aboutsummaryrefslogtreecommitdiffstats
path: root/msec.init
blob: f10e7e4ab0449e6e7ad0e57a2a88812129a884e4 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
#!/bin/sh
#
# Enables MSEC policy on system startup
#
# description: Enables MSEC security policy on system startup
# chkconfig: 345 13 20
#
### BEGIN INIT INFO
# Provides: msec
# Default-Start: 3 4 5
# Short-Description: Enables MSEC security policy
# Description: Enables MSEC security settings, defined by current policy
### END INIT INFO

# Source function library.
. /etc/rc.d/init.d/functions

if [ ! -f /etc/security/msec/security.conf ] ; then
	# no msec configuration, aborting
	exit
fi

. /etc/security/msec/security.conf

# See how we were called.
case "$1" in
  start)
	if [ "$ENABLE_STARTUP_MSEC" = "yes" ]; then
		gprintf "Enabling MSEC security policy"
		/usr/sbin/msec -q
		echo_success
		echo
	fi
	if [ "$ENABLE_STARTUP_PERMS" = "yes" ]; then
		gprintf "Setting and checking MSEC permissions"
		/usr/sbin/msecperms -q
		echo_success
		echo
	elif [ "$ENABLE_STARTUP_PERMS" = "enforce" ]; then
		gprintf "Setting and enforcing MSEC permissions"
		/usr/sbin/msecperms -q
		echo_success
		echo
	fi
	;;
  stop)
  	# nothing to do
	;;
  status)
	if [ "$ENABLE_STARTUP_MSEC" = "yes" ]; then
		gprintf "MSEC security policy on startup: enabled"
	else
		gprintf "MSEC security policy on startup: disabled"
	fi
	echo
	if [ "$ENABLE_STARTUP_PERMS" = "yes" ]; then
		gprintf "MSEC permissions on startup: enabled"
	elif [ "$ENABLE_STARTUP_PERMS" = "enforce" ]; then
		gprintf "MSEC permissions on startup: enforced"
	else
		gprintf "MSEC permissions on startup: disabled"
	fi
	echo
	;;
  restart)
	$0 stop
	$0 start
	;;
  *)
	gprintf "Usage: %s\n" "$0 {start|stop|restart|status}"
	exit 1
esac

exit 0