blob: 10e4a21b21c39e4aab9fe80e09eb000a7aa6cd4c (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
|
#!/usr/bin/sh
#
# Enables MSEC policy on system startup
#
# description: Enables MSEC security policy on system startup
# chkconfig: 345 13 20
#
### BEGIN INIT INFO
# Provides: msec
# Default-Start: 3 4 5
# Short-Description: Enables MSEC security policy on boot
# Description: Enables MSEC security settings on boot
### END INIT INFO
PATH=/sbin:/bin:/usr/sbin:/usr/bin
# Source function library.
. /etc/rc.d/init.d/functions
if [ ! -f /etc/security/msec/security.conf ] ; then
# no msec configuration, aborting
exit
fi
. /etc/security/msec/security.conf
# See how we were called.
case "$1" in
start)
if [ "$ENABLE_STARTUP_MSEC" = "yes" ]; then
gprintf "Enabling MSEC security policy"
/usr/sbin/msec -q
if [ $? == 0 ]; then
echo_success
else
echo_failure
fi
echo
fi
if [ "$ENABLE_STARTUP_PERMS" = "yes" ]; then
gprintf "Setting and checking MSEC permissions"
/usr/sbin/msecperms -q
if [ $? == 0 ]; then
echo_success
else
echo_failure
fi
echo
elif [ "$ENABLE_STARTUP_PERMS" = "enforce" ]; then
gprintf "Setting and enforcing MSEC permissions"
/usr/sbin/msecperms -e -q
if [ $? == 0 ]; then
echo_success
else
echo_failure
fi
echo
fi
;;
stop)
# nothing to do
;;
status)
if [ "$ENABLE_STARTUP_MSEC" = "yes" ]; then
gprintf "MSEC security policy on startup: enabled"
else
gprintf "MSEC security policy on startup: disabled"
fi
echo
if [ "$ENABLE_STARTUP_PERMS" = "yes" ]; then
gprintf "MSEC permissions on startup: enabled"
elif [ "$ENABLE_STARTUP_PERMS" = "enforce" ]; then
gprintf "MSEC permissions on startup: enforced"
else
gprintf "MSEC permissions on startup: disabled"
fi
echo
;;
restart)
$0 stop
$0 start
;;
*)
gprintf "Usage: %s\n" "$0 {start|stop|restart|status}"
exit 1
esac
exit 0
|
