aboutsummaryrefslogtreecommitdiffstats
path: root/init-sh/custom.sh
diff options
context:
space:
mode:
Diffstat (limited to 'init-sh/custom.sh')
-rwxr-xr-xinit-sh/custom.sh38
1 files changed, 19 insertions, 19 deletions
diff --git a/init-sh/custom.sh b/init-sh/custom.sh
index c6963a9..46ba9af 100755
--- a/init-sh/custom.sh
+++ b/init-sh/custom.sh
@@ -5,7 +5,7 @@
# Writen by Vandoorselaere Yoann <yoann@mandrakesoft.com>
#
-if [ -f /etc/security/msec/init-sh/lib.sh ]; then
+if [[ -f /etc/security/msec/init-sh/lib.sh ]]; then
. /etc/security/msec/init-sh/lib.sh
fi
@@ -15,24 +15,24 @@ clear
###
echo "Do you want your log file to be in append mode only ?"
WaitAnswer; clear
-if [ ${answer} == "yes" ]; then
+if [[ ${answer} == yes ]]; then
find /var/log/ -type f -exec chattr +a {} \;
fi
###
echo "Do you want all system events to be logged on tty12 ?"
WaitAnswer; clear
-if [ ${answer} == "yes" ]; then
+if [[ ${answer} == yes ]]; then
AddRules "*.* /dev/tty12" /etc/syslog.conf
fi
###
echo "Do you want to deny any machine to connect to yours ?"
WaitAnswer
-if [ ${answer} == "yes" ]; then
+if [[ ${answer} == yes ]]; then
echo "Do you want only localhost to be allowed ?"
WaitAnswer; clear
- if [ "${answer}" == "yes" ]; then
+ if [[ ${answer} == yes ]]; then
AddRules "ALL:ALL EXCEPT localhost:DENY" /etc/hosts.deny
else
AddRules "ALL:ALL:DENY" /etc/hosts.deny
@@ -42,7 +42,7 @@ fi
###
echo "Do you want root console login to be allowed ?"
WaitAnswer; clear
-if [ ${answer} == "yes" ]; then
+if [[ ${answer} == yes ]]; then
AddRules "tty1" /etc/securetty quiet
AddRules "tty2" /etc/securetty quiet
AddRules "tty3" /etc/securetty quiet
@@ -53,7 +53,7 @@ fi
###
echo "Do you want your system to daily check important security problem ?"
WaitAnswer; clear
-if [ ${answer} == "yes" ]; then
+if [[ ${answer} == yes ]]; then
AddRules "CHECK_SECURITY=yes" /etc/security/msec/security.conf
AddRules "0 0-23 * * * root nice --adjustment=+19 /etc/security/msec/cron-sh/security_check.sh" /etc/crontab
fi
@@ -61,7 +61,7 @@ fi
###
echo "Do you want your system to daily check new open port listening ?"
WaitAnswer; clear
-if [ ${answer} == "yes" ]; then
+if [[ ${answer} == yes ]]; then
AddRules "CHECK_OPEN_PORT=yes" /etc/security/msec/security.conf
AddRules "0 0-23 * * * root nice --adjustment=+19 /etc/security/msec/cron-sh/security_check.sh" /etc/crontab
AddRules "0 0-23 * * * root nice --adjustment=+19 /etc/security/msec/cron-sh/diff_check.sh" /etc/crontab
@@ -70,7 +70,7 @@ fi
###
echo "Do you want your system to check for grave permission problem on senssibles files ?"
WaitAnswer; clear
-if [ ${answer} == "yes" ]; then
+if [[ ${answer} == yes ]]; then
AddRules "CHECK_PERMS=yes" /etc/security/msec/security.conf
AddRules "0 0-23 * * * root nice --adjustment=+19 /etc/security/msec/cron-sh/security_check.sh" /etc/crontab
fi
@@ -78,7 +78,7 @@ fi
###
echo "Do you want your system to daily check SUID Root file change ?"
WaitAnswer; clear
-if [ ${answer} == "yes" ]; then
+if [[ ${answer} == yes ]]; then
AddRules "CHECK_SUID_ROOT=yes" /etc/security/msec/security.conf
AddRules "0 0-23 * * * root nice --adjustment=+19 /etc/security/msec/cron-sh/diff_check.sh" /etc/crontab
fi
@@ -86,7 +86,7 @@ fi
###
echo "Do you want your system to daily check suid files md5 checksum changes ?"
