diff options
| -rwxr-xr-x | add-service | 32 |
1 files changed, 31 insertions, 1 deletions
diff --git a/add-service b/add-service index c8d4917..ee29e9e 100755 --- a/add-service +++ b/add-service @@ -20,8 +20,38 @@ num=$2 # number of packages installed srv=$3 # name of the service if [ $num = 1 ]; then - /sbin/chkconfig --add $srv + # Install mode: add the services + if [ -r /etc/sysconfig/msec ]; then + . /etc/sysconfig/msec + fi + if [ -n "$SECURE_LEVEL" -a "$SECURE_LEVEL" -gt 3 ]; then + # High security: add only authorized services + LIST=/etc/security/msec/server + # during the install the symlink isn't done so find the right file + # by ourseleves + if [ -n "$DURING_INSTALL" -a ! -f $LIST ]; then + LIST=/etc/security/msec/server.$SECURE_LEVEL + fi + if [ -f $LIST ]; then + if grep -q "^${srv}$" $LIST ; then + /sbin/chkconfig --add $srv + fi + else + # do an exception for initscripts services that could be installed + # before msec and should anyway be added + if [ $pkg = initscripts ]; then + /sbin/chkconfig --add $srv + else + echo "add-service: $srv not added because /etc/security/msec/server is not present." 1>&2 + echo "You should run msec to correct that." 1>&2 + fi + fi + else + # Low security: install all the services + /sbin/chkconfig --add $srv + fi else + # Upgrade mode: restart the service if already running if [ -f /var/lock/subsys/$srv ]; then /sbin/service $srv restart > /dev/null 2>/dev/null || : # restart services that depend of portmap |