aboutsummaryrefslogtreecommitdiffstats
path: root/init-sh
diff options
context:
space:
mode:
Diffstat (limited to 'init-sh')
-rwxr-xr-xinit-sh/level0.sh80
-rw-r--r--init-sh/perm.065
2 files changed, 145 insertions, 0 deletions
diff --git a/init-sh/level0.sh b/init-sh/level0.sh
new file mode 100755
index 0000000..a0cd43c
--- /dev/null
+++ b/init-sh/level0.sh
@@ -0,0 +1,80 @@
+#!/bin/bash
+
+#
+# Security level implementation...
+# Writen by Vandoorselaere Yoann <yoann@mandrakesoft.com>
+#
+
+if [ -f /etc/security/msec/init-sh/lib.sh ]; then
+ . /etc/security/msec/init-sh/lib.sh
+else
+ exit 1
+fi
+
+# login as root on console granted...
+echo "Login as root is granted :"
+AddRules "tty1" /etc/securetty quiet
+AddRules "tty2" /etc/securetty quiet
+AddRules "tty3" /etc/securetty quiet
+AddRules "tty4" /etc/securetty quiet
+AddRules "tty5" /etc/securetty quiet
+AddRules "tty6" /etc/securetty
+
+# Security check
+echo "Updating file check variable : "
+echo -e "\t- Check security : yes."
+ AddRules "CHECK_SECURITY=yes" /etc/security/msec/security.conf quiet
+echo -e "\t- Check important permissions : no."
+ AddRules "CHECK_PERMS=no" /etc/security/msec/security.conf quiet
+echo -e "\t- Check suid root file : no."
+ AddRules "CHECK_SUID_ROOT=no" /etc/security/msec/security.conf quiet
+echo -e "\t- Check suid root file integrity (backdoor check) : no."
+ AddRules "CHECK_SUID_MD5=no" /etc/security/msec/security.conf quiet
+echo -e "\t- Check suid group file : no."
+ AddRules "CHECK_SUID_GROUP=no" /etc/security/msec/security.conf quiet
+echo -e "\t- Check world writable file : no."
+ AddRules "CHECK_WRITEABLE=no" /etc/security/msec/security.conf quiet
+echo -e "\t- Check unowned file : no."
+ AddRules "CHECK_UNOWNED=no" /etc/security/msec/security.conf quiet
+echo -e "\t- Check promiscuous mode : no."
+ AddRules "CHECK_PROMISC=no" /etc/security/msec/security.conf quiet
+echo -e "\t- Check listening port : no."
+ AddRules "CHECK_OPEN_PORT=no" /etc/security/msec/security.conf quiet
+echo -e "\t- Check passwd file integrity : no."
+ AddRules "CHECK_PASSWD=no" /etc/security/msec/security.conf quiet
+echo -e "\t- Check shadow file integrity : no."
+ AddRules "CHECK_SHADOW=no" /etc/security/msec/security.conf quiet
+echo -e "\t- Security warning on tty : \"no\" :"
+ AddRules "TTY_WARN=no" /etc/security/msec/security.conf quiet
+echo -e "\t- Security warning in syslog : \"no\" :"
+ AddRules "SYSLOG_WARN=no" /etc/security/msec/security.conf
+# end security check
+
+# lilo update
+echo -n "Running lilo to record new config : "
+/sbin/lilo >& /dev/null
+echo -e "done.\n"
+
+# /etc/profile
+export SECURE_LEVEL=1
+echo "Setting secure level variable to 1 :"
+AddRules "SECURE_LEVEL=1" /etc/profile
+echo "Setting umask to 002 (u=rw,g=rw,o=r) :"
+AddRules "umask 002" /etc/profile
+echo "Adding \"non secure\" PATH variable :"
+AddRules "PATH=\$PATH:/usr/X11R6/bin:/usr/games:." /etc/profile quiet
+AddRules "export PATH SECURE_LEVEL" /etc/profile
+
+# Group
+echo -n "Adding \"${DRAKX_USERS}\" to audio group :"
+for user in ${DRAKX_USERS}; do
+ usermod -G audio "${user}"
+done
+echo "done."
+
+
+
+
+
+
+
diff --git a/init-sh/perm.0 b/init-sh/perm.0
new file mode 100644
index 0000000..0cae0d7
--- /dev/null
+++ b/init-sh/perm.0
@@ -0,0 +1,65 @@
+# Welcome in Level 1
+###
+/bin root.root 755
+/boot root.root 755
+/dev root.root 755
+/dev/audio* root.audio 660
+/dev/dsp* root.audio 660
+/etc/ root.root 755
+/etc/conf.modules root.root 644
+/etc/cron.daily/ root.root 755
+/etc/cron.hourly/ root.root 755
+/etc/cron.monthly/ root.root 755
+/etc/cron.weekly/ root.root 755
+/etc/crontab root.root 644
+/etc/dhcpcd/ root.root 755
+/etc/esd.conf root.root 644
+/etc/ftpaccess root.root 644
+/etc/ftpconversions root.root 644
+/etc/ftpgroups root.root 644
+/etc/ftphosts root.root 644
+/etc/ftpusers root.root 644
+/etc/gettydefs root.root 644
+/etc/hosts.allow root.root 644
+/etc/hosts.deny root.root 644
+/etc/hosts.equiv root.root 644
+/etc/inetd.conf root.root 644
+/etc/init.d/ root.root 755
+/etc/inittab root.root 644
+/etc/ld.so.conf root.root 644
+/etc/lilo.conf root.root 644
+/etc/modules.conf root.root 644
+/etc/motd root.root 644
+/etc/printcap root.root 644
+/etc/profile root.root 644
+/etc/rc.d/ root.root 755
+/etc/securetty root.root 644
+/etc/sendmail.cf root.root 644
+/etc/ssh_config root.root 644
+/etc/ssh_host_key root.root 644
+/etc/ssh_host_key.pub root.root 644
+/etc/sshd_config root.root 644
+/etc/syslog.conf root.root 644
+/etc/updatedb.conf root.root 644
+/home/ root.root 755
+/home/* current 755
+/lib root.root 755
+/mnt root.root 755
+/root root.root 755
+/sbin root.root 755
+/tmp root.root 1777
+/usr root.root 755
+/usr/* root.root 755
+/usr/X11R6/ root.root 755
+/usr/bin/ root.root 755
+/usr/bin/* root.root 755
+/usr/sbin/ root.root 755
+/var root.root 755
+/var/log root.root 755
+/var/log/* root.adm 644
+/var/log/security/ root.root 700
+/var/log/security/* root.root 600
+
+
+
+