aboutsummaryrefslogtreecommitdiffstats
path: root/init-sh
diff options
context:
space:
mode:
authorYoann Vandoorselaere <yoann@mandriva.com>1999-12-09 17:16:37 +0000
committerYoann Vandoorselaere <yoann@mandriva.com>1999-12-09 17:16:37 +0000
commita9246801e5bce8060b3086ae5f3d443699b82171 (patch)
tree087e90506e9630ee7dba5ef3960ca2cc7146162a /init-sh
parent9422e4962af0d43308cfae95ab8e7370ee035525 (diff)
downloadmsec-a9246801e5bce8060b3086ae5f3d443699b82171.tar
msec-a9246801e5bce8060b3086ae5f3d443699b82171.tar.gz
msec-a9246801e5bce8060b3086ae5f3d443699b82171.tar.bz2
msec-a9246801e5bce8060b3086ae5f3d443699b82171.tar.xz
msec-a9246801e5bce8060b3086ae5f3d443699b82171.zip
Should really be stable now.
Diffstat (limited to 'init-sh')
-rwxr-xr-xinit-sh/custom.sh38
-rwxr-xr-xinit-sh/file_perm.sh6
-rwxr-xr-xinit-sh/grpuser20
-rwxr-xr-xinit-sh/init.sh8
-rwxr-xr-xinit-sh/level0.sh14
-rwxr-xr-xinit-sh/level1.sh16
-rwxr-xr-xinit-sh/level2.sh15
-rwxr-xr-xinit-sh/level3.sh2
-rwxr-xr-xinit-sh/level4.sh2
-rwxr-xr-xinit-sh/level5.sh2
-rw-r--r--init-sh/lib.sh28
11 files changed, 79 insertions, 72 deletions
diff --git a/init-sh/custom.sh b/init-sh/custom.sh
index c6963a9..46ba9af 100755
--- a/init-sh/custom.sh
+++ b/init-sh/custom.sh
@@ -5,7 +5,7 @@
# Writen by Vandoorselaere Yoann <yoann@mandrakesoft.com>
#
-if [ -f /etc/security/msec/init-sh/lib.sh ]; then
+if [[ -f /etc/security/msec/init-sh/lib.sh ]]; then
. /etc/security/msec/init-sh/lib.sh
fi
@@ -15,24 +15,24 @@ clear
###
echo "Do you want your log file to be in append mode only ?"
WaitAnswer; clear
-if [ ${answer} == "yes" ]; then
+if [[ ${answer} == yes ]]; then
find /var/log/ -type f -exec chattr +a {} \;
fi
###
echo "Do you want all system events to be logged on tty12 ?"
WaitAnswer; clear
-if [ ${answer} == "yes" ]; then
+if [[ ${answer} == yes ]]; then
AddRules "*.* /dev/tty12" /etc/syslog.conf
fi
###
echo "Do you want to deny any machine to connect to yours ?"
WaitAnswer
-if [ ${answer} == "yes" ]; then
+if [[ ${answer} == yes ]]; then
echo "Do you want only localhost to be allowed ?"
WaitAnswer; clear
- if [ "${answer}" == "yes" ]; then
+ if [[ ${answer} == yes ]]; then
AddRules "ALL:ALL EXCEPT localhost:DENY" /etc/hosts.deny
else
AddRules "ALL:ALL:DENY" /etc/hosts.deny
@@ -42,7 +42,7 @@ fi
###
echo "Do you want root console login to be allowed ?"
WaitAnswer; clear
-if [ ${answer} == "yes" ]; then
+if [[ ${answer} == yes ]]; then
AddRules "tty1" /etc/securetty quiet
AddRules "tty2" /etc/securetty quiet
AddRules "tty3" /etc/securetty quiet
@@ -53,7 +53,7 @@ fi
###
echo "Do you want your system to daily check important security problem ?"
WaitAnswer; clear
-if [ ${answer} == "yes" ]; then
+if [[ ${answer} == yes ]]; then
AddRules "CHECK_SECURITY=yes" /etc/security/msec/security.conf
AddRules "0 0-23 * * * root nice --adjustment=+19 /etc/security/msec/cron-sh/security_check.sh" /etc/crontab
fi
@@ -61,7 +61,7 @@ fi
###
echo "Do you want your system to daily check new open port listening ?"
WaitAnswer; clear
-if [ ${answer} == "yes" ]; then
+if [[ ${answer} == yes ]]; then
AddRules "CHECK_OPEN_PORT=yes" /etc/security/msec/security.conf
AddRules "0 0-23 * * * root nice --adjustment=+19 /etc/security/msec/cron-sh/security_check.sh" /etc/crontab
AddRules "0 0-23 * * * root nice --adjustment=+19 /etc/security/msec/cron-sh/diff_check.sh" /etc/crontab
@@ -70,7 +70,7 @@ fi
###
echo "Do you want your system to check for grave permission problem on senssibles files ?"
WaitAnswer; clear
-if [ ${answer} == "yes" ]; then
+if [[ ${answer} == yes ]]; then
AddRules "CHECK_PERMS=yes" /etc/security/msec/security.conf
AddRules "0 0-23 * * * root nice --adjustment=+19 /etc/security/msec/cron-sh/security_check.sh" /etc/crontab
fi
@@ -78,7 +78,7 @@ fi
###
echo "Do you want your system to daily check SUID Root file change ?"
WaitAnswer; clear
-if [ ${answer} == "yes" ]; then
+if [[ ${answer} == yes ]]; then
AddRules "CHECK_SUID_ROOT=yes" /etc/security/msec/security.conf
AddRules "0 0-23 * * * root nice --adjustment=+19 /etc/security/msec/cron-sh/diff_check.sh" /etc/crontab
fi
@@ -86,7 +86,7 @@ fi
###
echo "Do you want your system to daily check suid files md5 checksum changes ?"
WaitAnswer; clear
-if [ ${answer} == "yes" ]; then
+if [[ ${answer} == yes ]]; then
AddRules "CHECK_SUID_MD5=yes" /etc/security/msec/security.conf
AddRules "0 0-23 * * * root nice --adjustment=+19 /etc/security/msec/cron-sh/diff_check.sh" /etc/crontab
fi
@@ -94,7 +94,7 @@ fi
###
echo "Do you want your system to daily check SUID Group file change ?"
WaitAnswer; clear
-if [ ${answer} == "yes" ]; then
+if [[ ${answer} == yes ]]; then
AddRules "CHECK_SUID_GROUP=yes" /etc/security/msec/security.conf
AddRules "0 0-23 * * * root nice --adjustment=+19 /etc/security/msec/cron-sh/diff_check.sh" /etc/crontab
fi
@@ -102,7 +102,7 @@ fi
###
echo "Do you want your system to daily check Writeable file change ?"
WaitAnswer; clear
-if [ ${answer} == "yes" ]; then
+if [[ ${answer} == yes ]]; then
AddRules "CHECK_WRITEABLE=yes" /etc/security/msec/security.conf
AddRules "0 0-23 * * * root nice --adjustment=+19 /etc/security/msec/cron-sh/diff_check.sh" /etc/crontab
fi
@@ -110,7 +110,7 @@ fi
###
echo "Do you want your system to daily check Unowned file change ?"
WaitAnswer; clear
-if [ ${answer} == "yes" ]; then
+if [[ ${answer} == yes ]]; then
AddRules "CHECK_UNOWNED=yes" /etc/security/msec/security.conf
AddRules "0 0-23 * * * root nice --adjustment=+19 /etc/security/msec/cron-sh/diff_check.sh" /etc/crontab
fi
@@ -119,7 +119,7 @@ fi
echo "Do you want your system to verify every minutes if a network interface"
echo "is in promiscuous state (which mean someone is probably running a sniffer on your machine ) ?"
