#!/bin/bash

function move_file() {
	[ $# -eq 2 ] || exit 1
	local src=$1 dst=$2

	chown --reference=$dst $src || exit 1 
	chmod --reference=$dst $src || exit 1 
	mv -f $src $dst
}

pushd / >/dev/null

ln -sf /proc/mounts etc/mtab

# Convert system to shadow password files
/usr/sbin/pwconv > /dev/null 2>&1

# Implementation of SMTP AUTH for clients.
# Create usr/lib/sasl2/Sendmail.conf and set auth type
echo "pwcheck_method: saslauthd" > usr/lib64/sasl2/Sendmail.conf


# Disable root login
CFG_FILE=etc/shadow
if [ -f $CFG_FILE ]; then
	sed "s/^root::/root:!:/" $CFG_FILE > ${CFG_FILE}.$$ && \
		move_file ${CFG_FILE}.$$ $CFG_FILE > /dev/null 2>&1
fi

# do not launch mingetty on tty devices - they are not accessible from VE
CFG_FILE=etc/inittab
if [ -f $CFG_FILE ]; then
	sed '/^.*mingetty.*$/d' $CFG_FILE > ${CFG_FILE}.$$ && \
		move_file ${CFG_FILE}.$$ $CFG_FILE > /dev/null 2>&1
fi

# cut redundant sysctl values
CFG_FILE=etc/sysctl.conf
if [ -f $CFG_FILE ]; then
	sed -e '/fs.inotify.max_user_watches/ s/^#*/#/' -e '/net.ipv4.icmp_echo_ignore_broadcasts/ s/^#*/#/' $CFG_FILE > ${CFG_FILE}.$$ && \
		move_file ${CFG_FILE}.$$ $CFG_FILE > /dev/null 2>&1
fi

# execute right now to avoid error into shared ve
[ -f sbin/SuSEconfig ] && sbin/SuSEconfig --module permissions

# Disable parallel init
CFG_FILE=etc/sysconfig/boot
if [ -f $CFG_FILE ]; then
	sed -e 's/^RUN_PARALLEL=.*/RUN_PARALLEL=no/g' \
	$CFG_FILE > ${CFG_FILE}.$$ && \
		move_file ${CFG_FILE}.$$ $CFG_FILE > /dev/null 2>&1
fi

# Fix /etc/rsyslog.conf
CFG_FILE=etc/rsyslog.conf
if [ -f $CFG_FILE ]; then
	echo -e ",s@\(.*/dev/tty10\)@#\\\1@\n" \
		",s@\(.*/dev/xconsole\)@#\\\1@\n" \
		"wq\n" | ed -s $CFG_FILE > /dev/null 2>&1
fi

# disable all services
if [ -f /sbin/chkconfig ] && [ -f /bin/grep ] && [ -f /bin/sed ] ; then
for i in `LANG=C /sbin/chkconfig --list | grep -v "xinetd based services:" | sed -e "s/\([^ ]*\)[ ]*0.*/\1/" -e "s/[\t]\(.*\):.*/\1/"`; do
	[ -x etc/init.d/$i ] && /sbin/chkconfig --level 3 $i off > /dev/null 2>&1
done
fi

list="network apache2 sshd xinetd saslauthd sendmail syslog cron boot.rootfsck boot.localfs"
for i in $list; do
	[ -x etc/init.d/$i ] && sbin/insserv -d -f $i
done

sbin/insserv -r boot.crypto  > /dev/null 2>&1
sbin/insserv -r boot.klog  > /dev/null 2>&1

# disable all cron jobs
for i in d hourly daily weekly monthly; do
	chmod a-x /etc/cron.${i}/* > /dev/null 2>&1
done

# Added /dev/console to serure consoles
echo "console" >> /etc/securetty

# fixed cron warnings about non-executable scripts
CFG_FILE=usr/lib/cron/run-crons
if [ -f $CFG_FILE ] ; then
grep "is not executable, .* /dev/null" $CFG_FILE > /dev/null 2>&1 || \
	echo -e ",s#^\(.* is not executable, .*\)#\\\1 > /dev/null#\nwq\n" | \
		ed -s $CFG_FILE > /dev/null 2>&1
fi

# apache tuning
CFG_FILE=etc/apache2/server-tuning.conf
if [ -f $CFG_FILE ]; then
    sed -e "s/\tStartServers[[:blank:]]*.*/\tStartServers       1/" \
	-e "s/\tMinSpareServers[[:blank:]]*.*/\tMinSpareServers    1/" \
	-e "s/\tMaxSpareServers[[:blank:]]*.*/\tMaxSpareServers    5/" \
	-e "s/\tServerLimit[[:blank:]]*.*/\tServerLimit       10/" \
	-e "s/\tMaxClients[[:blank:]]*.*/\tMaxClients        10/" \
	-e "s/\tMinSpareThreads[[:blank:]]*.*/\tMinSpareThreads    1/" \
	-e "s/\tMaxSpareThreads[[:blank:]]*.*/\tMaxSpareThreads    4/" \
	-e "s/\tThreadsPerChild[[:blank:]]*.*/\tThreadsPerChild    10/" \
	$CFG_FILE > ${CFG_FILE}.$$ && \
		move_file ${CFG_FILE}.$$ $CFG_FILE > /dev/null 2>&1
fi



# enable logrotate
chmod a+x /etc/cron.daily/logrotate > /dev/null 2>&1

# create first start configure file

if test -f var/lib/YaST2/run_suseconfig ; then
	sbin/SuSEconfig `cat var/lib/YaST2/run_suseconfig`
	rm -f var/lib/YaST2/run_suseconfig
fi

mkdir  var/adm/YaST
mkdir  var/adm/YaST/ProdDB         
mkdir  var/adm/YaST/InstSrcManager
mkdir  var/adm/YaST/InstSrcManager/tmp
mkdir  var/adm/YaST/SelDB
mkdir  var/adm/YaST/y2pm


# Optional tuning


# Fix sshd_config 
CFG_FILE=etc/ssh/sshd_config
if [ -f $CFG_FILE ]; then
    sed -e "s/^X11Forwarding yes/X11Forwarding no/" \
        $CFG_FILE > ${CFG_FILE}.$$ && \
		move_file ${CFG_FILE}.$$ $CFG_FILE > /dev/null 2>&1
fi


# set saslauthd max child number
CFG_FILE=etc/sysconfig/saslauthd
if [ -f $CFG_FILE ]; then
	sed -e 's/^SASLAUTHD_THREADS=.*/SASLAUTHD_THREADS=2/g' \
	$CFG_FILE > ${CFG_FILE}.$$ && \
		move_file ${CFG_FILE}.$$ $CFG_FILE > /dev/null 2>&1
fi

popd > /dev/null
