\nzone 16.172.in-addr.arpa. { primary 172.16.20.10; }\nauthoritative;\n\noption domain-name \"skill39.wsr\";\noption domain-name-servers 172.16.20.10, 192.168.20.10;\n\nsubnet 172.16.50.0 netmask 255.255.255.252 {}\nsubnet 172.16.100.0 netmask 255.255.255.0 {\n\trange 172.16.100.65 172.16.100.75;\n\toption routers 172.16.100.1;\n}\nsubnet 172.16.200.0 netmask 255.255.255.0 {\n\trange 172.16.200.65 172.16.200.75;\n\toption routers 172.16.200.1;\n}\nhost lclib {\n\thardware ethernet 00:0C:29:1D:2C:06;\n\tfixed-address 172.16.200.61;\n}\n" >> $DHC
+systemctl start isc-dhcp-server && systemctl enable isc-dhcp-server
+
+systemctl disable chronyd ; systemctl stop chronyd
+shutdown -r 0
+

linux/configs/l-/l-rtr-b.sh

@@ -0,0 +1,51 @@
+HS="/etc/hostname"
+rm $HS; touch $HS
+echo "L-RTR-B" >> $HS
+H="/etc/hosts"; rm $H; touch $H
+echo -e "# ${H} file.\n# Configured by Maxim\n\n" >> $H
+echo -e "# Default values\n127.0.0.1\tlocalhost\n::1\tip6-localhots ip6-loopback\nff02::1\tip6-allnodes\nff02::2\tip6-allrouters\n" >> $H
+echo -e "# Work values\n172.16.20.10\tl-srv l-srv.skill39.wsr\n10.10.10.1\tl-fw l-fw.skill39.wsr\n172.16.50.2\tl-rtr-a l-rtr-a.skill39.wsr\n172.16.55.2\tl-rtr-b l-rtr-b.skill39.wsr\n172.16.200.61\tl-cli-b l-cli-b.skill39.wsr\n20.20.20.5\tout-cli out-cli.skill39.wsr\n20.20.20.100\tr-fw r-fw.skill39.wsr\n192.168.20.10\tr-srv r-srv.skill39.wsr\n192.168.10.2\tr-rtr r-rtr.skill39.wsr\n192.168.100.100\tr-cli r-cli.skill39.wsr">> $H 
+echo -e "10.10.10.10\tisp" >> $H
+echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
+iptables -F 
+apt-cdrom add
+
+apt install frr tcpdump ssh nfs-common network-manager curl lynx net-tools vim bind9utils cifs-utils -y
+
+sed -ie "s/^hosts:\t*/hosts:\t\tdns files [NOTFOUND=return] # old:/" /etc/nsswitch.conf
+SSHC="/etc/ssh/sshd_config"
+cp $SSHC $SSHC.old
+sed -ie 's/#PermitRoot.*/PermitRootLogin yes/' $SSHC
+
+systemctl start NetworkManager
+nmcli con add con-name ens192 ifname ens192 autoconnect yes type ethernet ip4 172.16.55.2/30 gw4 172.16.55.1
+nmcli con mod ens192 +ipv4.dns 172.16.20.10 +ipv4.dns 192.168.20.10 +ipv4.dns-search "skill39.wsr"
+nmcli con up ens192 ifname ens192
+nmcli con add con-name ens224 ifname ens224 autoconnect yes type ethernet ip4 172.16.200.1/24 
+nmcli con mod ens224 +ipv4.dns 172.16.20.10 +ipv4.dns 192.168.20.10 +ipv4.dns-search "skill39.wsr"
+nmcli con up ens224 ifname ens224
+
+systemctl stop frr; systemctl disable frr;
+sed -ie 's/ospfd=no/ospfd=yes/' /etc/frr/daemons; 
+sed -ie 's/zebra=no/zebra=yes/' /etc/frr/daemons; 
+systemctl start frr; systemctl enable frr;
+
+vtysh
+conf t
+	router ospf    
+		network 172.16.55.0/30 area 0    
+		network 172.16.200.0/24 area 0
+		passive-interface ens224
+		exit
+	exit
+write
+exit
+
+apt install isc-dhcp-relay -y
+
+# 172.16.50.2
+# ens192 ens224
+
+systemctl disable chronyd ; systemctl stop chronyd
+shutdown -r 0
+