WaitAnswer; clear
-if [ ${answer} == "yes" ]; then
+if [[ ${answer} == yes ]]; then
AddRules "CHECK_PROMISC=yes" /etc/security/msec/security.conf
AddRules "*/1 * * * * root nice --adjustment=+19 /etc/security/msec/cron-sh/promisc_check.sh" /etc/crontab
fi
@@ -132,7 +132,7 @@ LiloUpdate;
echo "Do you want to disable your running server ( except important one )"
echo "This is only valuable for server installed with rpm."
WaitAnswer; clear
-if [ ${answer} == "yes" ]; then
+if [[ ${answer} == yes ]]; then
echo -n "Disabling all service, except : {"
chkconfig --list | awk '{print $1}' | while read service; do
if grep -qx ${service} /etc/security/msec/init-sh/server.4; then
@@ -155,7 +155,7 @@ echo "Do you want to disallow rpm to automatically enable a new installed server
echo "yes = you will need to chkconfig (--add ) servername for the server to run on boot."
echo "no = rpm will do it for you, but you have less control of what is running on your machine."
WaitAnswer; clear
-if [ "${answer}" == "yes" ]; then
+if [[ ${answer} == yes ]; then
export SECURE_LEVEL="4"
AddRules "SECURE_LEVEL=\"4\"" /etc/profile
else
@@ -182,7 +182,7 @@ case "${answer}" in
AddRules "umask 022" /etc/profile
;;
"restricted")
- AddRules "if [ \${UID} == 0 ]; then umask 022; else umask 077; fi" /etc/profile
+ AddRules "if [[ \${UID} == 0 ]]; then umask 022; else umask 077; fi" /etc/profile
;;
"paranoid")
AddRules "umask 077" /etc/profile
@@ -194,7 +194,7 @@ echo "Do you want a "." in your PATH variable ?"
echo "This permit you to not use ./progname & to just type progname"
echo "However this is a *high* security risk."
WaitAnswer; clear
-if [ ${answer} == "yes" ]; then
+if [[ ${answer} == yes ]]; then
AddRules "PATH=\$PATH:/usr/X11R6/bin:/usr/games:." /etc/profile
else
AddRules "PATH=\$PATH:/usr/X11R6/bin:/usr/games" /etc/profile
diff --git a/init-sh/file_perm.sh b/init-sh/file_perm.sh
index 0e13e9c..a74a08d 100755
--- a/init-sh/file_perm.sh
+++ b/init-sh/file_perm.sh
@@ -1,6 +1,6 @@
#!/bin/bash
-if [ ! -s $1 ]; then
+if [[ ! -s $1 ]]; then
echo "I need a msec permfile in argument".
exit 1
fi
@@ -8,8 +8,8 @@ fi
echo -n "Setting files permissions : "
grep -v "^#" $1 | while read file owner perm; do
- if [ -a "${file}" ]; then
- if [ ${owner} != "current" ]; then
+ if [[ -a ${file} ]]; then
+ if [[ ${owner} != current ]]; then
chown ${owner} ${file}
fi
chmod ${perm} ${file}
diff --git a/init-sh/grpuser b/init-sh/grpuser
index 408e384..fb2ad25 100755
--- a/init-sh/grpuser
+++ b/init-sh/grpuser
@@ -33,7 +33,7 @@ RemoveUserFromGroup() {
}
AppendUserToGroup() {
- if [ -z "${group_users}" ]; then
+ if [[ -z ${group_users} ]]; then
new_group_line=${group_line}${user_name}
else
new_group_line=${group_line}",${user_name}"
@@ -41,7 +41,7 @@ AppendUserToGroup() {
}
IsUserAlreadyInGroup() {
- if echo "${group_users}" | grep -qw "${user_name}"; then
+ if echo ${group_users} | grep -qw "${user_name}"; then
return 1
fi
@@ -66,7 +66,7 @@ IsGroupExisting() {
IsUserExisting() {
grep -qn "^${user_name}:" /etc/passwd
- if [ $? == 0 ]; then
+ if [[ $? == 0 ]]; then
return 0;
fi
@@ -75,20 +75,20 @@ IsUserExisting() {
Add() {
IsGroupExisting;
- if [ $? == 0 ]; then
+ if [[ $? == 0 ]]; then
echo "Sorry, group \"${group_name}\" does not exist."
