aboutsummaryrefslogtreecommitdiffstats
path: root/init-sh
diff options
context:
space:
mode:
Diffstat (limited to 'init-sh')
-rwxr-xr-xinit-sh/level0.sh7
-rwxr-xr-xinit-sh/level1.sh7
-rwxr-xr-xinit-sh/level2.sh7
-rwxr-xr-xinit-sh/level3.sh7
-rwxr-xr-xinit-sh/level4.sh7
-rwxr-xr-xinit-sh/level5.sh7
-rw-r--r--init-sh/lib.sh9
7 files changed, 27 insertions, 24 deletions
diff --git a/init-sh/level0.sh b/init-sh/level0.sh
index 9d81a72..8d09aff 100755
--- a/init-sh/level0.sh
+++ b/init-sh/level0.sh
@@ -63,8 +63,7 @@ echo -e "\t- Security warning in syslog : no."
# /etc/profile
export SECURE_LEVEL=0
echo "Setting secure level variable to 0 :"
-AddRules "SECURE_LEVEL=0" /etc/profile
-AddRules "SECURE_LEVEL=0" /etc/zprofile
+AddRules "SECURE_LEVEL=0" /etc/profile.d/msec
echo "Setting umask to 002 (u=rw,g=rw,o=r) :"
AddRules "umask 002" /etc/profile
@@ -72,9 +71,9 @@ AddRules "umask 002" /etc/zprofile
echo "Adding \"non secure\" PATH variable :"
AddRules "PATH=\$PATH:/usr/X11R6/bin:/usr/games:." /etc/profile quiet
-AddRules "export PATH SECURE_LEVEL" /etc/profile
+AddRules "export PATH" /etc/profile
AddRules "PATH=\$PATH:/usr/X11R6/bin:/usr/games:." /etc/zprofile quiet
-AddRules "export PATH SECURE_LEVEL" /etc/zprofile
+AddRules "export PATH" /etc/zprofile
# Xserver
echo "Allowing users to connect X server from everywhere :"
diff --git a/init-sh/level1.sh b/init-sh/level1.sh
index be3537f..99ce8a3 100755
--- a/init-sh/level1.sh
+++ b/init-sh/level1.sh
@@ -63,8 +63,7 @@ echo -e "\t- Security warning in syslog : no."
# /etc/profile
export SECURE_LEVEL=1
echo "Setting secure level variable to 1 :"
-AddRules "SECURE_LEVEL=1" /etc/profile
-AddRules "SECURE_LEVEL=1" /etc/zprofile
+AddRules "SECURE_LEVEL=1" /etc/profile.d/msec
echo "Setting umask to 002 (u=rw,g=rw,o=r) :"
AddRules "umask 002" /etc/profile
@@ -72,9 +71,9 @@ AddRules "umask 002" /etc/zprofile
echo "Adding \"non secure\" PATH variable :"
AddRules "PATH=\$PATH:/usr/X11R6/bin:/usr/games:." /etc/profile quiet
-AddRules "export PATH SECURE_LEVEL" /etc/profile
+AddRules "export PATH" /etc/profile
AddRules "PATH=\$PATH:/usr/X11R6/bin:/usr/games:." /etc/zprofile quiet
-AddRules "export PATH SECURE_LEVEL" /etc/zprofile
+AddRules "export PATH" /etc/zprofile
# Xserver
echo "Allowing users to connect X server from localhost :"
diff --git a/init-sh/level2.sh b/init-sh/level2.sh
index 20c6306..b2fd33f 100755
--- a/init-sh/level2.sh
+++ b/init-sh/level2.sh
@@ -64,8 +64,7 @@ echo -e "\t- Security warning in syslog : yes."
