Skip to content

Instantly share code, notes, and snippets.

@dPacc

dPacc/ec2-automation.md

Forked from ashiwanikumar/server-update-report.md
Last active September 16, 2023 19:57
Show Gist options
  • Save dPacc/12d1135337c046a00f8245bce1da6027 to your computer and use it in GitHub Desktop.
Save dPacc/12d1135337c046a00f8245bce1da6027 to your computer and use it in GitHub Desktop.
Download ZIP
EC2 Security Automation
Raw
ec2-automation.md

Creating a File:

  1. Create a new file under /etc/cron.daily/ named "autoupdate"

    root@dashboard:/home/linuxadmin# vim /etc/cron.daily/autoupdate

  2. Paste the following script into the file:

OS Update with Dist-upgrade

#!/bin/sh
{
    echo "Auto update started on $(date)"
    apt-get update
    apt-get upgrade -y
    apt-get dist-upgrade -y
    apt-get autoclean
    apt-get autoremove -y
    echo "Auto update completed on $(date)"
} >> /var/log/autoupdate.log

mail -s "Auto update report for Server :Website_API_10.4.0.230 $(date)" -a "From: no-reply@domain.org" email@domain.org < /var/log/autoupdate.log

Only for Dist-upgrade

#!/bin/sh
{
    echo "Auto update started on $(date)"
    apt-get update
    apt-get upgrade -y
    echo "Dist-upgrade started on $(date)"
    apt-get dist-upgrade -y
    echo "Dist-upgrade completed on $(date)"
    apt-get autoclean
    apt-get autoremove -y
    echo "Auto update completed on $(date)"
} >> /var/log/autoupdate.log

mail -s "Auto update report for Server :Website_API_10.4.0.230 $(date)" -a "From: no-reply@domain.org" email@domain.org < /var/log/autoupdate.log
  1. Save and exit the file.

Installing Mailutils:

  1. Use this command to install Mailutils:

    sudo apt-get install mailutils -y

  2. Edit the configuration file: nano /etc/postfix/main.cf

    #relayhost =

  3. Add the following lines to the end of the file:

NOTE: If you are using aliases in on your email, use the primary email address

relayhost = [smtp.office365.com]:587
smtp_sasl_auth_enable = yes
smtp_sasl_security_options = noanonymous
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_use_tls = yes
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt

  1. Save and exit the file.

  2. Edit the /etc/postfix/sasl_passwd file and add this line:

    [smtp.office365.com]:587 test@domain.org:Password1234

  3. Change the ownership and permissions of the file:

sudo chown root:root /etc/postfix/sasl_passwd
sudo chmod 600 /etc/postfix/sasl_passwd
sudo postmap /etc/postfix/sasl_passwd

  1. Restart postfix with this command:

    sudo systemctl restart postfix

  2. Map the password file again:

    sudo postmap /etc/postfix/sasl_passwd

Testing the Email:

  1. Use the following command to test sending an email:

    echo "This is a test email body." | mail -s "Test Email Subject" -a "From: xyz@domain.org" abc@domain.org

  2. Insert this line in the crontab to automatically renew certbot and send an email after completion:

    0 2 * * * /usr/bin/certbot renew --quiet; echo "Certbot renewal job completed" | mail -s "Certbot Renewal Output" -a "From: no-reply@domain.org" email@domain.org

For testing the OS update log email run: sudo postmap /etc/postfix/sasl_passwd

Anti Virus Setup (Open Source)

sudo apt-get install clamav clamav-daemon -y
sudo freshclam
sudo systemctl start clamav-freshclam
sudo systemctl enable clamav-freshclam
sudo systemctl status clamav-freshclam
sudo systemctl stop clamav-freshclam
sudo systemctl disable clamav-freshclam
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment