#!/bin/bash read BRAND < /tmp/myvar-brand read HOSTNAME < /tmp/myvar-hostname read FE_IP_NETWORK < /tmp/myvar-fe_ip_network read BE_IP < /tmp/myvar-be_ip read FE_NET_SPEED < /tmp/myvar-fe_net_speed # IP the box FE_NETWORK=$(echo "$FE_IP_NETWORK" | cut -f1 -d'/') FE_GATEWAY=$(echo "$FE_NETWORK" | cut -f4 -d'.' | sed 's/$/+1/' | bc | sed "s/^/$FE_NETWORK./" | cut -f1,2,3,5 -d'.') FE_FIRSTIP=$(echo "$FE_GATEWAY" | cut -f4 -d'.' | sed 's/$/+1/' | bc | sed "s/^/$FE_NETWORK./" | cut -f1,2,3,5 -d'.') FE_NETBLOCK=$(echo "$FE_IP_NETWORK" | cut -f2 -d'/') if [ $FE_NETBLOCK = "29" ]; then FE_NETMASK=255.255.255.248 CNT=5 elif [ $FE_NETBLOCK = "28" ]; then FE_NETMASK=255.255.255.240 CNT=13 elif [ $FE_NETBLOCK = "27" ]; then FE_NETMASK=255.255.255.224 CNT=29 elif [ $FE_NETBLOCK = "26" ]; then FE_NETMASK=255.255.255.192 CNT=61 elif [ $FE_NETBLOCK = "25" ]; then FE_NETMASK=255.255.255.128 CNT=125 else echo "Unrecognized FE_NETBLOCK!" exit 1 fi sed -i 's/BOOTPROTO=dhcp/BOOTPROTO=static/g' /etc/sysconfig/network-scripts/ifcfg-eth0 echo "IPADDR=$BE_IP" >> /etc/sysconfig/network-scripts/ifcfg-eth0 echo "NETMASK=255.255.255.128" >> /etc/sysconfig/network-scripts/ifcfg-eth0 sed -i 's/BOOTPROTO=dhcp/BOOTPROTO=static/g' /etc/sysconfig/network-scripts/ifcfg-eth1 sed -i 's/ONBOOT=no/ONBOOT=yes/' /etc/sysconfig/network-scripts/ifcfg-eth1 echo "IPADDR=$FE_FIRSTIP" >> /etc/sysconfig/network-scripts/ifcfg-eth1 echo "NETMASK=$FE_NETMASK" >> /etc/sysconfig/network-scripts/ifcfg-eth1 echo "GATEWAY=$FE_GATEWAY" >> /etc/sysconfig/network-scripts/ifcfg-eth1 if [ $FE_NET_SPEED = "10" ]; then echo 'ETHTOOL_OPTS="speed 10 duplex full autoneg off"' >> /etc/sysconfig/network-scripts/ifcfg-eth1 elif [ $FE_NET_SPEED = "100" ]; then echo 'ETHTOOL_OPTS="speed 100 duplex full autoneg off"' >> /etc/sysconfig/network-scripts/ifcfg-eth1 else sleep 1 fi IPS=1 while [ $IPS -lt $CNT ]; do echo DEVICE=eth1:$IPS > /etc/sysconfig/network-scripts/ifcfg-eth1:$IPS echo BOOTPROTO=static >> /etc/sysconfig/network-scripts/ifcfg-eth1:$IPS echo IPADDR=$(echo "$FE_FIRSTIP" | cut -f4 -d'.' | sed 's/$/+'$IPS'/' | bc | sed "s/^/$FE_NETWORK./" | cut -f1,2,3,5 -d'.') >> /etc/sysconfig/network-scripts/ifcfg-eth1:$IPS echo NETMASK=$FE_NETMASK >> /etc/sysconfig/network-scripts/ifcfg-eth1:$IPS echo ONBOOT=yes >> /etc/sysconfig/network-scripts/ifcfg-eth1:$IPS let IPS=IPS+1 done ## modify fstab default security cp /etc/fstab /etc/fstab.orig sed -i '\/tmp/s/defaults/noexec,nosuid/g' /etc/fstab #change hostname sed -i '/^HOSTNAME=localhost/ d' /etc/sysconfig/network echo "HOSTNAME=$HOSTNAME.$BRAND" >> /etc/sysconfig/network #tweak bash config echo "HISTTIMEFORMAT=\"%m/%d %H:%M \"" >> /etc/profile echo -e "HISTFILESIZE=1000000\nHISTSIZE=1000000\nexport HISTTIMEFORMAT" >> /etc/profile echo "set completion-ignore-case on" >> ~/.inputrc #fixup logrotate mv /etc/cron.daily/logrotate /root/old-logrotate-cron-script cd /etc/cron.daily wget http://192.168.200.2/post/logrotate.repl -O logrotate chmod +x logrotate mkdir -p /etc/logrotate/tmp chmod -R 755 /etc/logrotate # Install snmpd config & fix logging mv /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.stock wget http://192.168.200.2/post/snmpd.conf -O /etc/snmp/snmpd.conf sed -ir 's/-Lsd/-LS 0-4 d/g' /etc/init.d/snmpd #modify default yum database wget http://192.168.200.2/post/centos5-yum.repo -O /etc/yum.repos.d/CentOS-Base.repo #update yum and install stress util rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5 yum -y install yum-priorities #yum -y update if [ `uname -i` == "i386" ]; then rpm -Uhv http://192.168.200.2/post/rpmforge-release-0.5.2-2.el5.rf.i386.rpm elif [ `uname -i` == "x86_64" ]; then rpm -Uhv http://192.168.200.2/post/rpmforge-release-0.5.2-2.el5.rf.x86_64.rpm fi echo "priority=10" >> /etc/yum.repos.d/rpmforge.repo yum -y install stress lshw rsync htop --disablerepo=\* --enablerepo=rpmforge if [ -f /tmp/myvar-rootonly ] then sed -i -r -e 's/^#PermitRootLogin yes/PermitRootLogin yes/' /etc/ssh/sshd_config else sed -i -r -e 's/^#PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config read USER < /tmp/myvar-user read PASSWD < /tmp/myvar-passwd ENCPASSWD=`openssl passwd -1 $PASSWD` useradd -G wheel -p $ENCPASSWD $USER fi # Switch to the first kernel, which will have no useful effect in x86_64, but will switch to PAE in i386 sed -i -r -e 's/^default=[0-9]$/default=0/' /boot/grub/menu.lst #Sendmail hopeful fix echo "$FE_FIRSTIP $HOSTNAME.$BRAND $HOSTNAME" >> /etc/hosts #If Cavecreek/ECSuite setup the following settings read BRAND < /tmp/myvar-brand if [ "$BRAND" = "securedservers.com" ]; then #add default nameserver echo "options rotate" > /etc/resolv.conf echo "nameserver 174.138.175.115" >> /etc/resolv.conf echo "nameserver 174.138.175.116" >> /etc/resolv.conf echo "search localhost" >> /etc/resolv.conf echo Done. else #add default nameserver echo "options rotate" > /etc/resolv.conf echo "nameserver 64.38.192.12" >> /etc/resolv.conf echo "nameserver 64.38.192.13" >> /etc/resolv.conf echo "search $BRAND" >> /etc/resolv.conf #disable unnecessary services chkconfig apmd off chkconfig cpuspeed off chkconfig gpm off chkconfig iptables off chkconfig kudzu off chkconfig mdmonitor off chkconfig nfslock off chkconfig portmap off chkconfig rpcidmapd off chkconfig rpcsvcgssd off chkconfig xinetd off chkconfig smartd off chkconfig rpcgssd off chkconfig xfs off chkconfig pcscd off #enable necessary services chkconfig ntpd on chkconfig snmpd on #lock down hosts.allow echo " sshd : 10.0.0.0/255.0.0.0 : allow sshd : 172.16.0.0/255.240.0.0 : allow sshd : 192.168.0.0/255.255.0.0 : allow sshd : 64.38.194.0/255.255.255.0 : allow sshd : 209.188.10.214 : allow sshd : ALL : deny telnetd : 209.188.10.214 : allow telnetd : ALL : deny snmpd : 209.188.10.214 : allow snmpd : 64.38.205.144/255.255.255.240 : allow snmpd : ALL : deny " >> /etc/hosts.allow # Install ART Repo wget -q -O - http://www.atomicorp.com/installers/atomic.sh | sh # Install Big Brother useradd -G wheel -d /var/bbc bbc chgrp wheel /var/log/messages chmod 640 /var/log/messages cd /var wget http://192.168.200.2/post/centos-bbc.tgz tar xzf centos-bbc.tgz sed -ir 's/ /'$FE_FIRSTIP' '$HOSTNAME.$BRAND'/g' /var/bbc/etc/bb-hosts wget http://192.168.200.2/post/rc.bbc -O /etc/init.d/bbc chmod +x /etc/init.d/bbc chkconfig bbc on # Install Kerberos yum -y install krb5-devel krb5-libs krb5-workstation sed -i s/yes/no/g /etc/xinetd.d/krb5-telnet mv /etc/krb5.conf /etc/krb5.conf.old wget http://installscripts.cavecreek.net/kerb-fedora1/krb5.conf -O /etc/krb5.conf chkconfig xinetd on # Fix Apache AllowOverride echo " AllowOverride All Options +FollowSymLinks " >> /etc/httpd/conf/httpd.conf #should be done fi #cleanup variables rm -f /tmp/myvar*