linux/configs/l-/l-srv.sh

@@ -0,0 +1,55 @@
+HS="/etc/hostname"
+rm $HS; touch $HS
+echo "L-SRV" >> $HS
+H="/etc/hosts"; rm $H; touch $H
+echo -e "# ${H} file.\n# Configured by Maxim\n\n" >> $H
+echo -e "# Default values\n127.0.0.1\tlocalhost\n::1\tip6-localhots ip6-loopback\nff02::1\tip6-allnodes\nff02::2\tip6-allrouters\n" >> $H
+echo -e "# Work values\n172.16.20.10\tl-srv l-srv.skill39.wsr\n10.10.10.1\tl-fw l-fw.skill39.wsr\n172.16.50.2\tl-rtr-a l-rtr-a.skill39.wsr\n172.16.55.2\tl-rtr-b l-rtr-b.skill39.wsr\n172.16.200.61\tl-cli-b l-cli-b.skill39.wsr\n20.20.20.5\tout-cli out-cli.skill39.wsr\n20.20.20.100\tr-fw r-fw.skill39.wsr\n192.168.20.10\tr-srv r-srv.skill39.wsr\n192.168.10.2\tr-rtr r-rtr.skill39.wsr\n192.168.100.100\tr-cli r-cli.skill39.wsr">> $H 
+echo -e "10.10.10.10\tisp" >> $H
+echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
+iptables -F 
+apt-cdrom add
+
+apt-get install tcpdump bind9 ssh nfs-common network-manager curl lynx net-tools vim bind9utils cifs-utils dnsutils -y
+
+apt install git zsh curl -y
+sh -c "$(curl -fsSL https://raw.github.com/ohmyzsh/ohmyzsh/master/tools/install.sh)"
+
+sed -ie "s/^hosts:\t*/hosts:\t\tdns files [NOTFOUND=return] # old:/" /etc/nsswitch.conf
+SSHC="/etc/ssh/sshd_config"
+cp $SSHC $SSHC.old
+sed -ie 's/#PermitRoot.*/PermitRootLogin yes/' $SSHC
+
+nmcli con del id ens192
+nmcli con add con-name ens192 ifname ens192 autoconnect yes type ethernet ip4 "172.16.20.10/24" gw4 172.16.20.1
+nmcli con mod ens192 +ipv4.dns 172.16.20.10 +ipv4.dns 192.168.20.10 +ipv4.dns-search "skill39.wsr"
+nmcli con up ens192 ifname ens192
+
+NMCO="/etc/bind/named.conf.options"
+rm $NMCO; touch $NMCO; chown -R bind:bind $NMCO
+echo -e "// /etc/bind/named.conf.options file\noptions {\n\tdirectory \"/var/cache/bind\";\n\tforwarders { 10.10.10.10; };\n\tdnssec-validation no;\n\tlisten-on-v6 { none; };\n\trecursion yes;\n};"  >> $NMCO
+
+mkdir /opt/dns
+cp /etc/bind/db.local /opt/dns/skill39.db
+cp /etc/bind/db.127 /opt/dns/db.172
+cp /etc/bind/db.127 /opt/dns/db.192
+chown -R bind:bind /opt/dns
+sed -ie "s/^}$/\n\n  # skill39 zones\n  \/opt\/dns\/** rw,\n}/" /etc/apparmor.d/usr.sbin.named
+
+echo -e "
+zone \"skill39.wsr\" {\n\ttype master;\n\tallow-transfer { any; };\n\tallow-update { 172.16.50.2; };\n\tfile \"/opt/dns/skill39.db\";\n};
+zone \"16.172.in-addr.arpa\" { \n\ttype master; \n\tallow-transfer { any; };\n\tallow-update { 172.16.50.2; };\n\tfile \"/opt/dns/db.172\";};
+zone \"168.192.in-addr.arpa\" {\n\ttype master; \n\tallow-transfer { any; }; \n\tfile \"/opt/dns/db.192\";\n};" >> /etc/bind/named.conf.default-zones
+
+nano /opt/dns/skill39.db
+# ( -opt-dns )
+
+nano /opt/dns/db.172
+# ( -opt-dns )
+
+nano /opt/dns/db.192
+# ( -opt-dns )
+
+systemctl disable chronyd ; systemctl stop chronyd
+shutdown -r 0
+

