*** empty log message ***

20 files changed, 83 insertions, 62 deletions

diff --git a/Makefile b/Makefile
index 24f8467..3085b4f 100644
--- a/Makefile
+++ b/Makefile
@@ -51,21 +51,19 @@ rpm: dis ../$(NAME)-$(VERSION).tar.bz2 $(RPM)
 	rm -f ../$(NAME)-$(VERSION).tar.bz2
 
 install:
-	(rm -rf /etc/security/msec)
-	(mkdir -p /etc/security/msec/init-sh)
-	(cp init-sh/level* /etc/security/msec/init-sh)
-	(cp init-sh/init.sh /etc/security/msec/init.sh);
-	(cp init-sh/lib.sh /etc/security/msec/init-sh);
-	(cp init-sh/grpuser.sh /etc/security/msec/init-sh);
-	(cp init-sh/file_perm.sh /etc/security/msec/init-sh);
-	(cp init-sh/*.[0-5] /etc/security/msec/init-sh/)
-	(cp init-sh/custom.sh /etc/security/msec/init-sh);
-	(cp init-sh/server.* /etc/security/msec/init-sh)
+	(rm -rf $(RPM_BUILD_ROOT)/etc/security/msec)
+	(mkdir -p $(RPM_BUILD_ROOT)/etc/security/msec)
+	(mkdir -p $(RPM_BUILD_ROOT)/usr/share/msec)
+	(cp init-sh/*.sh $(RPM_BUILD_ROOT)/usr/share/msec)
+	(cp cron-sh/*.sh $(RPM_BUILD_ROOT)/usr/share/msec)
+	(cp init-sh/msec $(RPM_BUILD_ROOT)/usr/sbin)
+	(cp conf/perm.* conf/server.* $(RPM_BUILD_ROOT)/etc/security/msec)
+	
 	(touch $(RPM_BUILD_ROOT)/etc/security/msec/security.conf)
-	touch $(RPM_BUILD_ROOT)/var/log/security.log
-	mkdir -p $(RPM_BUILD_ROOT)/var/log/security
-	(cd src/promisc_check; make install)
-	(cd cron-sh; make install)
+	(touch $(RPM_BUILD_ROOT)/var/log/security.log)
+	(mkdir -p $(RPM_BUILD_ROOT)/var/log/security)
+	(cd src/promisc_check && make install)
+	(cd cron-sh && make install)
 
 	@echo
 	@echo
diff --git a/init-sh/perm.0 b/conf/perm.0
index 9ade3c2..9ade3c2 100644
--- a/init-sh/perm.0
+++ b/conf/perm.0
diff --git a/init-sh/perm.1 b/conf/perm.1
index 8fc7d12..8fc7d12 100644
--- a/init-sh/perm.1
+++ b/conf/perm.1
diff --git a/init-sh/perm.2 b/conf/perm.2
index c6a3d41..c6a3d41 100644
--- a/init-sh/perm.2
+++ b/conf/perm.2
diff --git a/init-sh/perm.3 b/conf/perm.3
index 2c8520d..2c8520d 100644
--- a/init-sh/perm.3
+++ b/conf/perm.3
diff --git a/init-sh/perm.4 b/conf/perm.4
index ef31596..ef31596 100644
--- a/init-sh/perm.4
+++ b/conf/perm.4
diff --git a/init-sh/perm.5 b/conf/perm.5
index a4d5755..a4d5755 100644
--- a/init-sh/perm.5
+++ b/conf/perm.5
diff --git a/init-sh/server.4 b/conf/server.4
index 044f0bf..044f0bf 100644
--- a/init-sh/server.4
+++ b/conf/server.4
diff --git a/init-sh/server.5 b/conf/server.5
index 044f0bf..044f0bf 100644
--- a/init-sh/server.5
+++ b/conf/server.5
diff --git a/cron-sh/promisc_check.sh b/cron-sh/promisc_check.sh
index cabf0a8..ec0526d 100755
--- a/cron-sh/promisc_check.sh
+++ b/cron-sh/promisc_check.sh
@@ -6,7 +6,7 @@
 if [[ -f /etc/security/msec/security.conf ]]; then
 	. /etc/security/msec/security.conf
 else
-	echo "/etc/security/msec/security.conf don't exist."
+	echo "/etc/security/msec/security.conf doesn't exist."
 	exit 1
 fi
 
@@ -29,11 +29,8 @@ Ttylog() {
     fi
 }
 
+# Check if a network interface is in promiscuous mode...
 PROMISC="/usr/bin/promisc_check -q"
-#
-# Check if a network interface is in promisc check...
-# Written by Vandoorselaere Yoann, <yoann@mandrakesoft.com>
-#
 