echo "Please create it using the \"groupadd\" command."
exit 1
fi
IsUserExisting;
- if [ $? == 1 ]; then
+ if [[ $? == 1 ]]; then
echo "Sorry, user \"${user_name}\" does not exist."
exit 1
fi
IsUserAlreadyInGroup;
- if [ $? == 1 ]; then
+ if [[ $? == 1 ]]; then
echo "Sorry, user \"${user_name}\" is already in group \"${group_name}\"."
exit 1
fi
@@ -101,13 +101,13 @@ Add() {
Del() {
IsGroupExisting;
- if [ $? == 0 ]; then
+ if [[ $? == 0 ]]; then
echo "Sorry, group \"${group_name}\" does not exist."
exit 1
fi
IsUserAlreadyInGroup;
- if [ $? == 0 ]; then
+ if [[ $? == 0 ]]; then
echo "Sorry, user \"${user_name}\" is not in group \"${group_name}\"."
exit 1
fi
@@ -119,13 +119,13 @@ Del() {
}
Perm() {
- if [ ! -w /etc/${file} ]; then
+ if [[ ! -w /etc/${file} ]]; then
echo "You're not allowed to write to /etc/group..."
exit 1
fi
}
-if [ $# == 3 ]; then
+if [[ $# == 3 ]]; then
case $1 in
"--add")
Perm;
diff --git a/init-sh/init.sh b/init-sh/init.sh
index 361eb1e..82d3964 100755
--- a/init-sh/init.sh
+++ b/init-sh/init.sh
@@ -1,20 +1,20 @@
#!/bin/sh
-if [ -z $1 ]; then
+if [[ -z $1 ]]; then
echo "Usage : $0 [0-5]"
echo "Usage : $0 \"custom\""
exit 1
fi
-if [ "${1}" == "custom" ]; then
+if [[ ${1} == custom ]]; then
/etc/security/msec/init-sh/custom.sh
exit 0;
fi
-if [ -f /etc/security/msec/init-sh/level$1.sh ]; then
+if [[ -f /etc/security/msec/init-sh/level$1.sh ]]; then
/etc/security/msec/init-sh/level$1.sh
- if [ -f /etc/security/msec/init-sh/perm.$1 ]; then
+ if [[ -f /etc/security/msec/init-sh/perm.$1 ]]; then
/etc/security/msec/init-sh/file_perm.sh /etc/security/msec/init-sh/perm.$1
else
echo "Couldn't find the default permissions for level $1."
diff --git a/init-sh/level0.sh b/init-sh/level0.sh
index 1e0a7f1..599cabe 100755
--- a/init-sh/level0.sh
+++ b/init-sh/level0.sh
@@ -5,7 +5,7 @@
# Writen by Vandoorselaere Yoann <yoann@mandrakesoft.com>
#
-if [ -f /etc/security/msec/init-sh/lib.sh ]; then
+if [[ -f /etc/security/msec/init-sh/lib.sh ]]; then
. /etc/security/msec/init-sh/lib.sh
else
exit 1
@@ -71,11 +71,13 @@ AddRules "/usr/X11R6/bin/xhost +" /etc/X11/xdm/Xsession quiet
AddRules "/usr/X11R6/bin/xhost +" /etc/X11/xinit/xinitrc
# Group
-echo -n "Adding \"${DRAKX_USERS}\" to audio group :"
-for user in ${DRAKX_USERS}; do
- usermod -G audio "${user}"
-done
-echo "done."
+if [[ ! -z ${DRAKX_USERS} ]]; then
+ echo -n "Adding \"${DRAKX_USERS}\" to audio group :"
+ for user in ${DRAKX_USERS}; do
+ usermod -G audio "${user}"
+ done
+ echo "done."
