aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEugeni Dodonov <eugeni@mandriva.org>2009-03-24 14:01:44 +0000
committerEugeni Dodonov <eugeni@mandriva.org>2009-03-24 14:01:44 +0000
commit3faf13ff57e140e83cd69d832d753d224942ac22 (patch)
tree3fbc8197b3f5279cad71c9c72a94e0e457985948
parent0ef149d730f91bdb1fb193f7602beab918b1b4d2 (diff)
downloadmsec-3faf13ff57e140e83cd69d832d753d224942ac22.tar
msec-3faf13ff57e140e83cd69d832d753d224942ac22.tar.gz
msec-3faf13ff57e140e83cd69d832d753d224942ac22.tar.bz2
msec-3faf13ff57e140e83cd69d832d753d224942ac22.tar.xz
msec-3faf13ff57e140e83cd69d832d753d224942ac22.zip
Adding back missing files.
-rw-r--r--msec.init74
-rw-r--r--msec.logrotate16
2 files changed, 90 insertions, 0 deletions
diff --git a/msec.init b/msec.init
new file mode 100644
index 0000000..f10e7e4
--- /dev/null
+++ b/msec.init
@@ -0,0 +1,74 @@
+#!/bin/sh
+#
+# Enables MSEC policy on system startup
+#
+# description: Enables MSEC security policy on system startup
+# chkconfig: 345 13 20
+#
+### BEGIN INIT INFO
+# Provides: msec
+# Default-Start: 3 4 5
+# Short-Description: Enables MSEC security policy
+# Description: Enables MSEC security settings, defined by current policy
+### END INIT INFO
+
+# Source function library.
+. /etc/rc.d/init.d/functions
+
+if [ ! -f /etc/security/msec/security.conf ] ; then
+ # no msec configuration, aborting
+ exit
+fi
+
+. /etc/security/msec/security.conf
+
+# See how we were called.
+case "$1" in
+ start)
+ if [ "$ENABLE_STARTUP_MSEC" = "yes" ]; then
+ gprintf "Enabling MSEC security policy"
+ /usr/sbin/msec -q
+ echo_success
+ echo
+ fi
+ if [ "$ENABLE_STARTUP_PERMS" = "yes" ]; then
+ gprintf "Setting and checking MSEC permissions"
+ /usr/sbin/msecperms -q
+ echo_success
+ echo
+ elif [ "$ENABLE_STARTUP_PERMS" = "enforce" ]; then
+ gprintf "Setting and enforcing MSEC permissions"
+ /usr/sbin/msecperms -q
+ echo_success
+ echo
+ fi
+ ;;
+ stop)
+ # nothing to do
+ ;;
+ status)
+ if [ "$ENABLE_STARTUP_MSEC" = "yes" ]; then
+ gprintf "MSEC security policy on startup: enabled"
+ else
+ gprintf "MSEC security policy on startup: disabled"
+ fi
+ echo
+ if [ "$ENABLE_STARTUP_PERMS" = "yes" ]; then
+ gprintf "MSEC permissions on startup: enabled"
+ elif [ "$ENABLE_STARTUP_PERMS" = "enforce" ]; then
+ gprintf "MSEC permissions on startup: enforced"
+ else
+ gprintf "MSEC permissions on startup: disabled"
+ fi
+ echo
+ ;;
+ restart)
+ $0 stop
+ $0 start
+ ;;
+ *)
+ gprintf "Usage: %s\n" "$0 {start|stop|restart|status}"
+ exit 1
+esac
+
+exit 0
diff --git a/msec.logrotate b/msec.logrotate
new file mode 100644
index 0000000..38903b6
--- /dev/null
+++ b/msec.logrotate
@@ -0,0 +1,16 @@
+# We create the log files to keep logrotate quiet in the case where
+# uucico is not run at all between two log rotations. It would be nice if
+# logrotate could be configured to silently ignore the case of a log
+# file not existing
+
+/var/log/security.log {
+ create 644 root root
+ monthly
+ compress
+}
+
+# updating permissions on rotated logs
+sharedscripts
+postrotate
+ test -f /usr/sbin/msecperms && /usr/sbin/msecperms -q -e '/var/log/*'
+endscript