From 7b7859e7b69b54e30eb181857e608f5cccce999a Mon Sep 17 00:00:00 2001 From: Yoann Vandoorselaere Date: Tue, 7 Mar 2000 16:45:04 +0000 Subject: *** empty log message *** --- Makefile | 26 +++++++++---------- conf/perm.0 | 66 +++++++++++++++++++++++++++++++++++++++++++++++ conf/perm.1 | 66 +++++++++++++++++++++++++++++++++++++++++++++++ conf/perm.2 | 66 +++++++++++++++++++++++++++++++++++++++++++++++ conf/perm.3 | 66 +++++++++++++++++++++++++++++++++++++++++++++++ conf/perm.4 | 66 +++++++++++++++++++++++++++++++++++++++++++++++ conf/perm.5 | 67 ++++++++++++++++++++++++++++++++++++++++++++++++ conf/server.4 | 6 +++++ conf/server.5 | 6 +++++ cron-sh/promisc_check.sh | 9 +++---- cron-sh/security.sh | 6 +++-- init-sh/custom.sh | 36 +++++++++++++++++--------- init-sh/init.sh | 25 ------------------ init-sh/level0.sh | 3 ++- init-sh/level1.sh | 8 +++--- init-sh/level2.sh | 11 +++++--- init-sh/level3.sh | 9 ++++--- init-sh/level4.sh | 12 ++++----- init-sh/level5.sh | 13 ++++++---- init-sh/lib.sh | 2 +- init-sh/msec | 25 ++++++++++++++++++ init-sh/perm.0 | 66 ----------------------------------------------- init-sh/perm.1 | 66 ----------------------------------------------- init-sh/perm.2 | 66 ----------------------------------------------- init-sh/perm.3 | 66 ----------------------------------------------- init-sh/perm.4 | 66 ----------------------------------------------- init-sh/perm.5 | 67 ------------------------------------------------ init-sh/server.4 | 6 ----- init-sh/server.5 | 6 ----- 29 files changed, 512 insertions(+), 491 deletions(-) create mode 100644 conf/perm.0 create mode 100644 conf/perm.1 create mode 100644 conf/perm.2 create mode 100644 conf/perm.3 create mode 100644 conf/perm.4 create mode 100644 conf/perm.5 create mode 100644 conf/server.4 create mode 100644 conf/server.5 delete mode 100755 init-sh/init.sh create mode 100755 init-sh/msec delete mode 100644 init-sh/perm.0 delete mode 100644 init-sh/perm.1 delete mode 100644 init-sh/perm.2 delete mode 100644 init-sh/perm.3 delete mode 100644 init-sh/perm.4 delete mode 100644 init-sh/perm.5 delete mode 100644 init-sh/server.4 delete mode 100644 init-sh/server.5 diff --git a/Makefile b/Makefile index 24f8467..3085b4f 100644 --- a/Makefile +++ b/Makefile @@ -51,21 +51,19 @@ rpm: dis ../$(NAME)-$(VERSION).tar.bz2 $(RPM) rm -f ../$(NAME)-$(VERSION).tar.bz2 install: - (rm -rf /etc/security/msec) - (mkdir -p /etc/security/msec/init-sh) - (cp init-sh/level* /etc/security/msec/init-sh) - (cp init-sh/init.sh /etc/security/msec/init.sh); - (cp init-sh/lib.sh /etc/security/msec/init-sh); - (cp init-sh/grpuser.sh /etc/security/msec/init-sh); - (cp init-sh/file_perm.sh /etc/security/msec/init-sh); - (cp init-sh/*.[0-5] /etc/security/msec/init-sh/) - (cp init-sh/custom.sh /etc/security/msec/init-sh); - (cp init-sh/server.* /etc/security/msec/init-sh) + (rm -rf $(RPM_BUILD_ROOT)/etc/security/msec) + (mkdir -p $(RPM_BUILD_ROOT)/etc/security/msec) + (mkdir -p $(RPM_BUILD_ROOT)/usr/share/msec) + (cp init-sh/*.sh $(RPM_BUILD_ROOT)/usr/share/msec) + (cp cron-sh/*.sh $(RPM_BUILD_ROOT)/usr/share/msec) + (cp init-sh/msec $(RPM_BUILD_ROOT)/usr/sbin) + (cp conf/perm.* conf/server.* $(RPM_BUILD_ROOT)/etc/security/msec) + (touch $(RPM_BUILD_ROOT)/etc/security/msec/security.conf) - touch $(RPM_BUILD_ROOT)/var/log/security.log - mkdir -p $(RPM_BUILD_ROOT)/var/log/security - (cd src/promisc_check; make install) - (cd cron-sh; make install) + (touch $(RPM_BUILD_ROOT)/var/log/security.log) + (mkdir -p $(RPM_BUILD_ROOT)/var/log/security) + (cd src/promisc_check && make install) + (cd cron-sh && make install) @echo @echo diff --git a/conf/perm.0 b/conf/perm.0 new file mode 100644 index 0000000..9ade3c2 --- /dev/null +++ b/conf/perm.0 @@ -0,0 +1,66 @@ +# Welcome in Level 1 +### +/bin/ root.root 755 +/boot/ root.root 755 +/dev/ root.root 755 +/dev/audio* root.audio 660 +/dev/dsp* root.audio 660 +/etc/ root.root 755 +/etc/conf.modules root.root 644 +/etc/cron.daily/ root.root 755 +/etc/cron.hourly/ root.root 755 +/etc/cron.monthly/ root.root 755 +/etc/cron.weekly/ root.root 755 +/etc/crontab root.root 644 +/etc/dhcpcd/ root.root 755 +/etc/dhcpcd/* root.root 644 +/etc/esd.conf root.root 644 +/etc/ftpaccess root.root 644 +/etc/ftpconversions root.root 644 +/etc/ftpgroups root.root 644 +/etc/ftphosts root.root 644 +/etc/ftpusers root.root 644 +/etc/gettydefs root.root 644 +/etc/hosts.allow root.root 644 +/etc/hosts.deny root.root 644 +/etc/hosts.equiv root.root 644 +/etc/inetd.conf root.root 644 +/etc/init.d/ root.root 755 +/etc/rc.d/init.d/syslog root.root 744 +/etc/inittab root.root 644 +/etc/ld.so.conf root.root 644 +/etc/lilo.conf root.root 644 +/etc/modules.conf root.root 644 +/etc/motd root.root 644 +/etc/printcap root.root 644 +/etc/profile root.root 644 +/etc/rc.d/ root.root 755 +/etc/securetty root.root 644 +/etc/sendmail.cf root.root 644 +/etc/shutdown.allow root.root 644 +/etc/ssh_config root.root 644 +/etc/ssh_host_key root.root 644 +/etc/ssh_host_key.pub root.root 644 +/etc/sshd_config root.root 644 +/etc/syslog.conf root.root 644 +/etc/updatedb.conf root.root 644 +/home/ root.root 755 +/home/* current 755 +/lib/ root.root 755 +/mnt/ root.root 755 +/root/ root.root 755 +/sbin/ root.root 755 +/tmp/ root.root 1777 +/usr/ root.root 755 +/usr/* root.root 755 +/usr/X11R6/ root.root 755 +/usr/bin/ root.root 755 +/usr/bin/* root.root 755 +/usr/sbin/ root.root 755 +/usr/sbin/* root.root 755 +/var/ root.root 755 +/var/log/ root.root 755 +/var/log/* root.adm 644 +/var/log/security/ root.root 700 +/var/log/security/* root.root 600 +/var/spool/mail/ root.mail 771 diff --git a/conf/perm.1 b/conf/perm.1 new file mode 100644 index 0000000..8fc7d12 --- /dev/null +++ b/conf/perm.1 @@ -0,0 +1,66 @@ +# Welcome in Level 1 +### +/bin/ root.root 755 +/boot/ root.root 755 +/dev/ root.root 755 +/dev/audio* root.audio 660 +/dev/dsp* root.audio 660 +/etc/ root.root 755 +/etc/conf.modules root.root 644 +/etc/cron.daily/ root.root 755 +/etc/cron.hourly/ root.root 755 +/etc/cron.monthly/ root.root 755 +/etc/cron.weekly/ root.root 755 +/etc/crontab root.root 644 +/etc/dhcpcd/ root.root 755 +/etc/dhcpcd/* root.root 644 +/etc/esd.conf root.root 644 +/etc/ftpaccess root.root 644 +/etc/ftpconversions root.root 644 +/etc/ftpgroups root.root 644 +/etc/ftphosts root.root 644 +/etc/ftpusers root.root 644 +/etc/gettydefs root.root 644 +/etc/hosts.allow root.root 644 +/etc/hosts.deny root.root 644 +/etc/hosts.equiv root.root 644 +/etc/inetd.conf root.root 644 +/etc/init.d/ root.root 755 +/etc/rc.d/init.d/syslog root.root 744 +/etc/inittab root.root 644 +/etc/ld.so.conf root.root 644 +/etc/lilo.conf root.root 644 +/etc/modules.conf root.root 644 +/etc/motd root.root 644 +/etc/printcap root.root 644 +/etc/profile root.root 644 +/etc/rc.d/ root.root 755 +/etc/securetty root.root 644 +/etc/sendmail.cf root.root 644 +/etc/shutdown.allow root.root 644 +/etc/ssh_config root.root 644 +/etc/ssh_host_key root.root 644 +/etc/ssh_host_key.pub root.root 644 +/etc/sshd_config root.root 644 +/etc/syslog.conf root.root 644 +/etc/updatedb.conf root.root 644 +/home/ root.root 755 +/home/* current 755 +/lib/ root.root 755 +/mnt/ root.root 755 +/root/ root.root 755 +/sbin/ root.root 755 +/tmp/ root.root 1777 +/usr/ root.root 755 +/usr/* root.root 755 +/usr/X11R6/ root.root 755 +/usr/bin/ root.root 755 +/usr/bin/* root.root 755 +/usr/sbin/ root.root 755 +/usr/sbin/* root.root 755 +/var/ root.root 755 +/var/log/ root.root 755 +/var/log/* root.adm 644 +/var/log/security/ root.root 700 +/var/log/security/* root.root 600 +/var/spool/mail/ root.mail 2775 diff --git a/conf/perm.2 b/conf/perm.2 new file mode 100644 index 0000000..c6a3d41 --- /dev/null +++ b/conf/perm.2 @@ -0,0 +1,66 @@ +# Welcome in Level 2 +### +/bin/ root.root 755 +/boot/ root.root 755 +/dev/ root.root 755 +/dev/audio* root.audio 660 +/dev/dsp* root.audio 660 +/etc/ root.root 755 +/etc/conf.modules root.root 644 +/etc/cron.daily/ root.root 755 +/etc/cron.hourly/ root.root 755 +/etc/cron.monthly/ root.root 755 +/etc/cron.weekly/ root.root 755 +/etc/crontab root.root 644 +/etc/dhcpcd/ root.root 755 +/etc/dhcpcd/* root.root 644 +/etc/esd.conf root.root 644 +/etc/ftpaccess root.root 644 +/etc/ftpconversions root.root 644 +/etc/ftpgroups root.root 644 +/etc/ftphosts root.root 644 +/etc/ftpusers root.root 644 +/etc/gettydefs root.root 644 +/etc/hosts.allow root.root 644 +/etc/hosts.deny root.root 644 +/etc/hosts.equiv root.root 644 +/etc/inetd.conf root.root 644 +/etc/init.d/ root.root 755 +/etc/rc.d/init.d/syslog root.root 744 +/etc/inittab root.root 644 +/etc/ld.so.conf root.root 644 +/etc/lilo.conf root.root 644 +/etc/modules.conf root.root 644 +/etc/motd root.root 644 +/etc/printcap root.root 644 +/etc/profile root.root 644 +/etc/rc.d/ root.root 755 +/etc/securetty root.root 644 +/etc/sendmail.cf root.root 644 +/etc/shutdown.allow root.root 644 +/etc/ssh_config root.root 644 +/etc/ssh_host_key root.root 644 +/etc/ssh_host_key.pub root.root 644 +/etc/sshd_config root.root 644 +/etc/syslog.conf root.root 644 +/etc/updatedb.conf root.root 644 +/home/ root.root 755 +/home/* current 755 +/lib/ root.root 755 +/mnt/ root.root 755 +/root/ root.root 700 +/sbin/ root.root 755 +/tmp/ root.root 1777 +/usr/ root.root 755 +/usr/* root.root 755 +/usr/X11R6/ root.root 755 +/usr/bin/ root.root 755 +/usr/bin/* root.root 755 +/usr/sbin/ root.root 755 +/usr/sbin/* root.root 755 +/var/ root.root 755 +/var/log/ root.root 755 +/var/log/* root.adm 640 +/var/log/security/ root.root 700 +/var/log/security/* root.root 600 +/var/spool/mail/ root.mail 2775 diff --git a/conf/perm.3 b/conf/perm.3 new file mode 100644 index 0000000..2c8520d --- /dev/null +++ b/conf/perm.3 @@ -0,0 +1,66 @@ +# Welcome in Level 3 +### +/bin/ root.root 755 +/boot/ root.root 755 +/dev/ root.root 755 +/dev/audio* root.audio 660 +/dev/dsp* root.audio 660 +/etc/ root.root 755 +/etc/conf.modules root.root 644 +/etc/cron.daily/ root.root 755 +/etc/cron.hourly/ root.root 755 +/etc/cron.monthly/ root.root 755 +/etc/cron.weekly/ root.root 755 +/etc/crontab root.root 644 +/etc/dhcpcd/ root.root 755 +/etc/dhcpcd/* root.root 644 +/etc/esd.conf root.root 644 +/etc/ftpaccess root.root 644 +/etc/ftpconversions root.root 644 +/etc/ftpgroups root.root 644 +/etc/ftphosts root.root 644 +/etc/ftpusers root.root 644 +/etc/gettydefs root.root 644 +/etc/hosts.allow root.root 644 +/etc/hosts.deny root.root 644 +/etc/hosts.equiv root.root 644 +/etc/inetd.conf root.root 644 +/etc/init.d/ root.root 