# Time sync
yum install -y rdate
/usr/bin/rdate -s time.bora.net
# yum.repo.d
/usr/bin/yum install -y vim
centos_ver=`/bin/cat /etc/redhat-release | awk '{print substr($3,1,1)}'`
case "$centos_ver" in
6)
/bin/rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
/bin/rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-6.rpm
;;
5)
/bin/rpm -Uvh http://dl.fedoraproject.org/pub/epel/5/x86_64/epel-release-5-4.noarch.rpm
/bin/rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-5.rpm
;;
4)
/bin/rpm -Uvh http://dl.fedoraproject.org/pub/epel/4/i386/epel-release-4-10.noarch.rpm
/bin/rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-4.rpm
;;
esac
# system service
all_services=`chkconfig --list | awk '{print $1}'`
on_services="crond network rsyslog sshd kdump"
for i in $all_services;
do
/sbin/chkconfig --level 2345 $i off
done
for h in $on_services;
do
/sbin/chkconfig --level 2345 $h on
done
# system default tool
yum_local_tool="setuptool openssh-clients rsync rdate telnet lsof"
yum_admin_tool="glances sysstat iotop expect iptraf dmidecode cpulimit"
yum_hack_patch="bash"
yum_options="-y"
# snmp install
yum_snmpd_tool="net-snmp*"
echo ">> check system_default and install it"
for dep in $yum_local_tool $yum_admin_tool $yum_snmpd_tool $yum_hack_patch ; do
yum install ${yum_options} ${dep}
done
/sbin/chkconfig --level 23 snmpd on
/bin/mv /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.$TDAY
/usr/bin/wget http://10.0.0.10/system/snmpd.conf
/bin/mv /root/src/snmpd.conf /etc/snmp/snmpd.conf
/etc/init.d/snmpd start
# Hangul
yum groupinstall -y korean-support
# /etc/hosts.allw, hosts.deny (tcp_wapper)
echo "" > /etc/hosts.allow
echo "" > /etc/hosts.deny
echo ""
echo "ALL : 10.0.1." >> /etc/hosts.allow
echo "ALL : 10.0.2." >> /etc/hosts.allow
echo "ALL : 10.0.3." >> /etc/hosts.allow
echo "ALL : 10.0.4." >> /etc/hosts.allow
echo "ALL : 10.0.5." >> /etc/hosts.allow
echo "ALL : 10.0.6." >> /etc/hosts.allow
echo "ALL : ALL" >> /etc/hosts.deny
# system admin server Key input
mkdir /root/.ssh/
echo "ssh-rsa CCCCB3NzaC1yc2EAAAABIwAAAQEAwPPuh5y7XjgN11k03M+zq7jKL9pAt9bcGZ6axdLdGKUbgrMaL3C5tU6mq5OrClK26vrGfuWrF5jYs7UCE5YEXPhp11JkUthx434vdHHrdsH+iHa/W0Ub7Uajlt40Apc8FIvsNlIt8sJy9jkpT3Bzn+3Xfmtn/9MfyyDsoUqfe9w7tEAzHgYus/WJfNLhpCyiz4jKGL1OHoCwkhWAItRqSyLo4Y7uZPNs2sl9gKu7BOwk9tw3HdFr/UeZbpHEUc1H3c4oJnSicp72PWBDzK+DkI+Ps0ulFo4c5+t1jm+3+N90rmZjihq0tWocF23fqYPyBpANw25qFnAqQ9/fUh+9CQ== root@system-admin" >> /root/.ssh/authorized_keys
# User env
/bin/mv /root/.bashrc /root/bashrc_$TDAY
/usr/bin/wget http://10.0.0.10/system/bashrc_default
/bin/cat /root/src/bashrc_default > /root/.bashrc
source /root/.bashrc
#HOST env
/bin/mv /etc/hosts /etc/hosts.$TDAY
sed "s/$/ $HOSTNAME/" /etc/hosts.$TDAY > /etc/hosts
ifconfig -a | grep "inet " | grep "Bcast:" | awk '{print $2}' | awk -F: '{print $2}' | sed "s/$/ $HOSTNAME/" >> /etc/hosts
# limit.conf
cat << EOF >> "/etc/security/limits.conf"
# Limit nofile config
* soft nofile 65536
* hard nofile 65536
EOF
# HISTTIMEFORMAT add
echo "" >> /root/.bashrc
echo "### HISTTIMEFORMAT ###" >> /root/.bashrc
echo "HISTTIMEFORMAT=\"%F %T - \"" >> /root/.bashrc
echo "export HISTTIMEFORMAT" >> /root/.bashrc
# selinux disabled
/bin/sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux
/bin/sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
/usr/sbin/setenforce 0
### time sync crontab
cat << EOF > /var/spool/cron/root
#################################################
*/30 * * * * /usr/bin/rdate -s time.bora.net && clock -w > /dev/null 2>&1
#################################################
EOF