From da66772cfaf407695a5b71baa3ebcada1e88f365 Mon Sep 17 00:00:00 2001 From: Frederic Lepied Date: Tue, 22 Jan 2002 19:23:18 +0000 Subject: corrected errors reported by Pierre Fortin's script --- conf/perm.0 | 20 +++++++++++++++----- conf/perm.1 | 17 ++++++++++++++--- conf/perm.2 | 12 +++++++++++- conf/perm.3 | 12 +++++++++++- conf/perm.4 | 26 ++++++++++++++++++-------- conf/perm.5 | 8 ++++---- conf/perm.snf | 31 +++++++++++++++++++++---------- 7 files changed, 94 insertions(+), 32 deletions(-) diff --git a/conf/perm.0 b/conf/perm.0 index f683e4b..773394a 100644 --- a/conf/perm.0 +++ b/conf/perm.0 @@ -25,7 +25,6 @@ /etc/hosts.deny root.root 644 /etc/hosts.equiv root.root 644 /etc/inetd.conf root.root 644 -/etc/init.d/ root.root 755 /etc/inittab root.root 644 /etc/ld.so.conf root.root 644 /etc/lilo.conf root.root 644 @@ -35,6 +34,7 @@ /etc/printcap root.root 644 /etc/profile.d/* root.root 755 /etc/rc.d/ root.root 755 +/etc/rc.d/init.d/ root.root 755 /etc/rc.d/init.d/* root.root 755 /etc/securetty root.root 644 /etc/sendmail.cf root.root 644 @@ -53,16 +53,26 @@ /proc root.root 555 /root/ root.root 755 /sbin/ root.root 755 -/tmp/ root.root 1777 +/tmp/ root.root 777 /usr/ root.root 755 /usr/* root.root 755 /usr/X11R6/ root.root 755 /usr/bin/ root.root 755 +/usr/bin/cc root.root 755 +/usr/bin/finger root.root 755 +/usr/bin/g++* root.root 755 +/usr/bin/gcc* root.root 755 +/usr/bin/ssh root.root 755 +/usr/bin/telnet root.root 755 +/usr/bin/w root.root 755 +/usr/bin/who root.root 755 /usr/lib/rpm/rpm? rpm.rpm 755 /usr/sbin/ root.root 755 +/usr/sbin/sendmail root.root 755 +/usr/sbin/traceroute root.bin 4755 /usr/share/doc root.root 755 /usr/share/man root.root 755 -/usr/tmp root.root 1777 +/usr/tmp root.root 777 /var/ root.root 755 /var/lock/subsys root.root 755 /var/log/ root.root 755 @@ -70,5 +80,5 @@ /var/log/*/* current 644 /var/log/*/*/* current 644 /var/log/*/. current 755 -/var/spool/mail/ root.mail 771 -/var/tmp root.root 1777 +/var/spool/mail/ root.mail 2775 +/var/tmp root.root 777 diff --git a/conf/perm.1 b/conf/perm.1 index 0441e0d..587c329 100644 --- a/conf/perm.1 +++ b/conf/perm.1 @@ -25,7 +25,6 @@ /etc/hosts.deny root.root 644 /etc/hosts.equiv root.root 644 /etc/inetd.conf root.root 644 -/etc/init.d/ root.root 755 /etc/inittab root.root 644 /etc/ld.so.conf root.root 644 /etc/lilo.conf root.root 644 @@ -35,6 +34,7 @@ /etc/printcap root.root 644 /etc/profile.d/* root.root 755 /etc/rc.d/ root.root 755 +/etc/rc.d/init.d/ root.root 755 /etc/rc.d/init.d/* root.root 744 /etc/rc.d/init.d/mandrake_consmap root.root 755 /etc/securetty root.root 644 @@ -56,13 +56,24 @@ /sbin/ root.root 755 /tmp/ root.root 1777 /usr/ root.root 755 +/usr/* root.root 755 /usr/X11R6/ root.root 755 /usr/bin/ root.root 755 +/usr/bin/cc root.root 755 +/usr/bin/finger root.root 755 +/usr/bin/g++* root.root 755 +/usr/bin/gcc* root.root 755 +/usr/bin/ssh root.root 755 +/usr/bin/telnet root.root 755 +/usr/bin/w root.root 755 +/usr/bin/who root.root 755 /usr/lib/rpm/rpm? rpm.rpm 755 /usr/sbin/ root.root 755 +/usr/sbin/sendmail root.root 755 +/usr/sbin/traceroute root.bin 4755 /usr/share/doc root.root 755 /usr/share/man root.root 755 -/usr/tmp root.root 2777 +/usr/tmp root.root 1777 /var/ root.root 755 /var/lock/subsys root.root 755 /var/log/ root.root 755 @@ -71,4 +82,4 @@ /var/log/*/*/* current 644 /var/log/*/. current 755 /var/spool/mail/ root.mail 2775 -/var/tmp root.root 2777 +/var/tmp root.root 1777 diff --git a/conf/perm.2 b/conf/perm.2 index 1adbfe1..5e406a0 100644 --- a/conf/perm.2 +++ b/conf/perm.2 @@ -25,7 +25,6 @@ /etc/hosts.deny root.root 644 /etc/hosts.equiv root.root 644 /etc/inetd.conf root.root 644 -/etc/init.d/ root.root 755 /etc/inittab root.root 644 /etc/ld.so.conf root.root 644 /etc/lilo.conf root.root 644 @@ -35,6 +34,7 @@ /etc/printcap root.root 644 /etc/profile.d/* root.root 755 /etc/rc.d/ root.root 755 +/etc/rc.d/init.d/ root.root 755 /etc/rc.d/init.d/* root.root 744 /etc/rc.d/init.d/mandrake_consmap root.root 755 /etc/securetty root.root 644 @@ -59,8 +59,18 @@ /usr/* root.root 755 /usr/X11R6/ root.root 755 /usr/bin/ root.root 755 +/usr/bin/cc root.root 755 +/usr/bin/finger root.root 755 +/usr/bin/g++* root.root 755 +/usr/bin/gcc* root.root 755 +/usr/bin/ssh root.root 755 +/usr/bin/telnet root.root 755 +/usr/bin/w root.root 755 +/usr/bin/who root.root 755 /usr/lib/rpm/rpm? rpm.rpm 755 /usr/sbin/ root.root 755 +/usr/sbin/sendmail root.root 755 +/usr/sbin/traceroute root.bin 4755 /usr/share/doc root.root 755 /usr/share/man root.root 755 /usr/tmp root.root 1777 diff --git a/conf/perm.3 b/conf/perm.3 index 2613d1a..fb7ff26 100644 --- a/conf/perm.3 +++ b/conf/perm.3 @@ -25,7 +25,6 @@ /etc/hosts.deny root.root 644 /etc/hosts.equiv root.root 644 /etc/inetd.conf root.root 644 -/etc/init.d/ root.root 755 /etc/inittab root.root 644 /etc/ld.so.conf root.root 644 /etc/lilo.conf root.root 644 @@ -35,6 +34,7 @@ /etc/printcap root.root 644 /etc/profile.d/* root.root 755 /etc/rc.d/ root.root 755 +/etc/rc.d/init.d/ root.root 755 /etc/rc.d/init.d/* root.root 700 /etc/rc.d/init.d/mandrake_consmap root.root 755 /etc/securetty root.root 644 @@ -59,8 +59,18 @@ /usr/* root.root 755 /usr/X11R6/ root.root 755 /usr/bin/ root.root 755 +/usr/bin/cc root.root 755 +/usr/bin/finger root.root 755 +/usr/bin/g++* root.root 755 +/usr/bin/gcc* root.root 755 +/usr/bin/ssh root.root 755 +/usr/bin/telnet root.root 755 +/usr/bin/w root.root 755 +/usr/bin/who root.root 755 /usr/lib/rpm/rpm? rpm.rpm 755 /usr/sbin/ root.root 755 +/usr/sbin/sendmail root.root 755 +/usr/sbin/traceroute root.bin 4755 /usr/share/doc root.root 755 /usr/share/man root.root 755 /usr/tmp root.root 1777 diff --git a/conf/perm.4 b/conf/perm.4 index 2f24171..4e7a97a 100644 --- a/conf/perm.4 +++ b/conf/perm.4 @@ -1,8 +1,8 @@ # Welcome in Level 4, aka secure & usable. ### / root.adm 751 -/bin/ root.root 4755 -/bin/ping root.root 755 +/bin/ root.adm 751 +/bin/ping root.ntools 4750 /bin/rpm rpm.rpm 750 /boot/ root.root 700 /dev/ root.root 711 @@ -39,7 +39,7 @@ /etc/rc.d/init.d/mandrake_consmap root.adm 755 /etc/securetty root.root 640 /etc/sendmail.cf root.adm 640 -/etc/shutdown.allow root.root 600 +/etc/shutdown.allow root.adm 640 /etc/ssh/ssh_config root.root 644 /etc/ssh/ssh_host_*key root.adm 600 /etc/ssh/ssh_host_*key.pub root.adm 644 @@ -54,22 +54,32 @@ /proc root.kmem 550 /root/ root.root 700 /sbin/ root.adm 751 -/tmp/ root.root 1777 +/tmp/ root.adm 1773 /usr/ root.adm 751 /usr/* root.adm 751 /usr/X11R6/ root.xgrp 751 /usr/bin/ root.adm 751 +/usr/bin/cc root.ctools 750 +/usr/bin/finger root.ntools 750 +/usr/bin/g++* root.ctools 750 +/usr/bin/gcc* root.ctools 750 +/usr/bin/ssh root.ntools 750 +/usr/bin/telnet root.ntools 750 +/usr/bin/w root.ntools 750 +/usr/bin/who root.ntools 750 /usr/lib/rpm/rpm? rpm.rpm 750 /usr/sbin/ root.adm 751 +/usr/sbin/sendmail root.root 755 +/usr/sbin/traceroute root.ntools 4750 /usr/share/doc rpm.rpm 750 /usr/share/man rpm.rpm 750 -/usr/tmp root.root 1777 +/usr/tmp root.adm 1773 /var/ root.root 755 -/var/lock/subsys root.root 700 -/var/log/ root.root 711 +/var/lock/subsys root.adm 750 +/var/log/ root.adm 751 /var/log/* root.root 600 /var/log/*/* current 600 /var/log/*/*/* current 600 /var/log/*/. current 700 /var/spool/mail/ root.mail 771 -/var/tmp root.root 1777 +/var/tmp root.adm 1773 diff --git a/conf/perm.5 b/conf/perm.5 index a1d7e1f..756c27a 100644 --- a/conf/perm.5 +++ b/conf/perm.5 @@ -54,7 +54,7 @@ /proc root.kmem 550 /root/ root.root 700 /sbin/ root.root 711 -/tmp/ root.root 1777 +/tmp/ root.root 1733 /usr/ root.root 711 /usr/* root.root 711 /usr/X11R6/ root.xgrp 710 @@ -70,10 +70,10 @@ /usr/lib/rpm/rpm? rpm.rpm 750 /usr/sbin/ root.root 711 /usr/sbin/sendmail root.root 755 -/usr/sbin/traceroute root.ntools 750 +/usr/sbin/traceroute root.ntools 4750 /usr/share/doc rpm.rpm 710 /usr/share/man rpm.rpm 710 -/usr/tmp root.root 1777 +/usr/tmp root.root 1733 /var/ root.root 755 /var/lock/subsys root.root 700 /var/log/ root.root 711 @@ -82,4 +82,4 @@ /var/log/*/*/* current 600 /var/log/*/. current 700 /var/spool/mail/ root.mail 771 -/var/tmp root.root 1777 +/var/tmp root.root 1733 diff --git a/conf/perm.snf b/conf/perm.snf index a06bdc4..0a42815 100644 --- a/conf/perm.snf +++ b/conf/perm.snf @@ -1,8 +1,8 @@ # Welcome in Level 4, aka secure & usable. ### / root.adm 751 -/bin/ root.root 711 -/bin/ping root.root 755 +/bin/ root.adm 751 +/bin/ping root.ntools 4750 /bin/rpm rpm.rpm 750 /boot/ root.root 700 /dev/ root.root 711 @@ -33,17 +33,18 @@ /etc/motd root.adm 644 /etc/printcap root.lp 640 /etc/profile.d/* root.root 755 -/etc/rc.d/ root.adm 640 +/etc/rc.d/ root.adm 750 /etc/rc.d/init.d/ root.adm 750 +/etc/rc.d/init.d/* root.adm 740 /etc/rc.d/init.d/mandrake_consmap root.adm 755 -/etc/rc.d/init.d/syslog root.adm 740 /etc/securetty root.root 640 /etc/sendmail.cf root.adm 640 -/etc/shutdown.allow root.root 600 +/etc/shutdown.allow root.adm 640 /etc/ssh/ssh_config root.root 644 /etc/ssh/ssh_host_*key root.adm 600 /etc/ssh/ssh_host_*key.pub root.adm 644 /etc/ssh/sshd_config root.adm 640 +/etc/sysconfig root.adm 751 /etc/syslog.conf root.adm 640 /etc/updatedb.conf root.adm 640 /home/ root.adm 751 @@ -53,25 +54,35 @@ /proc root.kmem 550 /root/ root.root 700 /sbin/ root.adm 751 -/tmp/ root.root 1777 +/tmp/ root.adm 1773 /usr/ root.adm 751 /usr/* root.adm 751 /usr/X11R6/ root.xgrp 751 /usr/bin/ root.adm 751 +/usr/bin/cc root.ctools 750 +/usr/bin/finger root.ntools 750 +/usr/bin/g++* root.ctools 750 +/usr/bin/gcc* root.ctools 750 +/usr/bin/ssh root.ntools 750 +/usr/bin/telnet root.ntools 750 +/usr/bin/w root.ntools 750 +/usr/bin/who root.ntools 750 /usr/lib/rpm/rpm? rpm.rpm 750 /usr/sbin/ root.adm 751 +/usr/sbin/sendmail root.root 755 +/usr/sbin/traceroute root.ntools 4750 /usr/share/doc rpm.rpm 750 /usr/share/man rpm.rpm 750 -/usr/tmp root.root 1777 +/usr/tmp root.adm 1773 /var/ root.root 755 /var/lib/monitoring root.root 751 /var/lib/naat root.admin 2770 -/var/lock/subsys root.root 700 -/var/log/ root.root 711 +/var/lock/subsys root.adm 750 +/var/log/ root.adm 751 /var/log/* root.root 600 /var/log/*/* current 600 /var/log/*/*/* current 600 /var/log/*/. current 700 /var/spool/mail/ root.mail 771 -/var/tmp root.root 1777 +/var/tmp root.adm 1773 /var/www-naat httpd-naat.admin 750 -- cgit v1.2.1