#!/bin/sh ## Disable SE Linux cp /etc/selinux/config /etc/selinux/config-bak sed -i 's/SELINUX=permissive/SELINUX=disabled/g' /etc/selinux/config ## modify fstab default security cp /etc/fstab /etc/fstab.orig sed -i '\/tmp/s/defaults/noexec,nosuid/g' /etc/fstab #lock sshd sed -i -r -e 's/^#PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config #fix httpd to do overrides (.htaccess) sed -i -r -e 's/AllowOverride none/AllowOverride All/' /etc/httpd/conf/httpd.conf #add default nameserver echo "options rotate" > /etc/resolv.conf echo "nameserver 64.38.192.12" >> /etc/resolv.conf echo "nameserver 64.38.192.13" >> /etc/resolv.conf #tweak bash config echo "HISTTIMEFORMAT=\"%m/%d %H:%M \"" >> /etc/profile echo -e "HISTFILESIZE=1000000\nHISTSIZE=1000000\nexport HISTTIMEFORMAT" >> /etc/profile echo "set completion-ignore-case on" >> ~/.inputrc #disable unnecessary services chkconfig apmd off chkconfig cpuspeed off chkconfig gpm off chkconfig iptables off chkconfig kudzu off chkconfig mdmonitor off chkconfig nfslock off chkconfig portmap off chkconfig rpcidmapd off chkconfig rpcsvcgssd off chkconfig xinetd off chkconfig smartd off chkconfig rpcgssd off chkconfig xfs off chkconfig pcscd off #enable necessary services chkconfig ntpd on chkconfig snmpd on #fixup logrotate mv /etc/cron.daily/logrotate /root/old-logrotate-cron-script cd /etc/cron.daily wget http://192.168.200.2/post/logrotate.repl -O logrotate chmod +x logrotate mkdir -p /etc/logrotate/tmp chmod -R 755 /etc/logrotate #lock down hosts.allow echo " sshd : 10.0.0.0/255.0.0.0 : allow sshd : 172.16.0.0/255.240.0.0 : allow sshd : 192.168.0.0/255.255.0.0 : allow sshd : 64.38.194.0/255.255.255.0 : allow sshd : 209.188.10.214 : allow sshd : ALL : deny telnetd : 209.188.10.214 : allow telnetd : ALL : deny snmpd : 209.188.10.214 : allow snmpd : 64.38.205.144/255.255.255.240 : allow snmpd : ALL : deny " >> /etc/hosts.allow # Install snmpd config & fix logging mv /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.stock wget http://192.168.200.2/post/snmpd.conf -O /etc/snmp/snmpd.conf sed -ir 's/-Lsd/-LS 0-4 d/g' /etc/init.d/snmpd #modify default yum database wget http://192.168.200.2/post/centos5-yum.repo -O /etc/yum.repos.d/CentOS-Base.repo #update yum and install stress util rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5 yum -y install yum-priorities yum -y update if [ `uname -i` == "i386" ]; then rpm -Uhv http://192.168.200.2/post/rpmforge-release-0.5.2-2.el5.rf.i386.rpm elif [ `uname -i` == "x86_64" ]; then rpm -Uhv http://192.168.200.2/post/rpmforge-release-0.5.2-2.el5.rf.x86_64.rpm fi echo "priority=10" >> /etc/yum.repos.d/rpmforge.repo yum -y install stress proftpd lshw rsync htop --disablerepo=\* --enablerepo=rpmforge sed -i 's/BOOTPROTO=dhcp/BOOTPROTO=static/g' /etc/sysconfig/network-scripts/ifcfg-eth0 # Switch to the first kernel, which will have no useful effect in x86_64, but will switch to PAE in i386 sed -i -r -e 's/^default=[0-9]$/default=0/' /boot/grub/menu.lst