Listing 1 finish script
#!/bin/sh
# During testing phase I found it quite useful to be able to disable
# patch installation, this saves up to 60 min during the installation.
# However, when you're done debugging, please make sure that you do
# install patches
INSTALL_PATCHES="yes"
#INSTALL_PATCHES="no"
###########################################################
###########################################################
gettext "::: Custom FINISH install script :::"; echo
#=================================================
echo ""
echo ">>> Adding network interface speed and duplex ... \c"
# What we do here, is we are checking what interfaces are used
# during the installation and according to that information
# configure them in /etc/system file. This will suit
# Sun Fire V120 and V210/240, but for others (like V440)
# you would need to adjust this (to 'ce' in case of V440)
grep "\"eri\"" /a/etc/path_to_inst > /dev/null 2>&1
if [ $? = 0 ]; then
echo "\n" >> /a/etc/system
echo "set eri:adv_100T4_cap=0\n" >> /a/etc/system
echo "set eri:adv_100hdx_cap=0\n" >> /a/etc/system
echo "set eri:adv_10hdx_cap=0\n" >> /a/etc/system
echo "set eri:adv_100fdx_cap=1\n" >> /a/etc/system
echo "set eri:adv_autoneg_cap=0\n\n" >> /a/etc/system
fi
grep "\"bge\"" /a/etc/path_to_inst > /dev/null 2>&1
if [ $? = 0 ]; then
BGE_CONF=/a/kernel/drv/bge.conf
echo "adding bge conf file... \c"
echo "adv_1000fdx_cap=0;" >> $BGE_CONF
echo "adv_1000hdx_cap=0;" >> $BGE_CONF
echo "adv_100fdx_cap=1;" >> $BGE_CONF
echo "adv_100hdx_cap=0;" >> $BGE_CONF
echo "adv_10fdx_cap=0;" >> $BGE_CONF
echo "adv_10hdx_cap=0;" >> $BGE_CONF
echo "adv_autoneg_cap=0;" >> $BGE_CONF
fi
echo "done."
#=================================================
# We just remove the interface configuration files
# Since we want to have a clean system (no network)
echo ""
echo ">>> Removing network interface setup due to no IP specified ... \c"
rm /a/etc/hostname.*
echo "done."
#=================================================
# Standard patch installation routine
if [ x${INSTALL_PATCHES} = "xyes" ]
then
PATCH_LOG=/a/var/adm/patch.log
PATCH_BASE=/cdrom/Solaris_8/Product/patches
echo ""
echo ">>> Installing latest recommended patch cluster ... "
echo ""
echo "Patch installation details can be found in ${PATCH_LOG} log file"
echo "Copying cluster archive to a temporary location ... \c"
cp ${PATCH_BASE}/8_Recommended.zip /a/var/tmp
echo "done."
echo "Unpacking (might take approximately 5 min) ... \c"
cd /a/var/tmp
unzip 8_Recommended.zip > ${PATCH_LOG} 2>&1
echo "done."
echo ""
echo "Failed patch installations error codes:"
echo " 2 - Patch is already installed on system"
echo " 8 - Patch covers packages that are not installed on system"
echo " 15 - The prepatch script had a return code other than 0"
echo " 25 - Patch covers another patch that is not installed on system"
echo "These errors can safely be ignored"
echo "All other error codes should be investigated in the logfile"
echo ""
cd 8_Recommended
for patch in `cat patch_order`
do
echo "Installing patch ${patch} ... \c" | tee -a ${PATCH_LOG}
( patchadd -u -M . -R /a ${patch} ) >> ${PATCH_LOG} 2>&1
res=$?
if [ ${res} -ne 0 ]
then
echo "installation failed. Return code ${res}."
else
echo "done."
fi
done
echo "Removing temporary files and directories ... \c"
cd /a/var/tmp
rm -rf 8_Recommended
rm 8_Recommended.zip
echo "done."
echo ""
echo ">>> Latest recommended patch cluster installation done."
echo ""
fi
#=================================================
# For those who are still using SENDMAIL: comment out this part
echo ""
echo ">>> Disable Sendmail ... \c"
mv /a/etc/rc2.d/S88sendmail /a/etc/rc2.d/_S88sendmail
echo "done."