 LogPromisc() {
     date=`date`
@@ -57,7 +54,7 @@ if [[ ${CHECK_PROMISC} == no ]]; then
 fi
 
 for INTERFACE in `${PROMISC}`; do
-	LogPromisc $INTERFACE
+	LogPromisc ${INTERFACE}
 done
 
 
diff --git a/cron-sh/security.sh b/cron-sh/security.sh
index 43ad9d6..ee94863 100755
--- a/cron-sh/security.sh
+++ b/cron-sh/security.sh
@@ -72,6 +72,8 @@ fi
 
 
 netstat -pvlA inet 2> /dev/null > ${OPEN_PORT_TODAY};
+
+# Hard disk related file check; the less priority the better...
 nice --adjustment=+19 find ${DIR} -xdev -type f -perm +04000 -user root -printf "${PRINT}" 2> /dev/null | sort > ${SUID_ROOT_TODAY}
 nice --adjustment=+19 find ${DIR} -xdev -type f -perm +02000 -printf "${PRINT}" 2> /dev/null | sort > ${SUID_GROUP_TODAY}
 nice --adjustment=+19 find ${DIR} -xdev -type f -perm -2 -printf "${PRINT}" 2> /dev/null | sort > ${WRITEABLE_TODAY}
@@ -115,8 +117,8 @@ Maillog() {
 
 ##################
 
-. /etc/security/msec/cron-sh/diff_check.sh
-. /etc/security/msec/cron-sh/security_check.sh
+. /usr/share/msec/diff_check.sh
+. /usr/share/msec/security_check.sh
 
 
 
diff --git a/init-sh/custom.sh b/init-sh/custom.sh
index af4bba5..b8b8402 100755
--- a/init-sh/custom.sh
+++ b/init-sh/custom.sh
@@ -5,8 +5,12 @@
 # Writen by Vandoorselaere Yoann <yoann@mandrakesoft.com>
 #
 
-if [[ -f /etc/security/msec/init-sh/lib.sh ]]; then
-    . /etc/security/msec/init-sh/lib.sh
+
+if [[ -f /usr/share/msec/lib.sh ]]; then
+    . /usr/share/msec/lib.sh
+else
+    echo "Can't find /usr/share/msec/lib.sh, exiting."
+    exit 1
 fi
 
 clear
@@ -62,7 +66,7 @@ echo "Do you want your system to daily check important security problem ?"
 WaitAnswer; clear
 if [[ ${answer} == yes ]]; then
 	AddRules "CHECK_SECURITY=yes" /etc/security/msec/security.conf
-        AddRules "0 0-23 * * *    root    nice --adjustment=+19 /etc/security/msec/cron-sh/security.sh" /etc/crontab
+        AddRules "0 0-23 * * *    root    nice --adjustment=+19 /usr/share/msec/security.sh" /etc/crontab
 fi
 
 ###
@@ -70,7 +74,7 @@ echo "Do you want your system to daily check new open port listening ?"
 WaitAnswer; clear
 if [[ ${answer} == yes ]]; then
 	AddRules "CHECK_OPEN_PORT=yes" /etc/security/msec/security.conf
-	AddRules "0 0-23 * * *    root    nice --adjustment=+19 /etc/security/msec/cron-sh/security.sh" /etc/crontab
+	AddRules "0 0-23 * * *    root    nice --adjustment=+19 /usr/share/msec/security.sh" /etc/crontab
 fi
 
 ###
@@ -78,7 +82,7 @@ echo "Do you want your system to check for grave permission problem on sensibles
 WaitAnswer; clear
 if [[ ${answer} == yes ]]; then
 	AddRules "CHECK_PERMS=yes" /etc/security/msec/security.conf
-	AddRules "0 0-23 * * *    root    nice --adjustment=+19 /etc/security/msec/cron-sh/security.sh" /etc/crontab
+	AddRules "0 0-23 * * *    root    nice --adjustment=+19 /usr/share/msec/security.sh" /etc/crontab
 fi
 
 ###
@@ -86,7 +90,7 @@ echo "Do you want your system to daily check SUID Root file change ?"
 WaitAnswer; clear
 if [[ ${answer} == yes ]]; then
     AddRules "CHECK_SUID_ROOT=yes" /etc/security/msec/security.conf
-    AddRules "0 0-23 * * *    root    nice --adjustment=+19 /etc/security/msec/cron-sh/security.sh" /etc/crontab
+    AddRules "0 0-23 * * *    root    nice --adjustment=+19 /usr/share/msec/security.sh" /etc/crontab
 fi
 
