diff options
Diffstat (limited to 'init-sh')
| -rwxr-xr-x | init-sh/custom.sh | 36 | ||||
| -rwxr-xr-x | init-sh/level0.sh | 3 | ||||
| -rwxr-xr-x | init-sh/level1.sh | 8 | ||||
| -rwxr-xr-x | init-sh/level2.sh | 11 | ||||
| -rwxr-xr-x | init-sh/level3.sh | 9 | ||||
| -rwxr-xr-x | init-sh/level4.sh | 12 | ||||
| -rwxr-xr-x | init-sh/level5.sh | 13 | ||||
| -rw-r--r-- | init-sh/lib.sh | 2 | ||||
| -rwxr-xr-x | init-sh/msec (renamed from init-sh/init.sh) | 10 | ||||
| -rw-r--r-- | init-sh/perm.0 | 66 | ||||
| -rw-r--r-- | init-sh/perm.1 | 66 | ||||
| -rw-r--r-- | init-sh/perm.2 | 66 | ||||
| -rw-r--r-- | init-sh/perm.3 | 66 | ||||
| -rw-r--r-- | init-sh/perm.4 | 66 | ||||
| -rw-r--r-- | init-sh/perm.5 | 67 | ||||
| -rw-r--r-- | init-sh/server.4 | 6 | ||||
| -rw-r--r-- | init-sh/server.5 | 6 |
17 files changed, 64 insertions, 449 deletions
diff --git a/init-sh/custom.sh b/init-sh/custom.sh index af4bba5..b8b8402 100755 --- a/init-sh/custom.sh +++ b/init-sh/custom.sh @@ -5,8 +5,12 @@ # Writen by Vandoorselaere Yoann <yoann@mandrakesoft.com> # -if [[ -f /etc/security/msec/init-sh/lib.sh ]]; then - . /etc/security/msec/init-sh/lib.sh + +if [[ -f /usr/share/msec/lib.sh ]]; then + . /usr/share/msec/lib.sh +else + echo "Can't find /usr/share/msec/lib.sh, exiting." + exit 1 fi clear @@ -62,7 +66,7 @@ echo "Do you want your system to daily check important security problem ?" WaitAnswer; clear if [[ ${answer} == yes ]]; then AddRules "CHECK_SECURITY=yes" /etc/security/msec/security.conf - AddRules "0 0-23 * * * root nice --adjustment=+19 /etc/security/msec/cron-sh/security.sh" /etc/crontab + AddRules "0 0-23 * * * root nice --adjustment=+19 /usr/share/msec/security.sh" /etc/crontab fi ### @@ -70,7 +74,7 @@ echo "Do you want your system to daily check new open port listening ?" WaitAnswer; clear if [[ ${answer} == yes ]]; then AddRules "CHECK_OPEN_PORT=yes" /etc/security/msec/security.conf - AddRules "0 0-23 * * * root nice --adjustment=+19 /etc/security/msec/cron-sh/security.sh" /etc/crontab + AddRules "0 0-23 * * * root nice --adjustment=+19 /usr/share/msec/security.sh" /etc/crontab fi ### @@ -78,7 +82,7 @@ echo "Do you want your system to check for grave permission problem on sensibles WaitAnswer; clear if [[ ${answer} == yes ]]; then AddRules "CHECK_PERMS=yes" /etc/security/msec/security.conf - AddRules "0 0-23 * * * root nice --adjustment=+19 /etc/security/msec/cron-sh/security.sh" /etc/crontab + AddRules "0 0-23 * * * root nice --adjustment=+19 /usr/share/msec/security.sh" /etc/crontab fi ### @@ -86,7 +90,7 @@ echo "Do you want your system to daily check SUID Root file change ?" WaitAnswer; clear if [[ ${answer} == yes ]]; then AddRules "CHECK_SUID_ROOT=yes" /etc/security/msec/security.conf - AddRules "0 0-23 * * * root nice --adjustment=+19 /etc/security/msec/cron-sh/security.sh" /etc/crontab + AddRules "0 0-23 * * * root nice --adjustment=+19 /usr/share/msec/security.sh" /etc/crontab fi ### @@ -94,7 +98,7 @@ echo "Do you want your system to daily check suid files md5 checksum changes ?" WaitAnswer; clear if [[ ${answer} == yes ]]; then