#!/bin/bash read BRAND < /tmp/myvar-brand read HOSTNAME < /tmp/myvar-hostname read FE_IP_NETWORK < /tmp/myvar-fe_ip_network read BE_IP < /tmp/myvar-be_ip # IP the box FE_NETWORK=$(echo "$FE_IP_NETWORK" | cut -f1 -d'/') FE_GATEWAY=$(echo "$FE_NETWORK" | cut -f4 -d'.' | sed 's/$/+1/' | bc | sed "s/^/$FE_NETWORK./" | cut -f1,2,3,5 -d'.') FE_FIRSTIP=$(echo "$FE_GATEWAY" | cut -f4 -d'.' | sed 's/$/+1/' | bc | sed "s/^/$FE_NETWORK./" | cut -f1,2,3,5 -d'.') FE_NETBLOCK=$(echo "$FE_IP_NETWORK" | cut -f2 -d'/') if [ $FE_NETBLOCK = "29" ]; then FE_NETMASK=255.255.255.248 CNT=5 elif [ $FE_NETBLOCK = "28" ]; then FE_NETMASK=255.255.255.240 CNT=13 elif [ $FE_NETBLOCK = "27" ]; then FE_NETMASK=255.255.255.224 CNT=29 elif [ $FE_NETBLOCK = "26" ]; then FE_NETMASK=255.255.255.192 CNT=61 elif [ $FE_NETBLOCK = "25" ]; then FE_NETMASK=255.255.255.128 CNT=125 else echo "Unrecognized FE_NETBLOCK!" exit 1 fi sed -i 's/BOOTPROTO="dhcp"/BOOTPROTO="static"/g' /etc/sysconfig/network-scripts/ifcfg-eth0 echo "IPADDR=$BE_IP" >> /etc/sysconfig/network-scripts/ifcfg-eth0 echo "NETMASK=255.255.255.128" >> /etc/sysconfig/network-scripts/ifcfg-eth0 sed -i 's/BOOTPROTO="dhcp"/BOOTPROTO="static"/g' /etc/sysconfig/network-scripts/ifcfg-eth1 sed -i 's/ONBOOT=no/ONBOOT=yes/' /etc/sysconfig/network-scripts/ifcfg-eth1 echo "IPADDR=$FE_FIRSTIP" >> /etc/sysconfig/network-scripts/ifcfg-eth1 echo "NETMASK=$FE_NETMASK" >> /etc/sysconfig/network-scripts/ifcfg-eth1 echo "GATEWAY=$FE_GATEWAY" >> /etc/sysconfig/network-scripts/ifcfg-eth1 IPS=1 while [ $IPS -lt $CNT ]; do echo DEVICE=eth1:$IPS > /etc/sysconfig/network-scripts/ifcfg-eth1:$IPS echo BOOTPROTO=static >> /etc/sysconfig/network-scripts/ifcfg-eth1:$IPS echo IPADDR=$(echo "$FE_FIRSTIP" | cut -f4 -d'.' | sed 's/$/+'$IPS'/' | bc | sed "s/^/$FE_NETWORK./" | cut -f1,2,3,5 -d'.') >> /etc/sysconfig/network-scripts/ifcfg-eth1:$IPS echo NETMASK=$FE_NETMASK >> /etc/sysconfig/network-scripts/ifcfg-eth1:$IPS echo ONBOOT=yes >> /etc/sysconfig/network-scripts/ifcfg-eth1:$IPS let IPS=IPS+1 done ## modify fstab default security cp /etc/fstab /etc/fstab.orig sed -i '\/tmp/s/defaults/noexec,nosuid/g' /etc/fstab #change hostname sed -i '/^HOSTNAME=localhost/ d' /etc/sysconfig/network echo "HOSTNAME=$HOSTNAME.$BRAND" >> /etc/sysconfig/network #tweak bash config echo "HISTTIMEFORMAT=\"%m/%d %H:%M \"" >> /etc/profile echo -e "HISTFILESIZE=1000000\nHISTSIZE=1000000\nexport HISTTIMEFORMAT" >> /etc/profile echo "set completion-ignore-case on" >> ~/.inputrc #fixup logrotate mv /etc/cron.daily/logrotate /root/old-logrotate-cron-script cd /etc/cron.daily wget http://192.168.200.2/post/logrotate.repl -O logrotate chmod +x logrotate mkdir -p /etc/logrotate/tmp chmod -R 755 /etc/logrotate # Install snmpd config & fix logging mv /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.stock wget http://192.168.200.2/post/snmpd.conf -O /etc/snmp/snmpd.conf sed -ir 's/-Lsd/-LS 0-4 d/g' /etc/init.d/snmpd #modify default yum database # wget http://192.168.200.2/post/centos5-yum.repo -O /etc/yum.repos.d/CentOS-Base.repo #update yum and install stress util rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-sl6 yum -y install