From aad00cebf45cee2de6b3ffc131d9a639e04dcd07 Mon Sep 17 00:00:00 2001
From: Yoann Vandoorselaere <yoann@mandriva.com>
Date: Thu, 9 Dec 1999 16:20:34 +0000
Subject: *** empty log message ***

---
 init-sh/level0.sh | 80 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
 init-sh/perm.0    | 65 ++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 145 insertions(+)
 create mode 100755 init-sh/level0.sh
 create mode 100644 init-sh/perm.0

(limited to 'init-sh')

diff --git a/init-sh/level0.sh b/init-sh/level0.sh
new file mode 100755
index 0000000..a0cd43c
--- /dev/null
+++ b/init-sh/level0.sh
@@ -0,0 +1,80 @@
+#!/bin/bash
+
+#
+# Security level implementation...
+# Writen by Vandoorselaere Yoann <yoann@mandrakesoft.com>
+#
+
+if [ -f /etc/security/msec/init-sh/lib.sh ]; then
+    . /etc/security/msec/init-sh/lib.sh
+else
+    exit 1
+fi
+
+# login as root on console granted...
+echo "Login as root is granted :"
+AddRules "tty1" /etc/securetty quiet
+AddRules "tty2" /etc/securetty quiet
+AddRules "tty3" /etc/securetty quiet
+AddRules "tty4" /etc/securetty quiet
+AddRules "tty5" /etc/securetty quiet
+AddRules "tty6" /etc/securetty
+
+# Security check
+echo "Updating file check variable : "
+echo -e "\t- Check security : yes."
+    AddRules "CHECK_SECURITY=yes" /etc/security/msec/security.conf      quiet
+echo -e "\t- Check important permissions : no."
+    AddRules "CHECK_PERMS=no" /etc/security/msec/security.conf          quiet             
+echo -e "\t- Check suid root file : no."
+    AddRules "CHECK_SUID_ROOT=no" /etc/security/msec/security.conf 	quiet
+echo -e "\t- Check suid root file integrity (backdoor check) : no."
+    AddRules "CHECK_SUID_MD5=no" /etc/security/msec/security.conf 	quiet
+echo -e "\t- Check suid group file : no."
+    AddRules "CHECK_SUID_GROUP=no" /etc/security/msec/security.conf	quiet
+echo -e "\t- Check world writable file : no."
+    AddRules "CHECK_WRITEABLE=no" /etc/security/msec/security.conf	quiet
+echo -e "\t- Check unowned file : no."
+    AddRules "CHECK_UNOWNED=no" /etc/security/msec/security.conf	quiet
+echo -e "\t- Check promiscuous mode : no."
+    AddRules "CHECK_PROMISC=no" /etc/security/msec/security.conf        quiet
+echo -e "\t- Check listening port : no."                               
+    AddRules "CHECK_OPEN_PORT=no" /etc/security/msec/security.conf	quiet
+echo -e "\t- Check passwd file integrity : no."
+    AddRules "CHECK_PASSWD=no" /etc/security/msec/security.conf	        quiet
+echo -e "\t- Check shadow file integrity : no."
+    AddRules "CHECK_SHADOW=no" /etc/security/msec/security.conf	        quiet
+echo -e "\t- Security warning on tty : \"no\" :"
+    AddRules "TTY_WARN=no" /etc/security/msec/security.conf	        quiet
+echo -e "\t- Security warning in syslog : \"no\" :"			
+    AddRules "SYSLOG_WARN=no" /etc/security/msec/security.conf		
+# end security check
+
+# lilo update
+echo -n "Running lilo to record new config : "
+/sbin/lilo >& /dev/null
+echo -e "done.\n"
+
+# /etc/profile
+export SECURE_LEVEL=1
+echo "Setting secure level variable to 1 :"
+AddRules "SECURE_LEVEL=1" /etc/profile
+echo "Setting umask to 002 (u=rw,g=rw,o=r) :"
+AddRules "umask 002" /etc/profile
+echo "Adding \"non secure\" PATH variable :"
+AddRules "PATH=\$PATH:/usr/X11R6/bin:/usr/games:." /etc/profile quiet
+AddRules "export PATH SECURE_LEVEL" /etc/profile
+
+# Group
+echo -n "Adding \"${DRAKX_USERS}\" to audio group :"
+for user in ${DRAKX_USERS}; do
+    usermod -G audio "${user}"
+done
+echo "done."
+
+
+
+
+
+
+
diff --git a/init-sh/perm.0 b/init-sh/perm.0
new file mode 100644
index 0000000..0cae0d7
--- /dev/null
+++ b/init-sh/perm.0
@@ -0,0 +1,65 @@
+# Welcome in Level 1
+###
+/bin						root.root		755
+/boot						root.root		755
+/dev						root.root		755
+/dev/audio*					root.audio		660
+/dev/dsp*					root.audio		660
+/etc/						root.root		755
+/etc/conf.modules				root.root		644
+/etc/cron.daily/				root.root		755
+/etc/cron.hourly/				root.root		755
+/etc/cron.monthly/				root.root		755
+/etc/cron.weekly/				root.root		755
+/etc/crontab					root.root		644
+/etc/dhcpcd/					root.root		755
+/etc/esd.conf					root.root		644
+/etc/ftpaccess					root.root		644
+/etc/ftpconversions				root.root		644
+/etc/ftpgroups					root.root		644
+/etc/ftphosts					root.root		644
+/etc/ftpusers					root.root		644
+/etc/gettydefs					root.root		644
+/etc/hosts.allow				root.root		644
+/etc/hosts.deny					root.root		644
+/etc/hosts.equiv				root.root		644
+/etc/inetd.conf					root.root		644
+/etc/init.d/					root.root		755
+/etc/inittab					root.root		644
+/etc/ld.so.conf					root.root		644
+/etc/lilo.conf					root.root		644
+/etc/modules.conf				root.root		644
+/etc/motd					root.root		644
+/etc/printcap					root.root		644
+/etc/profile					root.root		644
+/etc/rc.d/					root.root		755
+/etc/securetty					root.root		644
+/etc/sendmail.cf				root.root		644
+/etc/ssh_config					root.root		644
+/etc/ssh_host_key				root.root		644
+/etc/ssh_host_key.pub				root.root		644
+/etc/sshd_config				root.root		644
+/etc/syslog.conf				root.root		644
+/etc/updatedb.conf				root.root		644
+/home/						root.root		755
+/home/*						current			755
+/lib						root.root		755
+/mnt						root.root		755
+/root						root.root		755
+/sbin						root.root		755
+/tmp						root.root		1777
+/usr						root.root		755
+/usr/*						root.root		755
+/usr/X11R6/					root.root		755
+/usr/bin/					root.root		755
+/usr/bin/*					root.root		755
+/usr/sbin/					root.root		755
+/var						root.root		755
+/var/log					root.root		755
+/var/log/*					root.adm		644
+/var/log/security/				root.root		700
+/var/log/security/*				root.root		600
+
+
+
+
-- 
cgit v1.2.1