Implementing disable_root_login_pw() and install_clamav() in bin/postinst

diff --git a/bin/postinst b/bin/postinst
index 92c2815902b59d24dd2fbd5ce4327801af15a5f2..8e074dbf6b0c699a7eca561db5b0380ac5da0e6c 100644 (file)
--- a/bin/postinst
+++ b/bin/postinst
@@ -272,7 +272,7 @@ tweak_grub() {
         grub2-editenv list
 
         echo "Removing quiet from '${grub_cfg}' ..."
-        sed --in-place=".bak.$( date -r ${grub_cfg} +'%Y-%m-%d_%H:%M:%S' )" -e 's/^\(GRUB_CMDLINE_LINUX=.*\)[  ]quiet\(.*\)/\1\2/' "${grub_cfg}"
+        sed --in-place -e 's/^\(GRUB_CMDLINE_LINUX=.*\)[       ]quiet\(.*\)/\1\2/' "${grub_cfg}"
 
         echo "Recreating /boot/grub2/grub.cfg ..."
         grub2-mkconfig -o /boot/grub2/grub.cfg
@@ -406,9 +406,20 @@ misc_packages() {
 
 }
 
+#-----------------------------------------------------------
+remove_ipv6_localhost() {
+
+    echo
+    log "Removing ::1 from /etc/hosts ..."
+
+    sed -i -e '/^::1/ d' /etc/hosts
+
+}
+
 #-----------------------------------------------------------
 create_motd() {
 
+    echo
     local url="${COBBLER_URL}/custom/pp-scripts/mk_create_motd.ksh"
 
     echo
@@ -506,11 +517,21 @@ install_openvm_tools() {
 #-----------------------------------------------------------
 remove_uek_packages() {
 
+    echo
+    log "Switch kernel in /etc/sysconfig/kernel ..."
+
+    sed -i -e 's/^\(DEFAULTKERNEL=\).*/\1kernel/i' /etc/sysconfig/kernel
+
     echo
     log "Removing UEK packages ..."
 
     yum remove -y *-uek-*
 
+    echo
+    log "Removing firmware packages ..."
+
+    rpm -qa | grep -- -firmware | xargs --no-run-if-empty yum remove -y
+
 }
 
 #-----------------------------------------------------------
@@ -628,6 +649,37 @@ set_root_pw() {
 
 }
 
+#-----------------------------------------------------------
+disable_root_login_pw() {
+
+    echo
+    log "Disabling SSH access for root with password ..."
+
+    perl -p -i -e 's/^\s*#?\s*PermitRootLogin\s.*/PermitRootLogin without-password/i' /etc/ssh/sshd_config
+
+}
+
+#-----------------------------------------------------------
+install_clamav() {
+
+    echo
+    log "Installing and configuring ClamAV ..."
+
+    yum install -y clamav clamav-update
+
+    echo "Tweaking /etc/freshclam.conf ..."
+
+    sed -e '/^#*Example/ d' \
+        -e 's/^[       ]*DatabaseMirror[       ].*/DatabaseMirror clamav.pixelpark.com/i' \
+        -e 's/\(#PrivateMirror mirror2.mynetwork.com\)/\1\nPrivateMirror clamav.pixelpark.com/i' \
+        -i /etc/freshclam.conf
+
+    echo
+    log "Running freshclam ..."
+    freshclam --verbose
+
+}
+
 #-----------------------------------------------------------
 main() {
 
@@ -643,6 +695,7 @@ main() {
     install_pp_tcsh_env
     make_pp_dirs
     misc_packages
+    remove_ipv6_localhost
     create_motd
     install_legato_networker
     install_ntp
@@ -650,8 +703,11 @@ main() {
     remove_uek_packages
     disable_floppy
     set_root_pw
+    disable_root_login_pw
     dist_upgrade
+    install_clamav
     install_puppet
+    remove_ipv6_localhost
 
     tweak_grub