From 0b879f1ccd0d3da358ba5cceeddc6bc1101d683f Mon Sep 17 00:00:00 2001
From: Eugeni Dodonov <eugeni@mandriva.org>
Date: Thu, 18 Feb 2010 18:17:04 +0000
Subject: Added policy for 'fileserver' security level.

---
 conf/perm.fileserver | 76 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 76 insertions(+)
 create mode 100644 conf/perm.fileserver

(limited to 'conf/perm.fileserver')

diff --git a/conf/perm.fileserver b/conf/perm.fileserver
new file mode 100644
index 0000000..7e908f7
--- /dev/null
+++ b/conf/perm.fileserver
@@ -0,0 +1,76 @@
+# default permissions level
+###
+/						root.adm		755
+/bin/						root.root		755
+/bin/ping					root.root		4755
+/bin/rpm					rpm.rpm			755
+/boot/						root.root		755
+/dev/						root.root		755
+/etc/						root.root		755
+/etc/conf.modules				root.root		644
+/etc/cron.daily/				root.root		755
+/etc/cron.hourly/				root.root		755
+/etc/cron.monthly/				root.root		755
+/etc/cron.weekly/				root.root		755
+/etc/crontab					root.root		644
+/etc/dhcpcd/					root.root		755
+/etc/dhcpcd/*					root.root		644
+/etc/hosts.allow				root.root		644
+/etc/hosts.deny					root.root		644
+/etc/hosts.equiv				root.root		644
+/etc/inittab					root.root		644
+/etc/ld.so.conf					root.root		644
+/etc/mandrake-release				root.root		644
+/etc/modules.conf				root.root		644
+/etc/motd					root.root		644
+/etc/printcap					root.root		644
+/etc/profile.d/*				root.root		755
+/etc/rc.d/					root.root		755
+/etc/rc.d/init.d/				root.root		755
+/etc/rc.d/init.d/functions			root.root		644
+/etc/securetty					root.root		644
+/etc/shutdown.allow				root.root		644
+/etc/ssh/ssh_config				root.root		644
+/etc/ssh/ssh_host_*key				root.root		600
+/etc/ssh/ssh_host_*key.pub			root.root		644
+/etc/ssh/sshd_config				root.root		644
+/etc/sysconfig					root.root		755
+/etc/syslog.conf				root.root		644
+/home/						root.root		755
+/home/*						current.current		755
+/lib/						root.root		755
+/mnt/						root.root		755
+/proc						root.root		555
+/root/						root.root		700
+/sbin/						root.root		755
+/tmp/						root.root		1777
+/usr/						root.root		755
+/usr/*						root.root		755
+/usr/bin/					root.root		755
+/usr/bin/cc					root.root		755
+/usr/bin/finger					root.root		755
+/usr/bin/g++*					root.root		755
+/usr/bin/gcc*					root.root		755
+/usr/bin/ssh					root.root		755
+/usr/bin/telnet					root.root		755
+/usr/bin/w					root.root		755
+/usr/bin/who					root.root		755
+/usr/lib/rpm/rpm?				rpm.rpm			755
+/usr/sbin/					root.root		755
+/usr/sbin/sendmail.postfix			root.root		755
+/usr/sbin/sendmail.sendmail			root.mail		2755
+/usr/sbin/traceroute				root.bin		4755
+/usr/tmp					root.root		1777
+/var/						root.root		755
+/var/lib/rpm/Packages				rpm.rpm			644
+/var/lock/subsys				root.root		755
+/var/log/					root.root		755
+/var/log/security.log				root.adm		640 force
+/var/log/msec.log				root.adm		640 force
+/var/log/security/				root.adm		740 force
+/var/log/security/*				root.adm		640 force
+/var/log/btmp					root.utmp		600 force
+/var/log/wtmp					root.utmp		664 force
+/var/log/lp-errs				lp.lp			600
+/var/spool/mail/				root.mail		2775
+/var/tmp					root.root		1777
-- 
cgit v1.2.1