#!/bin/sh # # custom_finish # # ATonns Thu Aug 30 14:36:23 EDT 2001 # # NOTE: this script makes use of 'sed' to modify all # files. If you don't know sed, please don't screw with # the file modification sections, as they are usually # in a VERY bad mood. They get especially upset at # misplaced whitespace, and the formatting of lines. # echo "Starting Post-Installation Customization" # # base is where the root of the filesystem exists. # on install - this is usually /a # BASE="/a"; #BASE=""; PATH=/bin:/usr/bin:/usr/local/bin #PATH=$BASE/bin:$BASE/usr/bin:$BASE/usr/local/bin # # create /noautoshutdown to disable power mangement # if [ ! -f $BASE/noautoshutdown -a ! -f $BASE/autoshutdown ]; then touch $BASE/noautoshutdown chmod 0400 $BASE/noautoshutdown else echo "WARNING: either $BASE/noautoshutdown or $BASE/autoshutdown exists, not overwriting" fi # # change root's home directory to /root # if [ ! -d $BASE/root ]; then mkdir $BASE/root chmod 0700 $BASE/root if [ ! -f $BASE/etc/passwd.orig ]; then cp $BASE/etc/passwd $BASE/etc/passwd.orig cat > /tmp/passwd.sed << EOF /^root:/ { s/Super-User:\/:/Super-User:\/root:/ } EOF sed -f /tmp/passwd.sed $BASE/etc/passwd.orig > $BASE/etc/passwd chown root:sys $BASE/etc/passwd chmod 0644 $BASE/etc/passwd rm -f /tmp/passwd.sed chmod 0400 $BASE/etc/passwd.orig else echo "WARNING: $BASE/etc/passwd.orig already exists, not clobbering it" fi else echo "WARNING: root's home directory $BASE/root already exists, not changing /etc/passwd" fi # # add FQDN to /etc/hosts to shutup sendmail dequeue from cron # if [ -f $BASE/etc/hosts ]; then if [ ! -f $BASE/etc/hosts.orig ]; then cp $BASE/etc/hosts $BASE/etc/hosts.orig cat > /tmp/hosts.sed << EOF /loghost$/ { s/ \\([^ ]*\\) loghost\$/ \\1 \\1.ivillage.com loghost/ } EOF sed -f /tmp/hosts.sed $BASE/etc/hosts.orig > $BASE/etc/hosts chown root:sys $BASE/etc/hosts chmod 0444 $BASE/etc/hosts rm -f /tmp/hosts.sed chmod 0400 $BASE/etc/hosts.orig else echo "WARNING: $BASE/etc/hosts.orig already exists, not clobbering it" fi else echo "ERROR: missing $BASE/etc/hosts" fi # # we are never a router # if [ ! -f $BASE/etc/notrouter ]; then touch $BASE/etc/notrouter chmod 0400 $BASE/etc/notrouter else echo "WARNING: $BASE/etc/notrouter exists, not re-creating" fi # # enable DNS in /etc/nsswitch.conf # if [ -f $BASE/etc/nsswitch.conf ]; then if [ ! -f $BASE/etc/nsswitch.conf.orig ]; then cp $BASE/etc/nsswitch.conf $BASE/etc/nsswitch.conf.orig cat > /tmp/nsswitch.conf.sed << EOF /^hosts:/ { s/files\$/files dns/ } EOF sed -f /tmp/nsswitch.conf.sed $BASE/etc/nsswitch.conf.orig > $BASE/etc/nsswitch.conf chown root:sys $BASE/etc/nsswitch.conf chmod 0644 $BASE/etc/nsswitch.conf rm -f /tmp/nsswitch.conf.sed chmod 0400 $BASE/etc/nsswitch.conf.orig else echo "WARNING: $BASE/etc/nsswitch.conf.orig already exists, not clobbering it" fi else echo "ERROR: missing $BASE/etc/nsswitch.conf" fi # # create /etc/resolv.conf # if [ ! -f $BASE/etc/resolv.conf ]; then cat > $BASE/etc/resolv.conf << EOF domain ivillage.com nameserver 