#!/bin/bash

LIBDIR=/usr/lib/tp-conf-srv

echo "Confirm debconf options"
dpkg-reconfigure debconf

echo "Configuring locales"
debconf-set-selections < ${LIBDIR}/locales.preseed
dpkg-reconfigure locales

echo "Boot strap the configuration of home dir, by using svnfix from another machine"
scp cal@calhariz-adm:bin/svnfix .
./svnfix
echo "Check for conflicts"
read

echo "Confirmar a configuração do exim4"
dpkg-reconfigure exim4-config
echo "/etc/aliases"
cat /etc/aliases
sendmail -v root < /dev/null
echo "sleeping 60 seconds for mail to be delivered"
sleep 60
echo "Check if aliases worked"
read

echo "Configure smartmontools"
echo "edit /etc/default/smartmontools"
echo "edit /etc/smartd.conf"
echo "-a -o on -S on -s (O/../.././(00/06/12/18)|S/../.././05|L/../../6/05) -m root -M test -M daily -i 30"
echo "H -l error -l selftest -f -o on -S on -s (O/../.././(00/06/12/18)|S/../.././05|L/../../6/05) -m root -M test -M daily"
read

echo "Change security level of logcheck: paranoid, server, workstation"
read

echo "Escolher segundo kernel optimizado para o CPU"

echo "Use vga=0x305 on /boot/grub/menu.lst"
cat <<EOF
||    || 640x480 || 800x600 || 1024x768 || 1280x1024 ||
||256 ||  0x301  || 0x303   || 0x305    ||  0x307   ||
||32k ||  0x310  || 0x313   || 0x316    ||  0x319   ||
||64k ||  0x311  || 0x314   || 0x317    ||  0x31A   ||
||16M ||  0x312  || 0x315   || 0x318    ||  0x31B  ||
EOF

echo "Configure console frame buffer if vesafb is not working"

echo "If you need UTF-8, configure the console. Please pay attention to the font"

echo "If necessary reboot to use the best kernel"

echo "Add extra modules"

echo "Pre-configure apt-listchanges"
debconf-set-selections < ${LIBDIR}/apt-listchanges.preseed

echo "Configure entropy pool"
update-tp-conf-srv apply 10_entropy_settings_v00
sysctl -p

echo "Better options for grub"
update-tp-conf-srv apply 10_grub_menu.lst_v00

echo "Reconfigure sshd"
update-tp-conf-srv apply 10_sshd_config_v00
/etc/init.d/ssh reload

echo "Apply CIIST-TP policy for logs"
update-tp-conf-srv apply 10_logrotate.conf_v00
update-tp-conf-srv apply 10_sysklogd_cron.daily_v00
update-tp-conf-srv apply 10_sysklogd_cron.weekly_v00

echo "Choose ntp servers to use: alameda or tagus"
read server
case $server in
    alameda|tagus)
	update-tp-conf-srv apply 0_ntp.conf_${server}_v00
	update-tp-conf-srv apply 0_ntpdata_${server}_v00
	;;
    *)
	echo "wrong option, please apply patchs by hand"
esac

echo "Configure tripwire"
update-tp-conf-srv apply 10_tripwire_v00
echo "Follow extra instructions"
read

echo "Configure tiger"
update-tp-conf-srv apply 10_tigerrc_v00

echo "Network options, please choose server or router"
echo "update-tp-conf-srv apply 20_network_sys_net_options_routers_v01"
echo "update-tp-conf-srv apply 20_network_sys_net_options_v00"
echo "sysctl -p"

echo "Configure log rotation"

echo "Read https://ciist.ist.utl.pt/ciwiki/SecuringDebianPrivTagus"

echo "Desligar serviços desnecessários no inetd"

echo "Num servidor do CIIST não é preciso nfs nem portmap, desinstalar"

echo "Fazer auditoria"