AddRules "CHECK_SUID_MD5=yes" /etc/security/msec/security.conf - AddRules "0 0-23 * * * root nice --adjustment=+19 /etc/security/msec/cron-sh/security.sh" /etc/crontab + AddRules "0 0-23 * * * root nice --adjustment=+19 /usr/share/msec/security.sh" /etc/crontab fi ### @@ -102,7 +106,7 @@ echo "Do you want your system to daily check SUID Group file change ?" WaitAnswer; clear if [[ ${answer} == yes ]]; then AddRules "CHECK_SUID_GROUP=yes" /etc/security/msec/security.conf - AddRules "0 0-23 * * * root nice --adjustment=+19 /etc/security/msec/cron-sh/security.sh" /etc/crontab + AddRules "0 0-23 * * * root nice --adjustment=+19 /usr/share/msec/security.sh" /etc/crontab fi ### @@ -110,7 +114,7 @@ echo "Do you want your system to daily check Writeable file change ?" WaitAnswer; clear if [[ ${answer} == yes ]]; then AddRules "CHECK_WRITEABLE=yes" /etc/security/msec/security.conf - AddRules "0 0-23 * * * root nice --adjustment=+19 /etc/security/msec/cron-sh/security.sh" /etc/crontab + AddRules "0 0-23 * * * root nice --adjustment=+19 /usr/share/msec/security.sh" /etc/crontab fi ### @@ -118,7 +122,7 @@ echo "Do you want your system to daily check Unowned file change ?" WaitAnswer; clear if [[ ${answer} == yes ]]; then AddRules "CHECK_UNOWNED=yes" /etc/security/msec/security.conf - AddRules "0 0-23 * * * root nice --adjustment=+19 /etc/security/msec/cron-sh/security.sh" /etc/crontab + AddRules "0 0-23 * * * root nice --adjustment=+19 /usr/share/msec/security.sh" /etc/crontab fi ### @@ -127,7 +131,7 @@ echo "is in promiscuous state (which mean someone is probably running a sniffer WaitAnswer; clear if [[ ${answer} == yes ]]; then AddRules "CHECK_PROMISC=yes" /etc/security/msec/security.conf - AddRules "*/1 * * * * root nice --adjustment=+19 /etc/security/msec/cron-sh/promisc_check.sh" /etc/crontab + AddRules "*/1 * * * * root nice --adjustment=+19 /usr/share/msec/promisc_check.sh" /etc/crontab fi ### @@ -169,7 +173,7 @@ WaitAnswer; clear if [[ ${answer} == yes ]]; then echo -n "Disabling all service, except : {" chkconfig --list | awk '{print $1}' | while read service; do - if grep -qx ${service} /etc/security/msec/init-sh/server.4; then + if grep -qx ${service} /etc/security/msec/server.4; then echo -n " ${service}" fi done @@ -242,3 +246,11 @@ AddRules "export PATH SECURE_LEVEL" /etc/profile + + + + + + + + diff --git a/init-sh/level0.sh b/init-sh/level0.sh index ea5181c..b979b61 100755 --- a/init-sh/level0.sh +++ b/init-sh/level0.sh @@ -5,6 +5,7 @@ # Writen by Vandoorselaere Yoann <yoann@mandrakesoft.com> # + if [[ -f /etc/security/msec/init-sh/lib.sh ]]; then . /etc/security/msec/init-sh/lib.sh else @@ -74,7 +75,7 @@ AddBegRules "/usr/X11R6/bin/xhost +" /etc/X11/xinit/xinitrc # Group echo "Adding system users to specific groups :" -/etc/security/msec/init-sh/grpuser.sh --refresh +/usr/share/msec/grpuser.sh --refresh echo -e "done.