diff options
Diffstat (limited to 'init-sh')
-rwxr-xr-x | init-sh/level0.sh | 21 | ||||
-rwxr-xr-x | init-sh/level1.sh | 19 | ||||
-rwxr-xr-x | init-sh/level2.sh | 21 | ||||
-rwxr-xr-x | init-sh/level3.sh | 21 | ||||
-rwxr-xr-x | init-sh/level4.sh | 25 | ||||
-rwxr-xr-x | init-sh/level5.sh | 20 |
6 files changed, 86 insertions, 41 deletions
diff --git a/init-sh/level0.sh b/init-sh/level0.sh index 05c8507..f3bd463 100755 --- a/init-sh/level0.sh +++ b/init-sh/level0.sh @@ -60,21 +60,28 @@ echo -e "\t- Security warning in syslog : no." AddRules "SYSLOG_WARN=no" /etc/security/msec/security.conf # end security check -# /etc/profile +# /etc/profile.d/msec.{sh,csh} export SECURE_LEVEL=0 echo "Setting secure level variable to 0 :" AddRules "export SECURE_LEVEL=0" /etc/profile.d/msec.sh AddRules "setenv SECURE_LEVEL 0" /etc/profile.d/msec.csh echo "Setting umask to 022 (u=rw,g=r,o=r) :" -AddRules "umask 022" /etc/profile -AddRules "umask 022" /etc/zprofile +AddRules "umask 022" /etc/profile.d/msec.sh +AddRules "umask 022" /etc/profile.d/msec.csh echo "Adding \"non secure\" PATH variable :" -AddRules "PATH=\$PATH:/usr/X11R6/bin:/usr/games:." /etc/profile quiet -AddRules "export PATH" /etc/profile -AddRules "PATH=\$PATH:/usr/X11R6/bin:/usr/games:." /etc/zprofile quiet -AddRules "export PATH" /etc/zprofile +if ! echo ${PATH} |grep -q /usr/X11R6/bin ; then + AddRules "export PATH=\$PATH:/usr/X11R6/bin" /etc/profile.d/msec.sh quiet + AddRules "setenv PATH \"\${PATH}:/usr/X11R6/bin\"" /etc/profile.d/msec.csh quiet +fi +if ! echo ${PATH} |grep -q /usr/games ; then + AddRules "export PATH=\$PATH:/usr/X11R6/bin:/usr/games:." /etc/profile.d/msec.sh quiet + AddRules "setenv PATH \"\${PATH}:/usr/games\"" /etc/profile.d/msec.csh quiet +fi + +AddRules "export PATH=\$PATH:." /etc/profile.d/msec.sh quiet +AddRules "setenv PATH \"\${PATH}:.\"" /etc/profile.d/msec.csh quiet # Xserver echo "Allowing users to connect X server from everywhere :" diff --git a/init-sh/level1.sh b/init-sh/level1.sh index 629163d..13d6454 100755 --- a/init-sh/level1.sh +++ b/init-sh/level1.sh @@ -67,14 +67,21 @@ AddRules "export SECURE_LEVEL=1" /etc/profile.d/msec.sh AddRules "setenv SECURE_LEVEL 1" /etc/profile.d/msec.csh echo "Setting umask to 022 (u=rw,g=r,o=r) :" -AddRules "umask 022" /etc/profile -AddRules "umask 022" /etc/zprofile +AddRules "umask 022" /etc/profile.d/msec.sh +AddRules "umask 022" /etc/profile.d/msec.csh echo "Adding \"non secure\" PATH variable :" -AddRules "PATH=\$PATH:/usr/X11R6/bin:/usr/games:." /etc/profile quiet -AddRules "export PATH" /etc/profile -AddRules "PATH=\$PATH:/usr/X11R6/bin:/usr/games:." /etc/zprofile quiet -AddRules "export PATH" /etc/zprofile +if ! echo ${PATH} |grep -q /usr/X11R6/bin ; then + AddRules "export PATH=\$PATH:/usr/X11R6/bin" /etc/profile.d/msec.sh quiet + AddRules "setenv PATH \"\${PATH}:/usr/X11R6/bin\"" /etc/profile.d/msec.csh quiet +fi +if ! echo ${PATH} |grep -q /usr/games ; then + AddRules "export PATH=\$PATH:/usr/X11R6/bin:/usr/games:." /etc/profile.d/msec.sh quiet + AddRules "setenv PATH \"\${PATH}:/usr/games\"" /etc/profile.d/msec.csh quiet +fi + +AddRules "export PATH=\$PATH:." /etc/profile.d/msec.sh quiet +AddRules "setenv PATH \"\${PATH}:.