755 +/etc/rc.d/init.d/syslog root.root 700 +/etc/inittab root.root 644 +/etc/ld.so.conf root.root 644 +/etc/lilo.conf root.root 644 +/etc/modules.conf root.root 644 +/etc/motd root.root 644 +/etc/printcap root.root 644 +/etc/profile root.root 644 +/etc/rc.d/ root.root 755 +/etc/securetty root.root 644 +/etc/sendmail.cf root.root 644 +/etc/shutdown.allow root.root 644 +/etc/ssh_config root.root 644 +/etc/ssh_host_key root.root 644 +/etc/ssh_host_key.pub root.root 644 +/etc/sshd_config root.root 644 +/etc/syslog.conf root.adm 640 +/etc/updatedb.conf root.root 644 +/home/ root.root 755 +/home/* current 700 +/lib/ root.root 755 +/mnt/ root.root 755 +/root/ root.root 700 +/sbin/ root.root 755 +/tmp/ root.root 1777 +/usr/ root.root 755 +/usr/* root.root 755 +/usr/X11R6/ root.root 755 +/usr/bin/ root.root 755 +/usr/bin/* root.root 755 +/usr/sbin/ root.root 755 +/usr/sbin/* root.root 755 +/var/ root.root 755 +/var/log/ root.root 755 +/var/log/* root.root 600 +/var/log/security/ root.root 700 +/var/log/security/* root.root 600 +/var/spool/mail/ root.mail 2775 diff --git a/conf/perm.4 b/conf/perm.4 new file mode 100644 index 0000000..ef31596 --- /dev/null +++ b/conf/perm.4 @@ -0,0 +1,66 @@ +# Welcome in Level 4, aka secure & usable. +### +/bin/ root.root 711 +/boot/ root.root 700 +/dev/ root.root 711 +/dev/audio* root.audio 600 +/dev/dsp* root.audio 600 +/etc/ root.adm 711 +/etc/conf.modules root.adm 640 +/etc/cron.daily/ root.adm 750 +/etc/cron.hourly/ root.adm 750 +/etc/cron.monthly/ root.adm 750 +/etc/cron.weekly/ root.adm 750 +/etc/crontab root.adm 640 +/etc/dhcpcd/ root.adm 750 +/etc/dhcpcd/* root.adm 640 +/etc/esd.conf root.audio 640 +/etc/ftpaccess root.adm 640 +/etc/ftpconversions root.adm 640 +/etc/ftpgroups root.adm 640 +/etc/ftphosts root.adm 640 +/etc/ftpusers root.adm 640 +/etc/gettydefs root.adm 640 +/etc/hosts.allow root.adm 640 +/etc/hosts.deny root.adm 640 +/etc/hosts.equiv root.adm 640 +/etc/inetd.conf root.adm 640 +/etc/rc.d/init.d/ root.adm 750 +/etc/rc.d/init.d/syslog root.adm 740 +/etc/inittab root.adm 640 +/etc/ld.so.conf root.adm 640 +/etc/lilo.conf root.adm 600 +/etc/modules.conf root.adm 640 +/etc/motd root.adm 644 +/etc/printcap root.lp 640 +/etc/profile root.root 644 +/etc/rc.d/ root.adm 640 +/etc/securetty root.adm 640 +/etc/sendmail.cf root.adm 640 +/etc/shutdown.allow root.root 600 +/etc/ssh_config root.root 644 +/etc/ssh_host_key root.adm 640 +/etc/ssh_host_key.pub root.adm 644 +/etc/sshd_config root.adm 640 +/etc/syslog.conf root.adm 640 +/etc/updatedb.conf root.adm 640 +/home/ root.adm 751 +/home/* current 700 +/lib/ root.adm 751 +/mnt/ root.adm 750 +/root/ root.root 700 +/sbin/ root.adm 751 +/tmp/ root.root 1777 +/usr/ root.adm 751 +/usr/* root.adm 751 +/usr/X11R6/ root.xgrp 751 +/usr/bin/ root.adm 751 +/usr/bin/* root.root 755 +/usr/sbin/ root.adm 751 +/usr/sbin/* root.root 755 +/var/ root.root 755 +/var/log/ root.root 711 +/var/log/* root.root 600 +/var/log/security/ root.root 700 +/var/log/security/* root.root 600 +/var/spool/mail/ root.mail 771 diff --git a/conf/perm.5 b/conf/perm.5 new file mode 100644 index 0000000..a4d5755 --- /dev/null +++ b/conf/perm.5 @@ -0,0 +1,67 @@ +# Welcome in Level 5, aka paranoid. +### +/bin/ root.root 711 +/boot/ root.root 700 +/dev/ root.root 711 +/dev/audio* root.audio 600 +/dev/dsp* root.audio 600 +/etc/ root.root 711 +/etc/conf.modules root.root 600 +/etc/cron.daily/ root.root 700 +/etc/cron.hourly/ root.root 700 +/etc/cron.monthly/ root.root 700 +/etc/cron.weekly/ root.root 700 +/etc/crontab root.root 600 +/etc/dhcpcd/ root.root 700 +/etc/dhcpcd/* root.root 600 +/etc/esd.conf root.audio 640 +/etc/ftpaccess root.root 600 +/etc/ftpconversions root.root 600 +/etc/ftpgroups root.root 600 +/etc/ftphosts root.root 600 +/etc/ftpusers root.root 600 +/etc/gettydefs root.root 600 +/etc/hosts.allow root.root 600 +/etc/hosts.deny root.root 600 +/etc/hosts.equiv root.root 600 +/etc/inetd.conf root.root 600 +/etc/rc.d/init.d/ root.root 700 +/etc/rc.d/init.d/syslog root.root 700 +/etc/inittab root.root 600 +/etc/ld.so.conf root.root 600 +/etc/lilo.conf root.root 600 +/etc/modules.conf root.root 600 +/etc/motd root.root 644 +/etc/printcap root.lp 640 +/etc/profile root.root 644 +/etc/rc.d/ root.root 600 +/etc/securetty root.root 600 +/etc/sendmail.cf root.root 600 +/etc/shutdown.allow root.root 600 +/etc/ssh_config root.root 644 +/etc/ssh_host_key root.root 600 +/etc/ssh_host_key.pub root.root 644 +/etc/sshd_config root.root 600 +/etc/syslog.conf root.root 600 +/etc/updatedb.conf root.root 600 +/home/ root.root 711 +/home/* current 700 +/lib/ root.root 711 +/mnt/ root.root 710 +/root/ root.root 700 +/sbin/ root.root 711 +/tmp/ root.root 1777 +/usr/ root.root 711 +/usr/* root.root 711 +/usr/X11R6/ root.xgrp 710 +/usr/bin/ root.root 711 +/usr/bin/* root.root 755 +/usr/sbin/ root.root 711 +/usr/sbin/* root.root 700 +/usr/sbin/sendmail root.root 755 +/var/ root.root 755 +/var/log/ root.root 711 +/var/log/* root.root 600 +/var/log/security/ root.root 700 +/var/log/security/* root.root 600 +/var/spool/mail/ root.mail 771 diff --git a/conf/server.4 b/conf/server.4 new file mode 100644 index 0000000..044f0bf --- /dev/null +++ b/conf/server.4 @@ -0,0 +1,6 @@ +crond +syslog +keytable +network +gpm +xfs diff --git a/conf/server.5 b/conf/server.5 new file mode 100644 index 0000000..044f0bf --- /dev/null +++ b/conf/server.5 @@ -0,0 +1,6 @@ +crond +syslog +keytable +network +gpm +xfs diff --git a/cron-sh/promisc_check.sh b/cron-sh/promisc_check.sh index cabf0a8..ec0526d 100755 --- a/cron-sh/promisc_check.sh +++ b/cron-sh/promisc_check.sh @@ -6,7 +6,7 @@ if [[ -f /etc/security/msec/security.conf ]]; then . /etc/security/msec/security.conf else - echo "/etc/security/msec/security.conf don't exist." + echo "/etc/security/msec/security.conf doesn't exist." exit 1 fi @@ -29,11 +29,8 @@ Ttylog() { fi } +# Check if a network interface is in promiscuous mode... PROMISC="/usr/bin/promisc_check -q" -# -# Check if a network interface is in promisc check... -# Written by Vandoorselaere Yoann, -# LogPromisc() { date=`date` @@ -57,7 +54,7 @@ if [[ ${CHECK_PROMISC} == no ]]; then fi for INTERFACE in `${PROMISC}`; do - LogPromisc $INTERFACE + LogPromisc ${INTERFACE} done diff --git a/cron-sh/security.sh b/cron-sh/security.sh index 43ad9d6..ee94863 100755 --- a/cron-sh/security.sh +++ b/cron-sh/security.sh @@ -72,6 +72,8 @@ fi netstat -pvlA inet 2> /dev/null > ${OPEN_PORT_TODAY}; + +# Hard disk related file check; the less priority the better... nice --adjustment=+19 find ${DIR} -xdev -type f -perm +04000 -user root -printf "${PRINT}" 2> /dev/null | sort > ${SUID_ROOT_TODAY} nice --adjustment=+19 find ${DIR} -xdev -type f -perm +02000 -printf "${PRINT}" 2> /dev/null | sort > ${SUID_GROUP_TODAY} nice --adjustment=+19 find ${DIR} -xdev -type f -perm -2 -printf "${PRINT}" 2> /dev/null | sort > ${WRITEABLE_TODAY} @@ -115,8 +117,8 @@ Maillog() { ################## -. /etc/security/msec/cron-sh/diff_check.sh -. /etc/security/msec/cron-sh/security_check.sh +. /usr/share/msec/diff_check.sh +. /usr/share/msec/security_check.sh diff --git a/init-sh/custom.sh b/init-sh/custom.sh index af4bba5..b8b8402 100755 --- a/init-sh/custom.sh +++ b/init-sh/custom.sh @@ -5,8 +5,12 @@ # Writen by Vandoorselaere Yoann # -if [[ -f /etc/security/msec/init-sh/lib.sh ]]; then - . /etc/security/msec/init-sh/lib.sh + +if [[ -f /usr/share/msec/lib.sh ]]; then + . /usr/share/msec/lib.sh +else + echo "Can't find /usr/share/msec/lib.sh, exiting." + exit 1 fi clear @@ -62,7 +66,7 @@ echo "Do you want your system to daily check important security problem ?" WaitAnswer; clear if [[ ${answer} == yes ]]; then AddRules "CHECK_SECURITY=yes" /etc/security/msec/security.conf - AddRules "0 0-23 * * * root nice --adjustment=+19 /etc/security/msec/cron-sh/security.sh" /etc/crontab + AddRules "0 0-23 * * * root nice --adjustment=+19 /usr/share/msec/security.sh" /etc/crontab fi ### @@ -70,7 +74,7 @@ echo "Do you want your system to daily check new open port listening ?" WaitAnswer; clear if [[ ${answer} == yes ]]; then AddRules "CHECK_OPEN_PORT=yes" /etc/security/msec/security.conf - AddRules "0 0-23 * * * root nice --adjustment=+19 /etc/security/msec/cron-sh/security.sh" /etc/crontab + AddRules "0 0-23 * * * root nice --adjustment=+19 /usr/share/msec/security.sh" /etc/crontab fi ### @@ -78,7 +82,7 @@ echo "Do you want your system to check for grave permission problem on sensibles WaitAnswer; clear if [[ ${answer} == yes ]]; then AddRules "CHECK_PERMS=yes" /etc/security/msec/security.conf - AddRules "0 0-23 * * * root nice --adjustment=+19 /etc/security/msec/cron-sh/security.sh" /etc/crontab + AddRules "0 0-23 * * * root nice --adjustment=+19 /usr/share/msec/security.sh" /etc/crontab fi ### @@ -86,7 +90,7 @@ echo "Do you want your system to daily check SUID Root file change ?" WaitAnswer; clear if [[ ${answer} == yes ]]; then AddRules "CHECK_SUID_ROOT=yes" /etc/security/msec/security.conf - AddRules "0 0-23 * * * root nice --adjustment=+19 /etc/security/msec/cron-sh/security.sh" /etc/crontab + AddRules "0 0-23 * * * root nice --adjustment=+19 /usr/share/msec/security.sh" /etc/crontab fi ### @@ -94,7 +98,7 @@ echo "Do you want your system to daily check suid files md5 checksum changes ?" WaitAnswer; clear if [[ ${answer} == yes ]]; then AddRules "CHECK_SUID_MD5=yes" /etc/security/msec/security.conf - AddRules "0 0-23 * * * root nice --adjustment=+19 /etc/security/msec/cron-sh/security.sh" /etc/crontab + AddRules "0 0-23 * * * root nice --adjustment=+19 /usr/share/msec/security.sh" /etc/crontab fi ### @@ -102,7 +106,7 @@ echo "Do you want your system to daily check SUID Group file change ?" WaitAnswer; clear if [[ ${answer} == yes ]]; then AddRules "CHECK_SUID_GROUP=yes" /etc/security/msec/security.conf - AddRules "0 0-23 * * * root nice --adjustment=+19 /etc/security/msec/cron-sh/security.sh" /etc/crontab + AddRules "0 0-23 * * * root nice --adjustment=+19 /usr/share/msec/security.sh" /etc/crontab fi ### @@ -110,7 +114,7 @@ echo "Do you want your system to daily check Writeable file change ?" WaitAnswer; clear if [[ ${answer} == yes ]]; then AddRules "CHECK_WRITEABLE=yes" /etc/security/msec/security.conf - AddRules "0 0-23 * * * root nice --adjustment=+19 /etc/security/msec/cron-sh/security.sh" /etc/crontab + AddRules "0 0-23 * * * root nice --adjustment=+19 /usr/share/msec/security.sh" /etc/crontab fi ### @@ -118,7 +122,7 @@ echo "Do you want your system to daily check Unowned file