aboutsummaryrefslogtreecommitdiffstats
path: root/init-sh/level0.sh
diff options
context:
space:
mode:
authorYoann Vandoorselaere <yoann@mandriva.com>1999-12-09 16:20:34 +0000
committerYoann Vandoorselaere <yoann@mandriva.com>1999-12-09 16:20:34 +0000
commitaad00cebf45cee2de6b3ffc131d9a639e04dcd07 (patch)
tree4f93343acecfbaef7e84cef76304d0824faaf01e /init-sh/level0.sh
parentef15781a75317a4e540d5a5795039a08a11d2ca9 (diff)
downloadmsec-aad00cebf45cee2de6b3ffc131d9a639e04dcd07.tar
msec-aad00cebf45cee2de6b3ffc131d9a639e04dcd07.tar.gz
msec-aad00cebf45cee2de6b3ffc131d9a639e04dcd07.tar.bz2
msec-aad00cebf45cee2de6b3ffc131d9a639e04dcd07.tar.xz
msec-aad00cebf45cee2de6b3ffc131d9a639e04dcd07.zip
*** empty log message ***
Diffstat (limited to 'init-sh/level0.sh')
-rwxr-xr-xinit-sh/level0.sh80
1 files changed, 80 insertions, 0 deletions
diff --git a/init-sh/level0.sh b/init-sh/level0.sh
new file mode 100755
index 0000000..a0cd43c
--- /dev/null
+++ b/init-sh/level0.sh
@@ -0,0 +1,80 @@
+#!/bin/bash
+
+#
+# Security level implementation...
+# Writen by Vandoorselaere Yoann <yoann@mandrakesoft.com>
+#
+
+if [ -f /etc/security/msec/init-sh/lib.sh ]; then
+ . /etc/security/msec/init-sh/lib.sh
+else
+ exit 1
+fi
+
+# login as root on console granted...
+echo "Login as root is granted :"
+AddRules "tty1" /etc/securetty quiet
+AddRules "tty2" /etc/securetty quiet
+AddRules "tty3" /etc/securetty quiet
+AddRules "tty4" /etc/securetty quiet
+AddRules "tty5" /etc/securetty quiet
+AddRules "tty6" /etc/securetty
+
+# Security check
+echo "Updating file check variable : "
+echo -e "\t- Check security : yes."
+ AddRules "CHECK_SECURITY=yes" /etc/security/msec/security.conf quiet
+echo -e "\t- Check important permissions : no."
+ AddRules "CHECK_PERMS=no" /etc/security/msec/security.conf quiet
+echo -e "\t- Check suid root file : no."
+ AddRules "CHECK_SUID_ROOT=no" /etc/security/msec/security.conf quiet
+echo -e "\t- Check suid root file integrity (backdoor check) : no."
+ AddRules "CHECK_SUID_MD5=no" /etc/security/msec/security.conf quiet
+echo -e "\t- Check suid group file : no."
+ AddRules "CHECK_SUID_GROUP=no" /etc/security/msec/security.conf quiet
+echo -e "\t- Check world writable file : no."
+ AddRules "CHECK_WRITEABLE=no" /etc/security/msec/security.conf quiet
+echo -e "\t- Check unowned file : no."
+ AddRules "CHECK_UNOWNED=no" /etc/security/msec/security.conf quiet
+echo -e "\t- Check promiscuous mode : no."
+ AddRules "CHECK_PROMISC=no" /etc/security/msec/security.conf quiet
+echo -e "\t- Check listening port : no."
+ AddRules "CHECK_OPEN_PORT=no" /etc/security/msec/security.conf quiet
+echo -e "\t- Check passwd file integrity : no."
+ AddRules "CHECK_PASSWD=no" /etc/security/msec/security.conf quiet
+echo -e "\t- Check shadow file integrity : no."
+ AddRules "CHECK_SHADOW=no" /etc/security/msec/security.conf quiet
+echo -e "\t- Security warning on tty : \"no\" :"
+ AddRules "TTY_WARN=no" /etc/security/msec/security.conf quiet
+echo -e "\t- Security warning in syslog : \"no\" :"
+ AddRules "SYSLOG_WARN=no" /etc/security/msec/security.conf
+# end security check
+
+# lilo update
+echo -n "Running lilo to record new config : "
+/sbin/lilo >& /dev/null
+echo -e "done.\n"
+
+# /etc/profile
+export SECURE_LEVEL=1
+echo "Setting secure level variable to 1 :"
+AddRules "SECURE_LEVEL=1" /etc/profile
+echo "Setting umask to 002 (u=rw,g=rw,o=r) :"
+AddRules "umask 002" /etc/profile
+echo "Adding \"non secure\" PATH variable :"
+AddRules "PATH=\$PATH:/usr/X11R6/bin:/usr/games:." /etc/profile quiet
+AddRules "export PATH SECURE_LEVEL" /etc/profile
+
+# Group
+echo -n "Adding \"${DRAKX_USERS}\" to audio group :"
+for user in ${DRAKX_USERS}; do
+ usermod -G audio "${user}"
+done
+echo "done."
+
+
+
+
+
+
+