linux/configs/r-/out-cli.sh

@@ -0,0 +1,36 @@
+HS="/etc/hostname"
+sh -c "rm $HS"; touch $HS
+echo "OUT-CLI" >> $HS
+H="/etc/hosts"; rm $H; touch $H
+echo -e "# ${H} file.\n# Configured by Maxim\n\n" >> $H
+echo -e "# Default values\n127.0.0.1\tlocalhost\n::1\tip6-localhots ip6-loopback\nff02::1\tip6-allnodes\nff02::2\tip6-allrouters\n" >> $H
+echo -e "# Work values\n172.16.20.10\tl-srv l-srv.skill39.wsr\n10.10.10.1\tl-fw l-fw.skill39.wsr\n172.16.50.2\tl-rtr-a l-rtr-a.skill39.wsr\n172.16.55.2\tl-rtr-b l-rtr-b.skill39.wsr\n172.16.200.61\tl-cli-b l-cli-b.skill39.wsr\n20.20.20.5\tout-cli out-cli.skill39.wsr\n20.20.20.100\tr-fw r-fw.skill39.wsr\n192.168.20.10\tr-srv r-srv.skill39.wsr\n192.168.10.2\tr-rtr r-rtr.skill39.wsr\n192.168.100.100\tr-cli r-cli.skill39.wsr">> $H 
+echo -e "20.20.20.10\tisp" >> $H
+echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
+setenforce 0
+sed -ie 's/SELINUX=enforcing /SELINUX=permissive/' /etc/selinux/config; 
+systemctl stop firewalld && systemctl disable firewalld
+
+cd /media/; rm -rf *
+mkdir CentOS; mkdir cdrom
+cd /etc/
+mv yum.repos.d/ yum.repos.d-default/; mkdir yum.repos.d
+REPF="/etc/yum.repos.d/CentOS-Media.repo"
+touch $REPF
+echo -e "# ${REPF} file.\n# Configured by Maxim\n\n[c7-media]\nname=CentOS-$releasever - Media\nbaseurl=file:///media/CentOS/\n\t\tfile:///media/cdrom/\ngpgcheck=1\nenabled=1\ngpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7"  >> $REPF
+mount -L "CentOS 7 x86_64" /media/CentOS; mount -L "CDROM" /media/cdrom
+
+yum install lynx vim net-tools dhclient bash-completion tcpdump curl nfs-utils cifs-utils sshpass bind-utils -y
+
+sed -ie "s/^hosts:\t*/hosts:\t\tdns files [NOTFOUND=return] # old:/" /etc/nsswitch.conf
+SSHC="/etc/ssh/sshd_config"
+cp $SSHC $SSHC.old
+sed -ie 's/#PermitRoot.*/PermitRootLogin yes/' $SSHC
+nmcli con del id ens32
+nmcli con add con-name ens32 ifname ens32 autoconnect yes type ethernet ip4 "20.20.20.5/24" gw4 20.20.20.5
+nmcli con mod ens32 +ipv4.dns 10.10.10.1 +ipv4.dns 20.20.20.100 +ipv4.dns-search "skill39.wsr"
+nmcli con up ens32 ifname ens32
+
+systemctl disable chronyd ; systemctl stop chronyd
+shutdown -r 0
+

