blob: e3b92b0ac51a55337f296d62ff78c845058d0960 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
|
#
# Security level implementation...
# Writen by Vandoorselaere Yoann
#
# Need root access
if [[ ${UID} != 0 ]]; then
echo "You need to be root in order to change secure level."
exit 1
fi
export COMMENT="# Mandrake-Security : if you remove this comment, remove the next line too."
AddRules() {
string=$1
file=$2
quiet=$3
if [[ -z ${string} ]]; then
return;
fi
if [[ -z ${quiet} ]]; then
echo "Modifying config in ${file}..."
fi
if ! grep -qEx "^${string}" ${file}; then
echo -e "${COMMENT}" >> ${file};
echo -e "${string}" >> ${file};
fi
if [[ -z ${3} ]]; then
echo -e "done.\n"
fi
}
CleanRules() {
echo -en "\t- Cleaning msec appended line in $1 : "
perl -ni -e '$_ eq "$ENV{COMMENT}\n" ... // or print' $1
echo "done."
}
CommentUserRules() {
file=$1
if [[ ! -f ${file} ]]; then
return;
fi
echo -en "\t- Cleaning user appended line in ${file} : "
tmpfile=`mktemp /tmp/secure.XXXXXX`
cp -f ${file} ${tmpfile}
while read line; do
if ! echo "${line}" | grep -qE "^#"; then
echo "# ${line}"
else
echo "${line}"
fi
done < ${tmpfile} > ${file}
rm -f ${tmpfile}
echo "done."
}
RestoreIssues () {
if [ ! -f /etc/issue.net -a -f /etc/issue.net.msec ]; then
mv -f /etc/issue.net.msec /etc/issue.net
fi
if [ ! -f /etc/issue -a -f /etc/issue.msec ]; then
mv -f /etc/issue.msec /etc/issue
fi
}
# If we are currently installing our
# system with DrakX, we don't ask anything to the user...
# Instead, DrakX do it and give us a file with some variable.
if [[ -f /etc/security/msec/security.conf ]]; then
. /etc/security/msec/security.conf
fi
CleanRules /etc/syslog.conf
CleanRules /etc/hosts.deny
CleanRules /etc/hosts.allow
CleanRules /etc/securetty
CleanRules /etc/security/msec/security.conf
CleanRules /etc/ld.so.preload
CleanRules /etc/host.conf
CleanRules /etc/sysctl.conf
CleanRules /etc/logrotate.conf
CleanRules /etc/rc.d/rc.local
CleanRules /etc/rc.d/rc.firewall
CleanRules /etc/crontab
CleanRules /etc/profile
CleanRules /etc/zprofile
RestoreIssues
if [[ -f /etc/X11/xinit.d/msec ]]; then
CleanRules /etc/X11/xinit.d/msec
else
touch /etc/X11/xinit.d/msec
chmod 755 /etc/X11/xinit.d/msec
fi
if [[ -f /etc/sysconfig/msec ]]; then
CleanRules /etc/sysconfig/msec
fi
if [[ -f /etc/profile.d/msec.sh && -f /etc/profile.d/msec.csh ]]; then
CleanRules /etc/profile.d/msec.sh
CleanRules /etc/profile.d/msec.csh
else
chmod 755 /etc/profile.d/msec.sh
chmod 755 /etc/profile.d/msec.csh
fi
|
