From 7ed5f259034dd1ccb0464d2b4a331661703354de Mon Sep 17 00:00:00 2001 From: Yoann Vandoorselaere Date: Wed, 19 Sep 2001 12:32:18 +0000 Subject: - Output in /etc/profile.d/msec.sh as only .sh extenssion files are read. - Keep the output of the SECURE_LEVEL in /etc/profile and /etc/zprofile. --- init-sh/level0.sh | 8 +++++--- init-sh/level1.sh | 8 +++++--- init-sh/level2.sh | 8 +++++--- init-sh/level3.sh | 8 +++++--- init-sh/level4.sh | 9 ++++++--- init-sh/level5.sh | 9 ++++++--- init-sh/lib.sh | 9 +++++---- msec.spec | 7 ++++++- 8 files changed, 43 insertions(+), 23 deletions(-) diff --git a/init-sh/level0.sh b/init-sh/level0.sh index 3cb6b22..92ecc4e 100755 --- a/init-sh/level0.sh +++ b/init-sh/level0.sh @@ -63,7 +63,9 @@ echo -e "\t- Security warning in syslog : no." # /etc/profile export SECURE_LEVEL=0 echo "Setting secure level variable to 0 :" -AddRules "SECURE_LEVEL=0" /etc/profile.d/msec +AddRules "SECURE_LEVEL=0" /etc/profile +AddRules "SECURE_LEVEL=0" /etc/zrofile +AddRules "SECURE_LEVEL=0" /etc/profile.d/msec.sh echo "Setting umask to 002 (u=rw,g=rw,o=r) :" AddRules "umask 002" /etc/profile @@ -71,9 +73,9 @@ AddRules "umask 002" /etc/zprofile echo "Adding \"non secure\" PATH variable :" AddRules "PATH=\$PATH:/usr/X11R6/bin:/usr/games:." /etc/profile quiet -AddRules "export PATH" /etc/profile +AddRules "export PATH SECURE_LEVEL" /etc/profile AddRules "PATH=\$PATH:/usr/X11R6/bin:/usr/games:." /etc/zprofile quiet -AddRules "export PATH" /etc/zprofile +AddRules "export PATH SECURE_LEVEL" /etc/zprofile # Xserver echo "Allowing users to connect X server from everywhere :" diff --git a/init-sh/level1.sh b/init-sh/level1.sh index 57db69a..6c7b1da 100755 --- a/init-sh/level1.sh +++ b/init-sh/level1.sh @@ -63,7 +63,9 @@ echo -e "\t- Security warning in syslog : no." # /etc/profile export SECURE_LEVEL=1 echo "Setting secure level variable to 1 :" -AddRules "SECURE_LEVEL=1" /etc/profile.d/msec +AddRules "SECURE_LEVEL=1" /etc/profile.d/msec.sh +AddRules "SECURE_LEVEL=1" /etc/profile +AddRules "SECURE_LEVEL=1" /etc/zprofile echo "Setting umask to 002 (u=rw,g=rw,o=r) :" AddRules "umask 002" /etc/profile @@ -71,9 +73,9 @@ AddRules "umask 002" /etc/zprofile echo "Adding \"non secure\" PATH variable :" AddRules "PATH=\$PATH:/usr/X11R6/bin:/usr/games:." /etc/profile quiet -AddRules "export PATH" /etc/profile +AddRules "export PATH SECURE_LEVEL" /etc/profile AddRules "PATH=\$PATH:/usr/X11R6/bin:/usr/games:." /etc/zprofile quiet -AddRules "export PATH" /etc/zprofile +AddRules "export PATH SECURE_LEVEL" /etc/zprofile # Xserver echo "Allowing users to connect X server from localhost :" diff --git a/init-sh/level2.sh b/init-sh/level2.sh index d0facdb..e07a21c 100755 --- a/init-sh/level2.sh +++ b/init-sh/level2.sh @@ -64,7 +64,9 @@ echo -e "\t- Security warning in syslog : yes." # /etc/profile export SECURE_LEVEL=2 echo "Setting secure level variable to 2 :" -AddRules "SECURE_LEVEL=2" /etc/profile.d/msec +AddRules "SECURE_LEVEL=2" /etc/profile.d/msec.sh +AddRules "SECURE_LEVEL=2" /etc/profile +AddRules "SECURE_LEVEL=2" /etc/zprofile echo "Setting umask to 022 (u=rw,g=r,o=r) :" AddRules "umask 022" /etc/profile @@ -72,9 +74,9 @@ AddRules "umask 022" /etc/zprofile echo "Adding \"normal\" PATH variable :" AddRules "PATH=\$PATH:/usr/X11R6/bin:/usr/games" /etc/profile quiet -AddRules "export PATH" /etc/profile +AddRules "export PATH SECURE_LEVEL" /etc/profile AddRules "PATH=\$PATH:/usr/X11R6/bin:/usr/games" /etc/zprofile quiet -AddRules "export PATH" /etc/zprofile +AddRules "export PATH SECURE_LEVEL" /etc/zprofile # Xserver echo "Allowing users to connect X server from localhost :" diff --git a/init-sh/level3.sh b/init-sh/level3.sh index 34ed29a..d5c98ae 100755 --- a/init-sh/level3.sh +++ b/init-sh/level3.sh @@ -71,7 +71,9 @@ AddRules "0 4 * * * root /usr/share/msec/security.sh" /etc/crontab # /etc/profile export SECURE_LEVEL=3 echo "Setting secure level variable to 3 :" -AddRules "SECURE_LEVEL=3" /etc/profile.d/msec +AddRules "SECURE_LEVEL=3" /etc/profile.d/msec.sh +AddRules "SECURE_LEVEL=3" /etc/profile +AddRules "SECURE_LEVEL=3" /etc/zprofile echo "Setting umask to 022 (u=rw,g=r,o=r) :" AddRules "umask 022" /etc/profile @@ -79,9 +81,9 @@ AddRules "umask 022" /etc/zprofile echo "Adding a \"normal\" PATH variable : " AddRules "PATH=\$PATH:/usr/X11R6/bin:/usr/games" /etc/profile quiet -AddRules "export PATH" /etc/profile +AddRules "export PATH SECURE_LEVEL" /etc/profile AddRules "PATH=\$PATH:/usr/X11R6/bin:/usr/games" /etc/zprofile quiet -AddRules "export PATH" /etc/zprofile +AddRules "export PATH SECURE_LEVEL" /etc/zprofile # Do not boot on a shell AllowReboot diff --git a/init-sh/level4.sh b/init-sh/level4.sh index 70f8070..43e63b4 100755 --- a/init-sh/level4.sh +++ b/init-sh/level4.sh @@ -81,7 +81,10 @@ AddRules "0 4 * * * root /usr/share/msec/security.sh" /etc/crontab # Server update echo "Setting secure level variable to 4 :" -AddRules "SECURE_LEVEL=4" /etc/profile.d/msec +AddRules "SECURE_LEVEL=4" /etc/profile.d/msec.sh +AddRules "SECURE_LEVEL=4" /etc/profile +AddRules "SECURE_LEVEL=4" /etc/zprofile + export SECURE_LEVEL=4 @@ -110,9 +113,9 @@ AddRules "if [[ \${UID} == 0 ]]; then umask 022; else umask 077; fi" /etc/zprofi echo "Adding \"normal\" PATH variable :" AddRules "PATH=\$PATH:/usr/X11R6/bin:/usr/games" /etc/profile quiet -AddRules "export PATH" /etc/profile +AddRules "export PATH SECURE_LEVEL" /etc/profile AddRules "PATH=\$PATH:/usr/X11R6/bin:/usr/games" /etc/zprofile quiet -AddRules "export PATH" /etc/zprofile +AddRules "export PATH SECURE_LEVEL" /etc/zprofile if [[ -f /lib/libsafe.so.1.3 ]]; then echo "Enabling stack overflow protection :" diff --git a/init-sh/level5.sh b/init-sh/level5.sh index 77f35ec..f9a3ea6 100755 --- a/init-sh/level5.sh +++ b/init-sh/level5.sh @@ -91,7 +91,10 @@ LoaderUpdate; # Disable all server : echo "Setting secure level variable to 5 :" -AddRules "SECURE_LEVEL=5" /etc/profile.d/msec +AddRules "SECURE_LEVEL=5" /etc/profile.d/msec.sh +AddRules "SECURE_LEVEL=5" /etc/profile +AddRules "SECURE_LEVEL=5" /etc/zprofile + IFS=" " @@ -120,9 +123,9 @@ AddRules "umask 077" /etc/zprofile echo "Adding \"normal\" PATH variable :" AddRules "PATH=\$PATH:/usr/X11R6/bin" /etc/profile quiet -AddRules "export PATH" /etc/profile +AddRules "export PATH SECURE_LEVEL" /etc/profile AddRules "PATH=\$PATH:/usr/X11R6/bin" /etc/zprofile quiet -AddRules "export PATH" /etc/zprofile +AddRules "export PATH SECURE_LEVEL" /etc/zprofile if [[ -f /lib/libsafe.so.1.3 ]]; then diff --git a/init-sh/lib.sh b/init-sh/lib.sh index baf2b4f..c929ed6 100644 --- a/init-sh/lib.sh +++ b/init-sh/lib.sh @@ -329,6 +329,7 @@ CommentUserRules /etc/securetty CleanRules /etc/security/msec/security.conf CommentUserRules /etc/security/msec/security.conf CleanRules /etc/profile +CleanRules /etc/zprofile CleanRules /etc/ld.so.preload CleanLoaderRules @@ -347,11 +348,11 @@ else fi -if [[ -f /etc/profile.d/msec ]]; then - CleanRules /etc/profile.d/msec +if [[ -f /etc/profile.d/msec.sh ]]; then + CleanRules /etc/profile.d/msec.sh else - touch /etc/profile.d/msec - chmod 755 /etc/profile.d/msec + touch /etc/profile.d/msec.sh + chmod 755 /etc/profile.d/msec.sh fi diff --git a/msec.spec b/msec.spec index 1771412..67b3e5f 100644 --- a/msec.spec +++ b/msec.spec @@ -1,7 +1,7 @@ Summary: Security Level & Program for the Linux Mandrake distribution Name: msec Version: 0.15 -Release: 25mdk +Release: 26mdk Source: %{name}-%{version}.tar.bz2 Source2: msec @@ -81,6 +81,11 @@ rm -rf $RPM_BUILD_ROOT # MAKE THE CHANGES IN CVS: NO PATCH OR SOURCE ALLOWED %changelog +* Wed Sep 19 2001 Yoann Vandoorselaere 0.15-26mdk + +- Output in /etc/profile.d/msec.sh as only .sh extenssion files are read. +- Keep the output of the SECURE_LEVEL in /etc/profile and /etc/zprofile. + * Wed Sep 19 2001 florin 0.15-25mdk - RootSshLogin in levels 4/5 - squidGuard entries -- cgit v1.2.1