-
Notifications
You must be signed in to change notification settings - Fork 0
/
os_post-install
executable file
·167 lines (141 loc) · 4.36 KB
/
os_post-install
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
#!/bin/bash
function move_file() {
[ $# -eq 2 ] || exit 1
local src=$1 dst=$2
chown --reference=$dst $src || exit 1
chmod --reference=$dst $src || exit 1
mv -f $src $dst
}
pushd / >/dev/null
[ ! -e etc/mtab ] && ln -s /proc/mounts etc/mtab > /dev/null 2>&1
# Convert system to shadow password files
/usr/sbin/pwconv > /dev/null 2>&1
# Disable interactive startup
CFG_FILE=etc/sysconfig/init
if [ -f $CFG_FILE ]; then
sed -e 's/^PROMPT=.*/PROMPT=no/g' \
$CFG_FILE > ${CFG_FILE}.$$ && \
move_file ${CFG_FILE}.$$ $CFG_FILE > /dev/null 2>&1
fi
# Fix /etc/rsyslog.conf
CFG_FILE=etc/rsyslog.conf
if [ -f $CFG_FILE ]; then
echo -e ',s^\([[:space:]]\)\(/var/log/\)^\\1-\\2^\nwq' | ed -s $CFG_FILE
fi
# Fix /etc/sysctl.conf
CFG_FILE=etc/sysctl.conf
if [ -f $CFG_FILE ]; then
sed -e "s,^kernel\.,# kernel.,g" \
-e "s,^net.ipv4.conf\.,# net.ipv4.conf.,g" \
$CFG_FILE > ${CFG_FILE}.$$ && \
move_file ${CFG_FILE}.$$ $CFG_FILE > /dev/null 2>&1
fi
# disable all services
if [ -f /sbin/chkconfig ] && [ -f /bin/grep ] && [ -f /bin/sed ] ; then
for i in `LANG=C /sbin/chkconfig --list | grep -v "xinetd based services:" | sed -e "s/\([^ ]*\)[ ]*0.*/\1/" -e "s/[\t]\(.*\):.*/\1/"`; do
[ -x etc/init.d/$i ] && /sbin/chkconfig --level 3 $i off > /dev/null 2>&1
done
fi
# turn services on
list="network httpd iptables sshd xinetd saslauthd sendmail rsyslog crond"
for i in $list; do
/sbin/chkconfig --level 3 $i on > /dev/null 2>&1
done
# disable all cron jobs
for i in hourly daily weekly monthly; do
chmod a-x /etc/cron.${i}/* > /dev/null 2>&1
done
# enable logrotate
chmod a+x /etc/cron.daily/logrotate > /dev/null 2>&1
# mount /dev/pts
echo "none /dev/pts devpts rw,gid=5,mode=620 0 0" >> etc/fstab
mkdir -p dev/pts > /dev/null 2>&1
mkdir -p dev/shm > /dev/null 2>&1
echo "none /dev/shm tmpfs defaults 0 0" >> etc/fstab
# Optional tuning
# Fix sshd_config
CFG_FILE=etc/ssh/sshd_config
if [ -f $CFG_FILE ]; then
sed -e "s/^X11Forwarding yes/X11Forwarding no/" \
$CFG_FILE > ${CFG_FILE}.$$ && \
move_file ${CFG_FILE}.$$ $CFG_FILE > /dev/null 2>&1
fi
# apache tuning
CFG_FILE=etc/httpd/conf/httpd.conf
if [ -f $CFG_FILE ]; then
sed -e "s/^StartServers[[:blank:]]*.*/StartServers 1/" \
-e "s/^MinSpareServers[[:blank:]]*.*/MinSpareServers 1/" \
-e "s/^MaxSpareServers[[:blank:]]*.*/MaxSpareServers 5/" \
-e "s/^ServerLimit[[:blank:]]*.*/ServerLimit 10/" \
-e "s/^MaxClients[[:blank:]]*.*/MaxClients 10/" \
-e "s/^MinSpareThreads[[:blank:]]*.*/MinSpareThreads 1/" \
-e "s/^MaxSpareThreads[[:blank:]]*.*/MaxSpareThreads 4/" \
$CFG_FILE > ${CFG_FILE}.$$ && \
move_file ${CFG_FILE}.$$ $CFG_FILE > /dev/null 2>&1
fi
# saslauthd tuning
CFG_FILE=etc/sysconfig/saslauthd
if [ -f $CFG_FILE ]; then
sed -e "s/^FLAGS=/FLAGS=\"-n 2\"/" \
$CFG_FILE > ${CFG_FILE}.$$ && \
move_file ${CFG_FILE}.$$ $CFG_FILE > /dev/null 2>&1
fi
# Create empty modules.dep on container start
echo "#!/bin/bash
# Fix modules.dep for iptables
#
# chkconfig: 2345 08 92
# description: Simple script that fixed modules.dep for iptables
#
### BEGIN INIT INFO
# Provides: modules_dep
# Required-Start: \$local_fs
# Required-Stop: \$local_fs
# Should-Start:
# Should-Stop:
# Default-Start:
# Default-Stop:
# Short-Description: Fix modules.dep for iptables
# Description: Simple script that fixed modules.dep for iptables
### END INIT INFO
# source function library
. /etc/init.d/functions
function start() {
if [ ! -d \"/lib/modules/\`uname -r\`\" ]; then
mkdir /lib/modules/\`uname -r\`
fi
depmod -a >/dev/null 2>&1
}
function stop() {
if [ -d \"/lib/modules/\`uname -r\`\" ]; then
rm -rf /lib/modules/\`uname -r\`
fi
}
case \"\$1\" in
start)
start
RETVAL=0
;;
stop)
stop
RETVAL=0
;;
restart|reload|condrestart)
stop
start
;;
try-restart|status)
RETVAL=0
;;
*)
echo \$\"Usage: \$0 {start|stop|status|restart|condrestart|reload}\"
RETVAL=2
esac
exit \$RETVAL" > etc/init.d/modules_dep
chmod 0755 etc/init.d/modules_dep
/sbin/chkconfig --add modules_dep
touch etc/sysconfig/network
# Force regeneration of mime-database, due to shared-mime-info
# post-install script failure
/usr/bin/update-mime-database /usr/share/mime > /dev/null 2>&1
popd > /dev/null