 ###
@@ -94,7 +98,7 @@ echo "Do you want your system to daily check suid files md5 checksum changes ?"
 WaitAnswer; clear
 if [[ ${answer} == yes ]]; then
 	AddRules "CHECK_SUID_MD5=yes" /etc/security/msec/security.conf
-	AddRules "0 0-23 * * *    root    nice --adjustment=+19 /etc/security/msec/cron-sh/security.sh" /etc/crontab
+	AddRules "0 0-23 * * *    root    nice --adjustment=+19 /usr/share/msec/security.sh" /etc/crontab
 fi
 
 ###
@@ -102,7 +106,7 @@ echo "Do you want your system to daily check SUID Group file change ?"
 WaitAnswer; clear
 if [[ ${answer} == yes ]]; then
     AddRules "CHECK_SUID_GROUP=yes" /etc/security/msec/security.conf
-    AddRules "0 0-23 * * *    root    nice --adjustment=+19 /etc/security/msec/cron-sh/security.sh" /etc/crontab
+    AddRules "0 0-23 * * *    root    nice --adjustment=+19 /usr/share/msec/security.sh" /etc/crontab
 fi
 
 ###
@@ -110,7 +114,7 @@ echo "Do you want your system to daily check Writeable file change ?"
 WaitAnswer; clear
 if [[ ${answer} == yes ]]; then
     AddRules "CHECK_WRITEABLE=yes" /etc/security/msec/security.conf
-    AddRules "0 0-23 * * *    root    nice --adjustment=+19 /etc/security/msec/cron-sh/security.sh" /etc/crontab
+    AddRules "0 0-23 * * *    root    nice --adjustment=+19 /usr/share/msec/security.sh" /etc/crontab
 fi
 
 ###
@@ -118,7 +122,7 @@ echo "Do you want your system to daily check Unowned file change ?"
 WaitAnswer; clear
 if [[ ${answer} == yes ]]; then
     AddRules "CHECK_UNOWNED=yes" /etc/security/msec/security.conf
-    AddRules "0 0-23 * * *    root    nice --adjustment=+19 /etc/security/msec/cron-sh/security.sh" /etc/crontab
+    AddRules "0 0-23 * * *    root    nice --adjustment=+19 /usr/share/msec/security.sh" /etc/crontab
 fi
 
 ###
@@ -127,7 +131,7 @@ echo "is in promiscuous state (which mean someone is probably running a sniffer
 WaitAnswer; clear
 if [[ ${answer} == yes ]]; then
     AddRules "CHECK_PROMISC=yes" /etc/security/msec/security.conf
-    AddRules "*/1 * * * *    root    nice --adjustment=+19 /etc/security/msec/cron-sh/promisc_check.sh" /etc/crontab
+    AddRules "*/1 * * * *    root    nice --adjustment=+19 /usr/share/msec/promisc_check.sh" /etc/crontab
 fi
 ###
 
@@ -169,7 +173,7 @@ WaitAnswer; clear
 if [[ ${answer} == yes ]]; then
 	echo -n "Disabling all service, except : {"
 	chkconfig --list | awk '{print $1}' | while read service; do
-   		if grep -qx ${service} /etc/security/msec/init-sh/server.4; then
+   		if grep -qx ${service} /etc/security/msec/server.4; then
        		echo -n " ${service}"
    		fi
 	done
@@ -242,3 +246,11 @@ AddRules "export PATH SECURE_LEVEL" /etc/profile
 
 
 
+
+
+
+
+
+
+
+
diff --git a/init-sh/level0.sh b/init-sh/level0.sh
index ea5181c..b979b61 100755
--- a/init-sh/level0.sh
+++ b/init-sh/level0.sh
@@ -5,6 +5,7 @@
 # Writen by Vandoorselaere Yoann <yoann@mandrakesoft.com>
 #
 
+
 if [[ -f /etc/security/msec/init-sh/lib.sh ]]; then
     . /etc/security/msec/init-sh/lib.sh
 else
@@ -74,7 +75,7 @@ AddBegRules "/usr/X11R6/bin/xhost +" /etc/X11/xinit/xinitrc
 
 # Group
 echo "Adding system users to specific groups :"
-/etc/security/msec/init-sh/grpuser.sh --refresh
+/usr/share/msec/grpuser.sh --refresh
 echo -e "done.\n"
 