change ?" WaitAnswer; clear if [[ ${answer} == yes ]]; then AddRules "CHECK_UNOWNED=yes" /etc/security/msec/security.conf - AddRules "0 0-23 * * * root nice --adjustment=+19 /etc/security/msec/cron-sh/security.sh" /etc/crontab + AddRules "0 0-23 * * * root nice --adjustment=+19 /usr/share/msec/security.sh" /etc/crontab fi ### @@ -127,7 +131,7 @@ echo "is in promiscuous state (which mean someone is probably running a sniffer WaitAnswer; clear if [[ ${answer} == yes ]]; then AddRules "CHECK_PROMISC=yes" /etc/security/msec/security.conf - AddRules "*/1 * * * * root nice --adjustment=+19 /etc/security/msec/cron-sh/promisc_check.sh" /etc/crontab + AddRules "*/1 * * * * root nice --adjustment=+19 /usr/share/msec/promisc_check.sh" /etc/crontab fi ### @@ -169,7 +173,7 @@ WaitAnswer; clear if [[ ${answer} == yes ]]; then echo -n "Disabling all service, except : {" chkconfig --list | awk '{print $1}' | while read service; do - if grep -qx ${service} /etc/security/msec/init-sh/server.4; then + if grep -qx ${service} /etc/security/msec/server.4; then echo -n " ${service}" fi done @@ -242,3 +246,11 @@ AddRules "export PATH SECURE_LEVEL" /etc/profile + + + + + + + + diff --git a/init-sh/init.sh b/init-sh/init.sh deleted file mode 100755 index a748541..0000000 --- a/init-sh/init.sh +++ /dev/null @@ -1,25 +0,0 @@ -#!/bin/bash - -if [[ -z $1 ]]; then - echo "Usage : $0 [0-5]" - echo "Usage : $0 \"custom\"" - exit 1 -fi - - -if [[ ${1} == custom ]]; then - /etc/security/msec/init-sh/custom.sh - exit 0; -fi - -if [[ -f /etc/security/msec/init-sh/level$1.sh ]]; then - /etc/security/msec/init-sh/level$1.sh - if [[ -f /etc/security/msec/init-sh/perm.$1 ]]; then - /etc/security/msec/init-sh/file_perm.sh /etc/security/msec/init-sh/perm.$1 - else - echo "Couldn't find the default permissions for level $1." - fi -else - echo "Security level $1 not availlable..." -fi - diff --git a/init-sh/level0.sh b/init-sh/level0.sh index ea5181c..b979b61 100755 --- a/init-sh/level0.sh +++ b/init-sh/level0.sh @@ -5,6 +5,7 @@ # Writen by Vandoorselaere Yoann # + if [[ -f /etc/security/msec/init-sh/lib.sh ]]; then . /etc/security/msec/init-sh/lib.sh else @@ -74,7 +75,7 @@ AddBegRules "/usr/X11R6/bin/xhost +" /etc/X11/xinit/xinitrc # Group echo "Adding system users to specific groups :" -/etc/security/msec/init-sh/grpuser.sh --refresh +/usr/share/msec/grpuser.sh --refresh echo -e "done.\n" # Boot on a shell / authorize ctrl-alt-del diff --git a/init-sh/level1.sh b/init-sh/level1.sh index 32d00f1..0c17880 100755 --- a/init-sh/level1.sh +++ b/init-sh/level1.sh @@ -5,9 +5,11 @@ # Writen by Vandoorselaere Yoann # -if [[ -f /etc/security/msec/init-sh/lib.sh ]]; then - . /etc/security/msec/init-sh/lib.sh + +if [[ -f /usr/share/msec/lib.sh ]]; then + . /usr/share/msec/lib.sh else + echo "Can't find /usr/share/msec/lib.sh, exiting." exit 1 fi @@ -75,7 +77,7 @@ AddBegRules "/usr/X11R6/bin/xhost + localhost" /etc/X11/xinit/xinitrc # Group echo "Adding system users to specific groups :" -/etc/security/msec/init-sh/grpuser.sh --refresh +/usr/share/msec/grpuser.sh --refresh grpconv echo -e "done.\n" diff --git a/init-sh/level2.sh b/init-sh/level2.sh index e012f72..9348529 100755 --- a/init-sh/level2.sh +++ b/init-sh/level2.sh @@ -5,9 +5,12 @@ # Writen by Vandoorselaere Yoann # -if [[ -f /etc/security/msec/init-sh/lib.sh ]]; then - . /etc/security/msec/init-sh/lib.sh + + +if [[ -f /usr/share/msec/lib.sh ]]; then + . /usr/share/msec/lib.sh else + echo "Can't find /usr/share/msec/lib.sh, exiting." exit 1 fi @@ -74,7 +77,7 @@ AddBegRules "/usr/X11R6/bin/xhost + localhost" /etc/X11/xinit/xinitrc # group echo "Adding system users to specifics groups :" -/etc/security/msec/init-sh/grpuser.sh --refresh +/usr/share/msec/grpuser.sh --refresh grpconv echo -e "done.\n" @@ -87,3 +90,5 @@ cat ${tmpfile} | \ sed s'/ca::ctrlaltdel:\/sbin\/shutdown -a -t3 -r now/ca::ctrlaltdel:\/sbin\/shutdown -t3 -r now/' > /etc/inittab rm -f ${tmpfile} echo "done." + + diff --git a/init-sh/level3.sh b/init-sh/level3.sh index 1e78f93..bf53c66 100755 --- a/init-sh/level3.sh +++ b/init-sh/level3.sh @@ -5,13 +5,14 @@ # Writen by Vandoorselaere Yoann # -if [[ -f /etc/security/msec/init-sh/lib.sh ]]; then - . /etc/security/msec/init-sh/lib.sh + +if [[ -f /usr/share/msec/lib.sh ]]; then + . /usr/share/msec/lib.sh else + echo "Can't find /usr/share/msec/lib.sh, exiting." exit 1 fi -# All events logged on tty12 echo "Loging all messages on tty12 : " AddRules "*.