209.185.162.15 nameserver 209.185.162.16 EOF chmod 0444 $BASE/etc/resolv.conf else echo "WARNING: $BASE/etc/resolv.conf already exists, not clobbering it" fi # # create root .netrc, .rhosts and hosts.equiv # (before someone else does) # if [ ! -f $BASE/root/.netrc ]; then touch $BASE/root/.netrc chmod 0400 $BASE/root/.netrc else echo "WARNING: $BASE/root/.netrc exists, not overwriting" fi if [ ! -f $BASE/root/.rhosts ]; then touch $BASE/root/.rhosts chmod 0400 $BASE/root/.rhosts else echo "WARNING: $BASE/root/.rhosts exists, not overwriting" fi if [ ! -f $BASE/etc/hosts.equiv ]; then touch $BASE/etc/hosts.equiv chmod 0400 $BASE/etc/hosts.equiv else echo "WARNING: $BASE/etc/hosts.equiv exists, not overwriting" fi # # disallow system accounts for ftp # if [ ! -f $BASE/etc/ftpusers ]; then cut -d: -f1 $BASE/etc/passwd > $BASE/etc/ftpusers chmod 0400 $BASE/etc/ftpusers else echo "WARNING: $BASE/etc/ftpusers exists, not overwriting" fi # # create /etc/inet/ntp.conf # if [ ! -f $BASE/etc/inet/ntp.conf ]; then cat > $BASE/etc/inet/ntp.conf << EOF server ivillage-43.ivillage.com minpoll 4 maxpoll 4 driftfile /etc/ntp.drift EOF chmod 0444 $BASE/etc/inet/ntp.conf else echo "WARNING: $BASE/etc/inet/ntp.conf already exists, not clobbering it" fi # # create /etc/shells # if [ ! -f $BASE/etc/shells ]; then cat > $BASE/etc/shells << EOF /usr/local/bin/tcsh /usr/local/bin/bash /bin/ksh /usr/bin/ksh /bin/csh /sbin/sh /bin/sh /bin/false EOF chmod 0444 $BASE/etc/shells else echo "WARNING: $BASE/etc/shells already exists, not clobbering it" fi # # whack inetd.conf # if [ -f $BASE/etc/inetd.conf ]; then if [ ! -f $BASE/etc/inetd.conf.orig ]; then mv $BASE/etc/inetd.conf $BASE/etc/inetd.conf.orig chmod 0400 $BASE/etc/inetd.conf.orig cat > $BASE/etc/inetd.conf << EOF # # this was inetd.conf # # we don't need it anymore becase we use ssh and scp # # if you REALLY REALLY need something, # copy just that line from /etc/inetd.conf.orig. # # Consider yourself warned. This means you. # EOF chmod 0400 $BASE/etc/inetd.conf else echo "WARNING: $BASE/etc/inetd.conf.orig already exists, not clobbering it" fi else echo "ERROR: missing $BASE/etc/inetd.conf" fi # # modify syslogd startup NOT to listen on UDP as a remote loghost # if [ -f $BASE/etc/init.d/syslog ]; then if [ ! -f $BASE/etc/init.d/syslog.orig ]; then cp $BASE/etc/init.d/syslog $BASE/etc/init.d/syslog.orig cat > /tmp/syslog.sed << EOF /^ \\/usr\\/sbin\\/syslogd / { s/syslogd/syslogd -t/ } EOF sed -f /tmp/syslog.sed $BASE/etc/init.d/syslog.orig > $BASE/etc/init.d/syslog chown root:sys $BASE/etc/init.d/syslog chmod 0744 $BASE/etc/init.d/syslog rm -f /tmp/syslog.sed chmod 0400 $BASE/etc/init.d/syslog.orig else echo "WARNING: $BASE/etc/init.d/syslog.orig already exists, not clobbering it" fi else echo "ERROR: missing $BASE/etc/init.d/syslog" fi # # core files in / can be dangerous and used for hacking # if [ ! -f $BASE/core -a ! -f $BASE/core ]; then ln -s /dev/null $BASE/core else echo "WARNING: $BASE/core exists, not overwriting" fi # # add