#!/bin/bash

cd /etc/pam.d
for i in *
do
    if [ "$i" != "passwd" ]; then
        x=`grep -q ^"auth    required    /lib/security/pam_hsc.so" $i`
        if [ $? -eq 1 ]; then
            echo "auth    required    /lib/security/pam_hsc.so" >> $i
        fi
    fi
done
cd /
grep -q "HMC_BASH_PROFILE_PROCESSING" /etc/profile
if [ $? -ne 0 ]; then
    if [ -f /opt/hsc/data/ssh/hmcbashprofile ]; then
        mv /etc/profile /etc/profile.tmp
        cp /opt/hsc/data/ssh/hmcbashprofile /etc/profile
        cat /etc/profile.tmp >> /etc/profile
    fi
fi

grep -q "^DisplayManager.xCrashDelta: 0" /etc/X11/xdm/xdm-config
if [ $? -ne 0 ]; then
   echo "DisplayManager.xCrashDelta: 0" >> /etc/X11/xdm/xdm-config
fi

x=`grep "^*backarrowKeyIsErase:" /usr/X11R6/lib/X11/app-defaults/XTerm 2>/dev/null`
if [ $? -eq 0 ]; then
    y=`echo $x | cut -d' ' -f2`
    if [ "$y" = "true" ]; then
        sed -e 's/^*backarrowKeyIsErase:[ \t]true/*backarrowKeyIsErase:\tfalse/g' /usr/X11R6/lib/X11/app-defaults/XTerm > /tmp/_saved_XTerm
        if [ $? -eq 0 ]; then
            mv /tmp/_saved_XTerm /usr/X11R6/lib/X11/app-defaults/XTerm
        fi
    fi
else
    echo "*backarrowKeyIsErase:\tfalse" >> /usr/X11R6/lib/X11/app-defaults/XTerm
fi
# Enable ctrl-alt-del if not already enabled
grep -q "^# ca::ctrlaltdel" /etc/inittab
if [ $? -eq 0 ]; then
    sed -e 's/^# ca::ctrlaltdel/ca::ctrlaltdel/g' /etc/inittab > /tmp/__init__
    if [ $? -eq 0 ]; then
        mv /tmp/__init__ /etc/inittab
    fi
fi
if [ -f /hmcrbin/more ]; then
    rm -f /hmcrbin/more
fi
if [ -f /usr/hmcrbin/awk ]; then
    rm -f /usr/hmcrbin/awk
fi

if [ -f /opt/hsc/data/standard_toolbar.ini ]; then
   cp -p /opt/hsc/data/standard_toolbar.ini /usr/share/opera/ini/
fi
/usr/sbin/rsct/bin/rmcctrl -q
/sbin/chkconfig -d -f hotplug   2>&1 >/dev/null
/sbin/chkconfig -d -f ipsec     2>&1 >/dev/null
/sbin/chkconfig -d -f ldap      2>&1 >/dev/null
/sbin/chkconfig -d -f named     2>&1 >/dev/null
/sbin/chkconfig -d -f nfs       2>&1 >/dev/null
/sbin/chkconfig -d -f nfslock   2>&1 >/dev/null
/sbin/chkconfig -d -f nfsserver 2>&1 >/dev/null
/sbin/chkconfig -d -f nscd      2>&1 >/dev/null
/sbin/chkconfig -d -f portmap   2>&1 >/dev/null
/sbin/chkconfig -d -f rpasswdd  2>&1 >/dev/null
/sbin/chkconfig -d -f setserial 2>&1 >/dev/null
/sbin/chkconfig -d -f slurpd    2>&1 >/dev/null
/sbin/chkconfig -d -f xfs       2>&1 >/dev/null

/usr/bin/chage -M 99999 root    2>&1 >/dev/null
/usr/bin/chage -M 99999 hscroot 2>&1 >/dev/null
/usr/bin/chage -M 99999 ccfw    2>&1 >/dev/null
/usr/websm/bin/wsmserver -enable -portstart 30000 -portend 30009

if [ -f /etc/dhcpd.conf ]; then
    /usr/bin/sed -e 's/^max-lease-time[ ]*7200/max-lease-time infinite/g' /etc/dhcpd.conf > /tmp/_new_dhcpd.conf
    mv /tmp/_new_dhcpd.conf /etc/dhcpd.conf
fi

sed -e 's/ENABLE_SUSECONFIG=yes/ENABLE_CONFIG=no/' /etc/sysconfig/suseconfig \
    > /tmp/suseconfig
cp /tmp/suseconfig /etc/sysconfig

grep "drive k: file=\"\/dev\/sdb\"" /etc/mtools.conf >/dev/null 2>&1
if [ $? -ne 0 ] ; then
    echo "drive k: file=\"/dev/sdb\"" >> /etc/mtools.conf   
fi

grep "drive l: file=\"\/dev\/sda\"" /etc/mtools.conf >/dev/null 2>&1
if [ $? -ne 0 ] ; then
    echo "drive l: file=\"/dev/sda\"" >> /etc/mtools.conf   
fi

grep "drive p: file=\"\/dev\/sdc\"" /etc/mtools.conf >/dev/null 2>&1
if [ $? -ne 0 ] ; then
    echo "drive p: file=\"/dev/sdc\"" >> /etc/mtools.conf   
fi

grep "drive q: file=\"\/dev\/sdb1\"" /etc/mtools.conf >/dev/null 2>&1
if [ $? -ne 0 ] ; then
    echo "drive q: file=\"/dev/sdb1\"" >> /etc/mtools.conf   
fi

grep "drive r: file=\"\/dev\/sdc1\"" /etc/mtools.conf >/dev/null 2>&1
if [ $? -ne 0 ] ; then
    echo "drive r: file=\"/dev/sdc1\"" >> /etc/mtools.conf   
fi

