aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--ChangeLog1
-rwxr-xr-xinit-sh/level0.sh14
-rwxr-xr-xinit-sh/level1.sh11
-rwxr-xr-xinit-sh/level2.sh11
-rwxr-xr-xinit-sh/level3.sh13
-rwxr-xr-xinit-sh/level4.sh11
-rwxr-xr-xinit-sh/level5.sh15
-rw-r--r--init-sh/lib.sh1
-rw-r--r--msec.spec9
9 files changed, 52 insertions, 34 deletions
diff --git a/ChangeLog b/ChangeLog
index 282d95f..b33063d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,5 @@
1999-12-16 Yoann Vandoorselaere <yoann@mandrakesoft.com>
+ * Don't use msec parsing routine to hack inittab.
* Indentation problem should be corrected
* All debug finished, changing secure.tmp to a mktemp
allocated tmpfile for symlink security.
diff --git a/init-sh/level0.sh b/init-sh/level0.sh
index 62904ac..5f4d66b 100755
--- a/init-sh/level0.sh
+++ b/init-sh/level0.sh
@@ -55,10 +55,6 @@ echo -n "Running lilo to record new config : "
/sbin/lilo >& /dev/null
echo -e "done.\n"
-# /etc/inittab
-echo "Enabling direct console access : "
-AddRules "1:2345:respawn:/bin/bash --login" /etc/inittab
-
# /etc/profile
export SECURE_LEVEL=0
echo "Setting secure level variable to 0 :"
@@ -79,8 +75,12 @@ echo "Adding system users to specific groups :"
/etc/security/msec/init-sh/grpuser.sh --refresh
echo -e "done.\n"
-
-
-
+# Boot on a shell
+echo -n "Setting up inittab to spawn a shell without asking a passwd : "
+tmpfile=`mktemp /tmp/secure.XXXXXX`
+cp /etc/inittab ${tmpfile}
+cat ${tmpfile} | sed s'/\/sbin\/mingetty tty1/\/bin\/bash --login/' > /etc/inittab
+rm -f ${tmpfile}
+echo "done."
diff --git a/init-sh/level1.sh b/init-sh/level1.sh
index a7ce877..571f470 100755
--- a/init-sh/level1.sh
+++ b/init-sh/level1.sh
@@ -55,10 +55,6 @@ echo -n "Running lilo to record new config : "
/sbin/lilo >& /dev/null
echo -e "done.\n"
-# /etc/inittab
-echo "Disabling direct console access : "
-AddRules "1:2345:respawn:/sbin/mingetty tty1" /etc/inittab
-
# /etc/profile
export SECURE_LEVEL=1
echo "Setting secure level variable to 1 :"
@@ -80,6 +76,13 @@ echo "Adding system users to specific groups :"
/etc/security/msec/init-sh/grpuser.sh --refresh
echo -e "done.\n"
+# Do not boot on a shell
+echo -n "Setting up inittab to ask a passwd on boot : "
+tmpfile=`mktemp /tmp/secure.XXXXXX`
+cp /etc/inittab ${tmpfile}
+cat ${tmpfile} | sed s'/\/bin\/bash --login/\/sbin\/mingetty tty1/' > /etc/inittab
+rm -f ${tmpfile}
+echo "done."
diff --git a/init-sh/level2.sh b/init-sh/level2.sh
index 1760873..c663f25 100755
--- a/init-sh/level2.sh
+++ b/init-sh/level2.sh
@@ -55,10 +55,6 @@ echo -n "Running lilo to record new config : "
/sbin/lilo
echo -e "done.\n"
-# /etc/inittab
-echo "Disabling direct console access : "
-AddRules "1:2345:respawn:/sbin/mingetty tty1" /etc/inittab
-
# /etc/profile
export SECURE_LEVEL=2
echo "Setting secure level variable to 2 :"
@@ -79,3 +75,10 @@ echo "Adding system users to specifics groups :"
/etc/security/msec/init-sh/grpuser.sh --refresh
echo -e "done.\n"
+# Do not boot on a shell
+echo -n "Setting up inittab to ask a passwd on boot : "
+tmpfile=`mktemp /tmp/secure.XXXXXX`
+cp /etc/inittab ${tmpfile}
+cat ${tmpfile} | sed s'/\/bin\/bash --login/\/sbin\/mingetty tty1/' > /etc/inittab
+rm -f ${tmpfile}
+echo "done."
diff --git a/init-sh/level3.sh b/init-sh/level3.sh
index acf8483..8027034 100755
--- a/init-sh/level3.sh
+++ b/init-sh/level3.sh
@@ -64,10 +64,6 @@ echo -n "Running lilo to record new config : "
/sbin/lilo >& /dev/null
echo -e "done.\n"
-# /etc/inittab
-echo "Disabling direct console access : "
-AddRules "1:2345:respawn:/sbin/mingetty tty1" /etc/inittab
-
# /etc/profile
export SECURE_LEVEL=3
echo "Setting secure level variable to 3 :"
@@ -77,3 +73,12 @@ AddRules "umask 022" /etc/profile
echo "Adding a \"normal\" PATH variable : "
AddRules "PATH=\$PATH:/usr/X11R6/bin:/usr/games" /etc/profile quiet
AddRules "export PATH SECURE_LEVEL" /etc/profile
+
+# Do not boot on a shell
+echo -n "Setting up inittab to ask a passwd on boot : "
+tmpfile=`mktemp /tmp/secure.XXXXXX`
+cp /etc/inittab ${tmpfile}
+cat ${tmpfile} | sed s'/\/bin\/bash --login/\/sbin\/mingetty tty1/' > /etc/inittab
+rm -f ${tmpfile}
+echo "done."
