#!/bin/sh # set variables exec < /dev/tty6 > /dev/tty6 chvt 6 BRAND=`dialog --title "Which Brand?" --backtitle "CWIE LLC" --no-cancel --stdout --menu "Choose the brand" 10 40 3 securedservers.com SecuredServers cavecreek.net Cavecreek ecsuitehosting.com ECSuite` HOSTNAME=`dialog --title "Enter hostname" --backtitle "CWIE LLC" --no-cancel --stdout --inputbox "Please enter the portion before the brand" 8 60` USER=`dialog --title "Enter initial username" --backtitle "CWIE LLC" --no-cancel --stdout --inputbox "This will be the default user for the server" 8 60` PASSWD=`dialog --title "Enter $USER's password" --backtitle "CWIE LLC" --no-cancel --stdout --inputbox "This will be the default password for this user" 8 60` ENCPASSWD=`openssl passwd -1 $PASSWD` # Removed to add new code #ETH0IP=`dialog --title "Enter eth0 IP" --backtitle "CWIE LLC" --no-cancel --stdout --inputbox "This will more than likely be a backend IP" 8 60` #ETH0SUB=`dialog --title "What is subnet mask for ETH0?" --backtitle "CWIE LLC" --no-cancel --stdout --default-item 255.255.255.128 --menu "Choose the subnet mask" 12 40 6 255.255.255.248 \/29 255.255.255.240 \/28 255.255.255.224 \/27 255.255.255.192 \/26 255.255.255.128 \/25 255.255.255.0 \/24` #ETH1IP=`dialog --title "Enter the initial eth1 IP" --backtitle "CWIE LLC" --no-cancel --stdout --inputbox "This will more than likely be a frontend IP" 8 60` #ETH1SUB=`dialog --title "What is subnet mask for ETH1?" --backtitle "CWIE LLC" --no-cancel --stdout --default-item 255.255.255.248 --menu "Choose the subnet mask" 12 40 6 255.255.255.248 \/29 255.255.255.240 \/28 255.255.255.224 \/27 255.255.255.192 \/26 255.255.255.128 \/25 255.255.255.0 \/24` #ETH1GW=`dialog --title "Enter the eth1 gateway" --backtitle "CWIE LLC" --no-cancel --stdout --inputbox "This will normally be the first IP minus 1" 8 60` FE_IP_NETWORK=`dialog --title "Frontend IP Setup" --backtitle "CWIE LLC" --no-cancel --stdout --inputbox "Please enter the Frontend IP range in CIDR notation:" 8 60` BE_IP=`dialog --title "Backend IP Setup" --backtitle "CWIE LLC" --no-cancel --stdout --inputbox "Please enter the Backend IP" 8 60` chvt 1 # IP the box FE_NETWORK=$(echo "$FE_IP_NETWORK" | cut -f1 -d'/') FE_GATEWAY=$(echo "$FE_NETWORK" | cut -f4 -d'.' | sed 's/$/+1/' | bc | sed "s/^/$FE_NETWORK./" | cut -f1,2,3,5 -d'.') FE_FIRSTIP=$(echo "$FE_GATEWAY" | cut -f4 -d'.' | sed 's/$/+1/' | bc | sed "s/^/$FE_NETWORK./" | cut -f1,2,3,5 -d'.') FE_NETBLOCK=$(echo "$FE_IP_NETWORK" | cut -f2 -d'/') if [ $FE_NETBLOCK = "29" ]; then FE_NETMASK=255.255.255.248 CNT=5 elif [ $FE_NETBLOCK = "28" ]; then FE_NETMASK=255.255.255.240 CNT=13 elif [ $FE_NETBLOCK = "27" ]; then FE_NETMASK=255.255.255.224 CNT=29 elif [ $FE_NETBLOCK = "26" ]; then FE_NETMASK=255.255.255.192 CNT=61 else echo "Unrecognized FE_NETBLOCK!" exit 1 fi sed -i 's/BOOTPROTO=dhcp/BOOTPROTO=static/g' /etc/sysconfig/network-scripts/ifcfg-eth0 echo "IPADDR=$BE_IP" >> /etc/sysconfig/network-scripts/ifcfg-eth0 echo "NETMASK=255.255.255.128" >> /etc/sysconfig/network-scripts/ifcfg-eth0 