if [ -f /opt/hsc/com/ibm/hsc/websm/launch/hscmgt/rpminst.dat ]; then
    rm -f /opt/hsc/com/ibm/hsc/websm/launch/hscmgt/rpminst.dat
fi
   
ln -sf /opt/hsc/bin/commandcontrol /opt/hsc/bin/setlparcap

# Now make sure the proper fonts is avail for BIDI support

grep -q "/usr/share/fonts/aix/aix_ar" /etc/X11/XF86Config
if [ $? -ne 0 ]; then
   >/tmp/_tmp_xf86_
   cat /etc/X11/XF86Config | awk ' BEGIN {
      while (getline $o > 0) {
        printf("%s\n",$o) >> "/tmp/_tmp_xf86_";
        if( $o ~ /\/usr\/share\/fonts\/aix\/aix_tc/ )
          printf("    FontPath   \"/usr/share/fonts/aix/aix_ar\"\n") >> "/tmp/_tmp_xf86_";
      }
   }'
   # Now copy if we think the entry is added
   grep -q "/usr/share/fonts/aix/aix_ar" /tmp/_tmp_xf86_
   if [ $? -eq 0 ]; then
      cp /tmp/_tmp_xf86_ /etc/X11/XF86Config
      rm -f /tmp/_tmp_xf86_
   fi 
fi

# Handling of UTF-8 fonts

grep -q "##HMC modified font" /etc/X11/XF86Config
if [ $? -ne 0 ]; then
   > /tmp/_tmp_xf86_
   cat /etc/X11/XF86Config | awk ' BEGIN {
      while (getline $o > 0) {
        if( $o ~ /\/usr\/X11R6\/lib\/X11\/fonts\/local\// ) {
	  printf("##HMC modified font\n") >> "/tmp/_tmp_xf86_";
          printf("    FontPath   \"/usr/share/fonts/suppl\"\n") >>"/tmp/_tmp_xf86_";
          printf("%s\n", $o) >> "/tmp/_tmp_xf86_";
        } else if ( $o ~ /\usr\/share\/fonts\/suppl/ ) {
          continue;
        } else {
          printf("%s\n", $o) >> "/tmp/_tmp_xf86_";
        }
      }
    }'          
   # Now copy if we think the entry is added
   grep -q "##HMC modified font" /tmp/_tmp_xf86_
   if [ $? -eq 0 ]; then
      cp /tmp/_tmp_xf86_ /etc/X11/XF86Config
      rm -f /tmp/_tmp_xf86_
   fi 
fi
# Change Java Font

cd /opt/IBMJava/jre/lib
if [ ! -d hmc_saved ]; then
   mkdir -p hmc_saved
   cp font.properties* hmc_saved/
fi

for i in font.properties*
do
   grep -q "^dialog.0=-jdk-lucidabright*" $i
   if [ $? -ne 0 ]; then
      sed -e 's/^dialog.0=-jdk-lucida-/dialog.0=-jdk-lucidabright-/g' $i > /tmp/_$i_
      mv /tmp/_$i_ $i
   fi
   grep -q "^dialog.1=-jdk-lucidabright*" $i
   if [ $? -ne 0 ]; then
      sed -e 's/^dialog.1=-jdk-lucida-/dialog.1=-jdk-lucidabright-/g' $i > /tmp/_$i_
      mv /tmp/_$i_ $i
   fi
   grep -q "^dialog.bold.0=-jdk-lucidabright*" $i
   if [ $? -ne 0 ]; then
      sed -e 's/^dialog.bold.0=-jdk-lucida-/dialog.bold.0=-jdk-lucidabright-/g' $i > /tmp/_$i_
      mv /tmp/_$i_ $i
   fi
   grep -q "^dialog.bold.1=-jdk-lucidabright*" $i
   if [ $? -ne 0 ]; then
      sed -e 's/^dialog.bold.1=-jdk-lucida-/dialog.bold.1=-jdk-lucidabright-/g' $i > /tmp/_$i_
      mv /tmp/_$i_ $i
   fi
done
cd /


# Handle /etc/skel directory

cd /etc/skel
skelfl=`find . -type f`
#echo "File found in /etc/skel "$skelfl
if [ "$skelfl" != "" ]; then
   cd /home/
   for i in *
   do
      cd /home/$i
#      echo "in /home/$i"
      for j in $skelfl
      do
         tdf=${j#./}
#        echo "tdf "$tdf
         if [[ "$tdf" != ".bash_history" && "$tdf" != ".bashrc" ]]; then
            if [ -f /home/$i/$tdf ]; then
              rm -f /home/$i/$tdf 2>/dev/null
            fi
         fi
      done
      rm -rf /home/$i/.xemacs 2>/dev/null
      rm -rf /home/$i/.Xresources 2>/dev/null
      rm -rf /home/$i/.fluxbox 2>/dev/null
      rm -rf /home/$i/Documents 2>/dev/null
      rm -rf /home/$i/public_html 2>/dev/null
   done
   rm -rf /etc/skel/*
   rm -f /etc/skel/.*
fi
# OpenSSH Reverse DNS Lookup Access Control Bypass Vulnerability CVE-2003-0386
grep -q "VerifyReverseMapping yes" /etc/ssh/sshd_config
if [ $? -ne 0 ]; then
   sed -e 's/#VerifyReverseMapping no/VerifyReverseMapping yes/g' /etc/ssh/sshd_config > /tmp/_new_sshd_config_
   if [ $? -eq 0 ]; then
      mv /tmp/_new_sshd_config_ /etc/ssh/sshd_config
   fi
fi

/opt/hsc/sbin/manageBIOS update
exit 0
