#!/bin/bash
# Post-setup script for CentOS 4 OS template.
 
set -e
set -u
#set -x
 
# Set the same timezone as for host system
test -f /etc/localtime && cp -fp /etc/localtime $VE_ROOT/etc/localtime
 
# Turn unneeded services off
OFF_SERVICES="anacron portmap netfs"
# Add the following "unneeded" services well if you managed to install it:
#   gpm
#   lm_sensors
for S in $OFF_SERVICES; do
        $VZCTL exec2 $VEID "/sbin/chkconfig --list $S >/dev/null 2>&1 && \
		/sbin/chkconfig $S off; exit 0"
done
                                                                                
# Turn needed services on
ON_SERVICES="httpd iptables xinetd"
for S in $ON_SERVICES; do
        $VZCTL exec2 $VEID "/sbin/chkconfig --list $S >/dev/null 2>&1 && \
		/sbin/chkconfig $S on; exit 0"
done
                                                                                
# Convert system to shadow password files
$VZCTL exec2 $VEID /usr/sbin/pwconv

# Disable root login
$VZCTL exec2 $VEID /usr/sbin/usermod -L root

# Do not launch *getty on tty devices - they are not accessible from VPS
$VZCTL exec2 $VEID sed -i -e '/getty/d' /etc/inittab

# Disable klogd
$VZCTL exec2 $VEID \
	"sed -i -e 's/daemon\\ klogd/passed\\ klogd\\ skipped/' \
		-e 's/killproc\\ klogd/passed\\ klogd\\ skipped/' \
			/etc/init.d/syslog"
# FIXME: fix '/etc/init.d/syslog status' to return 0
# even if klogd is not running

# Do not execute some cron-jobs by default
# We do not care if some files are missing, thus exec not exec2
$VZCTL exec2 $VEID \
	'chmod a-x /etc/cron.daily/{rpm,slocate.cron,makewhatis.cron}; exit 0'

# Mount /dev/pts
# FIXME is that needed in 2.6 kernel?
$VZCTL exec2 $VEID \
	'echo "none	/dev/pts	devpts	rw	0 0" >> /etc/fstab'

# Disable fsync() in syslog
$VZCTL exec2 $VEID \
	'sed -i -e s@\\\([[:space:]]\\\)\\\(/var/log/\\\)@\\\1-\\\2@' \
		/etc/syslog.conf

# Disable X11Forwarding by default
$VZCTL exec2 $VEID \
	"sed -i -e s/^X11Forwarding.*$/X11Forwarding\\ no/ \
		/etc/ssh/sshd_config"

# Do not try to unload iptables modules
$VZCTL exec2 $VEID \
	sed -i -e \
		's@^IPTABLES_MODULES_UNLOAD.*@IPTABLES_MODULES_UNLOAD="no"@' \
			/etc/sysconfig/iptables-config

# Disable nmbd in Samba (does not work in VPS)
$VZCTL exec $VEID \
	"test -f /etc/init.d/smb && \
		sed -i -e s@^.*nmbd.*\\\$@\\#\\ \\&@ /etc/init.d/smb || \
		exit 0"

# Link /etc/mtab to /proc/mounts
rm -f $VE_ROOT/etc/mtab
ln -s /proc/mounts $VE_ROOT/etc/mtab

# Set non-interactive mode for initscripts (openvz bug #46)
$VZCTL exec $VEID \
	"sed -i -e s@^PROMPT=.*@PROMPT=no@ /etc/sysconfig/init"

#echo "Rebuilding RPM DB ..."
#$RPM --root $VE_ROOT --rebuilddb
#rm -f $VE_ROOT/var/lib/rpm/__db.0*