\"" /etc/profile.d/msec.csh quiet # Xserver echo "Allowing users to connect X server from localhost :" diff --git a/init-sh/level2.sh b/init-sh/level2.sh index 4e53d50..0c2b9d8 100755 --- a/init-sh/level2.sh +++ b/init-sh/level2.sh @@ -68,14 +68,21 @@ AddRules "export SECURE_LEVEL=2" /etc/profile.d/msec.sh AddRules "setenv SECURE_LEVEL 2" /etc/profile.d/msec.csh echo "Setting umask to 022 (u=rw,g=r,o=r) :" -AddRules "umask 022" /etc/profile -AddRules "umask 022" /etc/zprofile +AddRules "umask 022" /etc/profile.d/msec.sh +AddRules "umask 022" /etc/profile.d/msec.csh -echo "Adding \"normal\" PATH variable :" -AddRules "PATH=\$PATH:/usr/X11R6/bin:/usr/games" /etc/profile quiet -AddRules "export PATH" /etc/profile -AddRules "PATH=\$PATH:/usr/X11R6/bin:/usr/games" /etc/zprofile quiet -AddRules "export PATH" /etc/zprofile +echo "Adding \"non secure\" PATH variable :" +if ! echo ${PATH} |grep -q /usr/X11R6/bin ; then + AddRules "export PATH=\$PATH:/usr/X11R6/bin" /etc/profile.d/msec.sh quiet + AddRules "setenv PATH \"\${PATH}:/usr/X11R6/bin\"" /etc/profile.d/msec.csh quiet +fi +if ! echo ${PATH} |grep -q /usr/games ; then + AddRules "export PATH=\$PATH:/usr/X11R6/bin:/usr/games:." /etc/profile.d/msec.sh quiet + AddRules "setenv PATH \"\${PATH}:/usr/games\"" /etc/profile.d/msec.csh quiet +fi + +AddRules "export PATH=\$PATH:." /etc/profile.d/msec.sh quiet +AddRules "setenv PATH \"\${PATH}:.\"" /etc/profile.d/msec.csh quiet # Xserver echo "Allowing users to connect X server from localhost :" diff --git a/init-sh/level3.sh b/init-sh/level3.sh index 8ce3338..915d2e0 100755 --- a/init-sh/level3.sh +++ b/init-sh/level3.sh @@ -75,14 +75,21 @@ AddRules "export SECURE_LEVEL=3" /etc/profile.d/msec.sh AddRules "setenv SECURE_LEVEL 3" /etc/profile.d/msec.csh echo "Setting umask to 022 (u=rw,g=r,o=r) :" -AddRules "umask 022" /etc/profile -AddRules "umask 022" /etc/zprofile +AddRules "umask 022" /etc/profile.d/msec.sh +AddRules "umask 022" /etc/profile.d/msec.csh -echo "Adding a \"normal\" PATH variable : " -AddRules "PATH=\$PATH:/usr/X11R6/bin:/usr/games" /etc/profile quiet -AddRules "export PATH" /etc/profile -AddRules "PATH=\$PATH:/usr/X11R6/bin:/usr/games" /etc/zprofile quiet -AddRules "export PATH" /etc/zprofile +echo "Adding \"non secure\" PATH variable :" +if ! echo ${PATH} |grep -q /usr/X11R6/bin ; then + AddRules "export PATH=\$PATH:/usr/X11R6/bin" /etc/profile.d/msec.sh quiet + AddRules "setenv PATH \"\${PATH}:/usr/X11R6/bin\"" /etc/profile.d/msec.csh quiet +fi +if ! echo ${PATH} |grep -q /usr/games ; then + AddRules "export PATH=\$PATH:/usr/X11R6/bin:/usr/games:." /etc/profile.d/msec.sh quiet + AddRules "setenv PATH \"\${PATH}:/usr/games\"" /etc/profile.d/msec.csh quiet +fi + +AddRules "export PATH=\$PATH:." /etc/profile.d/msec.sh quiet +AddRules "setenv PATH \"\${PATH}:.