linux/configs/r-/r-cli.sh

@@ -0,0 +1,37 @@
+HS="/etc/hostname"
+sh -c "rm $HS"; touch $HS
+echo "R-CLI" >> $HS
+H="/etc/hosts"; rm $H; touch $H
+echo -e "# ${H} file.\n# Configured by Maxim\n\n" >> $H
+echo -e "# Default values\n127.0.0.1\tlocalhost\n::1\tip6-localhots ip6-loopback\nff02::1\tip6-allnodes\nff02::2\tip6-allrouters\n" >> $H
+echo -e "# Work values\n172.16.20.10\tl-srv l-srv.skill39.wsr\n10.10.10.1\tl-fw l-fw.skill39.wsr\n172.16.50.2\tl-rtr-a l-rtr-a.skill39.wsr\n172.16.55.2\tl-rtr-b l-rtr-b.skill39.wsr\n172.16.200.61\tl-cli-b l-cli-b.skill39.wsr\n20.20.20.5\tout-cli out-cli.skill39.wsr\n20.20.20.100\tr-fw r-fw.skill39.wsr\n192.168.20.10\tr-srv r-srv.skill39.wsr\n192.168.10.2\tr-rtr r-rtr.skill39.wsr\n192.168.100.100\tr-cli r-cli.skill39.wsr">> $H 
+echo -e "20.20.20.10\tisp" >> $H
+echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
+setenforce 0
+sed -ie 's/SELINUX=enforcing /SELINUX=permissive/' /etc/selinux/config; 
+systemctl stop firewalld && systemctl disable firewalld
+
+cd /media/; rm -rf *
+mkdir CentOS; mkdir cdrom
+cd /etc/
+mv yum.repos.d/ yum.repos.d-default/; mkdir yum.repos.d
+REPF="/etc/yum.repos.d/CentOS-Media.repo"
+touch $REPF
+echo -e "# ${REPF} file.\n# Configured by Maxim\n\n[c7-media]\nname=CentOS-$releasever - Media\nbaseurl=file:///media/CentOS/\n\t\tfile:///media/cdrom/\ngpgcheck=1\nenabled=1\ngpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7"  >> $REPF
+mount -L "CentOS 7 x86_64" /media/CentOS
+mount -L "CDROM" /media/cdrom
+
+yum install lynx vim net-tools dhclient bash-completion tcpdump curl nfs-utils cifs-utils sshpass bind-utils -y
+
+sed -ie "s/^hosts:\t*/hosts:\t\tdns files [NOTFOUND=return] # old:/" /etc/nsswitch.conf
+SSHC="/etc/ssh/sshd_config"
+cp $SSHC $SSHC.old
+sed -ie 's/#PermitRoot.*/PermitRootLogin yes/' $SSHC
+nmcli con del id ens32
+nmcli con add con-name ens32 ifname ens32 autoconnect yes type ethernet ip4 192.168.100.100/24 gw4 192.168.100.1
+nmcli con mod ens32 +ipv4.dns 172.16.20.10 +ipv4.dns 192.168.20.10 +ipv4.dns-search "skill39.wsr"
+nmcli con up ens32 ifname ens32
+
+systemctl disable chronyd ; systemctl stop chronyd
+shutdown -r 0
+

