diff options
Diffstat (limited to 'init-sh')
| -rwxr-xr-x | init-sh/custom.sh | 25 |
1 files changed, 16 insertions, 9 deletions
diff --git a/init-sh/custom.sh b/init-sh/custom.sh index 9d46bd1..253d9d9 100755 --- a/init-sh/custom.sh +++ b/init-sh/custom.sh @@ -5,7 +5,6 @@ # Writen by Vandoorselaere Yoann <yoann@mandrakesoft.com> # - if [[ -f /usr/share/msec/lib.sh ]]; then . /usr/share/msec/lib.sh else @@ -15,6 +14,8 @@ fi clear +WRITE_CRON="false" + ### echo "Do you want all system events to be logged on tty12 ?" WaitAnswer; clear @@ -62,6 +63,8 @@ if [[ ${answer} == yes ]]; then AddRules "tty6" /etc/securetty fi ### + +if [[ -f /usr/lib/libsafe.so.1.2 ]]; then echo "Do you want to enable the libsafe stack overflow protection ?" echo "This stack overflow protection work by catching dangerous function call" echo "like strcpy, strcat, getwd, gets, [vf]scanf, realpath, [v]sprintf" @@ -72,13 +75,14 @@ WaitAnswer; clear if [[ ${answer} == yes ]]; then AddRules "export LD_PRELOAD=/usr/lib/libsafe.so.1.2" /etc/profile fi +fi ### echo "Do you want your system to daily check important security problem ?" WaitAnswer; clear if [[ ${answer} == yes ]]; then AddRules "CHECK_SECURITY=yes" /etc/security/msec/security.conf - AddRules "0 0-23 * * * root nice --adjustment=+19 /usr/share/msec/security.sh" /etc/crontab + WRITE_CRON="true" fi ### @@ -86,7 +90,7 @@ echo "Do you want your system to daily check new open port listening ?" WaitAnswer; clear if [[ ${answer} == yes ]]; then AddRules "CHECK_OPEN_PORT=yes" /etc/security/msec/security.conf - AddRules "0 0-23 * * * root nice --adjustment=+19 /usr/share/msec/security.sh" /etc/crontab + WRITE_CRON="true" fi ### @@ -94,7 +98,7 @@ echo "Do you want your system to check for grave permission problem on sensibles WaitAnswer; clear if [[ ${answer} == yes ]]; then AddRules "CHECK_PERMS=yes" /etc/security/msec/security.conf - AddRules "0 0-23 * * * root nice --adjustment=+19 /usr/share/msec/security.sh" /etc/crontab + WRITE_CRON="true" fi ### @@ -102,7 +106,7 @@ echo "Do you want your system to daily check SUID Root file change ?" WaitAnswer; clear if [[ ${answer} == yes ]]; then AddRules "CHECK_SUID_ROOT=yes" /etc/security/msec/security.conf - AddRules "0 0-23 * * * root nice --adjustment=+19 /usr/share/msec/security.sh" /etc/crontab + WRITE_CRON="true" fi ### @@ -110,7 +114,7 @@ echo "Do you want your system to daily check suid files md5 checksum changes ?" WaitAnswer; clear if [[ ${answer} == yes ]]; then AddRules "CHECK_SUID_MD5=yes" /etc/security/msec/security.conf - AddRules "0 0-23 * * * root nice --adjustment=+19 /usr/share/msec/security.sh" /etc/crontab + WRITE_CRON="true" fi ### @@ -118,7 +122,7 @@ echo "Do you want your system to daily check SUID Group file change ?" WaitAnswer; clear if [[ ${answer} == yes ]]; then AddRules "CHECK_SUID_GROUP=yes" /etc/security/msec/security.conf - AddRules "0 0-23 * * * root nice --adjustment=+19 /usr/share/msec/security.sh" /etc/crontab + WRITE_CRON="true" fi ### @@ -126,7 +130,7 @@ echo "Do you want your system to daily check Writeable file change ?" WaitAnswer; clear if [[ ${answer} == yes ]]; then AddRules "CHECK_WRITEABLE=yes" /etc/security/msec/security.conf - AddRules "0 0-23 * * * root nice --adjustment=+19 /usr/share/msec/security.sh" /etc/crontab + WRITE_CRON="true" fi ### @@ -134,7 +138,7 @@ echo "Do you want your system to daily check Unowned file change ?" WaitAnswer; clear if [[ ${answer} == yes ]]; then AddRules "CHECK_UNOWNED=yes" /etc/security/msec/security.conf - AddRules "0 0-23 * * * root nice --adjustment=+19 /usr/share/msec/security.sh" /etc/crontab + WRITE_CRON="true" fi ### @@ -174,6 +178,9 @@ else fi ### +if [[ ${WRITE_CRON} == "true" ]]; then + AddRules "0 0-23 * * * root nice --adjustment=+19 /usr/share/msec/security.sh" /etc/crontab +fi LiloUpdate; /sbin/lilo >& /dev/null |