+
diff --git a/init-sh/level4.sh b/init-sh/level4.sh
index 212c3f8..e1bf56d 100755
--- a/init-sh/level4.sh
+++ b/init-sh/level4.sh
@@ -79,10 +79,6 @@ echo -n "Running lilo to record new config : "
/sbin/lilo >& /dev/null
echo -e "done.\n"
-# /etc/inittab
-echo "Disabling direct console access : "
-AddRules "1:2345:respawn:/sbin/mingetty tty1" /etc/inittab
-
# Server update
echo "Setting secure level variable to 4 :"
AddRules "SECURE_LEVEL=4" /etc/profile
@@ -113,3 +109,10 @@ echo "Adding \"normal\" PATH variable :"
AddRules "PATH=\$PATH:/usr/X11R6/bin:/usr/games" /etc/profile quiet
AddRules "export PATH SECURE_LEVEL" /etc/profile
+# Do not boot on a shell
+echo -n "Setting up inittab to ask a passwd on boot : "
+tmpfile=`mktemp /tmp/secure.XXXXXX`
+cp /etc/inittab ${tmpfile}
+cat ${tmpfile} | sed s'/\/bin\/bash --login/\/sbin\/mingetty tty1/' > /etc/inittab
+rm -f ${tmpfile}
+echo "done." \ No newline at end of file
diff --git a/init-sh/level5.sh b/init-sh/level5.sh
index eaa06fe..e443488 100755
--- a/init-sh/level5.sh
+++ b/init-sh/level5.sh
@@ -73,10 +73,6 @@ echo -n "Running lilo to record new config : "
/sbin/lilo >& /dev/null
echo -e "done.\n"
-# /etc/inittab
-echo "Disabling direct console access : "
-AddRules "1:2345:respawn:/sbin/mingetty tty1" /etc/inittab
-
# Disable all server :
echo "Setting secure level variable to 5 :"
AddRules "SECURE_LEVEL=5" /etc/profile
@@ -107,6 +103,14 @@ echo "Adding \"normal\" PATH variable :"
AddRules "PATH=\$PATH:/usr/X11R6/bin" /etc/profile quiet
AddRules "export PATH SECURE_LEVEL" /etc/profile
+# Do not boot on a shell
+echo -n "Setting up inittab to ask a passwd on boot : "
+tmpfile=`mktemp /tmp/secure.XXXXXX`
+cp /etc/inittab ${tmpfile}
+cat ${tmpfile} | sed s'/\/bin\/bash --login/\/sbin\/mingetty tty1/' > /etc/inittab
+rm -f ${tmpfile}
+echo "done."
+
echo
echo "You are now running your system in security level 5,"
echo "All services are disabled : try the chkconfig to enable one..."
@@ -131,6 +135,3 @@ echo
-
-
-
diff --git a/init-sh/lib.sh b/init-sh/lib.sh
index e523f5a..71af4c7 100644
--- a/init-sh/lib.sh
+++ b/init-sh/lib.sh
@@ -188,7 +188,6 @@ fi
clear
echo "Preparing to run security script : "
-CleanRules /etc/inittab
CleanRules /etc/syslog.conf
CleanRules /etc/hosts.deny
CommentUserRules /etc/hosts.deny
diff --git a/msec.spec b/msec.spec
index 7735aca..f95f9a2 100644
--- a/msec.spec
+++ b/msec.spec
@@ -1,8 +1,8 @@
Summary: Security Level & Program for the Linux Mandrake distribution
Name: msec
-Version: 0.7
-Release: 4mdk
-Source: msec-0.7.tar.bz2
+Version: 0.8
+Release: 2mdk
+Source: msec-0.8.tar.bz2
Copyright: GPL
Group: System Environment/Base
BuildRoot: /var/tmp/msec
@@ -36,6 +36,9 @@ rm -rf $RPM_BUILD_ROOT
%changelog
* Thu Dec 16 1999 Yoann Vandoorselaere <yoann@mandrakesoft.com>
+- Don't use msec parsing routine to hack inittab
+
+* Thu Dec 16 1999 Yoann Vandoorselaere <yoann@mandrakesoft.com>
- Fixed the last AddBegRules() problem.
- Indentation problem should be fixed.
- All debug finished, changing secure.tmp to a mktemp