Skip to content

Instantly share code, notes, and snippets.

@anthonypants

anthonypants/rConfig.md

Last active November 18, 2019 03:46
Show Gist options
  • Save anthonypants/ce4d01f75d8cf1a34fa6301a5550c9d9 to your computer and use it in GitHub Desktop.
Save anthonypants/ce4d01f75d8cf1a34fa6301a5550c9d9 to your computer and use it in GitHub Desktop.
Download ZIP
Don't Use: rConfig
Raw
rConfig.md

I was having trouble setting up RANCID, and their documentation sucks ass, so I thought I’d look at alternatives, and came across rConfig. It has a native web interface, and my coworkers hate Linux, so I thought I’d give it a look. I came across a few things:

  1. The install method is to download and run an installer script at http://rconfig.com/downloads/scripts/install_rConfig.sh. This script is a wrapper to determine if you have CentOS 6 or CentOS 7. You can get to this file over https, but then the script calls http://www.rconfig.com/downloads/scripts/centos7_install.sh or http://www.rconfig.com/downloads/scripts/centos6_install.sh, depending on what version of CentOS you have. I’m only going to bother writing up the CentOS 7 version, but I don’t think there’s going to be that much of a difference.

  2. The next thing it does is install wget. Through yum, thankfully. Then it downloads http://www.rconfig.com/downloads/scripts/login.sh and moves it to /etc/profile.d/.

  3. Then it disables SELinux by modifying /etc/selinux/config and changing ‘enforcing’ to ‘disabled’. It then checks to see if it’s set to disabled; if it’s set to permissive, this part of the script will probably fail. A backup of the original /etc/selinux/config is not saved.

  4. /etc/sudoers is modified to allow the apache user access to disable requiring tty, and also allowing access to the crontab, zip, chmod, chown, whoami, wc, tail, and rm commands without a password.

  5. The firewalld service is disabled and stopped. The iptables service is stopped.

  6. The following repos are installed:

  1. The epel and remo repos are used to install httpd. wget is installed again. mlocate, attr, open-vm-tools, tree, the Development Tools group, ntp, sudo, telnet, bind-utils, traceroute, tree, unzip, vixie-cron, crontabs, openssl-devel, openssl, mod_ssl, vsftpd, mysql-server, mysql, mod_auth_mysql, mysql-devel, php70w-devel, php70w, php70w-gd, php70w-mbstring, php70w-mysql, php70w-pear, php70w-cli, php70w-common, and php70w-pdo are installed via yum.

  2. ntp, httpd, mysqld, vsftpd, and crond are enabled and started.

  3. vsftp is configured. The original /etc/vsftpd/vsftpd.conf is preserved as /etc/vsftpd/vsftpd.conf.original. The user is given the option to allow the root user access to connect over FTP.

  4. ntp is configured. The user is given the option to define an ntp server, or it can use time.nist.gov.

  5. The file http://www.rconfig.com/downloads/scripts/centos7_postReboot.sh is downloaded. The user is asked to reboot after the following step and run this script.

  6. mysql_secure_installation is run.

  7. The user reboots, and runs the post-reboot script.

  8. http://www.rconfig.com/downloads/rconfig-3.6.7.zip is downloaded and unzipped into /home, creating /home/rconfig, and the apache user is assigned recursive ownership of the folder.

  9. /etc/httpd/conf/httpd.conf is moved to /etc/httpd/conf/httpd.conf.original, and a new httpd.conf is moved in its place. Apache is restarted.

  10. /etc/php.ini is configured. Apache is restarted.

  11. SELinux is checked again by looking for a ‘dot’ at the end of the permissions list in ls -ahl, and if it finds one, it modifies every folder in the /home directory by removing the security.selinux attribute with setfattr.

  12. The user is prompted to go to https://$hostname/install to finish the installation. /home/rconfig gets chowned to the apache user again, and any shell scripts in /home are removed.

Miscellaneous comments: You have to sign up to get the link to the download script or any installation documentation. They have a GitHub, and a more recent version is allegedly in development, but it wasn’t immediately clear how to deploy that, so I just went with this, the stable version. When you register, they send you an email address with your username and password in it. You cannot change your password. They have an SSL cert for https://www.rconfig.com but it expired in November of last year. They’re using Let’s Encrypt, so there’s really no reason why they can’t get it renewed, or why they can’t also get one for rconfig.com. Some of their other domains also have expired certs. There are a lot of hardcoded progress bars that don’t actually do anything. Like, here’s one from the first installer script, but there’s one of these in almost every section of each script:

sleep 1
echo $OSMSG;
echo -ne '##### (33%)\r'
sleep 1
echo -ne '############# (66%)\r'
sleep 1
echo -ne '##########################(100%)\n'
# Get major CentOS version 6 or 7
OSVERSION=$(rpm -qa \*-release | grep -Ei “oracle|redhat|centos” | cut -d"-" -f3)

etc.

With all of this in mind, I will not be using this product, and I would strongly recommend that anyone considering using this product use RANCID instead. (Incidentally, I got my RANCID issues figured out.)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment