aboutsummaryrefslogtreecommitdiffstats
path: root/init-sh/cleanold.sh
blob: 90c2df8f16293afd46eeab1eb712aab23fb073f2 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
#
# Security level implementation...
# Writen by Vandoorselaere Yoann <yoann@mandrakesoft.com>
#

# Need root access
if [[ ${UID} != 0 ]]; then
    echo "You need to be root in order to change secure level."
    exit 1
fi

export COMMENT="# Mandrake-Security : if you remove this comment, remove the next line too."

AddRules() {
	string=$1
	file=$2
	quiet=$3

	if [[ -z ${string} ]]; then
		return;
	fi

	if [[ -z ${quiet} ]]; then
		echo "Modifying config in ${file}..."
	fi	
	
	if ! grep -qEx "^${string}" ${file}; then
		echo -e "${COMMENT}" >> ${file};
		echo -e "${string}" >> ${file};
	fi

	if [[ -z ${3} ]]; then
		echo -e "done.\n"
	fi
}

CleanRules() {
    echo -en "\t- Cleaning msec appended line in $1 : "

    perl -ni -e '$_ eq "$ENV{COMMENT}\n" ... // or print' $1        

    echo "done."
}

CommentUserRules() {
    file=$1

    if [[ ! -f ${file} ]]; then
	return;
    fi

    echo -en "\t- Cleaning user appended line in ${file} : "

    tmpfile=`mktemp /tmp/secure.XXXXXX`
    cp -f ${file} ${tmpfile}
      
    while read line; do
	if ! echo "${line}" | grep -qE "^#"; then
	    echo "# ${line}"
    else
		echo "${line}"
	fi
    done < ${tmpfile} > ${file}
  
    rm -f ${tmpfile}
    
    echo "done."
}

RestoreIssues () {
	if [ ! -f /etc/issue.net -a -f /etc/issue.net.msec ]; then
		mv -f /etc/issue.net.msec /etc/issue.net
	fi

	if [ ! -f /etc/issue -a -f /etc/issue.msec ]; then
		mv -f /etc/issue.msec /etc/issue
	fi
}

# If we are currently installing our
# system with DrakX, we don't ask anything to the user...
# Instead, DrakX do it and give us a file with some variable.
if [[ -f /etc/security/msec/security.conf ]]; then
    . /etc/security/msec/security.conf
fi

CleanRules /etc/syslog.conf
CleanRules /etc/hosts.deny
CleanRules /etc/hosts.allow
CleanRules /etc/securetty
CleanRules /etc/security/msec/security.conf
CleanRules /etc/ld.so.preload
CleanRules /etc/host.conf
CleanRules /etc/sysctl.conf

CleanRules /etc/logrotate.conf
CleanRules /etc/rc.d/rc.local
CleanRules /etc/rc.d/rc.firewall
CleanRules /etc/crontab
CleanRules /etc/profile
CleanRules /etc/zprofile

RestoreIssues

if [[ -f /etc/X11/xinit.d/msec ]]; then
	CleanRules /etc/X11/xinit.d/msec
else
	touch /etc/X11/xinit.d/msec 
	chmod 755 /etc/X11/xinit.d/msec
fi

if [[ -f /etc/sysconfig/msec ]]; then
	        CleanRules /etc/sysconfig/msec
fi

if [[ -f /etc/profile.d/msec.sh && -f /etc/profile.d/msec.csh ]]; then
        CleanRules /etc/profile.d/msec.sh
        CleanRules /etc/profile.d/msec.csh
else
        chmod 755 /etc/profile.d/msec.sh
        chmod 755 /etc/profile.d/msec.csh
fi  

# default group which must exist on the system
# groupadd already check for their existance...
groupadd nogroup >& /dev/null
groupadd audio >& /dev/null
groupadd xgrp >& /dev/null
groupadd ntools >& /dev/null
groupadd ctools >& /dev/null

usermod -G xgrp xfs