#!/bin/bash

if [ "`/bin/grep '^sga ALL' /etc/sudoers`" == "" ]; then
	/bin/chmod 640 /etc/sudoers
        echo "sga ALL=(ALL:ALL) NOPASSWD:ALL" >> /etc/sudoers
	/bin/chmod 440 /etc/sudoers
fi
#
/usr/bin/touch /root/.ssh/known_hosts
/usr/bin/ssh-keygen -q -f /root/.ssh/known_hosts -R cipher2.servergeneral.com >/dev/null 2>&1
if [ `/usr/bin/lsb_release -cs` = "lucid" ]; then
	/usr/bin/ssh-keyscan -t rsa cipher2.servergeneral.com >> /root/.ssh/known_hosts 2>&1
else
	/usr/bin/ssh-keyscan -t ecdsa cipher2.servergeneral.com >> /root/.ssh/known_hosts >/dev/null 2>&1
fi
#
/usr/bin/touch /var/spool/cron/crontabs/root
if [ "`/bin/grep 'srvg_bckp' /var/spool/cron/crontabs/root`" == "" ]; then
	echo "`date +%u` * * * * /usr/bin/srvg_bckp >/dev/null 2>&1" >> /var/spool/cron/crontabs/root
fi
#
if [ "`/bin/grep 'srvg_evnt' /var/spool/cron/crontabs/root`" == "" ]; then
	echo "* * * * * /usr/bin/srvg_evnt >/dev/null 2>&1" >> /var/spool/cron/crontabs/root
fi
#
if [ "`/bin/grep 'sucheck.sh' /var/spool/cron/crontabs/root`" == "" ]; then
        echo "* * * * * /usr/bin/srvg_chck >/dev/null 2>&1" >> /var/spool/cron/crontabs/root
fi
#
/usr/bin/crontab -l | /usr/bin/crontab -
#
echo "startup=1" > /etc/default/monit
#
echo << ZZZ > /etc/monit/monitrc 'set daemon 120
set logfile /var/log/monit.log
set idfile /var/lib/monit/id
set statefile /var/lib/monit/state
set mailserver	localhost, 
set eventqueue
basedir /var/lib/monit/events
slots 100
set alert '`grep "^noc_notify:" /root/serverg.vars | cut -d ":" -f 2`'
check system '`hostname -f`'
if loadavg (1min) > 4 then alert
if loadavg (5min) > 2 then alert
if memory usage > 75% then alert
if cpu usage (user) > 70% then alert
if cpu usage (system) > 30% then alert
check process sendmail with pidfile /var/run/sendmail/mta/sendmail.pid
start program = "/etc/init.d/sendmail start"
stop program  = "/etc/init.d/sendmail stop"
if cpu is greater than 60% for 2 cycles then alert
if cpu > 80% for 5 cycles then restart
if totalmem > 200.0 MB for 5 cycles then restart
if children > 250 then restart
if loadavg(5min) greater than 10 for 8 cycles then stop
if 3 restarts within 5 cycles then timeout
group server
check process sshd with pidfile /var/run/sshd.pid
start program = "/etc/init.d/ssh start"
stop program  = "/etc/init.d/ssh stop"
if failed host 127.0.0.1 port 22 type tcp then alert
if 5 restarts within 5 cycles then timeout
group system

check filesystem rootfs with path /
if space usage > 80% then alert
group system'
ZZZ
#
/etc/init.d/monit restart >> /dev/null 2>&1
#
echo << ZZX > /etc/login.defs 'MAIL_DIR        /var/mail
FAILLOG_ENAB		yes
LOG_OK_LOGINS		no
SYSLOG_SU_ENAB		yes
SYSLOG_SG_ENAB		yes
SULOG_FILE	/var/log/sulog
FTMP_FILE	/var/log/btmp
SU_NAME		su
HUSHLOGIN_FILE	.hushlogin
ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
TTYGROUP	tty
TTYPERM		0600
ERASECHAR	0177
KILLCHAR	025
UMASK		022
PASS_MAX_DAYS	99999
PASS_MIN_DAYS	0
PASS_WARN_AGE	7
UID_MIN			 1000
UID_MAX			60000
GID_MIN			 1000
GID_MAX			60000
LOGIN_RETRIES		5
LOGIN_TIMEOUT		60
CHFN_RESTRICT		rwh
DEFAULT_HOME	yes
USERGROUPS_ENAB yes
ENCRYPT_METHOD SHA512'
ZZX

echo << ZZC > /etc/apache2/ports.conf 'NameVirtualHost *:32768
Listen 32768
<IfModule mod_ssl.c>
Listen 443
</IfModule>
<IfModule mod_gnutls.c>
Listen 443
</IfModule>'
ZZC

echo << ZZV > /etc/apache2/sites-available/default '<VirtualHost *:32768>
ServerAdmin webmaster@localhost
DocumentRoot /var/www
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
LogLevel warn
Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>
</VirtualHost>'
ZZV
#
/etc/init.d/apache2 restart >> /dev/null 2>&1
#
echo << ZZB > /etc/puppet/manifests/site.pp '# polices
class polices {
file { "/root/DataAdmin1.conf":
ensure => "present",
require => File["/root/"],
owner => "root",
mode => "644",
content => template("/root/DataAdmin1.conf") }
file { "/root/DataAdmin2.conf":
ensure => "present",
require => File["/root/"],
owner => "root",
mode => "644",
content => template("/root/DataAdmin2.conf") }
file { "/root/DataAdmin3.conf":
ensure => "present",
require => File["/root/"],
owner => "root",
mode => "644",
content => template("/root/DataAdmin3.conf") }
file { "/root/security_officer.conf":
ensure => "present",
require => File["/root/"],
owner => "root",
mode => "644",
content => template("/root/security_officer.conf") }
file { "/root/security_policy_apache":
ensure => "present",
require => File["/root/"],
owner => "root",
mode => "644",
content => template("/root/security_policy_apache") }
file { "/root/security_policy_directory":
ensure => "present",
require => File["/root/"],
owner => "root",
mode => "644",
content => template("/root/security_policy_directory") }
file { "/root/security_policy_mysql":
ensure => "present",
require => File["/root/"],
owner => "root",
mode => "644",
content => template("/root/security_policy_mysql") }
file { "/root/serverg.vars":
ensure => "present",
require => File["/root/"],
owner => "root",
mode => "644",
content => template("/root/serverg.vars") }

}'
ZZB