yum-priorities yum -y update --exclude="kernel-*" #if [ `uname -i` == "i386" ]; then # rpm -Uhv http://192.168.200.2/post/rpmforge-release-0.5.2-2.el6.rf.i386.rpm #elif [ `uname -i` == "x86_64" ]; then # rpm -Uhv http://192.168.200.2/post/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm #fi #echo "priority=10" >> /etc/yum.repos.d/rpmforge.repo #yum -y install stress lshw rsync htop --disablerepo=\* --enablerepo=rpmforge if [ -f /tmp/myvar-rootonly ] then sed -i -r -e 's/^#PermitRootLogin yes/PermitRootLogin yes/' /etc/ssh/sshd_config else sed -i -r -e 's/^#PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config read USER < /tmp/myvar-user read PASSWD < /tmp/myvar-passwd ENCPASSWD=`openssl passwd -1 $PASSWD` useradd -G wheel -p $ENCPASSWD $USER fi # Switch to the first kernel, which will have no useful effect in x86_64, but will switch to PAE in i386 sed -i -r -e 's/^default=[0-9]$/default=0/' /boot/grub/menu.lst #Sendmail hopeful fix echo "$FE_FIRSTIP $HOSTNAME.$BRAND $HOSTNAME" >> /etc/hosts #If Cavecreek/ECSuite setup the following settings read BRAND < /tmp/myvar-brand if [ "$BRAND" = "securedservers.com" ]; then #add default nameserver echo "options rotate" > /etc/resolv.conf echo "nameserver 174.138.175.115" >> /etc/resolv.conf echo "nameserver 174.138.175.116" >> /etc/resolv.conf echo "search $BRAND" >> /etc/resolv.conf echo Done. else #add default nameserver echo "options rotate" > /etc/resolv.conf echo "nameserver 64.38.192.12" >> /etc/resolv.conf echo "nameserver 64.38.192.13" >> /etc/resolv.conf echo "search $BRAND" >> /etc/resolv.conf #disable unnecessary services chkconfig apmd off chkconfig cpuspeed off chkconfig gpm off chkconfig iptables off chkconfig kudzu off chkconfig mdmonitor off chkconfig nfslock off chkconfig portmap off chkconfig rpcidmapd off chkconfig rpcsvcgssd off chkconfig xinetd off chkconfig smartd off chkconfig rpcgssd off chkconfig xfs off chkconfig pcscd off #enable necessary services chkconfig ntpd on chkconfig snmpd on #lock down hosts.allow echo " sshd : 10.0.0.0/255.0.0.0 : allow sshd : 172.16.0.0/255.240.0.0 : allow sshd : 192.168.0.0/255.255.0.0 : allow sshd : 64.38.194.0/255.255.255.0 : allow sshd : 209.188.10.214 : allow sshd : ALL : deny telnetd : 209.188.10.214 : allow telnetd : ALL : deny snmpd : 209.188.10.214 : allow snmpd : 64.38.205.144/255.255.255.240 : allow snmpd : ALL : deny " >> /etc/hosts.allow # Install ART Repo #wget -q -O - http://www.atomicorp.com/installers/atomic.sh | sh # Install Big Brother #useradd -G wheel -d /var/bbc bbc #chgrp wheel /var/log/messages #chmod 640 /var/log/messages #cd /var #wget http://192.168.200.2/post/centos-bbc.tgz #tar xzf centos-bbc.tgz #sed -ir 's/ /'$FE_FIRSTIP' '$HOSTNAME.$BRAND'/g' /var/bbc/etc/bb-hosts #wget http://192.168.200.2/post/rc.bbc -O /etc/init.d/bbc #chmod +x /etc/init.d/bbc #chkconfig bbc on # Install Kerberos yum -y install krb5-devel krb5-libs krb5-workstation sed -i s/yes/no/g /etc/xinetd.d/krb5-telnet mv /etc/krb5.conf /etc/krb5.conf.old wget http://installscripts.cavecreek.net/kerb-fedora1/krb5.conf -O /etc/krb5.conf chkconfig xinetd on #should be done fi #cleanup variables rm -f /tmp/myvar*