some entries to the root crontab # if [ -f $BASE/var/spool/cron/crontabs/root ]; then cp $BASE/var/spool/cron/crontabs/root $BASE/root/crontab.orig chmod 0400 $BASE/root/crontab.orig cat >> $BASE/var/spool/cron/crontabs/root << EOF # 00,30 * * * * /usr/lib/sendmail -q > /dev/null 2>&1 # #00 00 * * * /usr/local/tools/rotate.pl --cron --minusday 15,45 * * * * /usr/local/tools/checkfs.pl /usr/local/tools/fs.dat 1>/dev/null # EOF else echo "ERROR: $BASE/var/spool/cron/crontabs/root already exists, not clobbering it" fi # # add some entries to /etc/system # if [ -f $BASE/etc/system ]; then if [ ! -f $BASE/etc/system.orig ]; then cp $BASE/etc/system $BASE/etc/system.orig chmod 0400 $BASE/etc/system.orig cat >> $BASE/etc/system << EOF * * custom iVillage entries * set maxusers=1024 * * Set all HMEs to 100/full * set hme:hme_adv_autoneg_cap=0 set hme:hme_adv_100T4_cap=0 set hme:hme_adv_100fdx_cap=1 set hme:hme_adv_100hdx_cap=0 set hme:hme_adv_10fdx_cap=0 set hme:hme_adv_10hdx_cap=0 * * Set all QFEs to 100/full * set qfe:qfe_adv_autoneg_cap=0 set qfe:qfe_adv_100T4_cap=0 set qfe:qfe_adv_100fdx_cap=1 set qfe:qfe_adv_100hdx_cap=0 set qfe:qfe_adv_10fdx_cap=0 set qfe:qfe_adv_10hdx_cap=0 EOF else echo "WARNING: $BASE/etc/system.orig already exists, not clobbering it" fi else echo "ERROR: $BASE/etc/system is missing" fi # # modify the /etc/profile for quality of life # if [ -f $BASE/etc/profile ]; then if [ ! -f $BASE/etc/profile.orig ]; then cp $BASE/etc/profile $BASE/etc/profile.orig cat > /tmp/profile.sed << EOF /^# The profile/ { a\\ a\\ PATH=/usr/sbin:/sbin:/usr/bin:/usr/ucb:/usr/local/bin:/usr/etc:/usr/kvm:/usr/ccs/bin:/usr/openwin/bin:/usr/dt/bin:/usr/proc/bin:/usr/opt/SUNWmd/sbin a\\ a\\ MANPATH=/usr/share/man:/usr/local/man:/usr/openwin/man:/usr/dt/man:/usr/proc/man:/usr/opt/SUNWmd/man a\\ a\\ LD_LIBRARY_PATH=/usr/lib:/usr/local/lib:/usr/openwin/lib:/usr/dt/lib a\\ a\\ USER=\`whoami 2>/dev/null\` a\\ USER=\${USER:-\`id | sed 's/^[^(]*(\([^)]*\)).*/\1/'\`} a\\ case \$USER in a\\ root*) PS1S='# ';; a\\ esac a\\ PS1S=\${PS1S:-'\$ '} a\\ HOSTNAME=\${HOSTNAME:-\`uname -n\`} a\\ a\\ PROMPT="\$HOSTNAME\$PS1S" a\\ PS1=\$PROMPT } /^export LOGNAME/ { s/PATH\$/PATH MANPATH LD_LIBRARY_PATH PS1/ } EOF sed -f /tmp/profile.sed $BASE/etc/profile.orig > $BASE/etc/profile chown root:sys $BASE/etc/profile chmod 0644 $BASE/etc/profile rm -f /tmp/profile.sed chmod 0400 $BASE/etc/profile.orig else echo "WARNING: $BASE/etc/profile.orig already exists, not clobbering it" fi else echo "ERROR: missing $BASE/etc/profile" fi # # customize the root environment # if [ ! -f $BASE/root/.profile ]; then cat > $BASE/root/.profile << EOF ENV=\$HOME/.kshrc export ENV EOF chmod 0700 $BASE/root/.profile else echo "WARNING: $BASE/root/.profile exists, not overwriting" fi # if [ ! -f $BASE/root/.kshrc ]; then cat > $BASE/root/.kshrc << EOF set -o vi alias df="df -k" alias du="du -k" EOF chmod 0700 $BASE/root/.kshrc else echo "WARNING: $BASE/root/.kshrc exists, not overwriting" fi # # customize imake for gcc # if [ -f $BASE/usr/openwin/lib/config/Imake.tmpl ]; then if [ ! -f $BASE/usr/openwin/lib/config/Imake.tmpl.orig ]; then cp $BASE/usr/openwin/lib/config/Imake.tmpl $BASE/usr/openwin/lib/config/Imake.tmpl.orig cat > /tmp/Imake_tmpl.sed << EOF /define HasGcc2/ { s/NO/YES/; } EOF sed -f /tmp/Imake_tmpl.sed $BASE/usr/openwin/lib/config/Imake.tmpl.orig > $BASE/usr/openwin/lib/config/Imake.tmpl chmod 0400 $BASE/usr/openwin/lib/config/Imake.tmpl.orig rm -f /tmp/Imake_tmpl.sed else echo "WARNING: $BASE/usr/openwin/lib/conf/Imake.tmpl.orig already exists, not clobbering it" fi else echo "ERROR: missing $BASE/usr/openwin/lib/config/Imake.tmpl" fi if [ -f $BASE/usr/openwin/lib/config/sun.cf ]; then if [ ! -f $BASE/usr/openwin/lib/config/sun.cf.orig ]; then cp $BASE/usr/openwin/lib/config/sun.cf $BASE/usr/openwin/lib/config/sun.cf.orig cat > /tmp/sun_cf.sed << EOF /define DefaultCCOptions -Xc/ { s/-Xc.*//; } /define PositionIndependentCFlags/ { s/-Kpic/-fpic/; } EOF sed -f /tmp/sun_cf.sed $BASE/usr/openwin/lib/config/sun.cf.orig > $BASE/usr/openwin/lib/config/sun.cf chmod 0400 $BASE/usr/openwin/lib/config/sun.cf.orig rm -f /tmp/sun_cf.sed else echo "WARNING: $BASE/usr/openwin/lib/conf/sun.cf.orig already exists, not clobbering it" fi else echo "ERROR: missing $BASE/usr/openwin/lib/config/sun.cf" fi # # secure /etc/rc2.d and /etc/rc3.d # disable_script () { OLDSCRIPT=$1 SCRIPTDIR=`dirname $OLDSCRIPT` OLDSCRIPTBASE=`basename $OLDSCRIPT` NEWSCRIPTBASE=`echo $OLDSCRIPTBASE | sed -e 's/^S/s/'` NEWSCRIPT=$SCRIPTDIR/$NEWSCRIPTBASE mv $OLDSCRIPT $NEWSCRIPT } # disable_script $BASE/etc/rc2.d/S30sysid.net disable_script $BASE/etc/rc2.d/S70uucp disable_script $BASE/etc/rc2.d/S71rpc disable_script $BASE/etc/rc2.d/S71sysid.sys disable_script $BASE/etc/rc2.d/S72autoinstall disable_script $BASE/etc/rc2.d/S73cachefs.daemon disable_script $BASE/etc/rc2.d/S73nfs.client disable_script $BASE/etc/rc2.d/S74autofs disable_script $BASE/etc/rc2.d/S76nscd disable_script $BASE/etc/rc2.d/S80lp disable_script $BASE/etc/rc2.d/S80spc disable_script $BASE/etc/rc2.d/S85power disable_script $BASE/etc/rc2.d/S88sendmail disable_script $BASE/etc/rc2.d/S92volmgt disable_script $BASE/etc/rc2.d/S94skiserv disable_script $BASE/etc/rc2.d/S93cacheos.finish disable_script $BASE/etc/rc2.d/S99audit disable_script $BASE/etc/rc2.d/S99dtlogin # disable_script $BASE/etc/rc3.d/S15nfs.server disable_script $BASE/etc/rc3.d/S77dmi # # copy iVillage tools to /usr/local/tools # if [ ! -d $BASE/usr/local/tools ]; then mkdir -p $BASE/usr/local/tools if [ -d /tmp/jump/local/tools ]; then ( cd /tmp/jump/local/tools; tar cf - . ) | ( cd $BASE/usr/local/tools; tar xvf - ) else echo "WARNING: /tmp/jump/local/tools does not exist! cannot copy tools!" fi else echo "WARNING: $BASE/usr/local/tools already exists, not re-creating" fi # # remove group write perms from # /etc, as they are NEVER required # chmod -R g-w $BASE/etc # # set auto-boot? to true for goodness sake! # /usr/sbin/eeprom auto-boot?=true echo "Post-Installation Customization Complete"