#!/bin/sh # Make directories, change permissions. /bin/mkdir -p /fnal/ups /bin/mkdir -p /pnfs/cms /bin/mkdir -p /home/farms /bin/mkdir -p -m 2711 /var/adm/krb5/farms /bin/mkdir -p /home/farms/fbsng_root /bin/mkdir /data /bin/chown 9811.5063 /data /bin/chown 500.501 /var/adm/krb5/farms /bin/chown 500.501 /home/farms/fbsng_root /bin/chmod 1777 /tmp /bin/chmod 777 /data # put the yp host into the hosts file. /bin/cp /etc/hosts /etc/hosts.orig /bin/echo "131.225.206.41 cmsun1.fnal.gov cmsun1" >> /etc/hosts # put in the other name server /bin/cp /etc/resolv.conf /etc/resolv.conf.orig /bin/echo "nameserver 131.225.17.150" >> /etc/resolv.conf # hosts.allow and hosts.deny /bin/cp /etc/hosts.allow /etc/hosts.allow.orig /bin/cp /etc/hosts.deny /etc/hosts.deny.orig /bin/echo '# # hosts.allow This file describes the names of the hosts which are # allowed to use the local INET services, as decided # by the '/usr/sbin/tcpd' server. # # portmap: 131.225.0.0/255.255.0.0 LOCAL 127.0.0.1 rpc.mountd: 131.225. LOCAL 127.0.0.1 ALL: .fnal.gov 131.225. LOCAL 127.0.0.1 : banners /etc/banners sshd: ALL ftpd: ALL' > /etc/hosts.allow /bin/echo '# # hosts.deny This file describes the names of the hosts which are # *not* allowed to use the local INET services, as decided # by the '/usr/sbin/tcpd' server. # # The portmap line is redundant, but it is left to remind you that # the new secure portmap uses hosts.deny and hosts.allow. In particular # you should know that NFS uses portmap! ALL: ALL except 127.0.0.1 : banners /etc/banners' > /etc/hosts.deny # yp.conf /bin/cp /etc/CMSserver/configfiles/yp.conf /etc/yp.conf /bin/cp /etc/CMSserver/configfiles/k5login /root/.k5login # fix the nsswitch file to get your hostnames via DNS /bin/cp /etc/nsswitch.conf /etc/nsswitch.conf.orig /bin/sed "s/\(^hosts: *\)\(files *\)\(nisplus nis *\)\(dns\)/\1\4 \2/g" /etc/nsswitch.conf.orig > /etc/nsswitch.conf # put in the correct sysctl.conf /bin/cp /etc/sysctl.conf /etc/sysctl.conf.orig /bin/sed "s/kernel.sysrq = 0/kernel.sysrq = 1/g" /etc/sysctl.conf.orig > /etc/sysctl.conf /bin/echo "kernel.panic = 60" >> /etc/sysctl.conf /bin/echo "net.ipv4.tcp_rmem = 4096 87380 8388607" >> /etc/sysctl.conf /bin/echo "net.ipv4.tcp_wmem = 4096 65536 8388607" >> /etc/sysctl.conf /bin/echo "net.core.rmem_max = 8388607" >> /etc/sysctl.conf /bin/echo "net.core.wmem_max = 8388607" >> /etc/sysctl.conf /bin/echo "fs.file-max = 131072" >> /etc/sysctl.conf # Take out boot message in lilo (graphical boot) /bin/cp /etc/lilo.conf /etc/lilo.conf.orig /bin/sed "s/message//g" /etc/lilo.conf.orig > /etc/lilo.conf #put in a usable root .bashrc. /bin/cp /etc/CMSserver/configfiles/root.bashrc /root/.bashrc # put in a gmond.conf file /bin/cp /etc/CMSserver/configfiles/gmond.conf /etc/gmond.conf # add /etc/shells entries /bin/echo "/usr/local/bin/bash" >> /etc/shells /bin/echo "/usr/local/bin/tcsh" >> /etc/shells # Turn off unnecessary services. /sbin/chkconfig --level 345 facct on /sbin/chkconfig --level 345 portmap on /sbin/chkconfig --level 345 rstatd on /sbin/chkconfig --level 345 ypbind on /sbin/chkconfig --level 345 telnet on /sbin/chkconfig --level 345 ftp on /sbin/chkconfig --level 345 eklogin on /sbin/chkconfig --level 345 klogin on /sbin/chkconfig --level 345 kshell on /sbin/chkconfig --level 2345 autofs off /sbin/chkconfig --level 2345 lpd off /sbin/chkconfig --level 2345 canna off /sbin/chkconfig --level 2345 sendmail off /sbin/chkconfig --level 2345 kudzu off /sbin/chkconfig --level 2345 identd off /sbin/chkconfig --level 2345 apmd off /sbin/chkconfig --level 2345 gpm off /sbin/chkconfig --level 2345 ipchains off /sbin/chkconfig --level 2345 iptables off /sbin/chkconfig --level 2345 rhnsd off /sbin/chkconfig --level 2345 ntpd off /sbin/chkconfig --level 2345 rawdevices off /sbin/chkconfig --add nfslock cat >> /var/spool/cron/root << 'EOF' 0 8-18 * * 1-5 /usr/lib/sa/sa1 1200 3 & 5 19 * * 1-5 /usr/lib/sa/sa2 -A & EOF #/etc/cron.daily/slocate.cron /usr/bin/updatedb -f "nfs,smbfs,ncpfs,proc,devpts"