* /dev/tty12" /etc/syslog.conf @@ -59,7 +60,7 @@ echo -e "\t- Security warning in syslog : yes." # Crontab echo "Adding permission check in crontab (scheduled every midnight) :" -AddRules "0 0 * * * root /etc/security/msec/cron-sh/security.sh" /etc/crontab +AddRules "0 0 * * * root /usr/share/msec/security.sh" /etc/crontab # lilo update echo -n "Running lilo to record new config : " diff --git a/init-sh/level4.sh b/init-sh/level4.sh index 18d9aac..75a0e85 100755 --- a/init-sh/level4.sh +++ b/init-sh/level4.sh @@ -6,10 +6,10 @@ # Writen by Vandoorselaere Yoann # - -if [[ -f /etc/security/msec/init-sh/lib.sh ]]; then - . /etc/security/msec/init-sh/lib.sh +if [[ -f /usr/share/msec/lib.sh ]]; then + . /usr/share/msec/lib.sh else + echo "Can't find /usr/share/msec/lib.sh, exiting." exit 1 fi @@ -68,10 +68,10 @@ echo -e "\t- Security warning in syslog : yes." # Check every 1 minutes for promisc problem echo "Adding promisc check in crontab (scheduled every minutes) :" -AddRules "*/1 * * * * root /etc/security/msec/cron-sh/promisc_check.sh" /etc/crontab +AddRules "*/1 * * * * root /usr/share/msec/promisc_check.sh" /etc/crontab echo "Adding \"diff\" & \"global\" security check in crontab (scheduled every midnight) :" -AddRules "0 0 * * * root /etc/security/msec/cron-sh/security.sh" /etc/crontab +AddRules "0 0 * * * root /usr/share/msec/security.sh" /etc/crontab # Do you want a password ? LiloUpdate; @@ -88,7 +88,7 @@ IFS=" " echo -n "Disabling all service, except : {" for service in `chkconfig --list | awk '{print $1}'`; do - if grep -qx ${service} /etc/security/msec/init-sh/server.4; then + if grep -qx ${service} /etc/security/msec/server.4; then echo -n " ${service}" fi done diff --git a/init-sh/level5.sh b/init-sh/level5.sh index 9e8af53..59dc413 100755 --- a/init-sh/level5.sh +++ b/init-sh/level5.sh @@ -5,8 +5,11 @@ # Writen by Vandoorselaere Yoann # -if [[ -f /etc/security/msec/init-sh/lib.sh ]]; then - . /etc/security/msec/init-sh/lib.sh +if [[ -f /usr/share/msec/lib.sh ]]; then + . /usr/share/msec/lib.sh +else + echo "Can't find /usr/share/msec/lib.sh, exiting." + exit 1 fi echo -e "Changing attribute of /var/log/* to append only...\n" @@ -60,10 +63,10 @@ echo -e "\t- Security warning in syslog : yes." ################ Crontab things ################### # Check every 1 minutes for promisc problem echo "Adding promisc check in crontab (scheduled every minutes) :" -AddRules "*/1 * * * * root /etc/security/msec/cron-sh/promisc_check.sh" /etc/crontab +AddRules "*/1 * * * * root /usr/share/msec/promisc_check.sh" /etc/crontab echo "Adding \"diff\" & \"global\" security check in crontab (scheduled every midnight) :" -AddRules "0 0 * * * root /etc/security/msec/cron-sh/security.sh" /etc/crontab +AddRules "0 0 * * * root /usr/share/msec/security.sh" /etc/crontab ################################################### @@ -83,7 +86,7 @@ IFS=" export SECURE_LEVEL=5 echo -n "Disabling all service, except : {" for service in `chkconfig --list | awk '{print $1}'`; do - if grep -qx ${service} /etc/security/msec/init-sh/server.5; then + if grep -qx ${service} /etc/security/msec/server.5; then echo -n " ${service}" fi done diff --git a/init-sh/lib.sh b/init-sh/lib.sh index 920996f..7f55c7c 100644 --- a/init-sh/lib.sh +++ b/init-sh/lib.sh @@ -197,7 +197,7 @@ groupadd audio >& /dev/null groupadd xgrp >& /dev/null usermod -G xgrp xfs -/etc/security/msec/init-sh/grpuser.sh --clean +/usr/share/msec/grpuser.sh --clean echo diff --git a/init-sh/msec b/init-sh/msec new file mode 100755 index 0000000..ee69564 --- /dev/null +++ b/init-sh/msec @@ -0,0 +1,25 @@ +#!/bin/bash + +if [[ -z $1 ]]; then + echo "Usage : $0 [0-5]" + echo "Usage : $0 \"custom\"" + exit 1 +fi + + +if [[ ${1} == custom ]]; then + /usr/share/msec/custom.sh + exit 0; +fi + +if [[ -f /usr/share/msec/level$1.sh ]]; then + /usr/share/msec/level$1.sh + if [[ -f /usr/share/msec/perm.$1 ]]; then + /usr/share/msec/file_perm.sh /usr/share/msec/perm.$1 + else + echo "Couldn't find the default permissions for level $1." + fi +else + echo "Security level $1 not availlable..." +fi + diff --git a/init-sh/perm.0 b/init-sh/perm.0 deleted file mode 100644 index 9ade3c2..0000000 --- a/init-sh/perm.0 +++ /dev/null @@ -1,66 +0,0 @@ -# Welcome in Level 1 -### -/bin/ root.root 755 -/boot/ root.root 755 -/dev/ root.root 755 -/dev/audio* root.audio 660 -/dev/dsp* root.audio 660 -/etc/ root.root 755 -/etc/conf.modules root.root 644 -/etc/cron.daily/ root.root 755 -/etc/cron.hourly/ root.root 755 -/etc/cron.monthly/ root.root 755 -/etc/cron.weekly/ root.root 755 -/etc/crontab root.root 644 -/etc/dhcpcd/ root.root 755 -/etc/dhcpcd/* root.root 644 -/etc/esd.conf root.root 644 -/etc/ftpaccess root.root 644 -/etc/ftpconversions root.root 644 -/etc/ftpgroups root.root 644 -/etc/ftphosts root.root 644 -/etc/ftpusers root.root 644 -/etc/gettydefs root.root 644 -/etc/hosts.allow root.root 644 -/etc/hosts.deny root.root 644 -/etc/hosts.equiv root.root 644 -/etc/inetd.conf root.root 644 -/etc/init.d/ root.root 755 -/etc/rc.d/init.d/syslog root.root 744 -/etc/inittab root.root 644 -/etc/ld.so.conf root.root 644 -/etc/lilo.conf root.root 644 -/etc/modules.conf root.root 644 -/etc/motd root.root 644 -/etc/printcap root.root 644 -/etc/profile root.root 644 -/etc/rc.d/ root.root 755 -/etc/securetty root.root 644 -/etc/sendmail.cf root.root 644 -/etc/shutdown.allow root.root 644 -/etc/ssh_config root.root 644 -/etc/ssh_host_key root.root 644 -/etc/ssh_host_key.pub root.root 644 -/etc/sshd_config root.root 644 -/etc/syslog.conf root.root 644 -/etc/updatedb.conf root.root 644 -/home/ root.root 755 -/home/* current 755 -/lib/ root.root 755 -/mnt/ root.root 755 -/root/ root.root 755 -/sbin/ root.root 755 -/tmp/ root.root 1777 -/usr/ root.root 755 -/usr/* root.root 755 -/usr/X11R6/ root.root 755 -/usr/bin/ root.root 755 -/usr/bin/* root.root 755 -/usr/sbin/ root.root 755 -/usr/sbin/* root.root 755 -/var/ root.root 755 -/var/log/ root.root 755 -/var/log/* root.adm 644 -/var/log/security/ root.root 700 -/var/log/security/* root.root 600 -/var/spool/mail/ root.mail 771 diff --git a/init-sh/perm.1 b/init-sh/perm.1 deleted file mode 100644 index 8fc7d12..0000000 --- a/init-sh/perm.1 +++ /dev/null @@ -1,66 +0,0 @@ -# Welcome in Level 1 -### -/bin/ root.root 755 -/boot/ root.root 755 -/dev/ root.root 755 -/dev/audio* root.audio 660 -/dev/dsp* root.audio 660 -/etc/ root.root 755 -/etc/conf.modules root.root 644 -/etc/cron.daily/ root.root 755 -/etc/cron.hourly/ root.root 755 -/etc/cron.monthly/ root.root 755 -/etc/cron.weekly/ root.root 755 -/etc/crontab root.root 644 -/etc/dhcpcd/ root.root 755 -/etc/dhcpcd/* root.root 644 -/etc/esd.conf root.root 644 -/etc/ftpaccess root.root 644 -/etc/ftpconversions root.root 644 -/etc/ftpgroups root.root 644 -/etc/ftphosts root.root 644 -/etc/ftpusers root.root 644 -/etc/gettydefs root.root 644 -/etc/hosts.allow root.root 644 -/etc/hosts.deny root.root 644 -/etc/hosts.equiv root.root 644 -/etc/inetd.conf root.root 644 -/etc/init.d/ root.root 755 -/etc/rc.d/init.d/syslog root.root 744 -/etc/inittab root.root 644 -/etc/ld.so.conf root.root 644 -/etc/lilo.conf root.root 644 -/etc/modules.conf root.root 644 -/etc/motd root.root 644 -/etc/printcap root.root 644 -/etc/profile root.root 644 -/etc/rc.d/ root.root 755 -/etc/securetty root.root 644 -/etc/sendmail.cf root.root 644 -/etc/shutdown.allow root.root 644 -/etc/ssh_config root.root 644 -/etc/ssh_host_key root.root 644 -/etc/ssh_host_key.pub root.root 644 -/etc/sshd_config root.root 644 -/etc/syslog.conf root.root 644 -/etc/updatedb.conf root.root 644 -/home/ root.root 755 -/home/* current 755 -/lib/ root.root 755 -/mnt/ root.root 755 -/root/ root.root 755 -/sbin/ root.root 755 -/tmp/ root.root 1777 -/usr/ root.root 755 -/usr/* root.root 755 -/usr/X11R6/ root.root 755 -/usr/bin/ root.root 755 -/usr/bin/* root.root 755 -/usr/sbin/ root.root 755 -/usr/sbin/* root.root 755 -/var/ root.root 755 -/var/log/ root.root 755 -/var/log/* root.adm 644 -/var/log/security/ root.root 700 -/var/log/security/* root.root 600 -/var/spool/mail/ root.mail 2775 diff --git a/init-sh/perm.2 b/init-sh/perm.2 deleted file mode 100644 index c6a3d41..0000000 --- a/init-sh/perm.2 +++ /dev/null @@ -1,66 +0,0 @@ -# Welcome in Level 2 -### -/bin/ root.root 755 -/boot/ root.root 755 -/dev/ root.root 755 -/dev/audio* root.audio 660 -/dev/dsp* root.audio 660 -/etc/ root.root 755 -/etc/conf.modules root.root 644 -/etc/cron.daily/ root.root 755 -/etc/cron.hourly/ root.root 755 -/etc/cron.monthly/ root.root 755 -/etc/cron.weekly/ root.root 755 -/etc/crontab root.root 644 -/etc/dhcpcd/ root.root 755 -/etc/dhcpcd/* root.root 644 -/etc/esd.conf root.root 644 -/etc/ftpaccess root.root 644 -/etc/ftpconversions root.root 644 -/etc/ftpgroups root.root 644 -/etc/ftphosts root.root 644 -/etc/ftpusers root.root 644 -/etc/gettydefs root.root 644 -/etc/hosts.allow root.root 644 -/etc/hosts.deny root.root 644 -/etc/hosts.equiv root.root 644 -/etc/inetd.conf root.root 644 -/etc/init.d/ root.root 755 -/etc/rc.d/init.d/syslog root.root 744 -/etc/inittab root.root 644 -/etc/ld.so.conf root.root 644 -/etc/lilo.conf root.root 644 -/etc/modules.conf root.root 644 -/etc/motd root.root 644 -/etc/printcap root.root 644 -/etc/profile root.root 644 -/etc/rc.d/ root.root 755 -/etc/securetty root.root 644 -/etc/sendmail.cf root.root 644 -/etc/shutdown.allow root.root 644 -/etc/ssh_config root.root 644 -/etc/ssh_host_key root.root 644 -/etc/ssh_host_key.pub root.root 644 -/etc/sshd_config root.root 644 -/etc/syslog.conf root.root 644 -/etc/updatedb.conf root.root 644 -/home/ root.root 755 -/home/* current 755 -/lib/ root.root 755 -/mnt/ root.root 755 -/root/ root.root 700 -/sbin/ root.root 755 -/tmp/ root.root 1777 -/usr/ root.root 755 -/usr/* root.root 755 -/usr/X11R6/ root.root 755 -/usr/bin/ root.root 755 -/usr/bin/* root.root 755 -/usr/sbin/ root.root 755 -/usr/sbin/* root.root 755 -/var/ root.root 755 -/var/log/ root.root 755 -/var/log/* root.adm 640 -/var/log/security/ root.root 700 -/var/log/security/* root.root 600 -/var/spool/mail/ root.mail 2775 diff --git a/init-sh/perm.3 b/init-sh/perm.3 deleted file mode 100644 index 2c8520d..0000000 --- a/init-sh/perm.3 +++ /dev/null @@ -1,66 +0,0 @@ -# Welcome in Level 3 -### -/bin/ root.root 755 -/boot/ root.root 755 -/dev/ root.root 755 -/dev/audio* root.audio 660 -/dev/dsp* root.audio 660 -/etc/ root.root 755 -/etc/conf.modules root.root 644 -/etc/cron.daily/ root.root 755 -/etc/cron.hourly/ root.root 755 -/etc/cron.monthly/ root.root 755 -/etc/cron.weekly/ root.root 755 -/etc/crontab root.root 644 -/etc/dhcpcd/ root.root 755 -/etc/dhcpcd/* root.root 644 -/etc/esd.conf root.root 644 -/etc/ftpaccess root.root 644 -/etc/ftpconversions root.root 644 -/etc/ftpgroups root.root 644 -/etc/ftphosts root.root 644 -/etc/ftpusers root.root 644 -/etc/gettydefs root.root 644 -/etc/hosts.allow root.root 644 -/etc/hosts.deny root.root 644 -/etc/hosts.equiv root.root 644 -/etc/inetd.conf root.root 644 -/etc/init.d/ root.root 755 -/etc/rc.d/init.d/syslog root.root 700 -/etc/inittab root.root 644 -/etc/ld.so.conf root.root 644 -/etc/lilo.conf root.root 644 -/etc/modules.conf root.root 644 -/etc/motd root.root 644 -/etc/printcap root.root 644 -/etc/profile root.root 644 -/etc/rc.d/ root.root 755 -/etc/securetty root.root 644 -/etc/sendmail.cf root.root 644 -/etc/shutdown.allow root.root 644 -/etc/ssh_config root.root 644 -/etc/ssh_host_key root.root 644 -/etc/ssh_host_key.pub root.root 644 -/etc/sshd_config root.root 644 -/etc/syslog.conf root.adm 640 -/etc/updatedb.conf root.root 644 -/home/ root.root 755 -/home/* current 700 -/lib/ root.root 755 -/mnt/ root.root 755 -/root/ root.root 700 -/sbin/ root.root 755 -/tmp/ root.root 1777 -/usr/ root.root 755 -/usr/* root.root 755 -/usr/X11R6/ root.root 755 -/usr/bin/ root.root 755 -/usr/bin/* root.root 755 -/usr/sbin/ root.root 755 -/usr/sbin/* root.root 755 -/var/ root.root 755 -/var/log/ root.root 755 -/var/log/* root.root 600 -/var/log/security/ root.root 700 -/var/log/security/* root.root 600 -/var/spool/mail/ root.mail 2775 diff --git a/init-sh/perm.4 b/init-sh/perm.4 deleted file mode 100644 index ef31596..0000000 --- a/init-sh/perm.4 +++ /dev/null @@ -1,66 +0,0 @@ -# Welcome in Level 4, aka secure & usable. -### -/bin/ root.root 711 -/boot/ root.root 700 -/dev/ root.root 711 -/dev/audio* root.audio 600 -/dev/dsp* root.audio 600 -/etc/ root.adm 711 -/etc/conf.modules root.adm 640 -/etc/cron.daily/ root.adm 750 -/etc/cron.hourly/ root.adm 750 -/etc/cron.monthly/ root.adm 750 -/etc/cron.weekly/ root.adm 750 -/etc/crontab root.adm 640 -/etc/dhcpcd/ root.adm 750 -/etc/dhcpcd/* root.adm 640 -/etc/esd.conf root.audio 640 -/etc/ftpaccess root.adm 640 -/etc/ftpconversions root.adm 640 -/etc/ftpgroups root.adm 640 -/etc/ftphosts root.adm 640 -/etc/ftpusers root.adm 640 -/etc/gettydefs root.adm 640 -/etc/hosts.allow root.adm 640 -/etc/hosts.deny root.adm 640 -/etc/hosts.equiv root.adm 640 -/etc/inetd.conf root.adm 640 -/etc/rc.d/init.d/ root.adm 750 -/etc/rc.d/init.d/syslog root.adm 740 -/etc/inittab root.adm 640 -/etc/ld.so.conf root.adm 640 -/etc/lilo.conf root.adm 600 -/etc/modules.conf root.adm 640 -/etc/motd root.adm 644 -/etc/printcap root.lp 640 -/etc/profile root.root 644 -/etc/rc.d/ root.adm 640 -/etc/securetty root.adm 640 -/etc/sendmail.cf root.adm 640 -/etc/shutdown.allow root.root 600 -/etc/ssh_config root.root 644 -/etc/ssh_host_key root.adm 640 -/etc/ssh_host_key.pub root.adm 644 -/etc/sshd_config root.adm 640 -/etc/syslog.conf root.adm 640 -/etc/updatedb.conf root.adm 640 -/home/ root.adm 751 -/home/* current 700 -/lib/ root.adm 751 -/mnt/ root.adm 750 -/root/ root.root 700 -/sbin/ root.adm 751 -/tmp/ root.root 1777 -/usr/ root.adm 751 -/usr/* root.adm 751 -/usr/X11R6/ root.xgrp 751 -/usr/bin/ root.adm 751 -/usr/bin/* root.root 755 -/usr/sbin/ root.adm 751 -/usr/sbin/* root.root 755 -/var/ root.root 755 -/var/log/ root.root 711 -/var/log/* root.root 600 -/var/log/security/ root.root 700 -/var/log/security/* root.root 600 -/var/spool/mail/ root.mail 771 diff --git a/init-sh/perm.5 b/init-sh/perm.5 deleted file mode 100644 index a4d5755..0000000 --- a/init-sh/perm.5 +++ /dev/null @@ -1,67 +0,0 @@ -# Welcome in Level 5, aka paranoid. -### -/bin/ root.root 711 -/boot/ root.root 700 -/dev/ root.root 711 -/dev/audio* root.audio 600 -/dev/dsp* root.audio 600 -/etc/ root.root 711 -/etc/conf.modules root.root 600 -/etc/cron.daily/ root.root 700 -/etc/cron.hourly/ root.root 700 -/etc/cron.monthly/ root.root 700 -/etc/cron.weekly/ root.root 700 -/etc/crontab root.root 600 -/etc/dhcpcd/ root.root 700 -/etc/dhcpcd/* root.root 600 -/etc/esd.conf root.audio 640 -/etc/ftpaccess root.root 600 -/etc/ftpconversions root.root 600 -/etc/ftpgroups root.root 600 -/etc/ftphosts root.root 600 -/etc/ftpusers root.root 600 -/etc/gettydefs root.root 600 -/etc/hosts.allow root.root 600 -/etc/hosts.deny root.root 600 -/etc/hosts.equiv root.root 600 -/etc/inetd.conf root.root 600 -/etc/rc.d/init.d/ root.root 700 -/etc/rc.d/init.d/syslog root.root 700 -/etc/inittab root.root 600 -/etc/ld.so.conf root.root 600 -/etc/lilo.conf root.root 600 -/etc/modules.conf root.root 600 -/etc/motd root.root 644 -/etc/printcap root.lp 640 -/etc/profile root.root 644 -/etc/rc.d/ root.root 600 -/etc/securetty root.root 600 -/etc/sendmail.cf root.root 600 -/etc/shutdown.allow root.root 600 -/etc/ssh_config root.root 644 -/etc/ssh_host_key root.root 600 -/etc/ssh_host_key.pub root.root 644 -/etc/sshd_config root.root 600 -/etc/syslog.conf root.root 600 -/etc/updatedb.conf root.root 600 -/home/ root.root 711 -/home/* current 700 -/lib/ root.root 711 -/mnt/ root.root 710 -/root/ root.root 700 -/sbin/ root.root 711 -/tmp/ root.root 1777 -/usr/ root.root 711 -/usr/* root.root 711 -/usr/X11R6/ root.xgrp 710 -/usr/bin/ root.root 711 -/usr/bin/* root.root 755 -/usr/sbin/ root.root 711 -/usr/sbin/* root.root 700 -/usr/sbin/sendmail root.root 755 -/var/ root.root 755 -/var/log/ root.root 711 -/var/log/* root.root 600 -/var/log/security/ root.root 700 -/var/log/security/* root.root 600 -/var/spool/mail/ root.mail 771 diff --git a/init-sh/server.4 b/init-sh/server.4 deleted file mode 100644 index 044f0bf..0000000 --- a/init-sh/server.4 +++ /dev/null @@ -1,6 +0,0 @@ -crond -syslog -keytable -network -gpm -xfs diff --git a/init-sh/server.5 b/init-sh/server.5 deleted file mode 100644 index 044f0bf..0000000 --- a/init-sh/server.5 +++ /dev/null @@ -1,6 +0,0 @@ -crond -syslog -keytable -network -gpm -xfs -- cgit v1.2.1