Listing 1

#!/bin/ksh
#/*  start_doc  */
#/***********************************************************************
#*                     Program Information                              *
#*                                                                      *
#* Program Name        : custom.script                                  *
#* Date Written        : 03/08/01                                       *
#* Author              : William D. Wood                                *
#* System              : IBM                                            *
#* Subsystem           : NIM Administration                             *
#* Example             : using nim run script custom.script             *
#* Purpose             : sets initial OS system configurations          *
#* Description         : this script is used to setup the OS to         *
#*                       standard after a nim install                   *
#*                                                                      *
#************************************************************************
#*                        Revision History                              *
#*                                                                      *
#*  Name       Date      Revision                                       *
#*             Revised   Description/Authorization                      *
#* --------    --------  ---------------------------------------------- *
#* woodwd      03/08/01  Created initial script                         *
#*                                                                      *
#***********************************************************************/
#/*  end_doc  */
 
################################################################################
##
##  Subroutine: Exit program upon operator request or if error encountered
##
################################################################################
exit_prog ()
{
  print ""
  print "Exiting program '$PROGNAME'.  Exit code = 1"
  print "Program exited on $(date '+%a, %h %d at %r')"
  print ""
  print "Thank you."
  print ""
  exit 1
}

################################################################################
##
##  Subroutine: Exit program upon interrupt request (^C)
##
################################################################################
exit_break ()
{
  print ""
  print ""
  print "Exiting program '$PROGNAME' abnormally due to interrupt request!"
  print "Please re-run program."
  print ""
  print "Program exited on $(date '+%a, %h %d at %r')"
  print ""
  print "
Thank you."
  print ""
  exit 1
}

################################################################################
##
##  Subroutine: Setup OS Environments
##
################################################################################
set_os_environments ()
{
   print "============================"
   print "SETUP OS ENVIROMENTS        "
   print "============================"
   print ""
   display_info "Set Max User process limits" "chdev -l sys0 -a maxuproc=4096"
   display_info "Set Timezone to Eastern Daylight" "chtz EST5EDT,M4.1.0/02:00:00,M10.5.0/02:00:00"
   display_info "Set Auto Reboot after a crash" "chdev -l sys0 -a autorestart=true"
   display_info "Turn on the CPU Guard feature" "chdev -l sys0 -a cpuguard=enable"
   display_info "Enable the remote reboot from tty0" "chdev -l tty0 -a reboot_enable=reboot"
   display_info "Enable the disk IO history" "chdev -l sys0 -a iostat=true"
   display_info "Increase max number of users" "chlicense -u256"
   display_info "Index the Man pages" "catman -w"
   display_info "Turn off route caching" "/etc/no -o routerevalidate=1"
   display_info "Turn off ipforwarding" "/etc/no -o ipforwarding=0"
   display_info "Turn off ipsendredirects" "/etc/no -o ipsendredirects=0"
   cp /etc/rc.tcpip /etc/rc.tcpip.orig
   display_info "taking sendmail out of daemon mode" "sed -e 's/\"-bd -q/\"-q/' < /etc/rc.tcpip.orig >  /etc/rc.tcpip"
   display_info "Starting rc.local at boot time" "mkitab rclocal:2:once:/etc/rc.local"
   display_info "Turn on XNTPD daemon" "startsrc -s xntpd"
   display_info "adding automount directories" "mkdir -p /etc/auto/maps"
   display_info "adding /cdrom mount point" "crfs -v cdrfs -p ro -d cd0 -m /cdrom -A no"

}

################################################################################
##
##  Subroutine: Set hardware parameters
##
################################################################################
set_hardware ()
{
   print "============================"
   print "SETUP HARDWARE PARAMETERS   "
   print "============================"
   print ""
   for I in `/etc/lsdev -Cc adapter -t 23100020 | /usr/bin/grep Available | awk '{print $1}'`
   do
   display_info "Set 100 full duplex mode on $I" "chdev -l $I  -atx_que_size=2048 -arxbuf_pool_size=2048 -a media_speed='100_Full_Duplex' -P"
   done