\"" /etc/profile.d/msec.csh quiet # Do not boot on a shell AllowReboot diff --git a/init-sh/level4.sh b/init-sh/level4.sh index 978e8d3..0ae716b 100755 --- a/init-sh/level4.sh +++ b/init-sh/level4.sh @@ -107,14 +107,23 @@ echo -e "done.\n"; # /etc/profile echo "Setting umask to 022 (u=rw,g=rx) for root, 077 (u=rw) for user :" -AddRules "if [[ \${UID} == 0 ]]; then umask 022; else umask 077; fi" /etc/profile -AddRules "if [[ \${UID} == 0 ]]; then umask 022; else umask 077; fi" /etc/zprofile - -echo "Adding \"normal\" PATH variable :" -AddRules "PATH=\$PATH:/usr/X11R6/bin:/usr/games" /etc/profile quiet -AddRules "export PATH" /etc/profile -AddRules "PATH=\$PATH:/usr/X11R6/bin:/usr/games" /etc/zprofile quiet -AddRules "export PATH" /etc/zprofile +AddRules "if [[ \${UID} == 0 ]]; then umask 022; else umask 077; fi" /etc/profile.d/msec.sh +AddRules "if [[ \${UID} == 0 ]]; then umask 022; else umask 077; fi" /etc/profile.d/msec.csh + +echo "Adding \"non secure\" PATH variable :" +if ! echo ${PATH} |grep -q /usr/X11R6/bin ; then + AddRules "export SECURE_LEVEL=4" /etc/profile.d/msec.sh quiet + AddRules "export PATH=\$PATH:/usr/X11R6/bin" /etc/profile.d/msec.sh quiet + AddRules "setenv SECURE_LEVEL 4" /etc/profile.d/msec.csh quiet + AddRules "setenv PATH \"\${PATH}:/usr/X11R6/bin\"" /etc/profile.d/msec.csh quiet +fi +if ! echo ${PATH} |grep -q /usr/games ; then + AddRules "export PATH=\$PATH:/usr/X11R6/bin:/usr/games:." /etc/profile.d/msec.sh quiet + AddRules "setenv PATH \"\${PATH}:/usr/games\"" /etc/profile.d/msec.csh quiet +fi + +AddRules "export PATH=\$PATH:." /etc/profile.d/msec.sh quiet +AddRules "setenv PATH \"\${PATH}:.\"" /etc/profile.d/msec.csh quiet if [[ -f /lib/libsafe.so.1.3 ]]; then echo "Enabling stack overflow protection :" diff --git a/init-sh/level5.sh b/init-sh/level5.sh index f429712..ecb8fac 100755 --- a/init-sh/level5.sh +++ b/init-sh/level5.sh @@ -117,15 +117,23 @@ echo -e "done.\n"; # /etc/profile echo "Setting umask to 077 (u=rw) :" -AddRules "umask 077" /etc/profile -AddRules "umask 077" /etc/zprofile +AddRules "umask 077" /etc/profile.d/msec.sh +AddRules "umask 077" /etc/profile.d/msec.csh echo "Adding \"normal\" PATH variable :" -AddRules "PATH=\$PATH:/usr/X11R6/bin" /etc/profile quiet -AddRules "export PATH SECURE_LEVEL" /etc/profile -AddRules "PATH=\$PATH:/usr/X11R6/bin" /etc/zprofile quiet -AddRules "export PATH SECURE_LEVEL" /etc/zprofile +if ! echo ${PATH} |grep -q /usr/X11R6/bin ; then + AddRules "export SECURE_LEVEL=5" /etc/profile.d/msec.sh quiet + AddRules "export PATH=\$PATH:/usr/X11R6/bin" /etc/profile.d/msec.sh quiet + AddRules "setenv SECURE_LEVEL 5" /etc/profile.d/msec.csh quiet + AddRules "setenv PATH \"\${PATH}:/usr/X11R6/bin\"" /etc/profile.d/msec.csh quiet +fi +if ! echo ${PATH} |grep -q /usr/games ; then + AddRules "export PATH=\$PATH:/usr/X11R6/bin:/usr/games:." /etc/profile.d/msec.sh quiet + AddRules "setenv PATH \"\${PATH}:/usr/games\"" /etc/profile.d/msec.csh quiet +fi +AddRules "export PATH=\$PATH:." /etc/profile.d/msec.sh quiet +AddRules "setenv PATH \"\${PATH}:.\"" /etc/profile.d/msec.csh quiet if [[ -f /lib/libsafe.so.1.3 ]]; then echo "Enabling stack overflow protection :" |