 # Boot on a shell / authorize ctrl-alt-del
diff --git a/init-sh/level1.sh b/init-sh/level1.sh
index 32d00f1..0c17880 100755
--- a/init-sh/level1.sh
+++ b/init-sh/level1.sh
@@ -5,9 +5,11 @@
 # Writen by Vandoorselaere Yoann <yoann@mandrakesoft.com>
 #
 
-if [[ -f /etc/security/msec/init-sh/lib.sh ]]; then
-    . /etc/security/msec/init-sh/lib.sh
+
+if [[ -f /usr/share/msec/lib.sh ]]; then
+    . /usr/share/msec/lib.sh
 else
+    echo "Can't find /usr/share/msec/lib.sh, exiting."
     exit 1
 fi
 
@@ -75,7 +77,7 @@ AddBegRules "/usr/X11R6/bin/xhost + localhost" /etc/X11/xinit/xinitrc
 
 # Group
 echo "Adding system users to specific groups :"
-/etc/security/msec/init-sh/grpuser.sh --refresh
+/usr/share/msec/grpuser.sh --refresh
 grpconv
 echo -e "done.\n"
 
diff --git a/init-sh/level2.sh b/init-sh/level2.sh
index e012f72..9348529 100755
--- a/init-sh/level2.sh
+++ b/init-sh/level2.sh
@@ -5,9 +5,12 @@
 # Writen by Vandoorselaere Yoann <yoann@mandrakesoft.com>
 #
 
-if [[ -f /etc/security/msec/init-sh/lib.sh ]]; then
-    . /etc/security/msec/init-sh/lib.sh
+
+
+if [[ -f /usr/share/msec/lib.sh ]]; then
+    . /usr/share/msec/lib.sh
 else
+    echo "Can't find /usr/share/msec/lib.sh, exiting."
     exit 1
 fi
 
@@ -74,7 +77,7 @@ AddBegRules "/usr/X11R6/bin/xhost + localhost" /etc/X11/xinit/xinitrc
 
 # group
 echo "Adding system users to specifics groups :"
-/etc/security/msec/init-sh/grpuser.sh --refresh
+/usr/share/msec/grpuser.sh --refresh
 grpconv
 echo -e "done.\n"
 
@@ -87,3 +90,5 @@ cat ${tmpfile} | \
     sed s'/ca::ctrlaltdel:\/sbin\/shutdown -a -t3 -r now/ca::ctrlaltdel:\/sbin\/shutdown -t3 -r now/' > /etc/inittab
 rm -f ${tmpfile}
 echo "done."
+
+
diff --git a/init-sh/level3.sh b/init-sh/level3.sh
index 1e78f93..bf53c66 100755
--- a/init-sh/level3.sh
+++ b/init-sh/level3.sh
@@ -5,13 +5,14 @@
 # Writen by Vandoorselaere Yoann <yoann@mandrakesoft.com>
 #
 
-if [[ -f /etc/security/msec/init-sh/lib.sh ]]; then
-    . /etc/security/msec/init-sh/lib.sh
+
+if [[ -f /usr/share/msec/lib.sh ]]; then
+    . /usr/share/msec/lib.sh
 else
+    echo "Can't find /usr/share/msec/lib.sh, exiting."
     exit 1
 fi
 
-# All events logged on tty12
 echo "Loging all messages on tty12 : "
 AddRules "*.* /dev/tty12" /etc/syslog.conf
 
@@ -59,7 +60,7 @@ echo -e "\t- Security warning in syslog : yes."
 
 # Crontab
 echo "Adding permission check in crontab (scheduled every midnight) :"
-AddRules "0 0 * * *    root    /etc/security/msec/cron-sh/security.sh" /etc/crontab
+AddRules "0 0 * * *    root    /usr/share/msec/security.sh" /etc/crontab
 
 # lilo update
 echo -n "Running lilo to record new config : "
diff --git a/init-sh/level4.sh b/init-sh/level4.sh
index 18d9aac..75a0e85 100755
--- a/init-sh/level4.sh
+++ b/init-sh/level4.sh
@@ -6,10 +6,10 @@
 # Writen by Vandoorselaere Yoann <yoann@mandrakesoft.com>
 #
 
-
-if [[ -f /etc/security/msec/init-sh/lib.sh ]]; then
-    . /etc/security/msec/init-sh/lib.sh
+if [[ -f /usr/share/msec/lib.sh ]]; then
+    . /usr/share/msec/lib.sh
 else
+    echo "Can't find /usr/share/msec/lib.sh, exiting."
     exit 1
 fi
 
@@ -68,10 +68,10 @@ echo -e "\t- Security warning in syslog : yes."
 
