diff options
Diffstat (limited to 'init-sh')
-rwxr-xr-x | init-sh/level0.sh | 8 | ||||
-rwxr-xr-x | init-sh/level1.sh | 10 | ||||
-rwxr-xr-x | init-sh/level2.sh | 6 | ||||
-rwxr-xr-x | init-sh/level3.sh | 7 | ||||
-rwxr-xr-x | init-sh/level4.sh | 6 | ||||
-rwxr-xr-x | init-sh/level5.sh | 7 |
6 files changed, 27 insertions, 17 deletions
diff --git a/init-sh/level0.sh b/init-sh/level0.sh index 1c1447f..6e0be37 100755 --- a/init-sh/level0.sh +++ b/init-sh/level0.sh @@ -77,11 +77,13 @@ echo "Adding system users to specific groups :" /etc/security/msec/init-sh/grpuser.sh --refresh echo -e "done.\n" -# Boot on a shell -echo -n "Setting up inittab to spawn a shell without asking a passwd : " +# Boot on a shell / authorize ctrl-alt-del +echo -n "Setting up inittab to spawn a shell on boot & to authorize any user to issue ctrl-alt-del : " tmpfile=`mktemp /tmp/secure.XXXXXX` cp /etc/inittab ${tmpfile} -cat ${tmpfile} | sed s'/\/sbin\/mingetty tty1/\/bin\/bash --login/' > /etc/inittab +cat ${tmpfile} | \ + sed s'/\/sbin\/mingetty tty1/\/bin\/bash --login/' | \ + sed s'/ca::ctrlaltdel:\/sbin\/shutdown -a -t3 -r now/ca::ctrlaltdel:\/sbin\/shutdown -t3 -r now/' > /etc/inittab rm -f ${tmpfile} echo "done." diff --git a/init-sh/level1.sh b/init-sh/level1.sh index 269873b..32d00f1 100755 --- a/init-sh/level1.sh +++ b/init-sh/level1.sh @@ -80,13 +80,11 @@ grpconv echo -e "done.\n" # Do not boot on a shell -echo -n "Setting up inittab to ask a passwd on boot : " +echo -n "Setting up inittab to authorize any user to issue ctrl-alt-del : " tmpfile=`mktemp /tmp/secure.XXXXXX` cp /etc/inittab ${tmpfile} -cat ${tmpfile} | sed s'/\/bin\/bash --login/\/sbin\/mingetty tty1/' > /etc/inittab +cat ${tmpfile} | \ + sed s'/\/bin\/bash --login/\/sbin\/mingetty tty1/' | \ + sed s'/ca::ctrlaltdel:\/sbin\/shutdown -a -t3 -r now/ca::ctrlaltdel:\/sbin\/shutdown -t3 -r now/' > /etc/inittab rm -f ${tmpfile} echo "done." - - - - diff --git a/init-sh/level2.sh b/init-sh/level2.sh index 379776a..e012f72 100755 --- a/init-sh/level2.sh +++ b/init-sh/level2.sh @@ -79,9 +79,11 @@ grpconv echo -e "done.\n" # Do not boot on a shell -echo -n "Setting up inittab to ask a passwd on boot : " +echo -n "Setting up inittab to authorize any user to issue ctrl-alt-del : " tmpfile=`mktemp /tmp/secure.XXXXXX` cp /etc/inittab ${tmpfile} -cat ${tmpfile} | sed s'/\/bin\/bash --login/\/sbin\/mingetty tty1/' > /etc/inittab +cat ${tmpfile} | \ + sed s'/\/bin\/bash --login/\/sbin\/mingetty tty1/' | \ + sed s'/ca::ctrlaltdel:\/sbin\/shutdown -a -t3 -r now/ca::ctrlaltdel:\/sbin\/shutdown -t3 -r now/' > /etc/inittab rm -f ${tmpfile} echo "done." diff --git a/init-sh/level3.sh b/init-sh/level3.sh index b5d8ec0..20d5202 100755 --- a/init-sh/level3.sh +++ b/init-sh/level3.sh @@ -77,12 +77,15 @@ AddRules "PATH=\$PATH:/usr/X11R6/bin:/usr/games" /etc/profile quiet AddRules "export PATH SECURE_LEVEL" /etc/profile # Do not boot on a shell -echo -n "Setting up inittab to ask a passwd on boot : " +echo -n "Setting up inittab to authorize any user to issue ctrl-alt-del : " tmpfile=`mktemp /tmp/secure.XXXXXX` cp /etc/inittab ${tmpfile} -cat ${tmpfile} | sed s'/\/bin\/bash --login/\/sbin\/mingetty tty1/' > /etc/inittab +cat ${tmpfile} | \ + sed s'/\/bin\/bash --login/\/sbin\/mingetty tty1/' | \ + sed s'/ca::ctrlaltdel:\/sbin\/shutdown -a -t3 -r now/ca::ctrlaltdel:\/sbin\/shutdown -t3 -r now/' > /etc/inittab rm -f ${tmpfile} echo "done." + # Group were modified in lib.sh... grpconv diff --git a/init-sh/level4.sh b/init-sh/level4.sh index 6fbcf9b..2326b78 100755 --- a/init-sh/level4.sh +++ b/init-sh/level4.sh @@ -110,10 +110,12 @@ AddRules "PATH=\$PATH:/usr/X11R6/bin:/usr/games" /etc/profile quiet AddRules "export PATH SECURE_LEVEL" /etc/profile # Do not boot on a shell -echo -n "Setting up inittab to ask a passwd on boot : " +echo -n "Setting up inittab to deny any user to issue ctrl-alt-del : " tmpfile=`mktemp /tmp/secure.XXXXXX` cp /etc/inittab ${tmpfile} -cat ${tmpfile} | sed s'/\/bin\/bash --login/\/sbin\/mingetty tty1/' > /etc/inittab +cat ${tmpfile} | \ + sed s'/\/bin\/bash --login/\/sbin\/mingetty tty1/' | \ + sed s'/ca::ctrlaltdel:\/sbin\/shutdown -t3 -r now/ca::ctrlaltdel:\/sbin\/shutdown -a -t3 -r now/' > /etc/inittab rm -f ${tmpfile} echo "done." diff --git a/init-sh/level5.sh b/init-sh/level5.sh index f3752a6..03db3db 100755 --- a/init-sh/level5.sh +++ b/init-sh/level5.sh @@ -105,13 +105,16 @@ AddRules "PATH=\$PATH:/usr/X11R6/bin" /etc/profile quiet AddRules "export PATH SECURE_LEVEL" /etc/profile # Do not boot on a shell -echo -n "Setting up inittab to ask a passwd on boot : " +echo -n "Setting up inittab to deny any user to issue ctrl-alt-del : " tmpfile=`mktemp /tmp/secure.XXXXXX` cp /etc/inittab ${tmpfile} -cat ${tmpfile} | sed s'/\/bin\/bash --login/\/sbin\/mingetty tty1/' > /etc/inittab +cat ${tmpfile} | \ + sed s'/\/bin\/bash --login/\/sbin\/mingetty tty1/' | \ + sed s'/ca::ctrlaltdel:\/sbin\/shutdown -t3 -r now/ca::ctrlaltdel:\/sbin\/shutdown -a -t3 -r now/' > /etc/inittab rm -f ${tmpfile} echo "done." + echo echo "You are now running your system in security level 5," echo "All services are disabled : try the chkconfig to enable one..." |