diff options
| author | Eugeni Dodonov <eugeni@mandriva.org> | 2009-03-24 14:01:44 +0000 |
|---|---|---|
| committer | Eugeni Dodonov <eugeni@mandriva.org> | 2009-03-24 14:01:44 +0000 |
| commit | 3faf13ff57e140e83cd69d832d753d224942ac22 (patch) | |
| tree | 3fbc8197b3f5279cad71c9c72a94e0e457985948 | |
| parent | 0ef149d730f91bdb1fb193f7602beab918b1b4d2 (diff) | |
| download | msec-3faf13ff57e140e83cd69d832d753d224942ac22.tar msec-3faf13ff57e140e83cd69d832d753d224942ac22.tar.gz msec-3faf13ff57e140e83cd69d832d753d224942ac22.tar.bz2 msec-3faf13ff57e140e83cd69d832d753d224942ac22.tar.xz msec-3faf13ff57e140e83cd69d832d753d224942ac22.zip | |
Adding back missing files.
| -rw-r--r-- | msec.init | 74 | ||||
| -rw-r--r-- | msec.logrotate | 16 |
2 files changed, 90 insertions, 0 deletions
diff --git a/msec.init b/msec.init new file mode 100644 index 0000000..f10e7e4 --- /dev/null +++ b/msec.init @@ -0,0 +1,74 @@ +#!/bin/sh +# +# Enables MSEC policy on system startup +# +# description: Enables MSEC security policy on system startup +# chkconfig: 345 13 20 +# +### BEGIN INIT INFO +# Provides: msec +# Default-Start: 3 4 5 +# Short-Description: Enables MSEC security policy +# Description: Enables MSEC security settings, defined by current policy +### END INIT INFO + +# Source function library. +. /etc/rc.d/init.d/functions + +if [ ! -f /etc/security/msec/security.conf ] ; then + # no msec configuration, aborting + exit +fi + +. /etc/security/msec/security.conf + +# See how we were called. +case "$1" in + start) + if [ "$ENABLE_STARTUP_MSEC" = "yes" ]; then + gprintf "Enabling MSEC security policy" + /usr/sbin/msec -q + echo_success + echo + fi + if [ "$ENABLE_STARTUP_PERMS" = "yes" ]; then + gprintf "Setting and checking MSEC permissions" + /usr/sbin/msecperms -q + echo_success + echo + elif [ "$ENABLE_STARTUP_PERMS" = "enforce" ]; then + gprintf "Setting and enforcing MSEC permissions" + /usr/sbin/msecperms -q + echo_success + echo + fi + ;; + stop) + # nothing to do + ;; + status) + if [ "$ENABLE_STARTUP_MSEC" = "yes" ]; then + gprintf "MSEC security policy on startup: enabled" + else + gprintf "MSEC security policy on startup: disabled" + fi + echo + if [ "$ENABLE_STARTUP_PERMS" = "yes" ]; then + gprintf "MSEC permissions on startup: enabled" + elif [ "$ENABLE_STARTUP_PERMS" = "enforce" ]; then + gprintf "MSEC permissions on startup: enforced" + else + gprintf "MSEC permissions on startup: disabled" + fi + echo + ;; + restart) + $0 stop + $0 start + ;; + *) + gprintf "Usage: %s\n" "$0 {start|stop|restart|status}" + exit 1 +esac + +exit 0 diff --git a/msec.logrotate b/msec.logrotate new file mode 100644 index 0000000..38903b6 --- /dev/null +++ b/msec.logrotate @@ -0,0 +1,16 @@ +# We create the log files to keep logrotate quiet in the case where +# uucico is not run at all between two log rotations. It would be nice if +# logrotate could be configured to silently ignore the case of a log +# file not existing + +/var/log/security.log { + create 644 root root + monthly + compress +} + +# updating permissions on rotated logs +sharedscripts +postrotate + test -f /usr/sbin/msecperms && /usr/sbin/msecperms -q -e '/var/log/*' +endscript |