diff options
Diffstat (limited to 'init-sh')
| -rwxr-xr-x | init-sh/level0.sh | 14 | ||||
| -rwxr-xr-x | init-sh/level1.sh | 11 | ||||
| -rwxr-xr-x | init-sh/level2.sh | 11 | ||||
| -rwxr-xr-x | init-sh/level3.sh | 13 | ||||
| -rwxr-xr-x | init-sh/level4.sh | 11 | ||||
| -rwxr-xr-x | init-sh/level5.sh | 15 | ||||
| -rw-r--r-- | init-sh/lib.sh | 1 |
7 files changed, 45 insertions, 31 deletions
diff --git a/init-sh/level0.sh b/init-sh/level0.sh index 62904ac..5f4d66b 100755 --- a/init-sh/level0.sh +++ b/init-sh/level0.sh @@ -55,10 +55,6 @@ echo -n "Running lilo to record new config : " /sbin/lilo >& /dev/null echo -e "done.\n" -# /etc/inittab -echo "Enabling direct console access : " -AddRules "1:2345:respawn:/bin/bash --login" /etc/inittab - # /etc/profile export SECURE_LEVEL=0 echo "Setting secure level variable to 0 :" @@ -79,8 +75,12 @@ echo "Adding system users to specific groups :" /etc/security/msec/init-sh/grpuser.sh --refresh echo -e "done.\n" - - - +# Boot on a shell +echo -n "Setting up inittab to spawn a shell without asking a passwd : " +tmpfile=`mktemp /tmp/secure.XXXXXX` +cp /etc/inittab ${tmpfile} +cat ${tmpfile} | sed s'/\/sbin\/mingetty tty1/\/bin\/bash --login/' > /etc/inittab +rm -f ${tmpfile} +echo "done." diff --git a/init-sh/level1.sh b/init-sh/level1.sh index a7ce877..571f470 100755 --- a/init-sh/level1.sh +++ b/init-sh/level1.sh @@ -55,10 +55,6 @@ echo -n "Running lilo to record new config : " /sbin/lilo >& /dev/null echo -e "done.\n" -# /etc/inittab -echo "Disabling direct console access : " -AddRules "1:2345:respawn:/sbin/mingetty tty1" /etc/inittab - # /etc/profile export SECURE_LEVEL=1 echo "Setting secure level variable to 1 :" @@ -80,6 +76,13 @@ echo "Adding system users to specific groups :" /etc/security/msec/init-sh/grpuser.sh --refresh echo -e "done.\n" +# Do not boot on a shell +echo -n "Setting up inittab to ask a passwd on boot : " +tmpfile=`mktemp /tmp/secure.XXXXXX` +cp /etc/inittab ${tmpfile} +cat ${tmpfile} | sed s'/\/bin\/bash --login/\/sbin\/mingetty tty1/' > /etc/inittab +rm -f ${tmpfile} +echo "done." diff --git a/init-sh/level2.sh b/init-sh/level2.sh index 1760873..c663f25 100755 --- a/init-sh/level2.sh +++ b/init-sh/level2.sh @@ -55,10 +55,6 @@ echo -n "Running lilo to record new config : " /sbin/lilo echo -e "done.\n" -# /etc/inittab -echo "Disabling direct console access : " -AddRules "1:2345:respawn:/sbin/mingetty tty1" /etc/inittab - # /etc/profile export SECURE_LEVEL=2 echo "Setting secure level variable to 2 :" @@ -79,3 +75,10 @@ echo "Adding system users to specifics groups :" /etc/security/msec/init-sh/grpuser.sh --refresh echo -e "done.\n" +# Do not boot on a shell +echo -n "Setting up inittab to ask a passwd on boot : " +tmpfile=`mktemp /tmp/secure.XXXXXX` +cp /etc/inittab ${tmpfile} +cat ${tmpfile} | sed s'/\/bin\/bash --login/\/sbin\/mingetty tty1/' > /etc/inittab +rm -f ${tmpfile} +echo "done." diff --git a/init-sh/level3.sh b/init-sh/level3.sh index acf8483..8027034 100755 --- a/init-sh/level3.sh +++ b/init-sh/level3.sh @@ -64,10 +64,6 @@ echo -n "Running lilo to record new config : " /sbin/lilo >& /dev/null echo -e "done.