 # Check every 1 minutes for promisc problem
 echo "Adding promisc check in crontab (scheduled every minutes) :"
-AddRules "*/1 * * * *    root    /etc/security/msec/cron-sh/promisc_check.sh" /etc/crontab
+AddRules "*/1 * * * *    root    /usr/share/msec/promisc_check.sh" /etc/crontab
 
 echo "Adding \"diff\" & \"global\" security check in crontab (scheduled every midnight) :"
-AddRules "0 0 * * *    root    /etc/security/msec/cron-sh/security.sh" /etc/crontab
+AddRules "0 0 * * *    root    /usr/share/msec/security.sh" /etc/crontab
 
 # Do you want a password ?
 LiloUpdate;
@@ -88,7 +88,7 @@ IFS="
 "
 echo -n "Disabling all service, except : {"
 for service in `chkconfig --list | awk '{print $1}'`; do
-    if grep -qx ${service} /etc/security/msec/init-sh/server.4; then
+    if grep -qx ${service} /etc/security/msec/server.4; then
         echo -n " ${service}"
     fi
 done
diff --git a/init-sh/level5.sh b/init-sh/level5.sh
index 9e8af53..59dc413 100755
--- a/init-sh/level5.sh
+++ b/init-sh/level5.sh
@@ -5,8 +5,11 @@
 # Writen by Vandoorselaere Yoann <yoann@mandrakesoft.com>
 #
 
-if [[ -f /etc/security/msec/init-sh/lib.sh ]]; then
-    . /etc/security/msec/init-sh/lib.sh
+if [[ -f /usr/share/msec/lib.sh ]]; then
+    . /usr/share/msec/lib.sh
+else
+    echo "Can't find /usr/share/msec/lib.sh, exiting."
+    exit 1
 fi
 
 echo -e "Changing attribute of /var/log/* to append only...\n"
@@ -60,10 +63,10 @@ echo -e "\t- Security warning in syslog : yes."
 ################ Crontab things ###################
 # Check every 1 minutes for promisc problem 
 echo "Adding promisc check in crontab (scheduled every minutes) :"
-AddRules "*/1 * * * *    root    /etc/security/msec/cron-sh/promisc_check.sh" /etc/crontab
+AddRules "*/1 * * * *    root    /usr/share/msec/promisc_check.sh" /etc/crontab
 
 echo "Adding \"diff\" & \"global\" security check in crontab (scheduled every midnight) :"
-AddRules "0 0 * * *    root    /etc/security/msec/cron-sh/security.sh" /etc/crontab
+AddRules "0 0 * * *    root    /usr/share/msec/security.sh" /etc/crontab
 
 ###################################################
 
@@ -83,7 +86,7 @@ IFS="
 export SECURE_LEVEL=5
 echo -n "Disabling all service, except : {"
 for service in `chkconfig --list | awk '{print $1}'`; do
-	if grep -qx ${service} /etc/security/msec/init-sh/server.5; then
+	if grep -qx ${service} /etc/security/msec/server.5; then
 		echo -n " ${service}"
 	fi
 done
diff --git a/init-sh/lib.sh b/init-sh/lib.sh
index 920996f..7f55c7c 100644
--- a/init-sh/lib.sh
+++ b/init-sh/lib.sh
@@ -197,7 +197,7 @@ groupadd audio >& /dev/null
 groupadd xgrp >& /dev/null
 usermod -G xgrp xfs
 
-/etc/security/msec/init-sh/grpuser.sh --clean
+/usr/share/msec/grpuser.sh --clean
 echo
 
 
diff --git a/init-sh/init.sh b/init-sh/msec
index a748541..ee69564 100755
--- a/init-sh/init.sh
+++ b/init-sh/msec
@@ -8,14 +8,14 @@ fi
 
 
 if [[ ${1} == custom ]]; then
-	/etc/security/msec/init-sh/custom.sh
+	/usr/share/msec/custom.sh
 	exit 0;
 fi
 
-if [[ -f /etc/security/msec/init-sh/level$1.sh ]]; then
-    /etc/security/msec/init-sh/level$1.sh
-	if [[ -f /etc/security/msec/init-sh/perm.$1 ]]; then
-		/etc/security/msec/init-sh/file_perm.sh /etc/security/msec/init-sh/perm.$1
+if [[ -f /usr/share/msec/level$1.sh ]]; then
+	/usr/share/msec/level$1.sh
+	if [[ -f /usr/share/msec/perm.$1 ]]; then
+		/usr/share/msec/file_perm.sh /usr/share/msec/perm.$1
 	else
 		echo "Couldn't find the default permissions for level $1."
 	fi