# /etc/profile
export SECURE_LEVEL=2
echo "Setting secure level variable to 2 :"
-AddRules "SECURE_LEVEL=2" /etc/profile
-AddRules "SECURE_LEVEL=2" /etc/zprofile
+AddRules "SECURE_LEVEL=2" /etc/profile.d/msec
echo "Setting umask to 022 (u=rw,g=r,o=r) :"
AddRules "umask 022" /etc/profile
@@ -73,9 +72,9 @@ AddRules "umask 022" /etc/zprofile
echo "Adding \"normal\" PATH variable :"
AddRules "PATH=\$PATH:/usr/X11R6/bin:/usr/games" /etc/profile quiet
-AddRules "export PATH SECURE_LEVEL" /etc/profile
+AddRules "export PATH" /etc/profile
AddRules "PATH=\$PATH:/usr/X11R6/bin:/usr/games" /etc/zprofile quiet
-AddRules "export PATH SECURE_LEVEL" /etc/zprofile
+AddRules "export PATH" /etc/zprofile
# Xserver
echo "Allowing users to connect X server from localhost :"
diff --git a/init-sh/level3.sh b/init-sh/level3.sh
index 760ae31..6d41afc 100755
--- a/init-sh/level3.sh
+++ b/init-sh/level3.sh
@@ -71,8 +71,7 @@ AddRules "0 4 * * * root /usr/share/msec/security.sh" /etc/crontab
# /etc/profile
export SECURE_LEVEL=3
echo "Setting secure level variable to 3 :"
-AddRules "SECURE_LEVEL=3" /etc/profile
-AddRules "SECURE_LEVEL=3" /etc/zprofile
+AddRules "SECURE_LEVEL=3" /etc/profile.d/msec
echo "Setting umask to 022 (u=rw,g=r,o=r) :"
AddRules "umask 022" /etc/profile
@@ -80,9 +79,9 @@ AddRules "umask 022" /etc/zprofile
echo "Adding a \"normal\" PATH variable : "
AddRules "PATH=\$PATH:/usr/X11R6/bin:/usr/games" /etc/profile quiet
-AddRules "export PATH SECURE_LEVEL" /etc/profile
+AddRules "export PATH" /etc/profile
AddRules "PATH=\$PATH:/usr/X11R6/bin:/usr/games" /etc/zprofile quiet
-AddRules "export PATH SECURE_LEVEL" /etc/zprofile
+AddRules "export PATH" /etc/zprofile
# Do not boot on a shell
AllowReboot
diff --git a/init-sh/level4.sh b/init-sh/level4.sh
index 356f629..62aa2d6 100755
--- a/init-sh/level4.sh
+++ b/init-sh/level4.sh
@@ -81,8 +81,7 @@ AddRules "0 4 * * * root /usr/share/msec/security.sh" /etc/crontab
# Server update
echo "Setting secure level variable to 4 :"
-AddRules "SECURE_LEVEL=4" /etc/profile
-AddRules "SECURE_LEVEL=4" /etc/zprofile
+AddRules "SECURE_LEVEL=4" /etc/profile.d/msec
export SECURE_LEVEL=4
@@ -111,9 +110,9 @@ AddRules "if [[ \${UID} == 0 ]]; then umask 022; else umask 077; fi" /etc/zprofi
echo "Adding \"normal\" PATH variable :"
AddRules "PATH=\$PATH:/usr/X11R6/bin:/usr/games" /etc/profile quiet
-AddRules "export PATH SECURE_LEVEL" /etc/profile
+AddRules "export PATH" /etc/profile
AddRules "PATH=\$PATH:/usr/X11R6/bin:/usr/games" /etc/zprofile quiet
-AddRules "export PATH SECURE_LEVEL" /etc/zprofile
+AddRules "export PATH" /etc/zprofile
if [[ -f /lib/libsafe.so.1.3 ]]; then
echo "Enabling stack overflow protection :"
diff --git a/init-sh/level5.sh b/init-sh/level5.sh
index 13b02bb..c894b44 100755
--- a/init-sh/level5.sh
+++ b/init-sh/level5.sh
@@ -91,8 +91,7 @@ LoaderUpdate;
# Disable all server :
echo "Setting secure level variable to 5 :"
-AddRules "SECURE_LEVEL=5" /etc/profile
-AddRules "SECURE_LEVEL=5" /etc/zprofile
+AddRules "SECURE_LEVEL=5" /etc/profile.d/msec
IFS="
"
@@ -121,9 +120,9 @@ AddRules "umask 077" /etc/zprofile
echo "Adding \"normal\" PATH variable :"
AddRules "PATH=\$PATH:/usr/X11R6/bin" /etc/profile quiet
-AddRules "export PATH SECURE_LEVEL" /etc/profile
+AddRules "export PATH" /etc/profile
AddRules "PATH=\$PATH:/usr/X11R6/bin" /etc/zprofile quiet
-AddRules "export PATH SECURE_LEVEL" /etc/zprofile
+AddRules "export PATH" /etc/zprofile
if [[ -f /lib/libsafe.so.1.3 ]]; then
diff --git a/init-sh/lib.sh b/init-sh/lib.sh
index 25711e9..9fb580f 100644
--- a/init-sh/lib.sh
+++ b/init-sh/lib.sh
@@ -333,6 +333,15 @@ else
chmod 755 /etc/X11/xinit.d/msec
fi
+
+if [[ -f /etc/profile.d/msec ]]; then
+ CleanRules /etc/profile.d/msec
+else
+ touch /etc/profile.d/msec
+ chmod 755 /etc/profile.d/msec
+fi
+
+
echo -e "\nStarting to reconfigure the system : "
# For all secure level
echo "Setting spoofing protection : "