linux/configs/r-/r-fw.sh

@@ -0,0 +1,74 @@
+HS="/etc/hostname"
+sh -c "rm $HS"; touch $HS
+echo "R-FW" >> $HS
+H="/etc/hosts"; rm $H; touch $H
+echo -e "# ${H} file.\n# Configured by Maxim\n\n" >> $H
+echo -e "# Default values\n127.0.0.1\tlocalhost\n::1\tip6-localhots ip6-loopback\nff02::1\tip6-allnodes\nff02::2\tip6-allrouters\n" >> $H
+echo -e "# Work values\n172.16.20.10\tl-srv l-srv.skill39.wsr\n10.10.10.1\tl-fw l-fw.skill39.wsr\n172.16.50.2\tl-rtr-a l-rtr-a.skill39.wsr\n172.16.55.2\tl-rtr-b l-rtr-b.skill39.wsr\n172.16.200.61\tl-cli-b l-cli-b.skill39.wsr\n20.20.20.5\tout-cli out-cli.skill39.wsr\n20.20.20.100\tr-fw r-fw.skill39.wsr\n192.168.20.10\tr-srv r-srv.skill39.wsr\n192.168.10.2\tr-rtr r-rtr.skill39.wsr\n192.168.100.100\tr-cli r-cli.skill39.wsr">> $H 
+echo -e "20.20.20.10\tisp" >> $H
+echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
+setenforce 0
+sed -ie 's/SELINUX=enforcing /SELINUX=permissive/' /etc/selinux/config; 
+systemctl stop firewalld && systemctl disable firewalld
+
+cd /media/; rm -rf *
+mkdir CentOS; mkdir cdrom
+cd /etc/
+mv yum.repos.d/ yum.repos.d-default/; mkdir yum.repos.d
+REPF="/etc/yum.repos.d/CentOS-Media.repo"
+touch $REPF
+echo -e "# ${REPF} file.\n# Configured by Maxim\n\n[c7-media]\nname=CentOS-$releasever - Media\nbaseurl=file:///media/CentOS/\n\t\tfile:///media/cdrom/\ngpgcheck=1\nenabled=1\ngpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7"  >> $REPF
+mount -L "CentOS 7 x86_64" /media/CentOS
+mount -L "CDROM" /media/cdrom
+
+yum install lynx vim net-tools dhclient bash-completion tcpdump curl nfs-utils cifs-utils sshpass bind-utils -y
+
+sed -ie "s/^hosts:\t*/hosts:\t\tdns files [NOTFOUND=return] # old:/" /etc/nsswitch.conf
+SSHC="/etc/ssh/sshd_config"
+cp $SSHC $SSHC.old
+sed -ie 's/#PermitRoot.*/PermitRootLogin yes/' $SSHC
+
+nmcli con del id ens192
+nmcli con del id ens224
+nmcli con del id ens160
+nmcli con del id gre1
+
+nmcli con add con-name ens192 ifname ens192 autoconnect yes type ethernet ip4 "192.168.10.1/30"
+nmcli con mod ens192 +ipv4.dns 172.16.20.10 +ipv4.dns 192.168.20.10 +ipv4.dns-search "skill39.wsr"
+nmcli con add con-name ens224 ifname ens224 autoconnect yes type ethernet ip4 "192.168.20.1/24"
+nmcli con mod ens224 +ipv4.dns 172.16.20.10 +ipv4.dns 192.168.20.10 +ipv4.dns-search "skill39.wsr"
+nmcli con add con-name ens160 ifname ens160 autoconnect yes type ethernet ip4 "20.20.20.100/24" gw4 20.20.20.10
+nmcli con mod ens160 +ipv4.dns 172.16.20.10 +ipv4.dns 192.168.20.10 +ipv4.dns-search "skill39.wsr"
+nmcli con add type ip-tunnel ip-tunnel.mode gre con-name gre1 ifname gre1 autoconnect yes remote 10.10.10.1 local 20.20.20.100
+nmcli con mod gre1 ipv4.method manual +ipv4.addresses "10.5.5.2/30" 
+nmcli con mod gre1 ip-tunnel.ttl 64
+
+nmcli con up ens192 ifname ens192
+nmcli con up ens224 ifname ens224
+nmcli con up ens160 ifname ens160
+nmcli con up gre1 ifname gre1
+
+yum install /media/cdrom/lib* /media/cdrom/frr* -y
+
+systemctl stop frr; systemctl disable frr;
+sed -ie 's/ospfd=no/ospfd=yes/' /etc/frr/daemons; 
+sed -ie 's/zebra=no/zebra=yes/' /etc/frr/daemons; 
+systemctl start frr; systemctl enable frr;
+
+vtysh
+conf t
+	ip forw
+	router ospf
+		network 192.168.10.0/30 area 0
+		network 192.168.20.0/24 area 0 
+		network 10.5.5.0/30 area 0
+		network 5.5.5.0/27 area 0
+		passive-interface ens160
+		passive-interface ens224
+		exit
+	exit
+write
+exit
+systemctl disable chronyd ; systemctl stop chronyd
+shutdown -r 0
+