+fi
diff --git a/init-sh/level1.sh b/init-sh/level1.sh
index 861a34c..583c547 100755
--- a/init-sh/level1.sh
+++ b/init-sh/level1.sh
@@ -5,7 +5,7 @@
# Writen by Vandoorselaere Yoann <yoann@mandrakesoft.com>
#
-if [ -f /etc/security/msec/init-sh/lib.sh ]; then
+if [[ -f /etc/security/msec/init-sh/lib.sh ]]; then
. /etc/security/msec/init-sh/lib.sh
else
exit 1
@@ -74,13 +74,13 @@ AddRules "/usr/X11R6/bin/xhost + localhost" /etc/X11/xinit/xinitrc
###
# Group
-echo -n "Adding \"${DRAKX_USERS}\" to audio group :"
-for user in ${DRAKX_USERS}; do
- usermod -G audio "${user}"
-done
-echo "done."
-
-
+if [[ ! -z ${DRAKX_USERS} ]]; then
+ echo -n "Adding \"${DRAKX_USERS}\" to audio group :"
+ for user in ${DRAKX_USERS}; do
+ usermod -G audio "${user}"
+ done
+ echo "done."
+fi
diff --git a/init-sh/level2.sh b/init-sh/level2.sh
index d387b13..ea5174f 100755
--- a/init-sh/level2.sh
+++ b/init-sh/level2.sh
@@ -5,7 +5,7 @@
# Writen by Vandoorselaere Yoann <yoann@mandrakesoft.com>
#
-if [ -f /etc/security/msec/init-sh/lib.sh ]; then
+if [[ -f /etc/security/msec/init-sh/lib.sh ]]; then
. /etc/security/msec/init-sh/lib.sh
else
exit 1
@@ -71,8 +71,11 @@ AddRules "/usr/X11R6/bin/xhost + localhost" /etc/X11/xdm/Xsession quiet
AddRules "/usr/X11R6/bin/xhost + localhost" /etc/X11/xinit/xinitrc
# Group
-echo -n "Adding \"${DRAKX_USERS}\" to audio group :"
-for user in ${DRAKX_USERS}; do
- usermod -G audio "${user}"
-done
-echo "done."
+if [[ ! -z ${DRAKX_USERS} ]]; then
+ echo -n "Adding \"${DRAKX_USERS}\" to audio group :"
+ for user in ${DRAKX_USERS}; do
+ usermod -G audio "${user}"
+ done
+ echo "done."
+fi
+
diff --git a/init-sh/level3.sh b/init-sh/level3.sh
index 3d33690..1fc9177 100755
--- a/init-sh/level3.sh
+++ b/init-sh/level3.sh
@@ -5,7 +5,7 @@
# Writen by Vandoorselaere Yoann <yoann@mandrakesoft.com>
#
-if [ -f /etc/security/msec/init-sh/lib.sh ]; then
+if [[ -f /etc/security/msec/init-sh/lib.sh ]]; then
. /etc/security/msec/init-sh/lib.sh
else
exit 1
diff --git a/init-sh/level4.sh b/init-sh/level4.sh
index a5ba70d..edc5c64 100755
--- a/init-sh/level4.sh
+++ b/init-sh/level4.sh
@@ -7,7 +7,7 @@
#
-if [ -f /etc/security/msec/init-sh/lib.sh ]; then
+if [[ -f /etc/security/msec/init-sh/lib.sh ]]; then
. /etc/security/msec/init-sh/lib.sh
else
exit 1
diff --git a/init-sh/level5.sh b/init-sh/level5.sh
index ea65199..454bbf8 100755
--- a/init-sh/level5.sh
+++ b/init-sh/level5.sh
@@ -5,7 +5,7 @@
# Writen by Vandoorselaere Yoann <yoann@mandrakesoft.com>
#
-if [ -f /etc/security/msec/init-sh/lib.sh ]; then
+if [[ -f /etc/security/msec/init-sh/lib.sh ]]; then
. /etc/security/msec/init-sh/lib.sh
fi
diff --git a/init-sh/lib.sh b/init-sh/lib.sh
index 7c90b05..ec93c61 100644
--- a/init-sh/lib.sh
+++ b/init-sh/lib.sh
@@ -15,7 +15,7 @@ COMMENT="# Mandrake-Security : if you remove this comment, remove the next line
WaitAnswer() {
answer="nothing"
- while [[ "${answer}" != "yes" && "${answer}" != "no" ]]; do
+ while [[ ${answer} != yes && ${answer} != no ]]; do
echo -n "yes/no : "
read answer
done
@@ -24,12 +24,13 @@ WaitAnswer() {
AddRules () {
string=$1
file=$2
+ quiet=$3
- if [ -z "${string}" ]; then
+ if [[ -z ${string} ]]; then
return;
fi
- if [ -z ${3} ]; then
+ if [[ -z ${quiet} ]]; then
echo "Modifying config in ${file}..."
