diff options
| author | Yoann Vandoorselaere <yoann@mandriva.com> | 2000-03-09 13:42:33 +0000 |
|---|---|---|
| committer | Yoann Vandoorselaere <yoann@mandriva.com> | 2000-03-09 13:42:33 +0000 |
| commit | 77121e933be54a54dc9e875c98d2da0d5fb3b94b (patch) | |
| tree | 9972aead07affecb0b177f10c0a00488964a6498 | |
| parent | 8581a3306e78ac22431011bf6720de941ad24fd9 (diff) | |
| download | msec-77121e933be54a54dc9e875c98d2da0d5fb3b94b.tar msec-77121e933be54a54dc9e875c98d2da0d5fb3b94b.tar.gz msec-77121e933be54a54dc9e875c98d2da0d5fb3b94b.tar.bz2 msec-77121e933be54a54dc9e875c98d2da0d5fb3b94b.tar.xz msec-77121e933be54a54dc9e875c98d2da0d5fb3b94b.zip | |
*** empty log message ***
| -rw-r--r-- | ChangeLog | 2 | ||||
| -rwxr-xr-x | init-sh/custom.sh | 25 | ||||
| -rw-r--r-- | msec.spec | 3 | ||||
| -rw-r--r-- | src/msec_find/find.c | 2 |
4 files changed, 21 insertions, 11 deletions
@@ -2,6 +2,8 @@ * Added msec_find utility, written by Thierry Vignaud which will avoid us to find / 5 times :) * Heavilly modified msec_find. + * custom.sh : check if libsafe is installed before asking + if the user want to use it. 2000-03-07 Yoann Vandoorselaere <yoann@mandrakesoft.com> * Added support for libsafe stack overflow protection in level 4 / 5 / diff --git a/init-sh/custom.sh b/init-sh/custom.sh index 9d46bd1..253d9d9 100755 --- a/init-sh/custom.sh +++ b/init-sh/custom.sh @@ -5,7 +5,6 @@ # Writen by Vandoorselaere Yoann <yoann@mandrakesoft.com> # - if [[ -f /usr/share/msec/lib.sh ]]; then . /usr/share/msec/lib.sh else @@ -15,6 +14,8 @@ fi clear +WRITE_CRON="false" + ### echo "Do you want all system events to be logged on tty12 ?" WaitAnswer; clear @@ -62,6 +63,8 @@ if [[ ${answer} == yes ]]; then AddRules "tty6" /etc/securetty fi ### + +if [[ -f /usr/lib/libsafe.so.1.2 ]]; then echo "Do you want to enable the libsafe stack overflow protection ?" echo "This stack overflow protection work by catching dangerous function call" echo "like strcpy, strcat, getwd, gets, [vf]scanf, realpath, [v]sprintf" @@ -72,13 +75,14 @@ WaitAnswer; clear if [[ ${answer} == yes ]]; then AddRules "export LD_PRELOAD=/usr/lib/libsafe.so.1.2" /etc/profile fi +fi ### echo "Do you want your system to daily check important security problem ?" WaitAnswer; clear if [[ ${answer} == yes ]]; then AddRules "CHECK_SECURITY=yes" /etc/security/msec/security.conf - AddRules "0 0-23 * * * root nice --adjustment=+19 /usr/share/msec/security.sh" /etc/crontab + WRITE_CRON="true" fi ### @@ -86,7 +90,7 @@ echo "Do you want your system to daily check new open port listening ?" WaitAnswer; clear if [[ ${answer} == yes ]]; then AddRules "CHECK_OPEN_PORT=yes" /etc/security/msec/security.conf - AddRules "0 0-23 * * * root nice --adjustment=+19 /usr/share/msec/security.sh" /etc/crontab + WRITE_CRON="true" fi ### @@ -94,7 +98,7 @@ echo "Do you want your system to check for grave permission problem on sensibles WaitAnswer; clear if [[ ${answer} == yes ]]; then AddRules "CHECK_PERMS=yes" /etc/security/msec/security.conf - AddRules "0 0-23 * * * root nice --adjustment=+19 /usr/share/msec/security.sh" /etc/crontab + WRITE_CRON="true" fi ### @@ -102,7 +106,7 @@ echo "Do you want your system to daily check SUID Root file change ?" WaitAnswer; clear if [[ ${answer} == yes ]]; then AddRules "CHECK_SUID_ROOT=yes" /etc/security/msec/security.conf - AddRules "0 0-23 * * * root nice --adjustment=+19 /usr/share/msec/security.sh" /etc/crontab + WRITE_CRON="true" fi ### @@ -110,7 +114,7 @@ echo "Do you want your system to daily check suid files md5 checksum changes ?" WaitAnswer; clear if [[ ${answer} == yes ]]; then AddRules "CHECK_SUID_MD5=yes" /etc/security/msec/security.conf - AddRules "0 0-23 * * * root nice --adjustment=+19 /usr/share/msec/security.sh" /etc/crontab + WRITE_CRON="true" fi ### @@ -118,7 +122,7 @@ echo "Do you want your system to daily check SUID Group file change ?" WaitAnswer; clear if [[ ${answer} == yes ]]; then AddRules "CHECK_SUID_GROUP=yes" /etc/security/msec/security.conf - AddRules "0 0-23 * * * root nice --adjustment=+19 /usr/share/msec/security.sh" /etc/crontab + WRITE_CRON="true" fi ### @@ -126,7 +130,7 @@ echo "Do you want your system to daily check Writeable file change ?" WaitAnswer; clear if [[ ${answer} == yes ]]; then AddRules "CHECK_WRITEABLE=yes" /etc/security/msec/security.conf - AddRules "0 0-23 * * * root nice --adjustment=+19 /usr/share/msec/security.sh" /etc/crontab + WRITE_CRON="true" fi ### @@ -134,7 +138,7 @@ echo "Do you want your system to daily check Unowned file change ?" WaitAnswer; clear if [[ ${answer} == yes ]]; then AddRules "CHECK_UNOWNED=yes" /etc/security/msec/security.conf - AddRules "0 0-23 * * * root nice --adjustment=+19 /usr/share/msec/security.sh" /etc/crontab + WRITE_CRON="true" fi ### @@ -174,6 +178,9 @@ else fi ### +if [[ ${WRITE_CRON} == "true" ]]; then + AddRules "0 0-23 * * * root nice --adjustment=+19 /usr/share/msec/security.sh" /etc/crontab +fi LiloUpdate; /sbin/lilo >& /dev/null @@ -1,6 +1,6 @@ # do not modify Version below, modify it in Makefile (see CVS) %define version 0.10 -%define release 1mdk +%define release 2mdk Summary: Security Level & Program for the Linux Mandrake distribution Name: msec @@ -50,6 +50,7 @@ rm -rf $RPM_BUILD_ROOT %changelog * Tue Mar 08 2000 Yoann Vandoorselaere <yoann@mandrakesoft.com> 0.10-1mdk +- custom.sh : check if libsafe is installed before asking if the user want to use it. - Heavily modified msec_find. - Added msec_find utility, written by Thierry Vignaud which will avoid us to find / 5 times :) diff --git a/src/msec_find/find.c b/src/msec_find/find.c index 65e8c73..274e8ff 100644 --- a/src/msec_find/find.c +++ b/src/msec_find/find.c @@ -193,7 +193,7 @@ int main(int argc, char **argv) * /mnt/cdrom/ is the mounted directory. * Hopefully, find has the same "bug" */ - + ctrl = 1; directory = ( char * ) malloc((strlen(argv[i]) + 1)); if ( ! directory ) { |