From b57cda9734af353d56ddb926f6f1068450d52f58 Mon Sep 17 00:00:00 2001 From: Eugeni Dodonov Date: Tue, 6 Jan 2009 22:30:52 +0000 Subject: Added updated profile.d files. --- msec.csh | 66 ------------------------------------------------------ msec.sh | 39 -------------------------------- profile.d/msec.csh | 62 ++++++++++++++++++++++++++++++++++++++++++++++++++ profile.d/msec.sh | 31 +++++++++++++++++++++++++ 4 files changed, 93 insertions(+), 105 deletions(-) delete mode 100755 msec.csh delete mode 100755 msec.sh create mode 100755 profile.d/msec.csh create mode 100755 profile.d/msec.sh diff --git a/msec.csh b/msec.csh deleted file mode 100755 index 362f51d..0000000 --- a/msec.csh +++ /dev/null @@ -1,66 +0,0 @@ -#--------------------------------------------------------------- -# Project : Mandriva Linux -# Module : msec -# File : msec.csh -# Version : $Id$ -# Author : Yoann Vandoorselaere -# Created On : Wed Feb 13 18:35:58 2002 -# Purpose : settings according to security level -#--------------------------------------------------------------- - -if ( -r /etc/sysconfig/msec ) then - eval `sed -n 's/^\([^#]*\)=\([^#]*\)/set \1=\2;/p' < /etc/sysconfig/msec` -endif - -if ( $uid >= 500 ) then - if ( ${?UMASK_USER} ) then - umask ${UMASK_USER} - else - umask 022 - endif -else - if ( ${?UMASK_ROOT} ) then - umask ${UMASK_ROOT} - else - umask 002 - endif -endif - - -# (pixel) tcsh doesn't handle directory in the PATH being non-readable -# in security high, /usr/bin is 751, aka non-readable -# using unhash *after modifying PATH* fixes the pb -# So while modifying the PATH, do not rely on the PATH until unhash is done - -if ! { (echo "${PATH}" | /bin/grep -q /usr/games) } then - setenv PATH "${PATH}:/usr/games" -endif - -if ( ${?SECURE_LEVEL} ) then - if ( ${SECURE_LEVEL} <= 1 ) then - if ! { (echo "${PATH}" | /bin/fgrep -q :.) } then - setenv PATH "${PATH}:." - endif - endif -endif - -# using unhash *after modifying PATH* (see above) -if (! -r /usr/bin) then - unhash -endif - - -# translate sh variables from /etc/sysconfig/msec to their equivalent in csh -if ( ${?TMOUT} ) then - set autologout=`expr $TMOUT / 60` -endif - -if ( ${?HISTFILESIZE} ) then - set history=$HISTFILESIZE -endif - -if ( ${?SECURE_LEVEL} ) then - setenv SECURE_LEVEL ${SECURE_LEVEL} -endif - -# msec.csh ends here diff --git a/msec.sh b/msec.sh deleted file mode 100755 index 34c3786..0000000 --- a/msec.sh +++ /dev/null @@ -1,39 +0,0 @@ -#--------------------------------------------------------------- -# Project : Mandriva Linux -# Module : msec -# File : msec.sh -# Version : $Id$ -# Author : Yoann Vandoorselaere -# Created On : Wed Feb 13 18:35:58 2002 -# Purpose : settings according to security level -#--------------------------------------------------------------- - -if [ -r /etc/sysconfig/msec ]; then - . /etc/sysconfig/msec -fi - -if [ `id -u` -ge 500 ]; then - if [ -n "$UMASK_USER" ]; then - umask $UMASK_USER - else - umask 022 - fi -else - if [ -n "$UMASK_ROOT" ]; then - umask $UMASK_ROOT - else - umask 002 - fi -fi - -if [ -n "$SECURE_LEVEL" ]; then - if [ "$SECURE_LEVEL" -le 1 ] && ! echo ${PATH} | fgrep -q :.; then - export PATH=$PATH:. - fi -fi - -export SECURE_LEVEL - -[ -n "$TMOUT" ] && type typeset > /dev/null 2>&1 && typeset -r TMOUT - -# msec.sh ends here diff --git a/profile.d/msec.csh b/profile.d/msec.csh new file mode 100755 index 0000000..0a6bd70 --- /dev/null +++ b/profile.d/msec.csh @@ -0,0 +1,62 @@ +# shell security options + +if ( -r /etc/security/shell ) then + eval `sed -n 's/^\([^#]*\)=\([^#]*\)/set \1=\2;/p' < /etc/security/shell` +endif + +if ( $uid >= 500 ) then + if ( ${?UMASK_USER} ) then + umask ${UMASK_USER} + else + umask 022 + endif +else + if ( ${?UMASK_ROOT} ) then + umask ${UMASK_ROOT} + else + umask 002 + endif +endif + + +# (pixel) tcsh doesn't handle directory in the PATH being non-readable +# in security high, /usr/bin is 751, aka non-readable +# using unhash *after modifying PATH* fixes the pb +# So while modifying the PATH, do not rely on the PATH until unhash is done + +if ! { (echo "${PATH}" | /bin/grep -q /usr/X11R6/bin) } then + setenv PATH "${PATH}:/usr/X11R6/bin" +endif + +if ! { (echo "${PATH}" | /bin/grep -q /usr/games) } then + setenv PATH "${PATH}:/usr/games" +endif + +if ( ${?SECURE_LEVEL} ) then + if ( ${SECURE_LEVEL} <= 1 ) then + if ! { (echo "${PATH}" | /bin/fgrep -q :.) } then + setenv PATH "${PATH}:." + endif + endif +endif + +# using unhash *after modifying PATH* (see above) +if (! -r /usr/bin) then + unhash +endif + + +# translate sh variables from /etc/security/shell to their equivalent in csh +if ( ${?TMOUT} ) then + set autologout=`expr $TMOUT / 60` +endif + +if ( ${?HISTFILESIZE} ) then + set history=$HISTFILESIZE +endif + +if ( ${?SECURE_LEVEL} ) then + setenv SECURE_LEVEL ${SECURE_LEVEL} +endif + +# msec.csh ends here diff --git a/profile.d/msec.sh b/profile.d/msec.sh new file mode 100755 index 0000000..288d72b --- /dev/null +++ b/profile.d/msec.sh @@ -0,0 +1,31 @@ +# shell security options + +if [ -r /etc/security/shell ]; then + . /etc/security/shell +fi + +if [ `id -u` -ge 500 ]; then + if [ -n "$UMASK_USER" ]; then + umask $UMASK_USER + else + umask 022 + fi +else + if [ -n "$UMASK_ROOT" ]; then + umask $UMASK_ROOT + else + umask 022 + fi +fi + +if [ -n "$SECURE_LEVEL" ]; then + if [ "$SECURE_LEVEL" -le 1 ] && ! echo ${PATH} | fgrep -q :.; then + export PATH=$PATH:. + fi +fi + +export SECURE_LEVEL + +[ -n "$TMOUT" ] && type typeset > /dev/null 2>&1 && typeset -r TMOUT + +# msec.sh ends here -- cgit v1.2.1