#!/bin/bash

# Check if user is root

if [ $(id -u) != “0” ] ; then

   echo “Error: You must be root to run this script!”

   exit 1

fi

#Create user and update profile

useradd -d /home/webuser -g users webuser

echo pwd |passwd –stdin webuser

sed -i ‘s/PATH=$PATH:$HOME\/bin/PATH=$PATH:$HOME\/bin:\/sbin:\/usr\/sbin:\/usr\/local\/bin/g’ /home/webuser/.bash_profile

#Config the webuser’s permit

echo “webuser    ALL=(root)   NOPASSWD:ALL”>>/etc/sudoers

#Create the private dict

mkdir -p /home/webuser/software

chown -R webuser.users /opt

#Config dns

mv /etc/resolv.conf /etc/resolv.conf.bak

cat >/etc/resolv.conf<<EOF

search localdomain

nameserver 202.96.209.5

nameserver 202.96.209.133

EOF

#Disable selinux

sed -i ‘s/SELINUX=enforcing/SELINUX=disabled/g’ /etc/sysconfig/selinux

#Config ssh

sed -i ‘s/#Protocol 2,1/Protocol 2/g’ /etc/ssh/sshd_config

sed -i ‘s/#PermitRootLogin yes/permitRootLogin no/g’ /etc/ssh/sshd_config

sed -i ‘s/GSSAPIAuthentication yes/#GSSAPIAuhentication yes/g’ /etc/ssh/sshd_config

sed -i ‘s/GSSAPICleanupCredentials yes/#GSSAPICleanupCredentials yes/g’ /etc/ssh/sshd_config

sed -i ‘s/#UseDNS yes/UseDNS no/g’ /etc/ssh/sshd_config

/etc/init.d/sshd restart

#Sync time

echo “01 * * * * root  rdate -s stdtime.gov.hk”>>/etc/crontab

/etc/init.d/crond restart

#Config kernel

cat>>/etc/sysctl.conf<<EOF

net.ipv4.tcp_fin_timeout=30

net.ipv4.tcp_keepalive_time = 300

net.ipv4.tcp_tw_reuse = 1

net.ipv4.tcp_tw_recycle = 1

net.ipv4.tcp_syncookies = 1

net.ipv4.tcp_max_syn_backlog = 4096

net.ipv4.tcp_synack_retries = 2

net.ipv4.tcp_syn_retries = 2

net.ipv4.tcp_rmem = 32768

net.ipv4.tcp_wmem = 32768

net.ipv4.tcp_sack = 0

fs.file-max = 8061540

EOF

sysctl -p

cat >>/etc/security/limits.conf<<EOF

webuser   –  nofile   1006154

root      –  nofile   1006154

EOF

#Config language

mv /etc/sysconfig/i18n   /etc/sysconfig/i18n.bak

cat>/etc/sysconfig/i18n<<EOF

LANG=”en_US.UTF-8″

SUPPORTED=”zh_CN.UTF-8:zh_CN:zh:en_US:en”

SYSFONT=”latarcyrheb-sun16″

EOF

#Vim

sed -i “8 s/^/alias vi=’vim’/g” /root/.bashrc

echo ‘syntax on ‘>/root/.vimrc

#Turnoff services

for i in `ls /etc/rc3.d/S*`

do

 cursrv=`echo $i|cut -c 15- `

  echo $cursrv

  case $cursrv in

  cpuspeed|crond|irqbalance|microcode_ctl|mysqld|network|sshd|syslog)

 echo “base services ,skip!”

;;

*)

 echo “turn off $cursrv”

 chkconfig –level 235 $cursrv off

 service $cursrv stop

;;

esac

done

#Create repo

mv /etc/yum.repo.d/* /tmp

cat >/etc/yum.repos.d/CentOS-Base.repo<<EOF

[base]

name=CentOS-$releasever – Base

baseurl=http://centos.ustc.edu.cn/centos/5.9/os/x86_64/

gpgcheck=1

gpgkey=http://centos.ustc.edu.cn/centos/RPM-GPG-KEY-CentOS-5

#released updates

[update]

name=CentOS-$releasever – Updates

baseurl=http://centos.ustc.edu.cn/centos/5.9/updates/x86_64/

gpgcheck=1

gpgkey=http://centos.ustc.edu.cn/centos/RPM-GPG-KEY-CentOS-5

#packages used/produced in the build but not released

[addons]

name=CentOS-$releasever – Addons

baseurl=http://centos.ustc.edu.cn/centos/5.9/addons/x86_64/

gpgcheck=1

gpgkey=http://centos.ustc.edu.cn/centos/RPM-GPG-KEY-CentOS-5

#additional packages that may be useful

[extras]

name=CentOS-$releasever – Extras

baseurl=http://centos.ustc.edu.cn/centos/5.9/extras/x86_64/

gpgcheck=1

gpgkey=http://centos.ustc.edu.cn/centos/RPM-GPG-KEY-CentOS-5

#additional packages that extend functionality of existing packages

[centosplus]

name=CentOS-$releasever – Plus

baseurl=http://centos.ustc.edu.cn/centos/5.9/centosplus/x86_64/

gpgcheck=1

enabled=0

gpgkey=http://centos.ustc.edu.cn/centos/RPM-GPG-KEY-CentOS-5

#contrib – packages by Centos Users

[contrib]

name=CentOS-$releasever – Contrib

baseurl=http://centos.ustc.edu.cn/centos/5.9/contrib/x86_64/

gpgcheck=1

enabled=0

gpgkey=http://centos.ustc.edu.cn/centos/RPM-GPG-KEY-CentOS-5

EOF