aboutsummaryrefslogtreecommitdiffstats
path: root/init-sh/lib.sh
diff options
context:
space:
mode:
authorFrederic Lepied <flepied@mandriva.com>2001-08-09 08:10:59 +0000
committerFrederic Lepied <flepied@mandriva.com>2001-08-09 08:10:59 +0000
commit7c4523ed3de1cb0e5ea25d8e452c946232449ed4 (patch)
treea6c690d0e4382b47f92173d3f5821bf560951e6b /init-sh/lib.sh
parent2672f03b09c111a536856390cb5430b0fb4a6579 (diff)
downloadmsec-7c4523ed3de1cb0e5ea25d8e452c946232449ed4.tar
msec-7c4523ed3de1cb0e5ea25d8e452c946232449ed4.tar.gz
msec-7c4523ed3de1cb0e5ea25d8e452c946232449ed4.tar.bz2
msec-7c4523ed3de1cb0e5ea25d8e452c946232449ed4.tar.xz
msec-7c4523ed3de1cb0e5ea25d8e452c946232449ed4.zip
merge back 0.15-17mdk in CVS
Diffstat (limited to 'init-sh/lib.sh')
-rw-r--r--init-sh/lib.sh88
1 files changed, 82 insertions, 6 deletions
diff --git a/init-sh/lib.sh b/init-sh/lib.sh
index 2c7009c..1be738a 100644
--- a/init-sh/lib.sh
+++ b/init-sh/lib.sh
@@ -222,6 +222,81 @@ CleanLoaderRules() {
fi
}
+AllowAutologin() {
+ file=/etc/sysconfig/autologin
+ if [[ -f ${file} ]]; then
+ grep -v AUTOLOGIN < ${file} > ${file}.new
+ echo "AUTOLOGIN=yes" >> ${file}.new
+ mv -f ${file}.new ${file}
+ fi
+}
+
+ForbidAutologin() {
+ file=/etc/sysconfig/autologin
+ if [[ -f ${file} ]]; then
+ cat ${file} | grep -v AUTOLOGIN > ${file}.new
+ echo "AUTOLOGIN=no" >> ${file}.new
+ mv -f ${file}.new ${file}
+ fi
+}
+
+ForbidUserList() {
+ file=/usr/share/config/kdmrc
+ if [[ -f ${file} ]]; then
+ perl -pi -e 's/^UserView=.*$/UserView=false/' ${file}
+ fi
+
+ file=/etc/X11/gdm/gdm.conf
+ if [[ -f ${file} ]]; then
+ perl -pi -e 's/^Browser=.*$/Browser=0/' ${file}
+ fi
+}
+
+AllowUserList() {
+ file=/usr/share/config/kdmrc
+ if [[ -f ${file} ]]; then
+ perl -pi -e 's/^UserView=.*$/UserView=true/' ${file}
+ fi
+
+ file=/etc/X11/gdm/gdm.conf
+ if [[ -f ${file} ]]; then
+ perl -pi -e 's/^Browser=.*$/Browser=1/' ${file}
+ fi
+}
+
+ForbidReboot() {
+ echo -n "Setting up inittab to deny any user to issue ctrl-alt-del : "
+ tmpfile=`mktemp /tmp/secure.XXXXXX`
+ cp /etc/inittab ${tmpfile}
+ cat ${tmpfile} | \
+ sed s'/\/bin\/bash --login/\/sbin\/mingetty tty1/' | \
+ sed s'/ca::ctrlaltdel:\/sbin\/shutdown -t3 -r now/ca::ctrlaltdel:\/sbin\/shutdown -a -t3 -r now/' > /etc/inittab
+ rm -f ${tmpfile}
+ [ -z "$DURING_INSTALL" ] && telinit u
+ echo "done."
+ echo -n "Forbid console users to reboot/shutdown : "
+ for pamfile in /etc/security/console.apps/{shutdown,poweroff,reboot,halt} ; do
+ rm -f ${pamfile} 2>&1 > /dev/null
+ done
+ echo "done."
+}
+
+AllowReboot() {
+ echo -n "Setting up inittab to authorize any user to issue ctrl-alt-del : "
+ tmpfile=`mktemp /tmp/secure.XXXXXX`
+ cp /etc/inittab ${tmpfile}
+ cat ${tmpfile} | \
+ sed s'/ca::ctrlaltdel:\/sbin\/shutdown -a -t3 -r now/ca::ctrlaltdel:\/sbin\/shutdown -t3 -r now/' > /etc/inittab
+ rm -f ${tmpfile}
+ [ -z "$DURING_INSTALL" ] && telinit u
+ echo "done."
+ echo -n "Allow console users to reboot/shutdown : "
+ for pamfile in /etc/security/console.apps/{shutdown,poweroff,reboot,halt} ; do
+ touch -f ${pamfile}
+ done
+ echo "done."
+}
+
# If we are currently installing our
# system with DrakX, we don't ask anything to the user...
# Instead, DrakX do it and give us a file with some variable.
@@ -250,8 +325,13 @@ CleanRules /etc/logrotate.conf
CleanRules /etc/rc.d/rc.local
CleanRules /etc/rc.d/rc.firewall
CleanRules /etc/crontab
-CleanRules /etc/X11/xdm/Xsession
-CleanRules /etc/X11/xinit/xinitrc
+
+if [[ -f /etc/X11/xinit.d/msec ]]; then
+ CleanRules /etc/X11/xinit.d/msec
+else
+ touch /etc/X11/xinit.d/msec
+ chmod 755 /etc/X11/xinit.d/msec
+fi
echo -e "\nStarting to reconfigure the system : "
# For all secure level
@@ -266,10 +346,6 @@ groupadd xgrp >& /dev/null
groupadd ntools >& /dev/null
groupadd ctools >& /dev/null
-#Fix the big security hole introduced in cooker
-userdel mandrake >& /dev/null
-groupdel mandrake >& /dev/null
-
usermod -G xgrp xfs
/usr/share/msec/grpuser.sh --clean