diff options
Diffstat (limited to 'init-sh/lib.sh')
-rw-r--r-- | init-sh/lib.sh | 88 |
1 files changed, 82 insertions, 6 deletions
diff --git a/init-sh/lib.sh b/init-sh/lib.sh index 2c7009c..1be738a 100644 --- a/init-sh/lib.sh +++ b/init-sh/lib.sh @@ -222,6 +222,81 @@ CleanLoaderRules() { fi } +AllowAutologin() { + file=/etc/sysconfig/autologin + if [[ -f ${file} ]]; then + grep -v AUTOLOGIN < ${file} > ${file}.new + echo "AUTOLOGIN=yes" >> ${file}.new + mv -f ${file}.new ${file} + fi +} + +ForbidAutologin() { + file=/etc/sysconfig/autologin + if [[ -f ${file} ]]; then + cat ${file} | grep -v AUTOLOGIN > ${file}.new + echo "AUTOLOGIN=no" >> ${file}.new + mv -f ${file}.new ${file} + fi +} + +ForbidUserList() { + file=/usr/share/config/kdmrc + if [[ -f ${file} ]]; then + perl -pi -e 's/^UserView=.*$/UserView=false/' ${file} + fi + + file=/etc/X11/gdm/gdm.conf + if [[ -f ${file} ]]; then + perl -pi -e 's/^Browser=.*$/Browser=0/' ${file} + fi +} + +AllowUserList() { + file=/usr/share/config/kdmrc + if [[ -f ${file} ]]; then + perl -pi -e 's/^UserView=.*$/UserView=true/' ${file} + fi + + file=/etc/X11/gdm/gdm.conf + if [[ -f ${file} ]]; then + perl -pi -e 's/^Browser=.*$/Browser=1/' ${file} + fi +} + +ForbidReboot() { + echo -n "Setting up inittab to deny any user to issue ctrl-alt-del : " + tmpfile=`mktemp /tmp/secure.XXXXXX` + cp /etc/inittab ${tmpfile} + cat ${tmpfile} | \ + sed s'/\/bin\/bash --login/\/sbin\/mingetty tty1/' | \ + sed s'/ca::ctrlaltdel:\/sbin\/shutdown -t3 -r now/ca::ctrlaltdel:\/sbin\/shutdown -a -t3 -r now/' > /etc/inittab + rm -f ${tmpfile} + [ -z "$DURING_INSTALL" ] && telinit u + echo "done." + echo -n "Forbid console users to reboot/shutdown : " + for pamfile in /etc/security/console.apps/{shutdown,poweroff,reboot,halt} ; do + rm -f ${pamfile} 2>&1 > /dev/null + done + echo "done." +} + +AllowReboot() { + echo -n "Setting up inittab to authorize any user to issue ctrl-alt-del : " + tmpfile=`mktemp /tmp/secure.XXXXXX` + cp /etc/inittab ${tmpfile} + cat ${tmpfile} | \ + sed s'/ca::ctrlaltdel:\/sbin\/shutdown -a -t3 -r now/ca::ctrlaltdel:\/sbin\/shutdown -t3 -r now/' > /etc/inittab + rm -f ${tmpfile} + [ -z "$DURING_INSTALL" ] && telinit u + echo "done." + echo -n "Allow console users to reboot/shutdown : " + for pamfile in /etc/security/console.apps/{shutdown,poweroff,reboot,halt} ; do + touch -f ${pamfile} + done + echo "done." +} + # If we are currently installing our # system with DrakX, we don't ask anything to the user... # Instead, DrakX do it and give us a file with some variable. @@ -250,8 +325,13 @@ CleanRules /etc/logrotate.conf CleanRules /etc/rc.d/rc.local CleanRules /etc/rc.d/rc.firewall CleanRules /etc/crontab -CleanRules /etc/X11/xdm/Xsession -CleanRules /etc/X11/xinit/xinitrc + +if [[ -f /etc/X11/xinit.d/msec ]]; then + CleanRules /etc/X11/xinit.d/msec +else + touch /etc/X11/xinit.d/msec + chmod 755 /etc/X11/xinit.d/msec +fi echo -e "\nStarting to reconfigure the system : " # For all secure level @@ -266,10 +346,6 @@ groupadd xgrp >& /dev/null groupadd ntools >& /dev/null groupadd ctools >& /dev/null -#Fix the big security hole introduced in cooker -userdel mandrake >& /dev/null -groupdel mandrake >& /dev/null - usermod -G xgrp xfs /usr/share/msec/grpuser.sh --clean |