diff options
| author | Eugeni Dodonov <eugeni@mandriva.org> | 2010-02-08 14:06:58 +0000 |
|---|---|---|
| committer | Eugeni Dodonov <eugeni@mandriva.org> | 2010-02-08 14:06:58 +0000 |
| commit | 066ecb8ae35048888b2b6e54fc97f68b8462aff7 (patch) | |
| tree | d7c185ef832bd036d96201660a2597aa36e36a54 /src | |
| parent | d8b966e8f70b17cb1ec2eb3943416653f3e6c121 (diff) | |
| download | msec-066ecb8ae35048888b2b6e54fc97f68b8462aff7.tar msec-066ecb8ae35048888b2b6e54fc97f68b8462aff7.tar.gz msec-066ecb8ae35048888b2b6e54fc97f68b8462aff7.tar.bz2 msec-066ecb8ae35048888b2b6e54fc97f68b8462aff7.tar.xz msec-066ecb8ae35048888b2b6e54fc97f68b8462aff7.zip | |
moved upgrade script to the right place
Diffstat (limited to 'src')
| -rwxr-xr-x | src/msec/upgrade.sh | 98 |
1 files changed, 0 insertions, 98 deletions
diff --git a/src/msec/upgrade.sh b/src/msec/upgrade.sh deleted file mode 100755 index 065174d..0000000 --- a/src/msec/upgrade.sh +++ /dev/null @@ -1,98 +0,0 @@ -#!/bin/bash -# -# This script upgrades msec configuration files from previous versions -# to the up-to-date format -# - -if [ "`whoami`" != "root" ]; then - echo 'msec: sorry, you must be root !' - exit 1 -fi - -# upgrade from 2009.0 or previous versions - -# manage spelling change - for i in /etc/security/msec/level.local /etc/security/msec/security.conf /var/lib/msec/security.conf; do - if [ -f $i ]; then - perl -pi -e 's/CHECK_WRITEABLE/CHECK_WRITABLE/g;s/CHECK_SUID_GROUP/CHECK_SGID/g' $i - fi -done -for ext in today yesterday diff; do - if [ -f /var/log/security/writeable.$ext ]; then - mv -f /var/log/security/writeable.$ext /var/log/security/writable.$ext - fi - if [ -f /var/log/security/suid_group.$ext ]; then - mv -f /var/log/security/suid_group.$ext /var/log/security/sgid.$ext - fi -done - -# find secure level -SL=$SECURE_LEVEL -[ ! -r /etc/sysconfig/msec ] || SL=`sed -n 's/SECURE_LEVEL=//p' < /etc/sysconfig/msec` || : - -# upgrade from old style msec or rerun the new msec -if grep -q "# Mandrake-Security : if you remove this comment" /etc/profile; then - [ -z "$SL" -a -r /etc/profile.d/msec.sh ] && SL=`sed -n 's/.*SECURE_LEVEL=//p' < /etc/profile.d/msec.sh` || : - /usr/share/msec/cleanold.sh || : -fi - -# remove the old way of doing the daily cron -rm -f /etc/cron.d/msec - -# upgrading old config files -if [ -n "$SL" ]; then - # old msec installation, pre 2009.1 - # grab old configuration - OLDCONFIG=`mktemp /etc/security/msec/upgrade.XXXXXX` - [ -s /var/lib/msec/security.conf ] && cat /var/lib/msec/security.conf >> $OLDCONFIG - [ -s /etc/security/msec/security.conf ] && cat /etc/security/msec/security.conf >> $OLDCONFIG - if [ "$SL" -gt 3 ]; then - NEWLEVEL="secure" - elif [ "$SL" -gt 1 ]; then - NEWLEVEL="standard" - else - NEWLEVEL="none" - fi - if [ ! -s /etc/security/msec/security.conf ]; then - cp -f /etc/security/msec/level.$NEWLEVEL /etc/security/msec/security.conf - fi - if [ ! -s /etc/security/msec/perms.conf ]; then - cp -f /etc/security/msec/perm.$NEWLEVEL /etc/security/msec/perms.conf - fi - - if [ -f /etc/sysconfig/msec ]; then - cat /etc/sysconfig/msec | grep -v SECURE_LEVEL > /etc/security/shell - fi - - # upgrading old configuration - if [ -s "$OLDCONFIG" ]; then - cat ${OLDCONFIG} | sort | uniq >> /etc/security/msec/security.conf - fi - rm -f $OLDCONFIG -fi - -# fixing spelling -if [ -f /etc/security/msec/security.conf ]; then - # without-password config setting - sed -i -e 's/without_password/without-password/g' /etc/security/msec/security.conf - # level name changes - sed -i -e 's/=default$/=standard/g' /etc/security/msec/security.conf - # variable name changes - sed -i -e 's/RPM_CHECK=/CHECK_RPM=/g' -e 's/CHKROOTKIT_CHECK=/CHECK_CHKROOTKIT=/g' /etc/security/msec/security.conf - # fixing WIN_PARTS_UMASK upgrade parameters - sed -i -e 's/\(WIN_PARTS_UMASK\)=no/\1=0/g' /etc/security/msec/security.conf - # serverlink changes - sed -i -e 's/\(CREATE_SERVER_LINK\)=standard/\1=no/g' \ - -e 's/\(CREATE_SERVER_LINK\)=secure/\1=remote/g' \ - /etc/security/msec/security.conf - # CHECK_RPM split into CHECK_RPM_PACKAGES and CHECK_RPM_INTEGRITY - sed -i -e 's/CHECK_RPM=\(.*\)/CHECK_RPM_PACKAGES=\1\nCHECK_RPM_INTEGRITY=\1/g' /etc/security/msec/security.conf - # starting with 2010.1, each check can have a different periodicity - # therefore, for the enabled tests we define their periodicity to 'daily' - # to have the same behavior as on previous versions - sed -i -e 's/\(CHECK_.*\)=yes/\1=daily/g' /etc/security/msec/security.conf - # removing duplicated entries - TEMPFILE=`mktemp /etc/security/msec/upgrade.XXXXXX` - cat /etc/security/msec/security.conf | sort | uniq > $TEMPFILE 2>/dev/null && mv -f $TEMPFILE /etc/security/msec/security.conf - test -f $TEMPFILE && rm -f $TEMPFILE -fi |