aboutsummaryrefslogtreecommitdiffstats
path: root/init-sh
diff options
context:
space:
mode:
Diffstat (limited to 'init-sh')
-rwxr-xr-xinit-sh/custom.sh12
-rwxr-xr-xinit-sh/level4.sh13
-rwxr-xr-xinit-sh/level5.sh9
-rwxr-xr-xinit-sh/msec6
4 files changed, 39 insertions, 1 deletions
diff --git a/init-sh/custom.sh b/init-sh/custom.sh
index b8b8402..9d46bd1 100755
--- a/init-sh/custom.sh
+++ b/init-sh/custom.sh
@@ -62,6 +62,18 @@ if [[ ${answer} == yes ]]; then
AddRules "tty6" /etc/securetty
fi
###
+echo "Do you want to enable the libsafe stack overflow protection ?"
+echo "This stack overflow protection work by catching dangerous function call"
+echo "like strcpy, strcat, getwd, gets, [vf]scanf, realpath, [v]sprintf"
+echo "and verify the address & the size of the destination buffer in the stack"
+echo "this is done by searching in the stack frame the one which contain the"
+echo "destination address, and by substracting the frame address to the destination buffer one"
+WaitAnswer; clear
+if [[ ${answer} == yes ]]; then
+ AddRules "export LD_PRELOAD=/usr/lib/libsafe.so.1.2" /etc/profile
+fi
+
+###
echo "Do you want your system to daily check important security problem ?"
WaitAnswer; clear
if [[ ${answer} == yes ]]; then
diff --git a/init-sh/level4.sh b/init-sh/level4.sh
index 75a0e85..f10fb54 100755
--- a/init-sh/level4.sh
+++ b/init-sh/level4.sh
@@ -105,9 +105,15 @@ echo -e "done.\n";
# /etc/profile
echo "Setting umask to 022 (u=rw,g=rx) for root, 077 (u=rw) for user :"
AddRules "if [[ \${UID} == 0 ]]; then umask 022; else umask 077; fi" /etc/profile
+
echo "Adding \"normal\" PATH variable :"
AddRules "PATH=\$PATH:/usr/X11R6/bin:/usr/games" /etc/profile quiet
-AddRules "export PATH SECURE_LEVEL" /etc/profile
+AddRules "export PATH SECURE_LEVEL" /etc/profile
+
+if [[ -f /usr/lib/libsafe.so.1.2 ]]; then
+ echo "Enabling stack overflow protection :"
+ AddRules "export LD_PRELOAD=/usr/lib/libsafe.so.1.2" /etc/profile
+fi
# Do not boot on a shell
echo -n "Setting up inittab to deny any user to issue ctrl-alt-del : "
@@ -122,3 +128,8 @@ echo "done."
# Group were modified in lib.sh...
grpconv
+
+
+
+
+
diff --git a/init-sh/level5.sh b/init-sh/level5.sh
index 59dc413..0e458b7 100755
--- a/init-sh/level5.sh
+++ b/init-sh/level5.sh
@@ -103,10 +103,16 @@ echo -e "done.\n";
# /etc/profile
echo "Setting umask to 077 (u=rw) :"
AddRules "umask 077" /etc/profile
+
echo "Adding \"normal\" PATH variable :"
AddRules "PATH=\$PATH:/usr/X11R6/bin" /etc/profile quiet
AddRules "export PATH SECURE_LEVEL" /etc/profile
+if [[ -f /usr/lib/libsafe.so.1.2 ]]; then
+ echo "Enabling stack overflow protection :"
+ AddRules "export LD_PRELOAD=/usr/lib/libsafe.so.1.2" /etc/profile
+fi
+
# Do not boot on a shell
echo -n "Setting up inittab to deny any user to issue ctrl-alt-del : "
tmpfile=`mktemp /tmp/secure.XXXXXX`
@@ -144,3 +150,6 @@ grpconv
+
+
+
diff --git a/init-sh/msec b/init-sh/msec
index 2fc7c53..1ba1bb2 100755
--- a/init-sh/msec
+++ b/init-sh/msec
@@ -16,11 +16,17 @@ fi
if [[ ${1} == custom ]]; then
/usr/share/msec/custom.sh
+ echo
+ echo "You might logout of your session for some change to be activated."
+ echo
exit 0;
fi
if [[ -f /usr/share/msec/level$1.sh ]]; then
/usr/share/msec/level$1.sh
+ echo
+ echo "You might logout of your session for some change to be activated."
+ echo
if [[ -f /usr/share/msec/perm.$1 ]]; then
/usr/share/msec/file_perm.sh /usr/share/msec/perm.$1
else