\n" # Boot on a shell / authorize ctrl-alt-del diff --git a/init-sh/level1.sh b/init-sh/level1.sh index 32d00f1..0c17880 100755 --- a/init-sh/level1.sh +++ b/init-sh/level1.sh @@ -5,9 +5,11 @@ # Writen by Vandoorselaere Yoann <yoann@mandrakesoft.com> # -if [[ -f /etc/security/msec/init-sh/lib.sh ]]; then - . /etc/security/msec/init-sh/lib.sh + +if [[ -f /usr/share/msec/lib.sh ]]; then + . /usr/share/msec/lib.sh else + echo "Can't find /usr/share/msec/lib.sh, exiting." exit 1 fi @@ -75,7 +77,7 @@ AddBegRules "/usr/X11R6/bin/xhost + localhost" /etc/X11/xinit/xinitrc # Group echo "Adding system users to specific groups :" -/etc/security/msec/init-sh/grpuser.sh --refresh +/usr/share/msec/grpuser.sh --refresh grpconv echo -e "done.\n" diff --git a/init-sh/level2.sh b/init-sh/level2.sh index e012f72..9348529 100755 --- a/init-sh/level2.sh +++ b/init-sh/level2.sh @@ -5,9 +5,12 @@ # Writen by Vandoorselaere Yoann <yoann@mandrakesoft.com> # -if [[ -f /etc/security/msec/init-sh/lib.sh ]]; then - . /etc/security/msec/init-sh/lib.sh + + +if [[ -f /usr/share/msec/lib.sh ]]; then + . /usr/share/msec/lib.sh else + echo "Can't find /usr/share/msec/lib.sh, exiting." exit 1 fi @@ -74,7 +77,7 @@ AddBegRules "/usr/X11R6/bin/xhost + localhost" /etc/X11/xinit/xinitrc # group echo "Adding system users to specifics groups :" -/etc/security/msec/init-sh/grpuser.sh --refresh +/usr/share/msec/grpuser.sh --refresh grpconv echo -e "done.\n" @@ -87,3 +90,5 @@ cat ${tmpfile} | \ sed s'/ca::ctrlaltdel:\/sbin\/shutdown -a -t3 -r now/ca::ctrlaltdel:\/sbin\/shutdown -t3 -r now/' > /etc/inittab rm -f ${tmpfile} echo "done." + + diff --git a/init-sh/level3.sh b/init-sh/level3.sh index 1e78f93..bf53c66 100755 --- a/init-sh/level3.sh +++ b/init-sh/level3.sh @@ -5,13 +5,14 @@ # Writen by Vandoorselaere Yoann <yoann@mandrakesoft.com> # -if [[ -f /etc/security/msec/init-sh/lib.sh ]]; then - . /etc/security/msec/init-sh/lib.sh + +if [[ -f /usr/share/msec/lib.sh ]]; then + . /usr/share/msec/lib.sh else + echo "Can't find /usr/share/msec/lib.sh, exiting." exit 1 fi -# All events logged on tty12 echo "Loging all messages on tty12 : " AddRules "*.* /dev/tty12" /etc/syslog.conf @@ -59,7 +60,7 @@ echo -e "\t- Security warning in syslog : yes." # Crontab echo "Adding permission check in crontab (scheduled every midnight) :" -AddRules "0 0 * * * root /etc/security/msec/cron-sh/security.sh" /etc/crontab +AddRules "0 0 * * * root /usr/share/msec/security.sh" /etc/crontab # lilo update echo -n "Running lilo to record new config : " diff --git a/init-sh/level4.sh b/init-sh/level4.sh index 18d9aac..75a0e85 100755 --- a/init-sh/level4.sh +++ b/init-sh/level4.sh @@ -6,10 +6,10 @@ # Writen by Vandoorselaere Yoann <yoann@mandrakesoft.com> # - -if [[ -f /etc/security/msec/init-sh/lib.sh ]]; then - . /etc/security/msec/init-sh/lib.sh +if [[ -f /usr/share/msec/lib.sh ]]; then + . /usr/share/msec/lib.sh else + echo "Can't find /usr/share/msec/lib.sh, exiting." exit 1 fi @@ -68,10 +68,10 @@ echo -e "\t- Security warning in syslog : yes." # Check every 1 minutes for promisc problem echo "Adding promisc check in crontab (scheduled every minutes) :" -AddRules "*/1 * * * * root /etc/security/msec/cron-sh/promisc_check.sh" /etc/crontab +AddRules "*/1 * * * * root /usr/share/msec/promisc_check.sh" /etc/crontab