WaitAnswer; clear
-if [ ${answer} == "yes" ]; then
+if [[ ${answer} == yes ]]; then
AddRules "CHECK_SUID_MD5=yes" /etc/security/msec/security.conf
AddRules "0 0-23 * * * root nice --adjustment=+19 /etc/security/msec/cron-sh/diff_check.sh" /etc/crontab
fi
@@ -94,7 +94,7 @@ fi
###
echo "Do you want your system to daily check SUID Group file change ?"
WaitAnswer; clear
-if [ ${answer} == "yes" ]; then
+if [[ ${answer} == yes ]]; then
AddRules "CHECK_SUID_GROUP=yes" /etc/security/msec/security.conf
AddRules "0 0-23 * * * root nice --adjustment=+19 /etc/security/msec/cron-sh/diff_check.sh" /etc/crontab
fi
@@ -102,7 +102,7 @@ fi
###
echo "Do you want your system to daily check Writeable file change ?"
WaitAnswer; clear
-if [ ${answer} == "yes" ]; then
+if [[ ${answer} == yes ]]; then
AddRules "CHECK_WRITEABLE=yes" /etc/security/msec/security.conf
AddRules "0 0-23 * * * root nice --adjustment=+19 /etc/security/msec/cron-sh/diff_check.sh" /etc/crontab
fi
@@ -110,7 +110,7 @@ fi
###
echo "Do you want your system to daily check Unowned file change ?"
WaitAnswer; clear
-if [ ${answer} == "yes" ]; then
+if [[ ${answer} == yes ]]; then
AddRules "CHECK_UNOWNED=yes" /etc/security/msec/security.conf
AddRules "0 0-23 * * * root nice --adjustment=+19 /etc/security/msec/cron-sh/diff_check.sh" /etc/crontab
fi
@@ -119,7 +119,7 @@ fi
echo "Do you want your system to verify every minutes if a network interface"
echo "is in promiscuous state (which mean someone is probably running a sniffer on your machine ) ?"
WaitAnswer; clear
-if [ ${answer} == "yes" ]; then
+if [[ ${answer} == yes ]]; then
AddRules "CHECK_PROMISC=yes" /etc/security/msec/security.conf
AddRules "*/1 * * * * root nice --adjustment=+19 /etc/security/msec/cron-sh/promisc_check.sh" /etc/crontab
fi
@@ -132,7 +132,7 @@ LiloUpdate;
echo "Do you want to disable your running server ( except important one )"
echo "This is only valuable for server installed with rpm."
WaitAnswer; clear
-if [ ${answer} == "yes" ]; then
+if [[ ${answer} == yes ]]; then
echo -n "Disabling all service, except : {"
chkconfig --list | awk '{print $1}' | while read service; do
if grep -qx ${service} /etc/security/msec/init-sh/server.4; then
@@ -155,7 +155,7 @@ echo "Do you want to disallow rpm to automatically enable a new installed server
echo "yes = you will need to chkconfig (--add ) servername for the server to run on boot."
echo "no = rpm will do it for you, but you have less control of what is running on your machine."
WaitAnswer; clear
-if [ "${answer}" == "yes" ]; then
+if [[ ${answer} == yes ]; then
export SECURE_LEVEL="4"
AddRules "SECURE_LEVEL=\"4\"" /etc/profile
else
@@ -182,7 +182,7 @@ case "${answer}" in
AddRules "umask 022" /etc/profile
;;
"restricted")
- AddRules "if [ \${UID} == 0 ]; then umask 022; else umask 077; fi" /etc/profile
+ AddRules "if [[ \${UID} == 0 ]]; then umask 022; else umask 077; fi" /etc/profile
;;
"paranoid")
AddRules "umask 077" /etc/profile
@@ -194,7 +194,7 @@ echo "Do you want a "." in your PATH variable ?"
echo "This permit you to not use ./progname & to just type progname"
echo "However this is a *high* security risk."
WaitAnswer; clear
-if [ ${answer} == "yes" ]; then
+if [[ ${answer} == yes ]]; then
AddRules "PATH=\$PATH:/usr/X11R6/bin:/usr/games:." /etc/profile
else
AddRules "PATH=\$PATH:/usr/X11R6/bin:/usr/games" /etc/profile