diff options
Diffstat (limited to 'init-sh/lib.sh')
| -rw-r--r-- | init-sh/lib.sh | 175 |
1 files changed, 175 insertions, 0 deletions
diff --git a/init-sh/lib.sh b/init-sh/lib.sh new file mode 100644 index 0000000..a48c945 --- /dev/null +++ b/init-sh/lib.sh @@ -0,0 +1,175 @@ +# +# Security level implementation... +# Writen by Vandoorselaere Yoann <yoann@mandrakesoft.com> +# + +# Need root access +if [ $UID != 0 ]; then + echo "You need to be root in order to change secure level." + exit 1 +fi + +# To avoid error, while new initscript package isn't released... +touch /etc/rc.d/rc.firewall + +# If we are currently installing our +# system with DrakX, we don't ask anything to the user... +# Instead, DrakX do it and give us a file with some variable. +if [ -f /tmp/secure.DrakX ]; then + . /tmp/secure.DrakX +fi + +if [ -f /etc/security/msec/security.conf ]; then + . /etc/security/msec/security.conf +fi + +if rpm -q XFree86 2>&1 > /dev/null; then + HAVE_X=1 +else + HAVE_X=0 +fi + +USERNAME="blah" +COMMENT="# Mandrake-Security : if you remove this comment, remove the next line too." + +AddRules () { + string=$1 + file=$2 + + if [ -z "${string}" ]; then + return; + fi + + if ! grep -qx "${string}" ${file}; then + echo "${COMMENT}" >> ${file}; + echo "${string}" >> ${file}; + fi +} + +CleanRules() { + file=$1 + ctrl=0 + + mv -f ${file} /tmp/secure.tmp + touch ${file} + + while read line; do + if [ ${ctrl} == 1 ]; then + ctrl=0 + continue; + fi + + if echo "${line}" | grep -qx "${COMMENT}"; then + ctrl=1 + fi + + if [ ${ctrl} == 0 ]; then + echo "${line}" >> ${file} + fi + done < /tmp/secure.tmp + + rm -f /tmp/secure.tmp + +} + +CommentUserRules() { + file=$1 + + mv -f ${file} /tmp/secure.tmp + touch ${file} + + while read line; do + if ! echo "${line}" | grep -qE "^#"; then + echo "# ${line}" >> ${file} + fi + done < /tmp/secure.tmp + + rm -f /tmp/secure.tmp +} + +Syslog() { + if [ "${SYS_LOG}" == "yes" ]; then + /sbin/initlog --string=${1} + fi +} + +Ttylog() { + if [ "${TTY_LOG}" == "yes" ]; then + for i in `w | grep -v "load\|TTY" | awk '{print $2}'` ; do + echo -e ${1} > /dev/$i + done + fi +} + + +LiloUpdate() { + if [ ! -f /tmp/secure.DrakX ]; then + echo "Do you want a password authentication at boot time ?" + echo "Be very carefull," + echo "this will prevent your server to reboot without an operator to enter password". + echo -n "[yes]/no : " + read answer + if [[ "${answer}" == "yes" || "${answer}" == "" ]]; then + echo -n "Please enter the password which will be used at boot time : " + read password + else + password="" + fi + else + password=${DRAKX_PASSWORD} + fi + + if [ ! -z "${password}" ]; then + mv /etc/lilo.conf /tmp/secure.tmp + while read line; do + if ! echo "${line}" | grep -q "password"; then + echo "${line}" >> /etc/lilo.conf + fi + done < /etc/secure.tmp + + rm -f /etc/secure.tmp + AddRules "password=$PASSWORD" /etc/lilo.conf + fi +} + + +CleanRules /etc/syslog.conf + +CleanRules /etc/hosts.deny +CommentUserRules /etc/hosts.deny + +CleanRules /etc/hosts.allow +CommentUserRules /etc/hosts.allow + +CleanRules /etc/securetty +CommentUserRules /etc/securetty + +CleanRules /etc/security/msec/security.conf +CommentUserRules /etc/security/msec/security.conf + +CleanRules /etc/profile +CleanRules /etc/lilo.conf +CleanRules /etc/rc.d/rc.firewall +CleanRules /etc/crontab + + +# For all secure level +AddRules "echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter" /etc/rc.d/rc.firewall + +# default group which must exist on the system +groupadd audio >& /dev/null +groupadd xgrp >& /dev/null +usermod -G xgrp xfs + +if ! /etc/security/msec/init-sh/grpuser --del audio "${USERNAME}"; then + echo "Problem removing user \"${USERNAME}\" from group audio." +fi + + + + + + + + + |