diff options
| -rw-r--r-- | ChangeLog | 1 | ||||
| -rwxr-xr-x | init-sh/level0.sh | 14 | ||||
| -rwxr-xr-x | init-sh/level1.sh | 11 | ||||
| -rwxr-xr-x | init-sh/level2.sh | 11 | ||||
| -rwxr-xr-x | init-sh/level3.sh | 13 | ||||
| -rwxr-xr-x | init-sh/level4.sh | 11 | ||||
| -rwxr-xr-x | init-sh/level5.sh | 15 | ||||
| -rw-r--r-- | init-sh/lib.sh | 1 | ||||
| -rw-r--r-- | msec.spec | 9 |
9 files changed, 52 insertions, 34 deletions
@@ -1,4 +1,5 @@ 1999-12-16 Yoann Vandoorselaere <yoann@mandrakesoft.com> + * Don't use msec parsing routine to hack inittab. * Indentation problem should be corrected * All debug finished, changing secure.tmp to a mktemp allocated tmpfile for symlink security. diff --git a/init-sh/level0.sh b/init-sh/level0.sh index 62904ac..5f4d66b 100755 --- a/init-sh/level0.sh +++ b/init-sh/level0.sh @@ -55,10 +55,6 @@ echo -n "Running lilo to record new config : " /sbin/lilo >& /dev/null echo -e "done.\n" -# /etc/inittab -echo "Enabling direct console access : " -AddRules "1:2345:respawn:/bin/bash --login" /etc/inittab - # /etc/profile export SECURE_LEVEL=0 echo "Setting secure level variable to 0 :" @@ -79,8 +75,12 @@ echo "Adding system users to specific groups :" /etc/security/msec/init-sh/grpuser.sh --refresh echo -e "done.\n" - - - +# Boot on a shell +echo -n "Setting up inittab to spawn a shell without asking a passwd : " +tmpfile=`mktemp /tmp/secure.XXXXXX` +cp /etc/inittab ${tmpfile} +cat ${tmpfile} | sed s'/\/sbin\/mingetty tty1/\/bin\/bash --login/' > /etc/inittab +rm -f ${tmpfile} +echo "done." diff --git a/init-sh/level1.sh b/init-sh/level1.sh index a7ce877..571f470 100755 --- a/init-sh/level1.sh +++ b/init-sh/level1.sh @@ -55,10 +55,6 @@ echo -n "Running lilo to record new config : " /sbin/lilo >& /dev/null echo -e "done.\n" -# /etc/inittab -echo "Disabling direct console access : " -AddRules "1:2345:respawn:/sbin/mingetty tty1" /etc/inittab - # /etc/profile export SECURE_LEVEL=1 echo "Setting secure level variable to 1 :" @@ -80,6 +76,13 @@ echo "Adding system users to specific groups :" /etc/security/msec/init-sh/grpuser.sh --refresh echo -e "done.\n" +# Do not boot on a shell +echo -n "Setting up inittab to ask a passwd on boot : " +tmpfile=`mktemp /tmp/secure.XXXXXX` +cp /etc/inittab ${tmpfile} +cat ${tmpfile} | sed s'/\/bin\/bash --login/\/sbin\/mingetty tty1/' > /etc/inittab +rm -f ${tmpfile} +echo "done." diff --git a/init-sh/level2.sh b/init-sh/level2.sh index 1760873..c663f25 100755 --- a/init-sh/level2.sh +++ b/init-sh/level2.sh @@ -55,10 +55,6 @@ echo -n "Running lilo to record new config : " /sbin/lilo echo -e "done.\n" -# /etc/inittab -echo "Disabling direct console access : " -AddRules "1:2345:respawn:/sbin/mingetty tty1" /etc/inittab - # /etc/profile export SECURE_LEVEL=2 echo "Setting secure level variable to 2 :" @@ -79,3 +75,10 @@ echo "Adding system users to specifics groups :" /etc/security/msec/init-sh/grpuser.sh --refresh echo -e "done.\n" +# Do not boot on a shell +echo -n "Setting up inittab to ask a passwd on boot : " +tmpfile=`mktemp /tmp/secure.XXXXXX` +cp /etc/inittab ${tmpfile} +cat ${tmpfile} | sed s'/\/bin\/bash --login/\/sbin\/mingetty tty1/' > /etc/inittab +rm -f ${tmpfile} +echo "done." diff --git a/init-sh/level3.sh b/init-sh/level3.sh index acf8483..8027034 100755 --- a/init-sh/level3.sh +++ b/init-sh/level3.sh @@ -64,10 +64,6 @@ echo -n "Running lilo to record new config : " /sbin/lilo >& /dev/null echo -e "done.