} 

################################################################################
##
##  Subroutine: Updating system files to the standard
##
################################################################################
system_file_update ()
{
   print "============================"
   print "SYSTEM FILE UPDATE          "
   print "============================"
   print ""
   umount /mnt >/dev/null 2>&1
   mount $NIM_SERVER_IP:$NIM_SYSTEM /mnt
   display_info "Installing the master host file" "cp /mnt/etc-hosts /etc/hosts"
   display_info "Installing the master root.profile file" "cp /mnt/root.profile /.profile"
   display_info "Installing the master inetd.conf file" "cp /mnt/etc-inetd.conf /etc/inetd.conf"
   display_info "Installing the Netservices file" "cp /mnt/etc-netsvc.conf /etc/netsvc.conf"
   display_info "Installing the Resolver file" "cp /mnt/etc-resolv.conf /etc/resolv.conf"
   display_info "Installing the Network Time Protocol file" "cp /mnt/etc-ntp.conf /etc/ntp.conf"
   display_info "Creating the /var/adm/messages file" "touch /var/adm/messages"
   display_info "Installing the syslog config file" "cp /mnt/etc-syslog.conf /etc/syslog.conf"
   display_info "Setting up the /home for NFS automounting" "chfs -a mount=false /home"
   display_info "Installing the Auto_master file" "cp /mnt/etc-auto_master /etc/auto_master"
   display_info "Installing the Auto_home file" "cp /mnt/etc-auto-maps-auto.home /etc/auto/maps/auto.home"
   display_info "Installing the root crontab file" "cp /mnt/var-spool-cron-crontabs-root /var/spool/cron/crontabs/root"
   display_info "Setting Up SAR" "cp /mnt/var-spool-cron-crontabs-adm /var/spool/cron/crontabs/adm"
   display_info "Setting Up SUDO" "cp -p /mnt/etc-sudoers /etc/sudoers"
   display_info "Setting Up SUDO LOG" "mkdir /var/log;touch /var/log/sudolog" 

   umount /mnt >/dev/null 2>&1

   SYSTEM_TYPE=`uname -M | cut -d, -f2`

   if [ ! $SYSTEM_TYPE = 7043-150 ]
   then
   display_info "Removing httpdlite from startup" "rmitab httpdlite"
   display_info "Removing Docsearch help from startup" "rmitab imnss"
   display_info "Removing Docsearch engine from startup" "rmitab imqss"
   fi

}

################################################################################
##
##  Subroutine: Setup Security on a newly installed system
##
################################################################################
setup_security ()
{
   print "============================"
   print "SETTING UP REQUIRED SECURITY"
   print "============================"
   print ""

   SECURITY_CMD="chuser ttys=/dev/tty0 root"
   display_info "locking tty0 to root only on firstboot" "echo $SECURITY_CMD >> /etc/firstboot" 

   SECURITY_CMD="chuser minlen=6 minalpha=1 minother=1 fsize=-1 root"
   display_info "Setting password attributes for Root user on firstboot" "echo $SECURITY_CMD >> /etc/firstboot"

   SECURITY_CMD="rm /.rhosts" 
   display_info "removing the /.rhosts file on firstboot" "echo $SECURITY_CMD >> /etc/firstboot"

   SECURITY_CMD="/etc/rc.install_ssh_key"
   display_info "Setting the ssh self install option" "echo $SECURITY_CMD >> /etc/firstboot"

   SECURITY_CMD="rm /etc/rc.install_ssh_key"
   display_info "removing the /etc/rc.install_ssh_key file on firstboot" "echo $SECURITY_CMD >> /etc/firstboot"

   SECURITY_CMD="rm /etc/rc.config_ssh.exp"
   display_info "removing the /etc/rc.config.ssh.exp file on firstboot" "echo $SECURITY_CMD >> /etc/firstboot"

   SECURITY_CMD="chmod 440 /etc/sudoers"
   display_info "setting the access rights on /etc/sudoers file on firstboot" "echo $SECURITY_CMD >> /etc/firstboot"

   SECURITY_CMD="startsrc -s xntpd"
   display_info "setting the time sync on firstboot" "echo $SECURITY_CMD >> /etc/firstboot"

   display_info "locking ftp access" "cut -d: -f1 /etc/passwd >> /etc/ftpusers"
   display_info "removing host.equiv file" "rm /etc/hosts.equiv"
   display_info "modifying file permissions on /etc/utmp" "chmod 644 /etc/utmp"
   display_info "modifying file permissions on /etc/passwd" "chmod 444 /etc/passwd"
   display_info "modifying file permissions on /.profile" "chmod 700 /.profile"
   display_info "modifying root ownership on the root home directory" "chown root /"
   umount /mnt >/dev/null 2>&1
   mount $NIM_SERVER_IP:$NIM_SYSTEM /mnt
   display_info "Installing the SSH config file" "cp /mnt/etc-sshd_config /etc/sshd_config"
   display_info "Installing the SSH self install file" "cp /mnt/etc-rc.install_ssh_key /etc/rc.install_ssh_key"
   display_info "Installing the SSH config file" "cp /mnt/etc-rc.config_ssh.exp /etc/rc.config_ssh.exp"
   umount /mnt >/dev/null 2>&1

   # setting up the limits for user space - basically unlimited

   # fsize      - soft file size
   sed -e "s/fsize = 2097151/fsize = -1/" /etc/security/limits > /etc/security/limits.new
   mv /etc/security/limits.new /etc/security/limits

