#!/bin/bash 

read BRAND < /tmp/myvar-brand
read HOSTNAME < /tmp/myvar-hostname
read FE_IP_NETWORK < /tmp/myvar-fe_ip_network
read BE_IP < /tmp/myvar-be_ip

# IP the box
FE_NETWORK=$(echo "$FE_IP_NETWORK" | cut -f1 -d'/')
FE_GATEWAY=$(echo "$FE_NETWORK" | cut -f4 -d'.' | sed 's/$/+1/' | bc | sed "s/^/$FE_NETWORK./" | cut -f1,2,3,5 -d'.')
FE_FIRSTIP=$(echo "$FE_GATEWAY" | cut -f4 -d'.' | sed 's/$/+1/' | bc | sed "s/^/$FE_NETWORK./" | cut -f1,2,3,5 -d'.')
FE_NETBLOCK=$(echo "$FE_IP_NETWORK" | cut -f2 -d'/')

if [ $FE_NETBLOCK = "29" ]; then
        FE_NETMASK=255.255.255.248
        CNT=5
elif [ $FE_NETBLOCK = "28" ]; then
        FE_NETMASK=255.255.255.240
        CNT=13
elif [ $FE_NETBLOCK = "27" ]; then
        FE_NETMASK=255.255.255.224
        CNT=29
elif [ $FE_NETBLOCK = "26" ]; then
        FE_NETMASK=255.255.255.192
        CNT=61
elif [ $FE_NETBLOCK = "25" ]; then
        FE_NETMASK=255.255.255.128
        CNT=125
else
        echo "Unrecognized FE_NETBLOCK!"
        exit 1
fi

sed -i 's/iface eth0 inet dhcp/iface eth0 inet static/g' /etc/network/interfaces
echo address $BE_IP >> /etc/network/interfaces
echo netmask 255.255.255.128 >> /etc/network/interfaces
echo -e "\n" >> /etc/network/interfaces
echo auto eth1 >> /etc/network/interfaces
echo iface eth1 inet static >> /etc/network/interfaces
echo address $FE_FIRSTIP >> /etc/network/interfaces
echo netmask $FE_NETMASK >> /etc/network/interfaces
echo gateway $FE_GATEWAY >> /etc/network/interfaces

IPS=1
while [ $IPS -lt $CNT ]; do
		echo -e "\n" >> /etc/network/interfaces
        echo auto eth1:$IPS >> /etc/network/interfaces
        echo iface eth1:$IPS inet static >> /etc/network/interfaces
        echo address $(echo "$FE_FIRSTIP" | cut -f4 -d'.' | sed 's/$/+'$IPS'/' | bc | sed "s/^/$FE_NETWORK./" | cut -f1,2,3,5 -d'.') >> /etc/network/interfaces
        echo netmask $FE_NETMASK >> /etc/network/interfaces
        let IPS=IPS+1
done

## modify fstab default security 
#cp /etc/fstab /etc/fstab.orig
#sed -i '\/tmp/s/defaults/noexec,nosuid/g' /etc/fstab

#add default nameserver
echo "options rotate" > /etc/resolv.conf
echo "nameserver 64.38.192.12" >> /etc/resolv.conf
echo "nameserver 64.38.192.13" >> /etc/resolv.conf
echo "search $BRAND" >> /etc/resolv.conf

#change hostname
echo "HOSTNAME=$HOSTNAME.$BRAND" >> /etc/hostname

#tweak bash config
echo "HISTTIMEFORMAT=\"%m/%d %H:%M \"" >> /etc/profile
echo -e "HISTFILESIZE=1000000\nHISTSIZE=1000000\nexport HISTTIMEFORMAT" >> /etc/profile
echo "set completion-ignore-case on" >> ~/.inputrc 

#fixup logrotate
mv /etc/cron.daily/logrotate /root/old-logrotate-cron-script
cd /etc/cron.daily
wget http://192.168.200.2/post/logrotate.repl -O logrotate
chmod +x logrotate
mkdir -p /etc/logrotate/tmp
chmod -R 755 /etc/logrotate

# Install snmpd config
mv /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.stock
wget http://192.168.200.2/post/snmpd.conf -O /etc/snmp/snmpd.conf

#SSH root allow
if [ -f /tmp/myvar-rootonly ]
	then
		echo bupkiss
	else
		sed -i -r -e 's/^PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config
		read USER < /tmp/myvar-user
		read PASSWD < /tmp/myvar-passwd
		ENCPASSWD=`openssl passwd -1 $PASSWD`
		useradd -G wheel -p $ENCPASSWD $USER
fi

#Sendmail hopeful fix
echo "$FE_FIRSTIP     $HOSTNAME.$BRAND $HOSTNAME" >> /etc/hosts

#If Cavecreek/ECSuite setup the following settings
read BRAND < /tmp/myvar-brand
if [ "$BRAND" = "securedservers.com" ];
then
echo Done.
else

#lock down hosts.allow
echo "
sshd : 10.0.0.0/255.0.0.0 : allow
sshd : 172.16.0.0/255.240.0.0 : allow
sshd : 192.168.0.0/255.255.0.0 : allow
sshd : 64.38.194.0/255.255.255.0 : allow
sshd : 209.188.10.214 : allow
sshd : ALL : deny

telnetd : 209.188.10.214 : allow
telnetd : ALL : deny

snmpd : 209.188.10.214 : allow
snmpd : 64.38.205.144/255.255.255.240 : allow
snmpd : ALL : deny
" >> /etc/hosts.allow

# Install Big Brother
#useradd -G wheel -d /var/bbc bbc
#chgrp wheel /var/log/messages
#chmod 640 /var/log/messages
#cd /var
#wget http://192.168.200.2/post/centos-bbc.tgz
#tar xzf centos-bbc.tgz
#sed -ir 's/<your external ip> <your hostname>/'$FE_FIRSTIP' '$HOSTNAME.$BRAND'/g' /var/bbc/etc/bb-hosts
#wget http://192.168.200.2/post/rc.bbc -O /etc/init.d/bbc
#chmod +x /etc/init.d/bbc
#chkconfig bbc on

# Install Kerberos
apt-get install libkrb5-dev libkrb5-3 krb5-telnetd krb5-user
sed -i s/yes/no/g /etc/xinetd.d/krb5-telnet
mv /etc/krb5.conf /etc/krb5.conf.old
wget http://installscripts.cavecreek.net/kerb-fedora1/krb5.conf -O /etc/krb5.conf

#should be done
fi

#cleanup variables 
rm -f /tmp/myvar*