#!/bin/bash
# Check if user is root
if [ $(id -u) != "0" ] ; then
echo "Error: You must be root to run this script!"
exit 1
fi
#Create user and update profile
useradd -d /home/webuser -g users webuser
echo pwd |passwd --stdin webuser
sed -i 's/PATH=$PATH:$HOME\/bin/PATH=$PATH:$HOME\/bin:\/sbin:\/usr\/sbin:\/usr\/local\/bin/g' /home/webuser/.bash_profile
#Config the webuser's permit
echo "webuser ALL=(root) NOPASSWD:ALL">>/etc/sudoers
#Create the private dict
mkdir -p /home/webuser/software
chown -R webuser.users /opt
#Config dns
mv /etc/resolv.conf /etc/resolv.conf.bak
cat >/etc/resolv.conf<<EOF
search localdomain
nameserver 202.96.209.5
nameserver 202.96.209.133
EOF
#Disable selinux
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux
#Config ssh
sed -i 's/#Protocol 2,1/Protocol 2/g' /etc/ssh/sshd_config
sed -i 's/#PermitRootLogin yes/permitRootLogin no/g' /etc/ssh/sshd_config
sed -i 's/GSSAPIAuthentication yes/#GSSAPIAuhentication yes/g' /etc/ssh/sshd_config
sed -i 's/GSSAPICleanupCredentials yes/#GSSAPICleanupCredentials yes/g' /etc/ssh/sshd_config
sed -i 's/#UseDNS yes/UseDNS no/g' /etc/ssh/sshd_config
/etc/init.d/sshd restart
#Sync time
echo "01 * * * * root rdate -s stdtime.gov.hk">>/etc/crontab
/etc/init.d/crond restart
#Config kernel
cat>>/etc/sysctl.conf<<EOF
net.ipv4.tcp_fin_timeout=30
net.ipv4.tcp_keepalive_time = 300
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 4096
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syn_retries = 2
net.ipv4.tcp_rmem = 32768
net.ipv4.tcp_wmem = 32768
net.ipv4.tcp_sack = 0
fs.file-max = 8061540
EOF
sysctl -p
cat >>/etc/security/limits.conf<<EOF
webuser - nofile 1006154
root - nofile 1006154
EOF
#Config language
mv /etc/sysconfig/i18n /etc/sysconfig/i18n.bak
cat>/etc/sysconfig/i18n<<EOF
LANG="en_US.UTF-8"
SUPPORTED="zh_CN.UTF-8:zh_CN:zh:en_US:en"
SYSFONT="latarcyrheb-sun16"
EOF
#Vim
sed -i "8 s/^/alias vi='vim'/g" /root/.bashrc
echo 'syntax on '>/root/.vimrc
#Turnoff services
for i in `ls /etc/rc3.d/S*`
do
cursrv=`echo $i|cut -c 15- `
echo $cursrv
case $cursrv in
cpuspeed|crond|irqbalance|microcode_ctl|mysqld|network|sshd|syslog)
echo "base services ,skip!"
;;
*)
echo "turn off $cursrv"
chkconfig --level 235 $cursrv off
service $cursrv stop
;;
esac
done
#Create repo
mv /etc/yum.repo.d/* /tmp
cat >/etc/yum.repos.d/CentOS-Base.repo<<EOF
[base]
name=CentOS-$releasever - Base
baseurl=http://centos.ustc.edu.cn/centos/5.9/os/x86_64/
gpgcheck=1
gpgkey=http://centos.ustc.edu.cn/centos/RPM-GPG-KEY-CentOS-5
#released updates
[update]
name=CentOS-$releasever - Updates
baseurl=http://centos.ustc.edu.cn/centos/5.9/updates/x86_64/
gpgcheck=1
gpgkey=http://centos.ustc.edu.cn/centos/RPM-GPG-KEY-CentOS-5
#packages used/produced in the build but not released
[addons]
name=CentOS-$releasever - Addons
baseurl=http://centos.ustc.edu.cn/centos/5.9/addons/x86_64/
gpgcheck=1
gpgkey=http://centos.ustc.edu.cn/centos/RPM-GPG-KEY-CentOS-5
#additional packages that may be useful
[extras]
name=CentOS-$releasever - Extras
baseurl=http://centos.ustc.edu.cn/centos/5.9/extras/x86_64/
gpgcheck=1
gpgkey=http://centos.ustc.edu.cn/centos/RPM-GPG-KEY-CentOS-5
#additional packages that extend functionality of existing packages
[centosplus]
name=CentOS-$releasever - Plus
baseurl=http://centos.ustc.edu.cn/centos/5.9/centosplus/x86_64/
gpgcheck=1
enabled=0
gpgkey=http://centos.ustc.edu.cn/centos/RPM-GPG-KEY-CentOS-5
#contrib - packages by Centos Users
[contrib]
name=CentOS-$releasever - Contrib
baseurl=http://centos.ustc.edu.cn/centos/5.9/contrib/x86_64/
gpgcheck=1
enabled=0
gpgkey=http://centos.ustc.edu.cn/centos/RPM-GPG-KEY-CentOS-5
EOF