   # core       - soft core file size
   sed -e "s/core = 2097151/core = -1/" /etc/security/limits > /etc/security/limits.new
   mv /etc/security/limits.new /etc/security/limits

   # data       - soft data segment size
   sed -e "s/data = 262144/data = -1/" /etc/security/limits > /etc/security/limits.new
   mv /etc/security/limits.new /etc/security/limits

   # rss        - soft real memory usage
   sed -e "s/rss = 65536/rss = -1/" /etc/security/limits > /etc/security/limits.new
   mv /etc/security/limits.new /etc/security/limits

   # stack      - soft stack segment size
   sed -e "s/stack =	65536/stack =	-1/" /etc/security/limits > /etc/security/limits.new
   mv /etc/security/limits.new /etc/security/limits

}

################################################################################
##
##  Subroutine: Setup 3rd party apps on a newly installed machine
##
################################################################################
third_party_apps ()
{
   print "================================="
   print "SETTING UP 3rd PARTY APPLICATIONS"
   print "================================="
   print ""
   mount "$NIM_SERVER_IP":"$NIM_LPPSOURCE_433" /mnt
   SYSTEM_TYPE=`uname -M | cut -d, -f2`

   if [ $SYSTEM_TYPE = 7043-150 -o $SYSTEM_TYPE = 7046-B50 ]
      then
   display_info "Installation of 3rd Party 32bit Applications" "installp -a -Q -c -N -g -X -d /mnt/nsi-32bit-bff all"
        # -a = applies updates
        # -Q = suppresses errors and warnings concerning install failures
        # -c = commit updates
        # -N = Overrides saving of existing files
        # -g = installs and commits requisites
        # -X = attempts to expand filesystems if needed
        # -d = device or directory
	else
   display_info "Installation of 3rd Party 64bit Applications" "installp -a -Q -c -N -g -X -d /mnt/nsi-64bit-bff all"
   fi

   chmod 755 /usr/local
   chmod 755 /usr/local/bin
   chmod 755 /usr/local/info
   chmod 755 /usr/local/lib
   chmod 755 /usr/local/man
   chmod 755 /usr/local

   umount /mnt

}

################################################################################
##
##  Subroutine: Creating Dump Devices
##
################################################################################
create_dump_devices ()
{
   print "============================"
   print "SETTING UP DUMP DEVICES     "
   print "============================"
   print ""

   # Begin calculating if there is a need to increase the default dump space

	integer EST_REQUIRED_SPACE
	integer EST_REQUIRED_LPS
	integer CALC_REQUIRED_LPS
	integer CURRENT_LPS

	EST_REQUIRED_SPACE=`sysdumpdev -e | cut -d: -f2`

	EST_REQUIRED_LPS=`expr $EST_REQUIRED_SPACE / 32000000 + 3`

	CALC_REQUIRED_LPS=`lslv -m pridumplv | wc -l`

	CURRENT_LPS=`expr $CALC_REQUIRED_LPS - 2`

	if [ $EST_REQUIRED_LPS -gt $CURRENT_LPS ]
	   then
		CALC_REQUIRED_LPS=`expr $EST_REQUIRED_LPS - $CURRENT_LPS`
		extendlv pridumplv $CALC_REQUIRED_LPS
		if [ -b /dev/secdumplv ]
		then
			extendlv secdumplv $CALC_REQUIRED_LPS
		fi
	   else
        	echo "Current Dump space is below required at this time"
        	echo "There is no need to increase dump space\n"
	fi

   # Done calculating if there is a need to increase the default dump space

   if [ -b /dev/secdumplv ]
   then
   	display_info "Initializing dump devices" "sysdumpdev -P -p /dev/pridumplv -s /dev/secdumplv "
   else
   	display_info "Initializing dump devices" "sysdumpdev -P -p /dev/pridumplv -s /dev/hd6 "
   fi

   display_info "Setting always allow dump flag to true" "sysdumpdev -K"
   sysdumpdev -l 

}

################################################################################
##
##  Subroutine: Adjust the Paging Space to Standards
##	Realmemory > 4 gigs HD6 equals 4 gigs
##	Realmemory < 4 gigs > 1 gig HD6 equals size of realmemory 
##	Realmemory > 1 gig HD6 equals 2 times the size of realmemory
##
################################################################################
adjust_paging_space ()
{
   print "==============================================="
   print "ADJUSTING THE HD6 PAGINGING SPACE IF APPLICABLE"
   print "==============================================="
   print ""

	integer CALC_REALMEM
	integer EST_REQUIRED_LPS
	integer CURRENT_LPS
	integer CALC_REQUIRED_LPS