linux/configs/r-/r-rtr.sh

@@ -0,0 +1,61 @@
+HS="/etc/hostname"
+sh -c "rm $HS"; touch $HS
+echo "R-RTR" >> $HS
+H="/etc/hosts"; rm $H; touch $H
+echo -e "# ${H} file.\n# Configured by Maxim\n\n" >> $H
+echo -e "# Default values\n127.0.0.1\tlocalhost\n::1\tip6-localhots ip6-loopback\nff02::1\tip6-allnodes\nff02::2\tip6-allrouters\n" >> $H
+echo -e "# Work values\n172.16.20.10\tl-srv l-srv.skill39.wsr\n10.10.10.1\tl-fw l-fw.skill39.wsr\n172.16.50.2\tl-rtr-a l-rtr-a.skill39.wsr\n172.16.55.2\tl-rtr-b l-rtr-b.skill39.wsr\n172.16.200.61\tl-cli-b l-cli-b.skill39.wsr\n20.20.20.5\tout-cli out-cli.skill39.wsr\n20.20.20.100\tr-fw r-fw.skill39.wsr\n192.168.20.10\tr-srv r-srv.skill39.wsr\n192.168.10.2\tr-rtr r-rtr.skill39.wsr\n192.168.100.100\tr-cli r-cli.skill39.wsr">> $H 
+echo -e "20.20.20.10\tisp" >> $H
+echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
+setenforce 0
+sed -ie 's/SELINUX=enforcing /SELINUX=permissive/' /etc/selinux/config; 
+systemctl stop firewalld && systemctl disable firewalld
+
+cd /media/; rm -rf *
+mkdir CentOS; mkdir cdrom
+cd /etc/
+mv yum.repos.d/ yum.repos.d-default/; mkdir yum.repos.d
+REPF="/etc/yum.repos.d/CentOS-Media.repo"
+touch $REPF
+echo -e "# ${REPF} file.\n# Configured by Maxim\n\n[c7-media]\nname=CentOS-$releasever - Media\nbaseurl=file:///media/CentOS/\n\t\tfile:///media/cdrom/\ngpgcheck=1\nenabled=1\ngpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7"  >> $REPF
+mount -L "CentOS 7 x86_64" /media/CentOS
+mount -L "CDROM" /media/cdrom
+
+yum install lynx vim net-tools dhclient bash-completion tcpdump curl nfs-utils cifs-utils sshpass bind-utils -y
+
+sed -ie "s/^hosts:\t*/hosts:\t\tdns files [NOTFOUND=return] # old:/" /etc/nsswitch.conf
+SSHC="/etc/ssh/sshd_config"
+cp $SSHC $SSHC.old
+sed -ie 's/#PermitRoot.*/PermitRootLogin yes/' $SSHC
+
+nmcli con del id ens192
+nmcli con del id ens160
+
+nmcli con add con-name ens160 ifname ens160 autoconnect yes type ethernet ip4 192.168.10.2/30 gw4 192.168.10.1
+nmcli con mod ens160 +ipv4.dns 172.16.20.10 +ipv4.dns 192.168.20.10 +ipv4.dns-search "skill39.wsr"
+nmcli con add con-name ens192 ifname ens192 autoconnect yes type ethernet ip4 192.168.100.1/24
+nmcli con mod ens192 +ipv4.dns 172.16.20.10 +ipv4.dns 192.168.20.10 +ipv4.dns-search "skill39.wsr"
+
+nmcli con up ens160 ifname ens160
+nmcli con up ens192 ifname ens192
+
+yum install /media/cdrom/lib* /media/cdrom/frr* -y
+
+systemctl stop frr; systemctl disable frr;
+sed -ie 's/ospfd=no/ospfd=yes/' /etc/frr/daemons; 
+sed -ie 's/zebra=no/zebra=yes/' /etc/frr/daemons; 
+systemctl start frr; systemctl enable frr;
+
+vtysh
+conf t
+	router ospf
+		network 192.168.10.0/30 area 0
+		network 192.168.100.0/24 area 0
+		passive-interface ens192
+		exit
+	exit
+write
+exit
+systemctl disable chronyd ; systemctl stop chronyd
+shutdown -r 0
+

