#!/bin/bash

function move_file() {
	[ $# -eq 2 ] || exit 1
	local src=$1 dst=$2

	chown --reference=$dst $src || exit 1 
	chmod --reference=$dst $src || exit 1 
	mv -f $src $dst
}

pushd / >/dev/null

[ ! -e etc/mtab ] && ln -s /proc/mounts etc/mtab > /dev/null 2>&1

# Convert system to shadow password files
/usr/sbin/pwconv > /dev/null 2>&1

# Disable interactive startup
CFG_FILE=etc/sysconfig/init
if [ -f $CFG_FILE ]; then
	sed -e 's/^PROMPT=.*/PROMPT=no/g' \
		$CFG_FILE > ${CFG_FILE}.$$ && \
			 move_file ${CFG_FILE}.$$ $CFG_FILE > /dev/null 2>&1
fi

# Fix /etc/rsyslog.conf
CFG_FILE=etc/rsyslog.conf
if [ -f $CFG_FILE ]; then
	echo -e ',s^\([[:space:]]\)\(/var/log/\)^\\1-\\2^\nwq' | ed -s $CFG_FILE
fi

# Fix /etc/sysctl.conf
CFG_FILE=etc/sysctl.conf
if [ -f $CFG_FILE ]; then
    sed -e "s,^kernel\.,# kernel.,g" \
	-e "s,^net.ipv4.conf\.,# net.ipv4.conf.,g" \
        $CFG_FILE > ${CFG_FILE}.$$ && \
		move_file ${CFG_FILE}.$$ $CFG_FILE > /dev/null 2>&1
fi

# disable all services
if [ -f /sbin/chkconfig ] && [ -f /bin/grep ] && [ -f /bin/sed ] ; then 
for i in `LANG=C /sbin/chkconfig --list | grep -v "xinetd based services:" | sed -e "s/\([^ ]*\)[ ]*0.*/\1/" -e "s/[\t]\(.*\):.*/\1/"`; do
	[ -x etc/init.d/$i ] && /sbin/chkconfig --level 3 $i off > /dev/null 2>&1
done
fi

# turn services on
list="network httpd iptables sshd xinetd saslauthd sendmail rsyslog crond"
for i in $list; do
	/sbin/chkconfig --level 3 $i on > /dev/null 2>&1
done

# disable all cron jobs
for i in hourly daily weekly monthly; do
	chmod a-x /etc/cron.${i}/* > /dev/null 2>&1
done
# enable logrotate
chmod a+x /etc/cron.daily/logrotate > /dev/null 2>&1

# mount /dev/pts
echo "none	/dev/pts	devpts	rw,gid=5,mode=620	0	0" >> etc/fstab
mkdir -p dev/pts > /dev/null 2>&1
mkdir -p dev/shm > /dev/null 2>&1
echo "none	/dev/shm	tmpfs	defaults		0	0" >> etc/fstab

# Optional tuning

# Fix sshd_config 
CFG_FILE=etc/ssh/sshd_config
if [ -f $CFG_FILE ]; then
    sed -e "s/^X11Forwarding yes/X11Forwarding no/" \
        $CFG_FILE > ${CFG_FILE}.$$ && \
		move_file ${CFG_FILE}.$$ $CFG_FILE > /dev/null 2>&1
fi

# apache tuning
CFG_FILE=etc/httpd/conf/httpd.conf
if [ -f $CFG_FILE ]; then
    sed -e "s/^StartServers[[:blank:]]*.*/StartServers       1/" \
        -e "s/^MinSpareServers[[:blank:]]*.*/MinSpareServers    1/" \
        -e "s/^MaxSpareServers[[:blank:]]*.*/MaxSpareServers    5/" \
        -e "s/^ServerLimit[[:blank:]]*.*/ServerLimit       10/" \
        -e "s/^MaxClients[[:blank:]]*.*/MaxClients        10/" \
        -e "s/^MinSpareThreads[[:blank:]]*.*/MinSpareThreads    1/" \
        -e "s/^MaxSpareThreads[[:blank:]]*.*/MaxSpareThreads    4/" \
        $CFG_FILE > ${CFG_FILE}.$$ && \
		move_file ${CFG_FILE}.$$ $CFG_FILE > /dev/null 2>&1
fi

# saslauthd tuning
CFG_FILE=etc/sysconfig/saslauthd
if [ -f $CFG_FILE ]; then
    sed -e "s/^FLAGS=/FLAGS=\"-n 2\"/" \
        $CFG_FILE > ${CFG_FILE}.$$ && \
		move_file ${CFG_FILE}.$$ $CFG_FILE > /dev/null 2>&1
fi

# Create empty modules.dep on container start
echo "#!/bin/bash
# Fix modules.dep for iptables
#
# chkconfig: 2345 08 92
# description: Simple script that fixed modules.dep for iptables
#

### BEGIN INIT INFO
# Provides: modules_dep
# Required-Start: \$local_fs
# Required-Stop: \$local_fs
# Should-Start: 
# Should-Stop: 
# Default-Start: 
# Default-Stop: 
# Short-Description: Fix modules.dep for iptables
# Description: Simple script that fixed modules.dep for iptables
### END INIT INFO

# source function library
. /etc/init.d/functions

function start() {
        if [ ! -d \"/lib/modules/\`uname -r\`\" ]; then
                mkdir /lib/modules/\`uname -r\`
        fi
        depmod -a >/dev/null 2>&1
}

function stop() {
        if [ -d \"/lib/modules/\`uname -r\`\" ]; then
                rm -rf /lib/modules/\`uname -r\`
        fi
}

case \"\$1\" in
  start)
        start
        RETVAL=0
        ;;
  stop)
        stop
        RETVAL=0
        ;;
  restart|reload|condrestart)
        stop
        start
        ;;
  try-restart|status)
        RETVAL=0
        ;;
  *)
        echo \$\"Usage: \$0 {start|stop|status|restart|condrestart|reload}\"
        RETVAL=2
esac

exit \$RETVAL" > etc/init.d/modules_dep
chmod 0755 etc/init.d/modules_dep
/sbin/chkconfig --add modules_dep

touch etc/sysconfig/network

# Force regeneration of mime-database, due to shared-mime-info
# post-install script failure
/usr/bin/update-mime-database /usr/share/mime > /dev/null 2>&1

popd > /dev/null