fi
@@ -37,7 +38,7 @@ AddRules () {
echo -e "${COMMENT}" >> ${file};
echo -e "${string}" >> ${file};
fi
- if [ -z ${3} ]; then
+ if [[ -z ${3} ]]; then
echo -e "done.\n"
fi
}
@@ -46,9 +47,10 @@ CleanRules() {
file=$1
ctrl=0
- if [ ! -f ${file} ]; then
+ if [[ ! -f ${file} ]]; then
return;
fi
+
echo -en "\t- Cleaning msec appended line in ${file} : "
mv -f ${file} /tmp/secure.tmp
touch ${file}
@@ -76,7 +78,7 @@ CleanRules() {
CommentUserRules() {
file=$1
- if [ ! -f ${file} ]; then
+ if [[ ! -f ${file} ]]; then
return;
fi
@@ -111,7 +113,7 @@ Ttylog() {
LiloUpdate() {
- if [ ! -f /tmp/secure.DrakX ]; then
+ if [[ ! -f /tmp/secure.DrakX ]]; then
echo "Do you want a password authentication at boot time ?"
echo "Be very carefull,"
echo "this will prevent your server to reboot without an operator to enter password".
@@ -126,7 +128,7 @@ LiloUpdate() {
password=${DRAKX_PASSWORD}
fi
- if [ ! -z "${password}" ]; then
+ if [[ ! -z "${password}" ]]; then
mv /etc/lilo.conf /tmp/secure.tmp
while read line; do
if ! echo "${line}" | grep -q "password"; then
@@ -143,12 +145,12 @@ LiloUpdate() {
# If we are currently installing our
# system with DrakX, we don't ask anything to the user...
# Instead, DrakX do it and give us a file with some variable.
-if [ -f /tmp/secure.DrakX ]; then
+if [[ -f /tmp/secure.DrakX ]]; then
. /tmp/secure.DrakX
AddRules "${DRAKX_USERS}" /etc/security/msec/security.conf
fi
-if [ -f /etc/security/msec/security.conf ]; then
+if [[ -f /etc/security/msec/security.conf ]]; then
. /etc/security/msec/security.conf
fi
@@ -188,14 +190,14 @@ usermod -G xgrp xfs
# We aren't at install time,
# so we delete ( temporarily ) audio user.
-if [ ! -f /tmp/secure.DrakX ]; then
- if [ ! -z ${DRAKX_USERS} ]; then
+if [[ ! -f /tmp/secure.DrakX ]]; then
+ if [[ ! -z ${DRAKX_USERS} ]]; then
for user in ${DRAKX_USERS}; do
/etc/security/msec/init-sh/grpuser --del audio "${user}"
done
fi
else
- if [ ! -z ${DRAKX_USERS} ]; then
+ if [[ ! -z ${DRAKX_USERS} ]]; then
AddRules "${DRAKX_USERS}" /etc/security/msec/security.conf
fi
fi