#!/bin/sh

# be sure, be safe
if [ "$1" != "configure" ]
then
  exit 0
fi

# variables
copies=5
kernel=2.4.26
kernelold=2.4.25

# force link
ln -sf /boot/vmlinuz-$kernel-grsec /vmlinuz >/dev/null 2>&1
ln -sf /boot/vmlinuz-$kernel /vmlinuz.old >/dev/null 2>&1
ln -sf /boot/vmlinuz-$kernelold-grsec /vmlinuz.old2 >/dev/null 2>&1

# lilo.conf
if [ -f /etc/lilo.conf ]; then
  if [ ! -f /var/backups/lilo.conf.bak ]; then
    cp -pf /etc/lilo.conf /var/backups/lilo.conf.bak
  fi
  if ! cmp -s /var/backups/lilo.conf.bak /etc/lilo.conf; then
    (cd /var/backups &&
    /usr/bin/savelog -p -c $copies lilo.conf.bak > /dev/null)
    cp -pf /etc/lilo.conf /var/backups/lilo.conf.bak
  fi
fi

# napravimo detekciju root i boot devicea
script='
  /^#/ { next }
  $2 == "/" { print $1; exit }
'
rootdev=$(awk "$script" /etc/fstab)
root=$(readlink -f "$rootdev")
case "$root" in
/dev/md*)
  boot="$root"
  extra='raid-extra-boot="/dev/sda,/dev/sdb"'
  # ovo opcenito nije tocno, mozda je RAID sa IDE diskovima..
  ;;
/dev/sd*)
  boot="/dev/sda"
  ;;
/dev/cciss/*)
  boot="/dev/cciss/c0d0"
  ;;
/dev/ida/*)
  boot="/dev/ida/c0d0"
  ;;
/dev/hd*)
  boot="/dev/hda"
  ;;
*)
  boot="/dev/sda"
  ;;
esac

# i sad napisi ispravan conf
cat > /etc/lilo.conf.$$ <<EOF
boot=$boot
root=$root
$extra
lba32
install=/boot/boot.b
map=/boot/map
delay=10
vga=normal
default=Linux
append="lp=0 floppy=daring mce"

image=/vmlinuz
	label=Linux
	initrd=/boot/initrd-$kernel-grsec
	read-only

image=/vmlinuz.old
	label=LinuxOLD
	initrd=/boot/initrd-$kernel
	read-only
	optional

image=/vmlinuz.old2
	label=LinuxOLD2
	initrd=/boot/initrd-$kernelold-grsec
	read-only
	optional

other=/dev/fd0
	label=floppy
	unsafe

image=/boot/memtest86.bin
	label=memtest
	optional
EOF

# run lilo
[ -f /etc/lilo.conf.$$ ] && \
mv -f /etc/lilo.conf.$$ /etc/lilo.conf
lilo >/dev/null 2>&1

# check for gid 99 and if necessary create it
if grep '^proc:x:' /etc/group >/dev/null 2>&1; then
  groupmod -g 99 proc >/dev/null 2>&1
else
  groupadd -g 99 proc >/dev/null 2>&1
fi

# fix oidentd /proc capability
if [ -e /etc/default/oidentd ]; then
sed -e 's/OIDENT_GROUP=nogroup/OIDENT_GROUP=proc/' /etc/default/oidentd > \
  /etc/default/oidentd.$$ && mv /etc/default/oidentd.$$ /etc/default/oidentd
fi

# save old kernel params
if [ -f /etc/sysctl.conf ]; then
  if [ ! -f /var/backups/sysctl.conf.bak ]; then
    cp -pf /etc/sysctl.conf /var/backups/sysctl.conf.bak
  fi
  if ! cmp -s /var/backups/sysctl.conf.bak /etc/sysctl.conf; then
    (cd /var/backups &&
    /usr/bin/savelog -p -c $copies sysctl.conf.bak > /dev/null)
    cp -pf /etc/sysctl.conf /var/backups/sysctl.conf.bak
  fi
fi