	CALC_REALMEM=`lsattr -El sys0 -a realmem | awk '{print $2}'`

	if [ $CALC_REALMEM -ge 4000000 ] 
	   then

	   EST_REQUIRED_LPS=125
	   CURRENT_LPS=`lsps -c -a | grep hd6 | cut -d: -f4`

	   if [ $EST_REQUIRED_LPS -gt $CURRENT_LPS ]
	      then
	        echo "Changing paging space to equal 4 gigabytes"
	        CALC_REQUIRED_LPS=`expr $EST_REQUIRED_LPS - $CURRENT_LPS`
	        chps -s $CALC_REQUIRED_LPS hd6 
	      else
	        echo "No change to paging space is required"
	   fi

	elif [ $CALC_REALMEM -ge 1000000 -a $CALC_REALMEM -lt 4000000 ] 
	   then

	   EST_REQUIRED_LPS=`expr $CALC_REALMEM / 32000`
	   CURRENT_LPS=`lsps -c -a | grep hd6 | cut -d: -f4`

	   if [ $EST_REQUIRED_LPS -gt $CURRENT_LPS ]
	      then
	        echo "Changing paging space to equal the size of real memory"
	        CALC_REQUIRED_LPS=`expr $EST_REQUIRED_LPS - $CURRENT_LPS`
	        chps -s $CALC_REQUIRED_LPS hd6 
	      else
	        echo "No change to paging space is required"
	   fi

	elif [ $CALC_REALMEM -lt 1000000 ]
	   then

	   EST_REQUIRED_LPS=`expr \( $CALC_REALMEM \* 2 \) / 32000`
	   CURRENT_LPS=`lsps -c -a | grep hd6 | cut -d: -f4`

	   if [ $EST_REQUIRED_LPS -gt $CURRENT_LPS ]
	      then
	        echo "Changing paging space to 2 times real memory"
	        CALC_REQUIRED_LPS=`expr $EST_REQUIRED_LPS - $CURRENT_LPS`
	        chps -s $CALC_REQUIRED_LPS hd6 
	      else
	        echo "No change to paging space is required"
	   fi

	else	
	     echo "ERROR: REALMEM size does not match program standards"
	fi 

   lsps -a

}

################################################################################
##
##  Subroutine: Create an electronic inventory of a new system on install
##
################################################################################
new_system_inventory ()
{
   print "=================================================================="
   print "CREATING AN ELECTRONIC INVENTORY OF A NEW SYSTEM AFTER NIM INSTALL"
   print "=================================================================="
   print ""

   umount /mnt >/dev/null 2>&1
   mount $NIM_SERVER_IP:$NIM_SYSTEM /mnt

   SYSTEM_DIR=`uname -M | cut -d, -f2`
   SERIAL_NUMBER=`lsattr -El sys0 -a systemid | cut -c18-22`
   WORKING_DIR="/mnt/$SYSTEM_DIR/$SERIAL_NUMBER"

   if [ ! -d /mnt/$SYSTEM_DIR ]
	then
	   mkdir /mnt/$SYSTEM_DIR
   fi

   if [ ! -d $WORKING_DIR ]
	then
	   mkdir /mnt/$SYSTEM_DIR/$SERIAL_NUMBER
   fi


   display_info "Capturing Full System Inventory" "/mnt/Inventory-Long > $WORKING_DIR/List.Configuration 2>&1"
   display_info "Generating NSI System Inventory" "/mnt/Inventory-Short > $WORKING_DIR/NSI-DB.Inventory 2>&1"

   umount /mnt >/dev/null 2>&1

}

################################################################################
##
##  Subroutine: Display command information in a nice format
##
################################################################################
display_info ()
{
   print "$1 [$2] \n------------------------------------------------------------------------------ \n$(eval $2)\n"
   return 0
}

#########################################################################
##
##  MAIN PROGRAM
##
#########################################################################
PROGNAME=$0

print "Program started on $(hostname) on $(date '+%a, %h %d at %r')"
print ""

#########################################################################
##
##  Trap for a ^C break; send to separate function
##
#########################################################################
trap exit_break 2

#########################################################################
##
##  Set variables with initial strings
##
#########################################################################

NIM_SERVER_IP=216.168.251.197
NIM_LPPSOURCE_433=/export/nim/aix433
NIM_SYSTEM=/export/nim/system

## Set system environments
set_os_environments

## Set the hardware parameters to standard
set_hardware

## Update of the system files
system_file_update

## Setup system security
setup_security

## Installation of the 3rd party applications
third_party_apps

## Create the dump volumes
create_dump_devices

## Adjust the Paging Space 
adjust_paging_space

## Create initial new system inventory
new_system_inventory

print ""
print "Program completed on $(hostname) on $(date '+%a, %h %d at %r')"
print ""

##
##  Exit with a successful status; Program completed
##
exit 0