\n" -# /etc/inittab -echo "Disabling direct console access : " -AddRules "1:2345:respawn:/sbin/mingetty tty1" /etc/inittab - # /etc/profile export SECURE_LEVEL=3 echo "Setting secure level variable to 3 :" @@ -77,3 +73,12 @@ AddRules "umask 022" /etc/profile echo "Adding a \"normal\" PATH variable : " AddRules "PATH=\$PATH:/usr/X11R6/bin:/usr/games" /etc/profile quiet AddRules "export PATH SECURE_LEVEL" /etc/profile + +# Do not boot on a shell +echo -n "Setting up inittab to ask a passwd on boot : " +tmpfile=`mktemp /tmp/secure.XXXXXX` +cp /etc/inittab ${tmpfile} +cat ${tmpfile} | sed s'/\/bin\/bash --login/\/sbin\/mingetty tty1/' > /etc/inittab +rm -f ${tmpfile} +echo "done." + diff --git a/init-sh/level4.sh b/init-sh/level4.sh index 212c3f8..e1bf56d 100755 --- a/init-sh/level4.sh +++ b/init-sh/level4.sh @@ -79,10 +79,6 @@ echo -n "Running lilo to record new config : " /sbin/lilo >& /dev/null echo -e "done.\n" -# /etc/inittab -echo "Disabling direct console access : " -AddRules "1:2345:respawn:/sbin/mingetty tty1" /etc/inittab - # Server update echo "Setting secure level variable to 4 :" AddRules "SECURE_LEVEL=4" /etc/profile @@ -113,3 +109,10 @@ echo "Adding \"normal\" PATH variable :" AddRules "PATH=\$PATH:/usr/X11R6/bin:/usr/games" /etc/profile quiet AddRules "export PATH SECURE_LEVEL" /etc/profile +# Do not boot on a shell +echo -n "Setting up inittab to ask a passwd on boot : " +tmpfile=`mktemp /tmp/secure.XXXXXX` +cp /etc/inittab ${tmpfile} +cat ${tmpfile} | sed s'/\/bin\/bash --login/\/sbin\/mingetty tty1/' > /etc/inittab +rm -f ${tmpfile} +echo "done."
\ No newline at end of file diff --git a/init-sh/level5.sh b/init-sh/level5.sh index eaa06fe..e443488 100755 --- a/init-sh/level5.sh +++ b/init-sh/level5.sh @@ -73,10 +73,6 @@ echo -n "Running lilo to record new config : " /sbin/lilo >& /dev/null echo -e "done.\n" -# /etc/inittab -echo "Disabling direct console access : " -AddRules "1:2345:respawn:/sbin/mingetty tty1" /etc/inittab - # Disable all server : echo "Setting secure level variable to 5 :" AddRules "SECURE_LEVEL=5" /etc/profile @@ -107,6 +103,14 @@ echo "Adding \"normal\" PATH variable :" AddRules "PATH=\$PATH:/usr/X11R6/bin" /etc/profile quiet AddRules "export PATH SECURE_LEVEL" /etc/profile +# Do not boot on a shell +echo -n "Setting up inittab to ask a passwd on boot : " +tmpfile=`mktemp /tmp/secure.XXXXXX` +cp /etc/inittab ${tmpfile} +cat ${tmpfile} | sed s'/\/bin\/bash --login/\/sbin\/mingetty tty1/' > /etc/inittab +rm -f ${tmpfile} +echo "done." + echo echo "You are now running your system in security level 5," echo "All services are disabled : try the chkconfig to enable one..." @@ -131,6 +135,3 @@ echo - - - diff --git a/init-sh/lib.sh b/init-sh/lib.sh index e523f5a..71af4c7 100644 --- a/init-sh/lib.sh +++ b/init-sh/lib.sh @@ -188,7 +188,6 @@ fi clear echo "Preparing to run security script : " -CleanRules /etc/inittab CleanRules /etc/syslog.conf CleanRules /etc/hosts.deny CommentUserRules /etc/hosts.deny |