echo "Adding \"diff\" & \"global\" security check in crontab (scheduled every midnight) :" -AddRules "0 0 * * * root /etc/security/msec/cron-sh/security.sh" /etc/crontab +AddRules "0 0 * * * root /usr/share/msec/security.sh" /etc/crontab # Do you want a password ? LiloUpdate; @@ -88,7 +88,7 @@ IFS=" " echo -n "Disabling all service, except : {" for service in `chkconfig --list | awk '{print $1}'`; do - if grep -qx ${service} /etc/security/msec/init-sh/server.4; then + if grep -qx ${service} /etc/security/msec/server.4; then echo -n " ${service}" fi done diff --git a/init-sh/level5.sh b/init-sh/level5.sh index 9e8af53..59dc413 100755 --- a/init-sh/level5.sh +++ b/init-sh/level5.sh @@ -5,8 +5,11 @@ # Writen by Vandoorselaere Yoann <yoann@mandrakesoft.com> # -if [[ -f /etc/security/msec/init-sh/lib.sh ]]; then - . /etc/security/msec/init-sh/lib.sh +if [[ -f /usr/share/msec/lib.sh ]]; then + . /usr/share/msec/lib.sh +else + echo "Can't find /usr/share/msec/lib.sh, exiting." + exit 1 fi echo -e "Changing attribute of /var/log/* to append only...\n" @@ -60,10 +63,10 @@ echo -e "\t- Security warning in syslog : yes." ################ Crontab things ################### # Check every 1 minutes for promisc problem echo "Adding promisc check in crontab (scheduled every minutes) :" -AddRules "*/1 * * * * root /etc/security/msec/cron-sh/promisc_check.sh" /etc/crontab +AddRules "*/1 * * * * root /usr/share/msec/promisc_check.sh" /etc/crontab echo "Adding \"diff\" & \"global\" security check in crontab (scheduled every midnight) :" -AddRules "0 0 * * * root /etc/security/msec/cron-sh/security.sh" /etc/crontab +AddRules "0 0 * * * root /usr/share/msec/security.sh" /etc/crontab ################################################### @@ -83,7 +86,7 @@ IFS=" export SECURE_LEVEL=5 echo -n "Disabling all service, except : {" for service in `chkconfig --list | awk '{print $1}'`; do - if grep -qx ${service} /etc/security/msec/init-sh/server.5; then + if grep -qx ${service} /etc/security/msec/server.5; then echo -n " ${service}" fi done diff --git a/init-sh/lib.sh b/init-sh/lib.sh index 920996f..7f55c7c 100644 --- a/init-sh/lib.sh +++ b/init-sh/lib.sh @@ -197,7 +197,7 @@ groupadd audio >& /dev/null groupadd xgrp >& /dev/null usermod -G xgrp xfs -/etc/security/msec/init-sh/grpuser.sh --clean +/usr/share/msec/grpuser.sh --clean echo diff --git a/init-sh/init.sh b/init-sh/msec index a748541..ee69564 100755 --- a/init-sh/init.sh +++ b/init-sh/msec @@ -8,14 +8,14 @@ fi if [[ ${1} == custom ]]; then - /etc/security/msec/init-sh/custom.sh + /usr/share/msec/custom.sh exit 0; fi -if [[ -f /etc/security/msec/init-sh/level$1.sh ]]; then - /etc/security/msec/init-sh/level$1.sh - if [[ -f /etc/security/msec/init-sh/perm.$1 ]]; then - /etc/security/msec/init-sh/file_perm.sh /etc/security/msec/init-sh/perm.$1 +if [[ -f /usr/share/msec/level$1.sh ]]; then + /usr/share/msec/level$1.sh + if [[ -f /usr/share/msec/perm.$1 ]]; then + /usr/share/msec/file_perm.sh /usr/share/msec/perm.