*** empty log message ***

3 files changed, 48 insertions, 3 deletions

diff --git a/ChangeLog b/ChangeLog
index 24c3821..542b4bc 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,6 @@
 2000-01-04 Yoann Vandoorselaere <yoann@mandrakesoft.com>
 	* shutdown.allow is 600 in level 4/5; 644 else.
+	* updated doc/security.txt
 
 2000-01-03 Yoann Vandoorselaere <yoann@mandrakesoft.com>
 	* level 0-3 -> ctrl-alt-del allowed.
diff --git a/doc/security.txt b/doc/security.txt
index 86c101c..ff1280b 100644
--- a/doc/security.txt
+++ b/doc/security.txt
@@ -74,6 +74,7 @@ Security level 4 ( Aka Secured system ) :
   chkconfig ).
 - Ask for a boot password ( if the user want ).
 - Connection to the system denyied for all except localhost.
+- ctrl-alt-del only allowed for root ( or user in /etc/shutdown.allow ).
 
 *******************************
 Security level 5 ( Aka Paranoid system ) :
@@ -97,11 +98,12 @@ Security level 5 ( Aka Paranoid system ) :
 - Highly restricted file permission
 - All system events additionally logged to /dev/tty12
 - System security check every midnight ( crontab ).
-* - Services not contained in /etc/security/msec/init-sh/server.5 are disabled (
+- Services not contained in /etc/security/msec/init-sh/server.5 are disabled (
   considered as not really secure ) ( but the user can reenable it with
   chkconfig ).
 - Ask for a boot password ( if the user want ).
 - Connection to the system denyied for all.
+- ctrl-alt-del only allowed for root ( or user in /etc/shutdown.allow ) .
 
 ******************
 
diff --git a/init-sh/custom.sh b/init-sh/custom.sh
index 99154f9..057a288 100755
--- a/init-sh/custom.sh
+++ b/init-sh/custom.sh
@@ -9,7 +9,6 @@ if [[ -f /etc/security/msec/init-sh/lib.sh ]]; then
     . /etc/security/msec/init-sh/lib.sh
 fi
 
-
 clear
 
 ###
@@ -20,6 +19,21 @@ if [[ ${answer} == yes ]]; then
 fi
 
 ###
+echo "Do you want to only allow ctrl-alt-del if root is logged locally ?"
+echo "( or if an user present in /etc/shutdown.allow is logged locally )"
+WaitAnswer; clear
+tmpfile=`mktemp tmp/secure.XXXXXX`
+cp /etc/inittab ${tmpfile}
+if [[ ${answer} == yes ]]; then
+    cat ${tmpfile} | \
+    sed s'/ca::ctrlaltdel:\/sbin\/shutdown -t3 -r now/ca::ctrlaltdel:\/sbin\/shutdown -a -t3 -r now/' > /etc/inittab
+else
+    cat ${tmpfile} | \
+    sed s'/ca::ctrlaltdel:\/sbin\/shutdown -a -t3 -r now/ca::ctrlaltdel:\/sbin\/shutdown -t3 -r now/' > /etc/inittab
+fi
+rm -f ${tmpfile}
+
+###
 echo "Do you want to deny any machine to connect to yours ?"
 WaitAnswer
 if [[ ${answer} == yes ]]; then
@@ -36,7 +50,7 @@ fi
 echo "Do you want root console login to be allowed ?" 
 WaitAnswer; clear
 if [[ ${answer} == yes ]]; then
-    AddRules "tty1" /etc/securetty quiet
+g    AddRules "tty1" /etc/securetty quiet
     AddRules "tty2" /etc/securetty quiet
     AddRules "tty3" /etc/securetty quiet
     AddRules "tty4" /etc/securetty quiet
@@ -117,6 +131,34 @@ if [[ ${answer} == yes ]]; then
 fi
 ###
 
+echo "Do you want security report to be done directly on the console ?"
+WaitAnswer; clear
+if [[ ${answer} == yes ]]; then
+    AddRules "TTY_WARN=yes" /etc/security/msec/security.conf
+else
+    AddRules "TTY_WARN=no" /etc/security/msec/security.conf
+fi
+###
+
+echo "Do you want security report to be done in syslog ?"
+WaitAnswer; clear
+if [[ ${answer} == yes ]]; then
+    AddRules "SYSLOG_WARN=yes" /etc/security/msec/security.conf
+else
+    AddRules "SYSLOG_WARN=no" /etc/security/msec/security.conf
+fi
+###
+
+echo "Do you want security report to be done by mail ?"
+WaitAnswer; clear
+if [[ ${answer} == yes ]]; then
+    AddRules "MAIL_WARN=yes" /etc/security/msec/security.conf
+else
+    AddRules "MAIL_WARN=no" /etc/security/msec/security.conf
+fi
+###
+
+
 LiloUpdate;
 /sbin/lilo >& /dev/null