#!/bin/sh 

## Disable SE Linux
cp /etc/selinux/config /etc/selinux/config-bak
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config

## modify fstab default security 
cp /etc/fstab /etc/fstab.orig
sed -i '\/tmp/s/defaults/noexec,nosuid/g' /etc/fstab

#lock sshd
echo "PermitRootLogin no" >> /etc/ssh/sshd_config

#add default nameserver
#echo "nameserver 64.38.192.12" >> /etc/resolv.conf
echo "nameserver 64.38.192.13" >> /etc/resolv.conf

#tweak bash config
echo "HISTTIMEFORMAT=\"%m/%d %H:%M \"" >> /etc/profile
echo -e "HISTFILESIZE=1000000\nHISTSIZE=1000000\nexport HISTTIMEFORMAT" >> /etc/profile
echo "set completion-ignore-case on" >> ~/.inputrc 


#disable unnecessary services
chkconfig --level 3 apmd off
chkconfig --level 3 cpuspeed off
chkconfig --level 3 gpm off
chkconfig --level 3 iptables off
chkconfig --level 3 kudzu off
chkconfig --level 3 mdmonitor off
chkconfig --level 3 nfslock off
chkconfig --level 3 portmap off
chkconfig --level 3 rpcidmapd off
chkconfig --level 3 rpcsvcgssd off
chkconfig --level 3 xinetd off
chkconfig --level 3 smartd off
chkconfig --level 3 rpcgssd off
chkconfig --level 3 xfs off
chkconfig --level 3 pcscd off

#enable necessary services
chkconfig --level 3 ntpd on

#fixup logrotate
mv /etc/cron.daily/logrotate /root/old-logrotate-cron-script
cd /etc/cron.daily
wget http://192.168.200.2/post/logrotate
chmod +x logrotate
mkdir -p /etc/logrotate/tmp
chmod -R 755 /etc/logrotate

#lock down hosts.allow
echo -e "#sshd\nsshd : 172.196.20. : allow\nsshd : 192.168. : allow\nsshd : 64.38.194. : allow\nsshd : 209.188.10.214 : allow\nsshd : ALL : deny\n#telnetd\ntelnetd : 209.188.10.214 : allow \ntelnetd : ALL : deny" >> /etc/hosts.allow