$1 else echo "Couldn't find the default permissions for level $1." fi diff --git a/init-sh/perm.0 b/init-sh/perm.0 deleted file mode 100644 index 9ade3c2..0000000 --- a/init-sh/perm.0 +++ /dev/null @@ -1,66 +0,0 @@ -# Welcome in Level 1 -### -/bin/ root.root 755 -/boot/ root.root 755 -/dev/ root.root 755 -/dev/audio* root.audio 660 -/dev/dsp* root.audio 660 -/etc/ root.root 755 -/etc/conf.modules root.root 644 -/etc/cron.daily/ root.root 755 -/etc/cron.hourly/ root.root 755 -/etc/cron.monthly/ root.root 755 -/etc/cron.weekly/ root.root 755 -/etc/crontab root.root 644 -/etc/dhcpcd/ root.root 755 -/etc/dhcpcd/* root.root 644 -/etc/esd.conf root.root 644 -/etc/ftpaccess root.root 644 -/etc/ftpconversions root.root 644 -/etc/ftpgroups root.root 644 -/etc/ftphosts root.root 644 -/etc/ftpusers root.root 644 -/etc/gettydefs root.root 644 -/etc/hosts.allow root.root 644 -/etc/hosts.deny root.root 644 -/etc/hosts.equiv root.root 644 -/etc/inetd.conf root.root 644 -/etc/init.d/ root.root 755 -/etc/rc.d/init.d/syslog root.root 744 -/etc/inittab root.root 644 -/etc/ld.so.conf root.root 644 -/etc/lilo.conf root.root 644 -/etc/modules.conf root.root 644 -/etc/motd root.root 644 -/etc/printcap root.root 644 -/etc/profile root.root 644 -/etc/rc.d/ root.root 755 -/etc/securetty root.root 644 -/etc/sendmail.cf root.root 644 -/etc/shutdown.allow root.root 644 -/etc/ssh_config root.root 644 -/etc/ssh_host_key root.root 644 -/etc/ssh_host_key.pub root.root 644 -/etc/sshd_config root.root 644 -/etc/syslog.conf root.root 644 -/etc/updatedb.conf root.root 644 -/home/ root.root 755 -/home/* current 755 -/lib/ root.root 755 -/mnt/ root.root 755 -/root/ root.root 755 -/sbin/ root.root 755 -/tmp/ root.root 1777 -/usr/ root.root 755 -/usr/* root.root 755 -/usr/X11R6/ root.root 755 -/usr/bin/ root.root 755 -/usr/bin/* root.root 755 -/usr/sbin/ root.root 755 -/usr/sbin/* root.root 755 -/var/ root.root 755 -/var/log/ root.root 755 -/var/log/* root.adm 644 -/var/log/security/ root.root 700 -/var/log/security/* root.root 600 -/var/spool/mail/ root.mail 771 diff --git a/init-sh/perm.1 b/init-sh/perm.1 deleted file mode 100644 index 8fc7d12..0000000 --- a/init-sh/perm.1 +++ /dev/null @@ -1,66 +0,0 @@ -# Welcome in Level 1 -### -/bin/ root.root 755 -/boot/ root.root 755 -/dev/ root.root 755 -/dev/audio* root.audio 660 -/dev/dsp* root.audio 660 -/etc/ root.root 755 -/etc/conf.modules root.root 644 -/etc/cron.daily/ root.root 755 -/etc/cron.hourly/ root.root 755 -/etc/cron.monthly/ root.root 755 -/etc/cron.weekly/ root.root 755 -/etc/crontab root.root 644 -/etc/dhcpcd/ root.root 755 -/etc/dhcpcd/* root.root 644 -/etc/esd.conf root.root 644 -/etc/ftpaccess root.root 644 -/etc/ftpconversions root.root 644 -/etc/ftpgroups root.root 644 -/etc/ftphosts root.root 644 -/etc/ftpusers root.root 644 -/etc/gettydefs root.root 644 -/etc/hosts.allow root.root 644 -/etc/hosts.deny root.root 644 -/etc/hosts.equiv root.root 644 -/etc/inetd.conf root.root 644 -/etc/init.d/ root.root 755 -/etc/rc.d/init.d/syslog root.root 744 -/etc/inittab root.root 644 -/etc/ld.so.conf root.root 644 -/etc/lilo.conf root.root 644 -/etc/modules.conf root.root 644 -/etc/motd root.root 644 -/etc/printcap root.root 644 -/etc/profile root.root 644 -/etc/rc.d/ root.root 755 -/etc/securetty root.root 644 -/etc/sendmail.cf root.root 644 -/etc/shutdown.allow root.root 644 -/etc/ssh_config root.root 644 -/etc/ssh_host_key root.root 644 -/etc/ssh_host_key.pub root.root 644 -/etc/sshd_config root.root 644 -/etc/syslog.conf root.root 644 -/etc/updatedb.conf root.root 644 -/home/ root.root 755 -/home/* current 755 -/lib/ root.root 755 -/mnt/ root.root 755 -/root/ root.root 755 -/sbin/ root.root 755 -/tmp/ root.root 1777 -/usr/ root.root 755 -/usr/* root.root 755 -/usr/X11R6/ root.root 755 -/usr/bin/ root.root 755 -/usr/bin/* root.root 755 -/usr/sbin/ root.root 755 -/usr/sbin/* root.root 755 -/var/ root.root 755 -/var/log/ root.root 755 -/var/log/* root.adm 644 -/var/log/security/ root.root 700 -/var/log/security/* root.root 600 -/var/spool/mail/ root.mail 2775 diff --git a/init-sh/perm.2 b/init-sh/perm.2 deleted file mode 100644 index c6a3d41..0000000 --- a/init-sh/perm.2 +++ /dev/null @@ -1,66 +0,0 @@ -# Welcome in Level 2 -### -/bin/ root.root 755 -/boot/ root.root 755 -/dev/ root.root 755 -/dev/audio* root.audio 660 -/dev/dsp* root.audio 660 -/etc/ root.root 755 -/etc/conf.modules root.root 644 -/etc/cron.daily/ root.root 755 -/etc/cron.hourly/ root.root 755 -/etc/cron.monthly/ root.root 755 -/etc/cron.weekly/ root.root 755 -/etc/crontab root.root 644 -/etc/dhcpcd/ root.root 755 -/etc/dhcpcd/* root.root 644 -/etc/esd.conf root.root 644 -/etc/ftpaccess root.root 644 -/etc/ftpconversions root.root 644 -/etc/ftpgroups root.root 644 -/etc/ftphosts root.root 644 -/etc/ftpusers root.root 644 -/etc/gettydefs root.root 644 -/etc/hosts.allow root.root 644 -/etc/hosts.deny root.root 644 -/etc/hosts.equiv root.root 644 -/etc/inetd.conf root.root 644 -/etc/init.d/ root.root 755 -/etc/rc.d/init.d/syslog root.root 744 -/etc/inittab root.root 644 -/etc/ld.so.conf root.root 644 -/etc/lilo.conf root.root 644 -/etc/modules.conf root.root 644 -/etc/motd root.root 644 -/etc/printcap root.root 644 -/etc/profile root.root 644 -/etc/rc.d/ root.root 755 -/etc/securetty root.root 644 -/etc/sendmail.cf root.root 644 -/etc/shutdown.allow root.root 644 -/etc/ssh_config root.root 644 -/etc/ssh_host_key root.root 644 -/etc/ssh_host_key.pub root.root 644 -/etc/sshd_config root.root 644 -/etc/syslog.conf root.root 644 -/etc/updatedb.conf root.root 644 -/home/ root.root 755 -/home/* current 755 -/lib/ root.root 755 -/mnt/ root.root 755 -/root/ root.root 700 -/sbin/ root.root 755 -/tmp/ root.root 1777 -/usr/ root.root 755 -/usr/* root.root 755 -/usr/X11R6/ root.root 755 -/usr/bin/ root.root 755 -/usr/bin/* root.root 755 -/usr/sbin/ root.root 755 -/usr/sbin/* root.root 755 -/var/ root.root 755 -/var/log/ root.root 755 -/var/log/* root.adm 640 -/var/log/security/ root.root 700 -/var/log/security/* root.root 600 -/var/spool/mail/ root.mail 2775 diff --git a/init-sh/perm.3 b/init-sh/perm.3 deleted file mode 100644 index 2c8520d..0000000 --- a/init-sh/perm.3 +++ /dev/null @@ -1,66 +0,0 @@ -# Welcome in Level 3 -### -/bin/ root.root 755 -/boot/ root.root 755 -/dev/ root.root 755 -/dev/audio* root.audio 660 -/dev/dsp* root.audio 660 -/etc/ root.root 755 -/etc/conf.modules root.root 644 -/etc/cron.daily/ root.root 755 -/etc/cron.hourly/ root.root 755 -/etc/cron.monthly/ root.root 755 -/etc/cron.weekly/ root.root 755 -/etc/crontab root.root 644 -/etc/dhcpcd/ root.root 755 -/etc/dhcpcd/* root.root 644 -/etc/esd.conf root.root 644 -/etc/ftpaccess root.root 644 -/etc/ftpconversions root.root 644 -/etc/ftpgroups root.root 644 -/etc/ftphosts root.root 644 -/etc/ftpusers root.root 644 -/etc/gettydefs root.root 644 -/etc/hosts.allow root.root 644 -/etc/hosts.deny root.root 644 -/etc/hosts.equiv root.root 644 -/etc/inetd.conf root.root 644 -/etc/init.d/ root.root 755 -/etc/rc.d/init.d/syslog root.root 700 -/etc/inittab root.root 644 -/etc/ld.so.conf root.root 644 -/etc/lilo.conf root.root 644 -/etc/modules.conf root.root 644 -/etc/motd root.root 644 -/etc/printcap root.root 644 -/etc/profile root.root 644 -/etc/rc.d/ root.root 755 -/etc/securetty root.root 644 -/etc/sendmail.cf root.root 644 -/etc/shutdown.allow root.root 644 -/etc/ssh_config root.root 644 -/etc/ssh_host_key root.root 644 -/etc/ssh_host_key.pub root.root 644 -/etc/sshd_config root.root 644 -/etc/syslog.conf root.adm 640 -/etc/updatedb.conf root.root 644 -/home/ root.root 755 -/home/* current 700 -/lib/ root.root 755 -/mnt/ root.root 755 -/root/ root.root 700 -/sbin/ root.root 755 -/tmp/ root.root 1777 -/usr/ root.root 755 -/usr/* root.root 755 -/usr/X11R6/ root.root 755 -/usr/bin/ root.root 755 -/usr/bin/* root.root 755 -/usr/sbin/ root.root 755 -/usr/sbin/* root.root 755 -/var/ root.root 755 -/var/log/ root.root 755 -/var/log/* root.root 600 -/var/log/security/ root.root 700 -/var/log/security/* root.root 600 -/var/spool/mail/ root.mail 2775 diff --git a/init-sh/perm.4 b/init-sh/perm.4 deleted file mode 100644 index ef31596..0000000 --- a/init-sh/perm.4 +++ /dev/null @@ -1,66 +0,0 @@ -# Welcome in Level 4, aka secure & usable. -### -/bin/ root.root 711 -/boot/ root.root 700 -/dev/ root.root 711 -/dev/audio* root.audio 600 -/dev/dsp* root.audio 600 -/etc/ root.adm 711 -/etc/conf.modules root.adm 640 -/etc/cron.daily/ root.adm 750 -/etc/cron.hourly/ root.adm 750 -/etc/cron.monthly/ root.adm 750 -/etc/cron.weekly/ root.adm 750 -/etc/crontab root.adm 640 -/etc/dhcpcd/ root.adm 750 -/etc/dhcpcd/* root.adm 640 -/etc/esd.conf root.audio 640 -/etc/ftpaccess root.adm 640 -/etc/ftpconversions root.adm 640 -/etc/ftpgroups root.adm 640 -/etc/ftphosts root.adm 640 -/etc/ftpusers root.adm 640 -/etc/gettydefs root.adm 640 -/etc/hosts.allow root.adm 640 -/etc/hosts.deny root.adm 640 -/etc/hosts.equiv root.adm 640 -/etc/inetd.conf root.adm 640 -/etc/rc.d/init.d/ root.adm 750 -/etc/rc.d/init.d/syslog root.adm 740 -/etc/inittab root.adm 640 -/etc/ld.so.conf root.adm 640 -/etc/lilo.conf root.adm 600 -/etc/modules.conf root.adm 640 -/etc/motd root.adm 644 -/etc/printcap root.lp 640 -/etc/profile root.root 644 -/etc/rc.d/ root.adm 640 -/etc/securetty root.adm 640 -/etc/sendmail.cf root.adm 640 -/etc/shutdown.allow root.root 600 -/etc/ssh_config root.root 644 -/etc/ssh_host_key root.adm 640 -/etc/ssh_host_key.pub root.adm 644 -/etc/sshd_config root.adm 640 -/etc/syslog.conf root.adm 640 -/etc/updatedb.conf root.adm 640 -/home/ root.adm 751 -/home/* current 700 -/lib/ root.adm 751 -/mnt/ root.adm 750 -/root/ root.root 700 -/sbin/ root.adm 751 -/tmp/ root.root 1777 -/usr/ root.adm 751 -/usr/* root.adm 751 -/usr/X11R6/ root.xgrp 751 -/usr/bin/ root.adm 751 -/usr/bin/* root.root 755 -/usr/sbin/ root.adm 751 -/usr/sbin/* root.root 755 -/var/ root.root 755 -/var/log/ root.root 711 -/var/log/* root.root 600 -/var/log/security/ root.root 700 -/var/log/security/* root.root 600 -/var/spool/mail/ root.mail 771 diff --git a/init-sh/perm.5 b/init-sh/perm.5 deleted file mode 100644 index a4d5755..0000000 --- a/init-sh/perm.5 +++ /dev/null @@ -1,67 +0,0 @@ -# Welcome in Level 5, aka paranoid. -### -/bin/ root.root 711 -/boot/ root.root 700 -/dev/ root.root 711 -/dev/audio* root.audio 600 -/dev/dsp* root.audio 600 -/etc/ root.root 711 -/etc/conf.modules root.root 600 -/etc/cron.daily/ root.root 700 -/etc/cron.hourly/ root.root 700 -/etc/cron.monthly/ root.root 700 -/etc/cron.weekly/ root.root 700 -/etc/crontab root.root 600 -/etc/dhcpcd/ root.root 700 -/etc/dhcpcd/* root.root 600 -/etc/esd.conf root.audio 640 -/etc/ftpaccess root.root 600 -/etc/ftpconversions root.root 600 -/etc/ftpgroups root.root 600 -/etc/ftphosts root.root 600 -/etc/ftpusers root.root 600 -/etc/gettydefs root.root 600 -/etc/hosts.allow root.root 600 -/etc/hosts.deny root.root 600 -/etc/hosts.equiv root.root 600 -/etc/inetd.conf root.root 600 -/etc/rc.d/init.d/ root.root 700 -/etc/rc.d/init.d/syslog root.root 700 -/etc/inittab root.root 600 -/etc/ld.so.conf root.root 600 -/etc/lilo.conf root.root 600 -/etc/modules.conf root.root 600 -/etc/motd root.root 644 -/etc/printcap root.lp 640 -/etc/profile root.root 644 -/etc/rc.d/ root.root 600 -/etc/securetty root.root 600 -/etc/sendmail.cf root.root 600 -/etc/shutdown.allow root.root 600 -/etc/ssh_config root.root 644 -/etc/ssh_host_key root.root 600 -/etc/ssh_host_key.pub root.root 644 -/etc/sshd_config root.root 600 -/etc/syslog.conf root.root 600 -/etc/updatedb.conf root.root 600 -/home/ root.root 711 -/home/* current 700 -/lib/ root.root 711 -/mnt/ root.root 710 -/root/ root.root 700 -/sbin/ root.root 711 -/tmp/ root.root 1777 -/usr/ root.root 711 -/usr/* root.root 711 -/usr/X11R6/ root.xgrp 710 -/usr/bin/ root.root 711 -/usr/bin/* root.root 755 -/usr/sbin/ root.root 711 -/usr/sbin/* root.root 700 -/usr/sbin/sendmail root.root 755 -/var/ root.root 755 -/var/log/ root.root 711 -/var/log/* root.root 600 -/var/log/security/ root.root 700 -/var/log/security/* root.root 600 -/var/spool/mail/ root.mail 771 diff --git a/init-sh/server.4 b/init-sh/server.4 deleted file mode 100644 index 044f0bf..0000000 --- a/init-sh/server.4 +++ /dev/null @@ -1,6 +0,0 @@ -crond -syslog -keytable -network -gpm -xfs diff --git a/init-sh/server.5 b/init-sh/server.5 deleted file mode 100644 index 044f0bf..0000000 --- a/init-sh/server.5 +++ /dev/null @@ -1,6 +0,0 @@ -crond -syslog -keytable -network -gpm -xfs |