# default kernel parameters
cat > /etc/sysctl.conf.$$ <<EOF
kernel/rtsig-max=4096
net/core/rmem_max=8388608
net/core/wmem_max=8388608
net/ipv4/conf/all/accept_redirects=0
net/ipv4/conf/all/accept_source_route=0
net/ipv4/conf/all/log_martians=1
net/ipv4/conf/all/rp_filter=1
net/ipv4/conf/all/secure_redirects=1
net/ipv4/conf/all/send_redirects=0
net/ipv4/icmp_echo_ignore_broadcasts=1
net/ipv4/icmp_ignore_bogus_error_responses=1
net/ipv4/ip_forward=0
net/ipv4/ip_local_port_range="10000 65000"
net/ipv4/tcp_ecn=0
net/ipv4/tcp_max_syn_backlog=8192
net/ipv4/tcp_retries1=2
net/ipv4/tcp_rfc1337=1
net/ipv4/tcp_rmem="4096 87380 4194304"
net/ipv4/tcp_syncookies=1
net/ipv4/tcp_wmem="4096 65536 4194304"
vm/bdflush="100 5000 640 2560 150 30000 5000 1884 2"
EOF

# old kernel params
[ -e /etc/sysctl.conf ] && \
cat /etc/sysctl.conf >> /etc/sysctl.conf.$$

# merge old and new in one conf, primarily respecting old
script='
my %confhash = ();
my $key, $value;
while (<>)
{
  chop();
  if (/(\S+)\s*=\s*(.+)/)
  {
    $confhash{$1} = $2;
  }
  else
  {
    #print "Cannot parse $_\n";
  }
}
while (($key, $value) = each %confhash)
{
  print "$key=$value\n";
}
'
perl -e "$script" < /etc/sysctl.conf.$$ > /etc/sysctl.conf-new &&
mv /etc/sysctl.conf-new /etc/sysctl.conf

# update pam_limits accordingly
if [ -e /etc/security/limits.conf ]; then
cp-update kernel-cn /etc/security/limits.conf <<EOF
*               soft    core            0
*		hard	nofile		4096
*		soft	nofile		4096
EOF

# check pam.d/login
fi
if [ -e /etc/pam.d/login ]; then
  sed -e 's/^#.*session.*required.*pam_limits.so/session required pam_limits.so/' \
  /etc/pam.d/login > /etc/pam.d/login.$$ && mv /etc/pam.d/login.$$ /etc/pam.d/login

# check pam.d/ssh
fi
if [ -e /etc/pam.d/ssh ]; then
  sed -e 's/^#.*session.*required.*pam_limits.so/session required pam_limits.so/' \
  /etc/pam.d/ssh > /etc/pam.d/ssh.$$ && mv /etc/pam.d/ssh.$$ /etc/pam.d/ssh
fi

# copy kernel
cp -f /boot/vmlinuz-2.4.16 /boot/vmlinuz-old

# prepare modules
if [ -e /etc/modules ]; then
cp-update kernel-cn /etc/modules <<EOF
e100
e1000
sk98lin
tg3
mptlan
ide-scsi
EOF
fi

# modify some ELF binaries capabilities and turn off segmented protection
/etc/init.d/gdm stop >/dev/null 2>&1 || \
  /etc/init.d/xdm stop >/dev/null 2>&1 || \
  /etc/init.d/kdm stop >/dev/null 2>&1 || \
  true
if [ -f /usr/X11R6/bin/XFree86 ]; then
  chpax -s /usr/X11R6/bin/XFree86 >/dev/null 2>&1
fi
if [ -f /usr/lib/j2sdk1.3/bin/i386/native_threads/java ]; then
  chpax -s /usr/lib/j2sdk1.3/bin/i386/native_threads/java >/dev/null 2>&1
fi
if [ -f /usr/lib/j2sdk1.3/bin/i386/green_threads/java ]; then
  chpax -s /usr/lib/j2sdk1.3/bin/i386/green_threads/java >/dev/null 2>&1
fi
if [ -f /usr/bin/localedef ]; then
  chpax -s /usr/bin/localedef >/dev/null 2>&1
  chpax -m /usr/bin/localedef >/dev/null 2>&1
fi
#if [ -f /usr/sbin/slapd ]; then
#  chpax -s /usr/sbin/slapd >/dev/null 2>&1
#fi

# make epoll device
if [ ! -c /dev/epoll ]; then
  mknod /dev/epoll c 10 124 >/dev/null 2>&1
fi