#!/bin/sh

# CWIE Security Install - database-server specific tweaks
cd /usr/src
wget http://192.168.200.2/post/c5-security/c5-security-dbsrv.tgz
tar xzf c5-security-dbsrv.tgz -C /etc

chkconfig mysqld –-level 345 on
echo "15 * * * * /sbin/pam_tally2 --user ecs_admin --reset" >> /var/spool/cron/root

mkdir /home/ecs_admin
cp /etc/skel/.* /home/ecs_admin
chown -R 501:501 /home/ecs_admin

sed -r -i -e "s/^HOSTNAME=.*$/HOSTNAME=dbsrv/" /etc/sysconfig/network
hostname dbsrv
sed -r -i -e "/^IPADDR/d" -e "/^NETMASK/d" -e "/^GATEWAY/d" /etc/sysconfig/network-scripts/ifcfg-eth0
echo -e "IPADDR=192.168.6.7\nNETMASK=255.255.255.240\nGATEWAY=192.168.6.1" >> /etc/sysconfig/network-scripts/ifcfg-eth0
mv /etc/sysconfig/network-scripts/ifcfg-eth0-new /etc/sysconfig/network-scripts/ifcfg-eth0

# Also, we need to remove the stupid old_passwords line in /etc/my.cnf
sed -r -i -e '/old_passwords/d' /etc/my.cnf
 
# Need to find a way to run mysql_secure_installation or the equivalent
# MySQL isn't running yet though... can we start it here?
/etc/init.d/mysqld start
echo "DROP DATABASE test" | mysql
echo "DROP USER 'root'@'dbsrv'" | mysql
echo "DROP USER 'root'@'127.0.0.1'" | mysql
echo "SET PASSWORD FOR 'root'@'localhost' = '*CEF5E35CCDA586B5AD29B814C725E28E11C23D13'" | mysql
/etc/init.d/mysqld stop
chkconfig --level 3 mysqld on 

# Force users to change passwords
chage -d 0 fdt_admin
chage -d 0 ecs_admin
chage -d 0 root

/usr/sbin/aide --init
cp /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz