Initial revision

1 files changed, 175 insertions, 0 deletions

diff --git a/init-sh/lib.sh b/init-sh/lib.sh
new file mode 100644
index 0000000..a48c945
--- /dev/null
+++ b/init-sh/lib.sh
@@ -0,0 +1,175 @@
+#
+# Security level implementation...
+# Writen by Vandoorselaere Yoann <yoann@mandrakesoft.com>
+#
+
+# Need root access
+if [ $UID != 0 ]; then
+    echo "You need to be root in order to change secure level."
+    exit 1
+fi
+
+# To avoid error, while new initscript package isn't released...
+touch /etc/rc.d/rc.firewall
+
+# If we are currently installing our
+# system with DrakX, we don't ask anything to the user...
+# Instead, DrakX do it and give us a file with some variable.
+if [ -f /tmp/secure.DrakX ]; then
+    . /tmp/secure.DrakX
+fi
+
+if [ -f /etc/security/msec/security.conf ]; then
+    . /etc/security/msec/security.conf
+fi
+
+if rpm -q XFree86 2>&1 > /dev/null; then
+    HAVE_X=1
+else
+    HAVE_X=0
+fi
+
+USERNAME="blah"
+COMMENT="# Mandrake-Security : if you remove this comment, remove the next line too."
+
+AddRules () {
+	string=$1
+	file=$2
+
+	if [ -z "${string}" ]; then
+		return;
+	fi
+
+	if ! grep -qx "${string}" ${file}; then
+		echo "${COMMENT}" >> ${file};
+		echo "${string}" >> ${file};
+	fi
+}
+
+CleanRules() {
+    file=$1
+    ctrl=0
+
+    mv -f ${file} /tmp/secure.tmp
+    touch ${file}
+
+    while read line; do
+	if [ ${ctrl} == 1 ]; then
+	    ctrl=0
+	    continue;
+	fi
+
+        if echo "${line}" | grep -qx "${COMMENT}"; then
+	    ctrl=1
+	fi
+		
+	if [ ${ctrl} == 0 ]; then
+	    echo "${line}" >> ${file}
+	fi
+    done < /tmp/secure.tmp
+    
+    rm -f /tmp/secure.tmp
+
+}
+
+CommentUserRules() {
+    file=$1
+
+    mv -f ${file} /tmp/secure.tmp
+    touch ${file}
+     
+    while read line; do 
+	if ! echo "${line}" | grep -qE "^#"; then
+	    echo "# ${line}" >> ${file}
+	fi
+    done < /tmp/secure.tmp
+  
+    rm -f /tmp/secure.tmp
+}
+
+Syslog() {
+    if [ "${SYS_LOG}" == "yes" ]; then
+        /sbin/initlog --string=${1}
+    fi
+}
+
+Ttylog() {
+    if [ "${TTY_LOG}" == "yes" ]; then
+        for i in `w | grep -v "load\|TTY" | awk '{print $2}'` ; do
+            echo -e ${1} > /dev/$i
+        done
+    fi
+}
+
+
+LiloUpdate() {
+    if [ ! -f /tmp/secure.DrakX ]; then
+    	echo "Do you want a password authentication at boot time ?"
+    	echo "Be very carefull,"
+    	echo "this will prevent your server to reboot without an operator to enter password".
+    	echo -n "[yes]/no : "
+    	read answer
+    	if [[ "${answer}" == "yes" || "${answer}" == "" ]]; then
+        	echo -n "Please enter the password which will be used at boot time : "
+        	read password
+    	else
+        	password=""
+    	fi
+    else
+    	password=${DRAKX_PASSWORD}
+    fi
+
+    if [ ! -z "${password}" ]; then
+    	mv /etc/lilo.conf /tmp/secure.tmp
+	while read line; do
+	    if ! echo "${line}" | grep -q "password"; then
+		echo "${line}" >> /etc/lilo.conf
+	    fi
+    	done < /etc/secure.tmp
+	
+	rm -f /etc/secure.tmp
+    	AddRules "password=$PASSWORD" /etc/lilo.conf
+    fi
+}
+
+
+CleanRules /etc/syslog.conf
+
+CleanRules /etc/hosts.deny
+CommentUserRules /etc/hosts.deny
+
+CleanRules /etc/hosts.allow
+CommentUserRules /etc/hosts.allow
+
+CleanRules /etc/securetty
+CommentUserRules /etc/securetty
+
+CleanRules /etc/security/msec/security.conf
+CommentUserRules /etc/security/msec/security.conf
+
+CleanRules /etc/profile
+CleanRules /etc/lilo.conf
+CleanRules /etc/rc.d/rc.firewall
+CleanRules /etc/crontab
+
+
+# For all secure level
+AddRules "echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter" /etc/rc.d/rc.firewall
+
+# default group which must exist on the system
+groupadd audio >& /dev/null
+groupadd xgrp >& /dev/null
+usermod -G xgrp xfs
+
+if ! /etc/security/msec/init-sh/grpuser --del audio "${USERNAME}"; then
+    echo "Problem removing user \"${USERNAME}\" from group audio."
+fi
+
+
+
+
+
+
+
+
+