\n" -# /etc/inittab -echo "Disabling direct console access : " -AddRules "1:2345:respawn:/sbin/mingetty tty1" /etc/inittab - # /etc/profile export SECURE_LEVEL=3 echo "Setting secure level variable to 3 :" @@ -77,3 +73,12 @@ AddRules "umask 022" /etc/profile echo "Adding a \"normal\" PATH variable : " AddRules "PATH=\$PATH:/usr/X11R6/bin:/usr/games" /etc/profile quiet AddRules "export PATH SECURE_LEVEL" /etc/profile + +# Do not boot on a shell +echo -n "Setting up inittab to ask a passwd on boot : " +tmpfile=`mktemp /tmp/secure.XXXXXX` +cp /etc/inittab ${tmpfile} +cat ${tmpfile} | sed s'/\/bin\/bash --login/\/sbin\/mingetty tty1/' > /etc/inittab +rm -f ${tmpfile} +echo "done." + diff --git a/init-sh/level4.sh b/init-sh/level4.sh index 212c3f8..e1bf56d 100755 --- a/init-sh/level4.sh +++ b/init-sh/level4.sh @@ -79,10 +79,6 @@ echo -n "Running lilo to record new config : " /sbin/lilo >& /dev/null echo -e "done.\n" -# /etc/inittab -echo "Disabling direct console access : " -AddRules "1:2345:respawn:/sbin/mingetty tty1" /etc/inittab - # Server update echo "Setting secure level variable to 4 :" AddRules "SECURE_LEVEL=4" /etc/profile @@ -113,3 +109,10 @@ echo "Adding \"normal\" PATH variable :" AddRules "PATH=\$PATH:/usr/X11R6/bin:/usr/games" /etc/profile quiet AddRules "export PATH SECURE_LEVEL" /etc/profile +# Do not boot on a shell +echo -n "Setting up inittab to ask a passwd on boot : " +tmpfile=`mktemp /tmp/secure.XXXXXX` +cp /etc/inittab ${tmpfile} +cat ${tmpfile} | sed s'/\/bin\/bash --login/\/sbin\/mingetty tty1/' > /etc/inittab +rm -f ${tmpfile} +echo "done."
\ No newline at end of file diff --git a/init-sh/level5.sh b/init-sh/level5.sh index eaa06fe..e443488 100755 --- a/init-sh/level5.sh +++ b/init-sh/level5.sh @@ -73,10 +73,6 @@ echo -n "Running lilo to record new config : " /sbin/lilo >& /dev/null echo -e "done.\n" -# /etc/inittab -echo "Disabling direct console access : " -AddRules "1:2345:respawn:/sbin/mingetty tty1" /etc/inittab - # Disable all server : echo "Setting secure level variable to 5 :" AddRules "SECURE_LEVEL=5" /etc/profile @@ -107,6 +103,14 @@ echo "Adding \"normal\" PATH variable :" AddRules "PATH=\$PATH:/usr/X11R6/bin" /etc/profile quiet AddRules "export PATH SECURE_LEVEL" /etc/profile +# Do not boot on a shell +echo -n "Setting up inittab to ask a passwd on boot : " +tmpfile=`mktemp /tmp/secure.XXXXXX` +cp /etc/inittab ${tmpfile} +cat ${tmpfile} | sed s'/\/bin\/bash --login/\/sbin\/mingetty tty1/' > /etc/inittab +rm -f ${tmpfile} +echo "done." + echo echo "You are now running your system in security level 5," echo "All services are disabled : try the chkconfig to enable one..." @@ -131,6 +135,3 @@ echo - - - diff --git a/init-sh/lib.sh b/init-sh/lib.sh index e523f5a..71af4c7 100644 --- a/init-sh/lib.sh +++ b/init-sh/lib.sh @@ -188,7 +188,6 @@ fi clear echo "Preparing to run security script : " -CleanRules /etc/inittab CleanRules /etc/syslog.conf CleanRules /etc/hosts.deny CommentUserRules /etc/hosts.deny @@ -1,8 +1,8 @@ Summary: Security Level & Program for the Linux Mandrake distribution Name: msec -Version: 0.7 -Release: 4mdk -Source: msec-0.7.tar.bz2 +Version: 0.8 +Release: 2mdk +Source: msec-0.8.tar.bz2 Copyright: GPL Group: System Environment/Base BuildRoot: /var/tmp/msec @@ -36,6 +36,9 @@ rm -rf $RPM_BUILD_ROOT %changelog * Thu Dec 16 1999 Yoann Vandoorselaere <yoann@mandrakesoft.com> +- Don't use msec parsing routine to hack inittab + +* Thu Dec 16 1999 Yoann Vandoorselaere <yoann@mandrakesoft.com> - Fixed the last AddBegRules() problem. - Indentation problem should be fixed. - All debug finished, changing secure.tmp to a mktemp |