linux/configs/r-/r-srv.sh

@@ -0,0 +1,38 @@
+HS="/etc/hostname"
+sh -c "rm $HS"; touch $HS
+echo "R-SRV" >> $HS
+H="/etc/hosts"; rm $H; touch $H
+echo -e "# ${H} file.\n# Configured by Maxim\n\n" >> $H
+echo -e "# Default values\n127.0.0.1\tlocalhost\n::1\tip6-localhots ip6-loopback\nff02::1\tip6-allnodes\nff02::2\tip6-allrouters\n" >> $H
+echo -e "# Work values\n172.16.20.10\tl-srv l-srv.skill39.wsr\n10.10.10.1\tl-fw l-fw.skill39.wsr\n172.16.50.2\tl-rtr-a l-rtr-a.skill39.wsr\n172.16.55.2\tl-rtr-b l-rtr-b.skill39.wsr\n172.16.200.61\tl-cli-b l-cli-b.skill39.wsr\n20.20.20.5\tout-cli out-cli.skill39.wsr\n20.20.20.100\tr-fw r-fw.skill39.wsr\n192.168.20.10\tr-srv r-srv.skill39.wsr\n192.168.10.2\tr-rtr r-rtr.skill39.wsr\n192.168.100.100\tr-cli r-cli.skill39.wsr">> $H 
+echo -e "20.20.20.10\tisp" >> $H
+echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
+setenforce 0
+sed -ie 's/SELINUX=enforcing /SELINUX=permissive/' /etc/selinux/config; 
+systemctl stop firewalld && systemctl disable firewalld
+
+cd /media/; rm -rf *
+mkdir CentOS; mkdir cdrom
+cd /etc/
+mv yum.repos.d/ yum.repos.d-default/; mkdir yum.repos.d
+REPF="/etc/yum.repos.d/CentOS-Media.repo"
+touch $REPF
+echo -e "# ${REPF} file.\n# Configured by Maxim\n\n[c7-media]\nname=CentOS-$releasever - Media\nbaseurl=file:///media/CentOS/\n\t\tfile:///media/cdrom/\ngpgcheck=1\nenabled=1\ngpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7"  >> $REPF
+mount -L "CentOS 7 x86_64" /media/CentOS
+mount -L "CDROM" /media/cdrom
+
+yum install lynx vim net-tools dhclient bash-completion tcpdump curl nfs-utils cifs-utils sshpass bind-utils bind -y
+
+sed -ie "s/^hosts:\t*/hosts:\t\tdns files [NOTFOUND=return] # old:/" /etc/nsswitch.conf
+SSHC="/etc/ssh/sshd_config"
+cp $SSHC $SSHC.old
+sed -ie 's/#PermitRoot.*/PermitRootLogin yes/' $SSHC
+
+nmcli con del id ens160
+nmcli con add con-name ens160 ifname ens160 autoconnect yes type ethernet ip4 192.168.20.10/24 gw4 192.168.20.1
+nmcli con mod ens160 +ipv4.dns 172.16.20.10 +ipv4.dns 192.168.20.10 +ipv4.dns-search "skill39.wsr"
+nmcli con up ens160 ifname ens160
+
+systemctl disable chronyd ; systemctl stop chronyd
+shutdown -r 0
+

linux/configs/sshd_config.sh

@@ -0,0 +1,12 @@
+SSH_CONFIG="/etc/ssh/sshd_config"
+
+echo "Port 22" >> $SSH_CONFIG
+echo "ListenAddress 0.0.0.0" >> $SSH_CONFIG
+echo "PasswordAuthentication yes" >> $SSH_CONFIG
+echo "PermitEmptyPasswords no" >> $SSH_CONFIG
+echo "ChallengeResponseAuthentication no" >> $SSH_CONFIG
+echo "UsePAM yes" >> $SSH_CONFIG
+echo "X11Forwarding no" >> $SSH_CONFIG
+echo "PrintMotd no" >> $SSH_CONFIG
+echo "AcceptEnv LANG LC_*" >> $SSH_CONFIG
+echo -e "Subsystem\tsftp\t/usr/lib/openssh/sftp-server" >> $SSH_CONFIG