diff options
Diffstat (limited to 'init-sh/custom.sh')
-rwxr-xr-x | init-sh/custom.sh | 38 |
1 files changed, 19 insertions, 19 deletions
diff --git a/init-sh/custom.sh b/init-sh/custom.sh index c6963a9..46ba9af 100755 --- a/init-sh/custom.sh +++ b/init-sh/custom.sh @@ -5,7 +5,7 @@ # Writen by Vandoorselaere Yoann <yoann@mandrakesoft.com> # -if [ -f /etc/security/msec/init-sh/lib.sh ]; then +if [[ -f /etc/security/msec/init-sh/lib.sh ]]; then . /etc/security/msec/init-sh/lib.sh fi @@ -15,24 +15,24 @@ clear ### echo "Do you want your log file to be in append mode only ?" WaitAnswer; clear -if [ ${answer} == "yes" ]; then +if [[ ${answer} == yes ]]; then find /var/log/ -type f -exec chattr +a {} \; fi ### echo "Do you want all system events to be logged on tty12 ?" WaitAnswer; clear -if [ ${answer} == "yes" ]; then +if [[ ${answer} == yes ]]; then AddRules "*.* /dev/tty12" /etc/syslog.conf fi ### echo "Do you want to deny any machine to connect to yours ?" WaitAnswer -if [ ${answer} == "yes" ]; then +if [[ ${answer} == yes ]]; then echo "Do you want only localhost to be allowed ?" WaitAnswer; clear - if [ "${answer}" == "yes" ]; then + if [[ ${answer} == yes ]]; then AddRules "ALL:ALL EXCEPT localhost:DENY" /etc/hosts.deny else AddRules "ALL:ALL:DENY" /etc/hosts.deny @@ -42,7 +42,7 @@ fi ### echo "Do you want root console login to be allowed ?" WaitAnswer; clear -if [ ${answer} == "yes" ]; then +if [[ ${answer} == yes ]]; then AddRules "tty1" /etc/securetty quiet AddRules "tty2" /etc/securetty quiet AddRules "tty3" /etc/securetty quiet @@ -53,7 +53,7 @@ fi ### echo "Do you want your system to daily check important security problem ?" WaitAnswer; clear -if [ ${answer} == "yes" ]; then +if [[ ${answer} == yes ]]; then AddRules "CHECK_SECURITY=yes" /etc/security/msec/security.conf AddRules "0 0-23 * * * root nice --adjustment=+19 /etc/security/msec/cron-sh/security_check.sh" /etc/crontab fi @@ -61,7 +61,7 @@ fi ### echo "Do you want your system to daily check new open port listening ?" WaitAnswer; clear -if [ ${answer} == "yes" ]; then +if [[ ${answer} == yes ]]; then AddRules "CHECK_OPEN_PORT=yes" /etc/security/msec/security.conf AddRules "0 0-23 * * * root nice --adjustment=+19 /etc/security/msec/cron-sh/security_check.sh" /etc/crontab AddRules "0 0-23 * * * root nice --adjustment=+19 /etc/security/msec/cron-sh/diff_check.sh" /etc/crontab @@ -70,7 +70,7 @@ fi ### echo "Do you want your system to check for grave permission problem on senssibles files ?" WaitAnswer; clear -if [ ${answer} == "yes" ]; then +if [[ ${answer} == yes ]]; then AddRules "CHECK_PERMS=yes" /etc/security/msec/security.conf AddRules "0 0-23 * * * root nice --adjustment=+19 /etc/security/msec/cron-sh/security_check.sh" /etc/crontab fi @@ -78,7 +78,7 @@ fi ### echo "Do you want your system to daily check SUID Root file change ?" WaitAnswer; clear -if [ ${answer} == "yes" ]; then +if [[ ${answer} == yes ]]; then AddRules "CHECK_SUID_ROOT=yes" /etc/security/msec/security.conf AddRules "0 0-23 * * * root nice --adjustment=+19 /etc/security/msec/cron-sh/diff_check.sh" /etc/crontab fi @@ -86,7 +86,7 @@ fi ### echo "Do you want your system to daily check suid files md5 checksum changes ?" WaitAnswer; clear -if [ ${answer} == "yes" ]; then +if [[ ${answer} == yes ]]; then AddRules "CHECK_SUID_MD5=yes" /etc/security/msec/security.conf AddRules "0 0-23 * * * root nice --adjustment=+19 /etc/security/msec/cron-sh/diff_check.sh" /etc/crontab fi @@ -94,7 +94,7 @@ fi ### echo "Do you want your system to daily check SUID Group file change ?" WaitAnswer; clear -if [ ${answer} == "yes" ]; then +if [[ ${answer} == yes ]]; then AddRules "CHECK_SUID_GROUP=yes" /etc/security/msec/security.conf AddRules "0 0-23 * * * root nice --adjustment=+19 /etc/security/msec/cron-sh/diff_check.sh" /etc/crontab fi @@ -102,7 +102,7 @@ fi ### echo "Do you want your system to daily check Writeable file change ?" WaitAnswer; clear -if [ ${answer} == "yes" ]; then +if [[ ${answer} == yes ]]; then AddRules "CHECK_WRITEABLE=yes" /etc/security/msec/security.conf AddRules "0 0-23 * * * root nice --adjustment=+19 /etc/security/msec/cron-sh/diff_check.sh" /etc/crontab fi @@ -110,7 +110,7 @@ fi ### echo "Do you want your system to daily check Unowned file change ?" WaitAnswer; clear -if [ ${answer} == "yes" ]; then +if [[ ${answer} == yes ]]; then AddRules "CHECK_UNOWNED=yes" /etc/security/msec/security.conf AddRules "0 0-23 * * * root nice --adjustment=+19 /etc/security/msec/cron-sh/diff_check.sh" /etc/crontab fi @@ -119,7 +119,7 @@ fi echo "Do you want your system to verify every minutes if a network interface" echo "is in promiscuous state (which mean someone is probably running a sniffer on your machine ) ?" WaitAnswer; clear -if [ ${answer} == "yes" ]; then +if [[ ${answer} == yes ]]; then AddRules "CHECK_PROMISC=yes" /etc/security/msec/security.conf AddRules "*/1 * * * * root nice --adjustment=+19 /etc/security/msec/cron-sh/promisc_check.sh" /etc/crontab fi @@ -132,7 +132,7 @@ LiloUpdate; echo "Do you want to disable your running server ( except important one )" echo "This is only valuable for server installed with rpm." WaitAnswer; clear -if [ ${answer} == "yes" ]; then +if [[ ${answer} == yes ]]; then echo -n "Disabling all service, except : {" chkconfig --list | awk '{print $1}' | while read service; do if grep -qx ${service} /etc/security/msec/init-sh/server.4; then @@ -155,7 +155,7 @@ echo "Do you want to disallow rpm to automatically enable a new installed server echo "yes = you will need to chkconfig (--add ) servername for the server to run on boot." echo "no = rpm will do it for you, but you have less control of what is running on your machine." WaitAnswer; clear -if [ "${answer}" == "yes" ]; then +if [[ ${answer} == yes ]; then export SECURE_LEVEL="4" AddRules "SECURE_LEVEL=\"4\"" /etc/profile else @@ -182,7 +182,7 @@ case "${answer}" in AddRules "umask 022" /etc/profile ;; "restricted") - AddRules "if [ \${UID} == 0 ]; then umask 022; else umask 077; fi" /etc/profile + AddRules "if [[ \${UID} == 0 ]]; then umask 022; else umask 077; fi" /etc/profile ;; "paranoid") AddRules "umask 077" /etc/profile @@ -194,7 +194,7 @@ echo "Do you want a "." in your PATH variable ?" echo "This permit you to not use ./progname & to just type progname" echo "However this is a *high* security risk." WaitAnswer; clear -if [ ${answer} == "yes" ]; then +if [[ ${answer} == yes ]]; then AddRules "PATH=\$PATH:/usr/X11R6/bin:/usr/games:." /etc/profile else AddRules "PATH=\$PATH:/usr/X11R6/bin:/usr/games" /etc/profile |