#=================================================
# Now let's run default JASS security driver, this will
# make your system pretty secure by closing all vulnerable
# ports and disabling unneeded services
# Root password is set to be: 'asecret' (without quotes)
echo ""
echo ">>> Running JASS configuration ... \c"
USER_INIT=/a/opt/SUNWjass/Drivers/user.init
echo "#!/bin/sh" > ${USER_INIT}
echo "" >> ${USER_INIT}
echo "JASS_ROOT_PASSWORD=EuEallLEarito" >> ${USER_INIT}
echo "export JASS_ROOT_PASSWORD" >> ${USER_INIT}
echo "" >> ${USER_INIT}
/a/opt/SUNWjass/jass-execute -d secure.driver > /a/var/adm/jass.log 2>&1
echo "done"
echo "JASS configuration log file is in /var/adm/jass.log"
#=================================================
# Now let's configure OpenSSL/SSH
# Please note, that although TCPwrappers are installed we are
# not taking an advantage of using them at the moment
echo ">>> Configuring OpenSSH/OpenSSL ... "
SS_SCRIPT=/a/etc/init.d/sshd
RC_SCRIPT=/a/etc/rc2.d/S98sshd
SSH_CONF=/a/usr/local/etc/sshd_config
SSH_KEYGEN=/a/usr/local/bin/ssh-keygen
SSH_RSA1=/a/usr/local/etc/ssh_host_key
SSH_DSA=/a/usr/local/etc/ssh_host_dsa_key
SSH_RSA=/a/usr/local/etc/ssh_host_rsa_key
LD_PATH=/a/usr/local/ssl/lib:/a/usr/local/lib
LD_LIBRARY_PATH=${LD_PATH}
export LD_LIBRARY_PATH
${SSH_KEYGEN} -t rsa1 -f ${SSH_RSA1} -N ""
${SSH_KEYGEN} -t dsa -f ${SSH_DSA} -N ""
${SSH_KEYGEN} -t rsa -f ${SSH_RSA} -N ""
mkdir /a/var/empty
chown root:sys /a/var/empty
chmod 755 /a/var/empty
echo "sshd:x:100:100:sshd privsep:/var/empty:/bin/false" >> /a/etc/passwd
echo "sshd::100:" >> /a/etc/group
# Creating a SSH start/stop script
cat << 'EOF' >> ${SS_SCRIPT}
#!/bin/sh
pid=`/usr/bin/ps -e | /usr/bin/grep sshd | /usr/bin/awk '{print $1}'`
case $1 in
'start')
/usr/local/sbin/sshd
;;
'stop')
if [ "${pid}" != "" ]
then
/usr/bin/kill ${pid}
fi
;;
*)
echo "usage: /etc/init.d/sshd {start|stop}"
;;
esac
EOF
chmod +x ${SS_SCRIPT}
cd /a/etc/rc2.d
ln -s ../init.d/sshd S98sshd
# Default SSH configuration file
cat << 'EOF2' >> ${SSH_CONF}
Protocol 2
LoginGraceTime 60
PasswordAuthentication yes
PermitEmptyPasswords no
PubkeyAuthentication yes
DSAAuthentication yes
PermitRootLogin yes
Banner /etc/issue
AllowTCPForwarding yes
GatewayPorts no
X11DisplayOffset 10
X11Forwarding yes
StrictModes yes
EOF2
echo ""
echo "WARNING: User 'root' IS allowed to connect using SSH."
echo ""
echo ">>> OpenSSH/OpenSSL configuration finished."
echo ""
#=================================================
# Let's install the current Java JVM, since the default
# is slightly out-dated
# Please read all document for the information on how to prepare
# (modify) the default installation script
echo ""
echo ">>> Installing Java2 RE 1.4.2-04"
echo ""
PACKAGE_BASE=/cdrom/Solaris_8/Product/packages
JAVA_PKG_NAME=j2re-1.4.2.04-sol-sparc-CUSTOMISED.sh
JAVA_HOME=j2re1.4.2_04
cp ${PACKAGE_BASE}/${JAVA_PKG_NAME} /a/var/tmp
chmod +x /a/var/tmp/${JAVA_PKG_NAME}
cd /a
/a/var/tmp/${JAVA_PKG_NAME}
cd /a/usr/bin
for i in `ls /a/${JAVA_HOME}/bin`
do
file=`basename ${i}`
ln -s ../../${JAVA_HOME}/bin/${file} ${file}
done
echo ""
echo ">>> Java2 RE installation complete"
echo ""
#=================================================
echo ""
echo ">>> Deploying system configuration tools"
echo ""
cp ${PACKAGE_BASE}/netconf /a/usr/bin
cp ${PACKAGE_BASE}/network.conf /a/etc
chmod +x /a/usr/bin/netconf
echo "NOTE: Network settings can be changed using /usr/bin/netconf tool"
echo "NOTE: Sample configuration file is /etc/network.conf"
echo ""
#=================================================
gettext "::: Custom FINISH install script complete :::"; echo
echo ""
|