diff options
Diffstat (limited to 'init-sh')
| -rwxr-xr-x | init-sh/custom.sh | 12 | ||||
| -rwxr-xr-x | init-sh/level4.sh | 13 | ||||
| -rwxr-xr-x | init-sh/level5.sh | 9 | ||||
| -rwxr-xr-x | init-sh/msec | 6 |
4 files changed, 39 insertions, 1 deletions
diff --git a/init-sh/custom.sh b/init-sh/custom.sh index b8b8402..9d46bd1 100755 --- a/init-sh/custom.sh +++ b/init-sh/custom.sh @@ -62,6 +62,18 @@ if [[ ${answer} == yes ]]; then AddRules "tty6" /etc/securetty fi ### +echo "Do you want to enable the libsafe stack overflow protection ?" +echo "This stack overflow protection work by catching dangerous function call" +echo "like strcpy, strcat, getwd, gets, [vf]scanf, realpath, [v]sprintf" +echo "and verify the address & the size of the destination buffer in the stack" +echo "this is done by searching in the stack frame the one which contain the" +echo "destination address, and by substracting the frame address to the destination buffer one" +WaitAnswer; clear +if [[ ${answer} == yes ]]; then + AddRules "export LD_PRELOAD=/usr/lib/libsafe.so.1.2" /etc/profile +fi + +### echo "Do you want your system to daily check important security problem ?" WaitAnswer; clear if [[ ${answer} == yes ]]; then diff --git a/init-sh/level4.sh b/init-sh/level4.sh index 75a0e85..f10fb54 100755 --- a/init-sh/level4.sh +++ b/init-sh/level4.sh @@ -105,9 +105,15 @@ echo -e "done.\n"; # /etc/profile echo "Setting umask to 022 (u=rw,g=rx) for root, 077 (u=rw) for user :" AddRules "if [[ \${UID} == 0 ]]; then umask 022; else umask 077; fi" /etc/profile + echo "Adding \"normal\" PATH variable :" AddRules "PATH=\$PATH:/usr/X11R6/bin:/usr/games" /etc/profile quiet -AddRules "export PATH SECURE_LEVEL" /etc/profile +AddRules "export PATH SECURE_LEVEL" /etc/profile + +if [[ -f /usr/lib/libsafe.so.1.2 ]]; then + echo "Enabling stack overflow protection :" + AddRules "export LD_PRELOAD=/usr/lib/libsafe.so.1.2" /etc/profile +fi # Do not boot on a shell echo -n "Setting up inittab to deny any user to issue ctrl-alt-del : " @@ -122,3 +128,8 @@ echo "done." # Group were modified in lib.sh... grpconv + + + + + diff --git a/init-sh/level5.sh b/init-sh/level5.sh index 59dc413..0e458b7 100755 --- a/init-sh/level5.sh +++ b/init-sh/level5.sh @@ -103,10 +103,16 @@ echo -e "done.\n"; # /etc/profile echo "Setting umask to 077 (u=rw) :" AddRules "umask 077" /etc/profile + echo "Adding \"normal\" PATH variable :" AddRules "PATH=\$PATH:/usr/X11R6/bin" /etc/profile quiet AddRules "export PATH SECURE_LEVEL" /etc/profile +if [[ -f /usr/lib/libsafe.so.1.2 ]]; then + echo "Enabling stack overflow protection :" + AddRules "export LD_PRELOAD=/usr/lib/libsafe.so.1.2" /etc/profile +fi + # Do not boot on a shell echo -n "Setting up inittab to deny any user to issue ctrl-alt-del : " tmpfile=`mktemp /tmp/secure.XXXXXX` @@ -144,3 +150,6 @@ grpconv + + + diff --git a/init-sh/msec b/init-sh/msec index 2fc7c53..1ba1bb2 100755 --- a/init-sh/msec +++ b/init-sh/msec @@ -16,11 +16,17 @@ fi if [[ ${1} == custom ]]; then /usr/share/msec/custom.sh + echo + echo "You might logout of your session for some change to be activated." + echo exit 0; fi if [[ -f /usr/share/msec/level$1.sh ]]; then /usr/share/msec/level$1.sh + echo + echo "You might logout of your session for some change to be activated." + echo if [[ -f /usr/share/msec/perm.$1 ]]; then /usr/share/msec/file_perm.sh /usr/share/msec/perm.$1 else |