sed -i 's/BOOTPROTO=dhcp/BOOTPROTO=static/g' /etc/sysconfig/network-scripts/ifcfg-eth1 sed -i 's/ONBOOT=no/ONBOOT=yes/' /etc/sysconfig/network-scripts/ifcfg-eth1 echo "IPADDR=$FE_FIRSTIP" >> /etc/sysconfig/network-scripts/ifcfg-eth1 echo "NETMASK=$FE_NETMASK" >> /etc/sysconfig/network-scripts/ifcfg-eth1 echo "GATEWAY=$FE_GATEWAY" >> /etc/sysconfig/network-scripts/ifcfg-eth1 IPS=1 while [ $IPS -lt $CNT ]; do echo DEVICE=eth1:$IPS > /etc/sysconfig/network-scripts/ifcfg-eth1:$IPS echo BOOTPROTO=static >> /etc/sysconfig/network-scripts/ifcfg-eth1:$IPS echo IPADDR=$(echo "$FE_FIRSTIP" | cut -f4 -d'.' | sed 's/$/+'$IPS'/' | bc | sed "s/^/$FE_NETWORK./" | cut -f1,2,3,5 -d'.') >> /etc/sysconfig/network-scripts/ifcfg-eth1:$IPS echo NETMASK=$FE_NETMASK >> /etc/sysconfig/network-scripts/ifcfg-eth1:$IPS echo ONBOOT=yes >> /etc/sysconfig/network-scripts/ifcfg-eth1:$IPS let IPS=IPS+1 done ## modify fstab default security cp /etc/fstab /etc/fstab.orig sed -i '\/tmp/s/defaults/noexec,nosuid/g' /etc/fstab #lock sshd sed -i -r -e 's/^#PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config #add default nameserver echo "options rotate" > /etc/resolv.conf echo "nameserver 64.38.192.12" >> /etc/resolv.conf echo "nameserver 64.38.192.13" >> /etc/resolv.conf echo "search $BRAND" >> /etc/resolv.conf #change hostname sed -i '/^HOSTNAME=localhost/ d' /etc/sysconfig/network echo "HOSTNAME=$HOSTNAME.$BRAND" >> /etc/sysconfig/network #tweak bash config echo "HISTTIMEFORMAT=\"%m/%d %H:%M \"" >> /etc/profile echo -e "HISTFILESIZE=1000000\nHISTSIZE=1000000\nexport HISTTIMEFORMAT" >> /etc/profile echo "set completion-ignore-case on" >> ~/.inputrc #fixup logrotate mv /etc/cron.daily/logrotate /root/old-logrotate-cron-script cd /etc/cron.daily wget http://192.168.200.2/post/logrotate.repl -O logrotate chmod +x logrotate mkdir -p /etc/logrotate/tmp chmod -R 755 /etc/logrotate # Install snmpd config & fix logging mv /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.stock wget http://192.168.200.2/post/snmpd.conf -O /etc/snmp/snmpd.conf sed -ir 's/-Lsd/-LS 0-4 d/g' /etc/init.d/snmpd #modify default yum database wget http://192.168.200.2/post/centos5-yum.repo -O /etc/yum.repos.d/CentOS-Base.repo #update yum and install stress util rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5 yum -y install yum-priorities yum -y update if [ `uname -i` == "i386" ]; then rpm -Uhv http://192.168.200.2/post/rpmforge-release-0.5.1-1.el5.rf.i386.rpm elif [ `uname -i` == "x86_64" ]; then rpm -Uhv http://192.168.200.2/post/rpmforge-release-0.5.1-1.el5.rf.x86_64.rpm fi echo "priority=10" >> /etc/yum.repos.d/rpmforge.repo yum -y install stress lshw rsync --disablerepo=\* --enablerepo=rpmforge useradd -G wheel -p $ENCPASSWD $USER # Switch to the first kernel, which will have no useful effect in x86_64, but will switch to PAE in i386 sed -i -r -e 's/^default=[0-9]$/default=0/' /boot/grub/menu.lst #Sendmail hopeful fix echo "$FE_FIRSTIP $HOSTNAME.$BRAND $HOSTNAME" >> /etc/hosts