aboutsummaryrefslogtreecommitdiffstats
path: root/init-sh/level3.sh
diff options
context:
space:
mode:
Diffstat (limited to 'init-sh/level3.sh')
-rwxr-xr-xinit-sh/level3.sh103
1 files changed, 0 insertions, 103 deletions
diff --git a/init-sh/level3.sh b/init-sh/level3.sh
deleted file mode 100755
index 83fccf8..0000000
--- a/init-sh/level3.sh
+++ /dev/null
@@ -1,103 +0,0 @@
-#!/bin/bash
-
-#
-# Security level implementation...
-# Writen by Vandoorselaere Yoann <yoann@mandrakesoft.com>
-#
-
-
-if [[ -f /usr/share/msec/lib.sh ]]; then
- . /usr/share/msec/lib.sh
-else
- echo "Can't find /usr/share/msec/lib.sh, exiting."
- exit 1
-fi
-
-echo "Loging all messages on tty12 : "
-AddRules "*.* /dev/tty12" /etc/syslog.conf
-
-# login as root from the console allowed
-echo "Login as root is allowed (on the console) : "
-AddRules "tty1" /etc/securetty quiet
-AddRules "tty2" /etc/securetty quiet
-AddRules "tty3" /etc/securetty quiet
-AddRules "tty4" /etc/securetty quiet
-AddRules "tty5" /etc/securetty quiet
-AddRules "tty6" /etc/securetty
-AddRules "vc/1" /etc/securetty quiet
-AddRules "vc/2" /etc/securetty quiet
-AddRules "vc/3" /etc/securetty quiet
-AddRules "vc/4" /etc/securetty quiet
-AddRules "vc/5" /etc/securetty quiet
-AddRules "vc/6" /etc/securetty
-
-# Security check
-echo "Updating file check variable : "
-echo -e "\t- Check security : yes."
- AddRules "CHECK_SECURITY=yes" /etc/security/msec/security.conf quiet
-echo -e "\t- Check important permissions : yes."
- AddRules "CHECK_PERMS=yes" /etc/security/msec/security.conf quiet
-echo -e "\t- Check suid root file : yes."
- AddRules "CHECK_SUID_ROOT=yes" /etc/security/msec/security.conf quiet
-echo -e "\t- Check suid root file integrity (backdoor check) : yes."
- AddRules "CHECK_SUID_MD5=yes" /etc/security/msec/security.conf quiet
-echo -e "\t- Check suid group file : yes."
- AddRules "CHECK_SUID_GROUP=yes" /etc/security/msec/security.conf quiet
-echo -e "\t- Check world writable file : yes."
- AddRules "CHECK_WRITEABLE=yes" /etc/security/msec/security.conf quiet
-echo -e "\t- Check unowned file : no."
- AddRules "CHECK_UNOWNED=no" /etc/security/msec/security.conf quiet
-echo -e "\t- Check promiscuous mode : no."
- AddRules "CHECK_PROMISC=no" /etc/security/msec/security.conf quiet
-echo -e "\t- Check listening port : yes."
- AddRules "CHECK_OPEN_PORT=yes" /etc/security/msec/security.conf quiet
-echo -e "\t- Check passwd file integrity : yes."
- AddRules "CHECK_PASSWD=yes" /etc/security/msec/security.conf quiet
-echo -e "\t- Check shadow file integrity : yes."
- AddRules "CHECK_SHADOW=yes" /etc/security/msec/security.conf quiet
-echo -e "\t- Security warning on tty : yes."
- AddRules "TTY_WARN=no" /etc/security/msec/security.conf quiet
-echo -e "\t- Security warning by mail : yes."
- AddRules "MAIL_WARN=yes" /etc/security/msec/security.conf quiet
- AddRules "MAIL_USER=root" /etc/security/msec/security.conf quiet
-echo -e "\t- Security warning in syslog : yes."
- AddRules "SYSLOG_WARN=yes" /etc/security/msec/security.conf
-# end security check
-
-# Crontab
-echo "Adding permission check in crontab (scheduled every midnight) :"
-AddRules "0 4 * * * root /usr/share/msec/security.sh" /etc/crontab
-
-export SECURE_LEVEL=3
-echo "Setting secure level variable to 3 :"
-AddRules "SECURE_LEVEL=3" /etc/sysconfig/msec
-
-echo "Setting umask to 022 (u=rw,g=r,o=r) :"
-AddRules "UMASK_ROOT=022" /etc/sysconfig/msec
-AddRules "UMASK_USER=022" /etc/sysconfig/msec
-
-# icmp echo
-echo "Enabling icmp echo :"
-AddRules "net.ipv4.icmp_echo_ignore_all=0" /etc/sysctl.conf
-AddRules "net.ipv4.icmp_echo_ignore_broadcasts=1" /etc/sysctl.conf
-
-# bad error
-echo "Enabling bad error message Protection :"
-AddRules "net.ipv4.icmp_ignore_bogus_error_responses=1" /etc/sysctl.conf
-
-# log strange packets
-echo "Enabling logging Spoofed Packets, Source Routed Packets, Redirect Packets :"
-AddRules "net.ipv4.conf.all.log_martians=1" /etc/sysctl.conf
-
-LoadSysctl
-
-# Do not boot on a shell
-AllowReboot
-
-ForbidAutologin
-
-# Group were modified in lib.sh...
-grpconv
-
-AllowUserList
-RootSshLogin 3
generated by cgit v1.2.1 (git 2.21.0) at 2024-06-06 08:56:58 +0000