install
text
cdrom
lang en_US.UTF-8
keyboard us
skipx
url --url=http:
//192
.168.0.13
/cobbler/ks_mirror/CentOS-5
.9-X86_64
network --device eth0 --bootproto dhcp --noipv6 --
hostname
leo
rootpw --iscrypted $1$1Cthpm5k$ejyOypOnp0YYX0RQ3qMk41
firewall --disabled
authconfig --enableshadow --enablemd5
selinux --disabled
timezone --utc Asia
/Shanghai
bootloader --location=mbr
zerombr
yes
mouse generic3ps
/2
clearpart --all --initlabel
part
/boot
--fstype ext3 --size=200 --asprimary
part / --fstype ext3 --size=10000
part swap --size=2048
part
/data
--fstype ext3 --size=1 --grow
reboot
%packages
%packages
@base
@core
@development-libs
@development-tools
@editors
@text-internet
keyutils
trousers
fipscheck
device-mapper-multipath
imake
%post --nochroot
mkdir
-p
/mnt/cdrom
mount
-r -t iso9660
/tmp/cdrom
/mnt/cdrom
cp
/mnt/cdrom/ipmod
/mnt/sysimage/root/ipmod
>
/dev/null
umount
/mnt/cdrom
%post
sed
-i
"8 s/^/alias vi='vim'/"
/root/
.bashrc 2>
/dev/null
echo
'syntax on'
>
/root/
.vimrc 2>
/dev/null
ssh_cf=
"/etc/ssh/sshd_config"
sed
-i -e
'74 s/^/#/'
-i -e
'76 s/^/#/'
$ssh_cf
sed
-i
"s/#UseDNS yes/UseDNS no/"
$ssh_cf
sed
-i -e
'44 s/^/#/'
-i -e
'48 s/^/#/'
$ssh_cf
find
/ -name TRANS.TBL -
exec
rm
{} \;
/dev/null
2>
/dev/null
cat
<< EOF
+--------------------------------------------------------------+
| === Welcome to Tunoff services === |
+--------------------------------------------------------------+
EOF
for
i
in
`
ls
/etc/rc3
.d
/S
*`
do
CURSRV=`
echo
$i|
cut
-c 15-`
echo
$CURSRV
case
$CURSRV
in
crond | irqbalance | microcode_ctl | network | random | sshd | syslog |
local
)
echo
"Base services, Skip!"
;;
*)
echo
"change $CURSRV to off"
chkconfig --level 235 $CURSRV off
service $CURSRV stop
;;
esac
done
ulimit
-HSn 65535
echo
-
ne
"
* soft nofile 65536
* hard nofile 65536
" >>
/etc/security/limits
.conf
true
>
/etc/sysctl
.conf
cat
>>
/etc/sysctl
.conf << EOF
net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
net.ipv4.tcp_max_tw_buckets = 6000
net.ipv4.tcp_sack = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_rmem = 4096 87380 4194304
net.ipv4.tcp_wmem = 4096 16384 4194304
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.core.netdev_max_backlog = 262144
net.core.somaxconn = 262144
net.ipv4.tcp_max_orphans = 3276800
net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_mem = 94500000 915000000 927000000
net.ipv4.tcp_fin_timeout = 1
net.ipv4.tcp_keepalive_time = 1200
net.ipv4.ip_local_port_range = 1024 65535
EOF
/sbin/sysctl
-p
sed
-i
"s/ca::ctrlaltdel:\/sbin\/shutdown -t3 -r now/#ca::ctrlaltdel:\/sbin\/shutdown -t3 -r now/"
/etc/inittab
chmod
600
/etc/passwd
chmod
600
/etc/shadow
chmod
600
/etc/group
chmod
600
/etc/gshadow