install lang en_US.UTF-8 langsupport --default en_US.UTF-8 en_US.UTF-8 keyboard us mouse genericwheelps/2 --device psaux skipx network --device eth0 --bootproto static --ip 192.168.7.29 --netmask 255.255.255.0 --gateway 192.168.7.1 --nameserver 192.168.7.58,192.168.1.46 --hostname grendel.eftdomain.net url --url http://192.168.1.217/centos/5.2/base rootpw --iscrypted $1$/TWX24ae$82zOJF5hk.IiKw8PbMKoP0 firewall --enabled authconfig --enableshadow --enablemd5 timezone America/Chicago zerombr yes bootloader --location=mbr clearpart --all part /boot --fstype ext3 --size=256 part swap --fstype swap --size=1024 part pv.3 --size=8192 part pv.4 --size=128 --grow volgroup vg0 pv.3 volgroup vg_opt pv.4 logvol / --fstype ext3 --name=root --vgname=vg0 --size=768 logvol /home --fstype ext3 --name=home --vgname=vg0 --size=256 logvol /usr --fstype ext3 --name=usr --vgname=vg0 --size=3072 logvol /var --fstype ext3 --name=var --vgname=vg0 --size=2048 logvol /tmp --fstype ext3 --name=tmp --vgname=vg0 --size=1024 logvol /opt --fstype ext3 --name=opt --vgname=vg_opt --size=128 --grow reboot %packages @Base dhcp sendmail-cf cfengine xorg-x11-xauth xterm java-1.5.0-sun java-1.5.0-sun-devel java-1.5.0-sun-fonts fedora-ds openldap-clients -java-1.5.0-ibm -java-1.5.0-ibm-devel -gpm %post # First boot fixups echo "echo 60 > /proc/sys/net/ipv4/tcp_keepalive_time" >> /etc/rc.local /bin/cp /etc/rc.local /etc/rc.local.dist /bin/cat</usr/local/sbin/firstrun #!/bin/bash echo "Making final configuration changes" EOFB chmod 744 /usr/local/sbin/firstrun /bin/cat</etc/rc.local #!/bin/bash /usr/local/sbin/firstrun EORCL chmod 755 /etc/rc.local /bin/rm /etc/yum.repos.d/*.repo /bin/cat</etc/yum.repos.d/eftsource.repo [centos52-eftsource] name=EFTSOURCE primary CentOS 5.2 Repository baseurl=http://192.168.1.217/centos/5.2/base/CentOS enabled=1 gpgcheck=0 EOREPO /bin/chmod 644 /etc/yum.repos.d/eftsource.repo /bin/cat</etc/selinux/config SELINUX=disabled SELINUXTYPE=targeted EOSEL /bin/chmod 644 /etc/selinux/config /bin/cat</etc/sysconfig/iptables # Firewall configuration written by system-config-securitylevel # Manual customization of this file is not recommended. *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :RH-Firewall-1-INPUT - [0:0] -A INPUT -j RH-Firewall-1-INPUT -A FORWARD -j RH-Firewall-1-INPUT -A RH-Firewall-1-INPUT -i lo -j ACCEPT -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT -A RH-Firewall-1-INPUT -p 50 -j ACCEPT -A RH-Firewall-1-INPUT -p 51 -j ACCEPT -A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT -A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited COMMIT EOIPT cat</usr/local/bin/setclasspath #! /bin/bash export JAVA_HOME='/usr/lib/jvm/java-1.5.0-sun' set_cp() { local jvm_jars=\$(find \$JAVA_HOME/ -iname "*.jar" -printf '%p:') local shr_jars=\$(echo /usr/share/java/*.jar | sed 's/ /:/g')':' local loc_jars=\$(echo /usr/local/share/java/*.jar | sed 's/ /:/g')':' export CLASSPATH=\$(echo .:\$jvm_jars\$shr_jars\$loc_jars) } ecp() { echo \$CLASSPATH | sed 's/:/\n/g' } # set class path by default set_cp EOCP chmod 755 /usr/local/bin/setclasspath /usr/local/bin/setclasspath # Remove the beeping cat</root/.inputrc set prefer-visible-bell EOF cat</etc/skel/.inputrc set