#!/bin/bash ## Straight from %post section of ks.cfg. ## Settings NTP=yes # or no (NTP configuration) DMA=no # or no (Enable DMA for all drives (MAY CAUSE CORRUPTION on buggy old chipsets) SERIAL=no # or no (Serial console, disabling graphical Lilo menu) SERVICES=yes # or no (Enable/Disable some services) IPV6INIT=yes # or no (Enable autoload of IPv6) AUTOUPDATE=yes # or no (Install enhanced autoupdate configuration) RECONFIGURE=yes # or no (Automatic reconfiguration of network, password, etc. at bootup) MOTD=yes # or no (Reminder about next steps in /etc/motd) ## NTP configuration: add ntp[12].funet.fi as NTP servers. ## NOTE! Overwrites ntp configuration! if [ x"$NTP" = x"yes" ]; then echo "driftfile /etc/ntp/drift" > /etc/ntp.conf echo "server 193.166.5.177" >> /etc/ntp.conf echo "server 193.166.5.197" >> /etc/ntp.conf echo "restrict default ignore" >> /etc/ntp.conf echo "restrict 193.166.5.177 noquery" >> /etc/ntp.conf echo "restrict 193.166.5.197 noquery" >> /etc/ntp.conf echo "193.166.5.177" > /etc/ntp/step-tickers echo "193.166.5.197" >> /etc/ntp/step-tickers fi if [ x"$DMA" = x"yes" ]; then if [ -r /etc/sysconfig/harddisks ]; then if [ "`grep -c ^USE_DMA /etc/sysconfig/harddisks`" = "0" -a "`grep -c "^# USE_DMA" /etc/sysconfig/harddisks`" = "1" ]; then perl -pi -e 's:^# USE_DMA:USE_DMA:' /etc/sysconfig/harddisks fi fi fi ## Disable "unnecessary" services, enable nice ones. if [ x"$SERVICES" = x"yes" ]; then try_disable_services="hotplug kudzu lpd sendmail portmap nfslock rawdevices" try_enable_services="ntpd" for disable in $try_disable_services; do if [ -e /etc/rc.d/init.d/$disable ]; then /sbin/chkconfig --level 2345 $disable off fi done for enable in $try_enable_services; do if [ -e /etc/rc.d/init.d/$enable ]; then /sbin/chkconfig $enable on fi done fi ## Add serial console initialization if [ x"$SERIAL" = x"yes" ]; then SERIAL_TTY=ttyS0 if [ "`grep -c "^S[01]:" /etc/inittab`" = "0" ]; then echo "S0:2345:respawn:/sbin/getty $SERIAL_TTY DT38400 vt102" >> /etc/inittab fi ## Add the serial to lilo as a secondary console if [ "`grep -c serial /etc/lilo.conf`" = "0" ]; then echo "serial=0,38400n8" >> /etc/lilo.conf.new echo "append=\"console=$SERIAL_TTY,38400 console=tty0\"" >> /etc/lilo.conf.new cat /etc/lilo.conf >> /etc/lilo.conf.new mv /etc/lilo.conf.new /etc/lilo.conf fi ## Allow root logins from serial console if [ "`grep -c $SERIAL_TTY /etc/securetty`" = "0" ]; then echo "$SERIAL_TTY" >> /etc/securetty fi ## Disable graphical lilo boot screen (secondary serial console won't work ## well with it) if [ ! "`grep -c ^message= /etc/lilo.conf`" = "0" ]; then perl -pi -e s'/^message=/# message=/' /etc/lilo.conf fi /sbin/lilo fi ## Automatically enable IPv6 on all interfaces; enable forwarding. if [ x"$IPV6INIT" = x"yes" ]; then if [ "`grep -c NETWORKING_IPV6 /etc/sysconfig/network`" = "0" ]; then echo "NETWORKING_IPV6=yes" >> /etc/sysconfig/network fi if [ "`grep -c IPV6INIT /etc/sysconfig/network`" = "0" ]; then echo "IPV6INIT=yes" >> /etc/sysconfig/network fi fi ## Prepare a better default configuration for autoupdate. if [ x"$AUTOUPDATE" = x"yes" ]; then if [ -e /etc/autoupdate.d/autoupdate.conf ]; then perl -pi -e 's:^Verbose=1:Verbose=0:' /etc/autoupdate.d/autoupdate.conf perl -pi -e 's:^DoUpdateKernel=0:DoUpdateKernel=1:' /etc/autoupdate.d/autoupdate.conf fi cat > /etc/autoupdate.d/redhat.ftp << EOF Host=ftp.funet.fi #Host=ftp.sunet.se FTPAll=0 FTPRetry=2 FTPWait=10 Passive=1 Dir=/pub/mirrors/ftp.redhat.com/pub/redhat/linux/updates/#DistVersion#/en/os/ #Dir=/pub/os/Linux/distributions/redhat/redhat/linux/updates/#DistVersion#/en/os/ EOF fi ## Reminder about next steps in /etc/motd if [ x"$MOTD" = x"yes" ]; then if [ ! -z /etc/motd ]; then cat > /etc/motd << EOF Things to Remember after Installation ===================================== Generic Configuration --------------------- 1. Check that IPv4 has been configured properly. 2. Check NTP configuration in /etc/ntp.conf and /etc/ntp/step-tickers. Some NTP servers can be found from: http://www.eecis.udel.edu/~mills/ntp/servers.htm (or if you want, NTP can just be disabled with '/sbin/chkconfig ntpd off') 3. Define which hosts may connect using SSH. This can be done in /etc/hosts.allow. For example: sshd: yourws.compary.com some.other.box : allow sshd: ALL: deny 4. If you intend to use autoupdate or up2date, you might want to configure them now. For autoupdate, you could define a closer mirror than the default one in /etc/autoupdate.d/redhat.ftp. These aren't enabled by default though. IPv6 Configuration ------------------ 1. IPv6 has been enabled by default in /etc/sysconfig/network. If you want to enable packet forwarding, add IPV6FORWARDING=yes in the file. 2. Depending on your connection method, you may have to modify tunnel configuration (/etc/sysconfig/network-scripts/ifcfg-sit1) or physical interface configuration (if using 6to4) (ifcfg-eth0, ifcfg-ippp0, ...). In addition, you will need to specify a "default" route in /etc/sysconfig/static-routes-ipv6, like: sit1 2000::/3 These steps are covered in /usr/share/doc/initscripts-*/*.howto documents. 3. If you want to connect a LAN to Internet, you have to configure radvd (Router Advertisement Daemon). First, enable it with: /sbin/chkconfig radvd on and perform configuration in /etc/radvd.conf. The default configuration file is very well commented and should provide extensive guidance, in addition to radvd.conf(5) man page. An example of a router advertising a fixed prefix to LAN might be: interface eth0 { AdvSendAdvert on; MinRtrAdvInterval 30; MaxRtrAdvInterval 100; prefix 3FFE:2620:1:4::0/64 { AdvOnLink on; AdvAutonomous on; }; }; [remove /etc/motd when done] EOF fi fi ## Let the user redo certain parts of configuration at first boot. if [ x"$RECONFIGURE" = x"yes" ]; then touch /.unconfigured fi