diff options
author | Yoann Vandoorselaere <yoann@mandriva.com> | 1999-11-29 14:18:57 +0000 |
---|---|---|
committer | Yoann Vandoorselaere <yoann@mandriva.com> | 1999-11-29 14:18:57 +0000 |
commit | d78302ebe04bdbb0bb4f9479708bf85d96cbefef (patch) | |
tree | 609f45e5d9eb7e8561c9210bffffdab3d60320ad /init-sh/level1.sh | |
parent | 9083d35d35565f571883275dbf3fd77f4ff05f6d (diff) | |
download | msec-d78302ebe04bdbb0bb4f9479708bf85d96cbefef.tar msec-d78302ebe04bdbb0bb4f9479708bf85d96cbefef.tar.gz msec-d78302ebe04bdbb0bb4f9479708bf85d96cbefef.tar.bz2 msec-d78302ebe04bdbb0bb4f9479708bf85d96cbefef.tar.xz msec-d78302ebe04bdbb0bb4f9479708bf85d96cbefef.zip |
Uhh custom security will always be a good idea.
Diffstat (limited to 'init-sh/level1.sh')
-rwxr-xr-x | init-sh/level1.sh | 52 |
1 files changed, 33 insertions, 19 deletions
diff --git a/init-sh/level1.sh b/init-sh/level1.sh index 3d5d300..b54b85b 100755 --- a/init-sh/level1.sh +++ b/init-sh/level1.sh @@ -12,30 +12,44 @@ else fi # login as root on console granted... -AddRules "tty1" /etc/securetty -AddRules "tty2" /etc/securetty -AddRules "tty3" /etc/securetty -AddRules "tty4" /etc/securetty -AddRules "tty5" /etc/securetty +echo "Login as root is granted :" +AddRules "tty1" /etc/securetty quiet +AddRules "tty2" /etc/securetty quiet +AddRules "tty3" /etc/securetty quiet +AddRules "tty4" /etc/securetty quiet +AddRules "tty5" /etc/securetty quiet AddRules "tty6" /etc/securetty # Suid Check -AddRules "CHECK_SUID=no" /etc/security/msec/security.conf -AddRules "CHECK_PROMISC=no" /etc/security/msec/security.conf -AddRules "TTY_WARN=no" /etc/security/msec/security.conf +echo "Updating file check variable :" +echo -e "\t- Check suid root file : no." +AddRules "CHECK_SUID_ROOT=no" /etc/security/msec/security.conf quiet +echo -e "\t- Check suid goup file : no." +AddRules "CHECK_SUID_GROUP=no" /etc/security/msec/security.conf quiet +echo -e "\t- Check world writable file : no." +AddRules "CHECK_WRITABLE=no" /etc/security/msec/security.conf quiet +echo -e "\t- Check unowned file : no." +AddRules "CHECK_UNOWNED=no" /etc/security/msec/security.conf quiet +echo -e "\t- Check promiscuous mode : no." +AddRules "CHECK_PROMISC=no" /etc/security/msec/security.conf quiet +echo -e "\t- Security warning on tty : no." +AddRules "TTY_WARN=no" /etc/security/msec/security.conf quiet +echo -e "\t- Security warning in syslog : yes." AddRules "SYSLOG_WARN=yes" /etc/security/msec/security.conf -# umask -AddRules "umask 022" /etc/profile -AddRules "SECURE_LEVEL=1" /etc/profile -# Group -usermod -G audio "${USERNAME}" - -# For X auth : -xhost + localhost 2>&1 >& /dev/null - # lilo update -lilo +echo -n "Running lilo to record new config : " +/sbin/lilo >& /dev/null +echo -e "done.\n" -# Path +# /etc/profile +echo "Setting secure level variable to 1 :" +AddRules "SECURE_LEVEL=1" /etc/profile +echo "Setting umask to 002 (user = rw, group = rw, o = r) :" +AddRules "umask 002" /etc/profile +echo "Adding \"non secure\" PATH variable :" AddRules "PATH=\$PATH:/usr/X11R6/bin:." /etc/profile + +# Group +echo "Adding \"${USERNAME} to audio group :" +usermod -G audio "${USERNAME}" |