prefer-visible-bell EOF # VMware fixups /sbin/lspci | /bin/grep VMware && \ /bin/cat<>/usr/local/sbin/firstrun /usr/bin/yum install -y VMwareTools /bin/chmod 755 /etc/rc.d/init.d/vmware-tools /usr/bin/vmware-config-tools.pl default /etc/init.d/network stop /sbin/rmmod vmxnet /sbin/rmmod pcnet32 /sbin/depmod -a /sbin/modprobe vmxnet /etc/init.d/network start EOVMFX /bin/cat<>/usr/local/sbin/firstrun fpe=\$(/usr/sbin/vgdisplay vg_opt|/bin/grep "Free *PE"|/usr/bin/awk '{print \$5}') /usr/sbin/lvextend /dev/vg_opt/opt -l +\${fpe} resize2fs -p /dev/vg_opt/opt & EOGO grep 'dport 389 -j ACCEPT' /etc/sysconfig/iptables > /dev/null || \ awk '{ if($0~"icmp-host-prohibited"){print "-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 389 -j ACCEPT";} print $0;}' /etc/sysconfig/iptables > /etc/sysconfig/iptables.vmware-server /bin/mv /etc/sysconfig/iptables.vmware-server /etc/sysconfig/iptables /sbin/lspci | /bin/grep VMware && /bin/cat</etc/X11/xorg.conf # Xorg configuration created by system-config-display Section "ServerLayout" Identifier "single head configuration" Screen 0 "Screen0" 0 0 InputDevice "Keyboard0" "CoreKeyboard" EndSection Section "InputDevice" Identifier "Keyboard0" Driver "kbd" Option "XkbModel" "pc105" Option "XkbLayout" "us" EndSection Section "Device" Identifier "Videocard0" Driver "vmware" EndSection Section "Screen" Identifier "Screen0" Device "Videocard0" DefaultDepth 24 SubSection "Display" Viewport 0 0 Depth 24 EndSubSection EndSection EOXOC # cfengine cat</var/cfengine/inputs/update.conf control: actionsequence = ( shellcommands copy processes tidy ) domain = ( ExecResult(/bin/dnsdomainname) ) DefaultCopyType = ( checksum ) master_cfinput = ( /var/cfengine/masterfiles/inputs ) master_cfmodule = ( /var/cfengine/masterfiles/modules ) AddInstallable = ( new_cfenvd new_cfservd ) workdir = ( /var/cfengine ) modbindir = ( /usr/local/cfengine/modules ) linux:: cf_install_dir = ( /usr/sbin ) SplayTime = ( 1 ) policyhost = ( newton.eftdomain.net ) copy: \$(master_cfinput) dest=\$(workdir)/inputs r=inf mode=600 type=binary exclude=*.lst exclude=*~ exclude=#* server=\$(policyhost) trustkey=true \$(master_cfmodule) dest=\$(modbindir) r=inf mode=700 type=binary exclude=*.lst exclude=*~ exclude=#* server=\$(policyhost) trustkey=true \$(cf_install_dir)/cfagent dest=\$(workdir)/bin/cfagent mode=755 backup=false type=checksum \$(cf_install_dir)/cfservd dest=\$(workdir)/bin/cfservd mode=755 backup=false type=checksum \$(cf_install_dir)/cfexecd dest=\$(workdir)/bin/cfexecd mode=755 backup=false type=checksum tidy: \$(workdir)/outputs pattern=* age=7 processes: new_cfservd:: "cfservd" signal=term restart "/var/cfengine/bin/cfservd" new_cfenvd:: "cfenvd" signal=kill restart "/var/cfengine/bin/cfenvd -H" shellcommands: "/bin/bash -c \"if [ -h /var/cfengine/bin/cfagent ];then /bin/unlink /var/cfengine/bin/cfagent; fi\"" EOF echo "/usr/sbin/cfexecd -F; /usr/sbin/cfexecd -F" >> /usr/local/sbin/firstrun echo "192.168.7.29 grendel.eftdomain.net grendel" >> /etc/hosts # put the old rc.local back and fire off a reboot. (this needs to go last) /bin/cat> /usr/local/sbin/firstrun /bin/mv /etc/rc.local.dist /etc/rc.local if [ ! -f /etc/.firstrun_ran ];then touch /etc/.firstrun_ran reboot fi EOFIXUPS