do the security stuff

1 files changed, 31 insertions, 1 deletions

diff --git a/add-service b/add-service
index c8d4917..ee29e9e 100755
--- a/add-service
+++ b/add-service
@@ -20,8 +20,38 @@ num=$2				# number of packages installed
 srv=$3				# name of the service
 
 if [ $num = 1 ]; then
-    /sbin/chkconfig --add $srv
+    # Install mode: add the services
+    if [ -r /etc/sysconfig/msec ]; then
+	. /etc/sysconfig/msec
+    fi
+    if [ -n "$SECURE_LEVEL" -a "$SECURE_LEVEL" -gt 3 ]; then
+	# High security: add only authorized services
+	LIST=/etc/security/msec/server
+	# during the install the symlink isn't done so find the right file
+	# by ourseleves
+	if [ -n "$DURING_INSTALL" -a ! -f $LIST ]; then
+	    LIST=/etc/security/msec/server.$SECURE_LEVEL
+	fi
+	if [ -f $LIST ]; then
+	    if grep -q "^${srv}$" $LIST ; then
+		/sbin/chkconfig --add $srv
+	    fi
+	else
+	    # do an exception for initscripts services that could be installed
+	    # before msec and should anyway be added
+	    if [ $pkg = initscripts ]; then
+		/sbin/chkconfig --add $srv
+	    else
+		echo "add-service: $srv not added because /etc/security/msec/server is not present." 1>&2
+		echo "You should run msec to correct that." 1>&2
+	    fi
+	fi
+    else
+	# Low security: install all the services
+	/sbin/chkconfig --add $srv
+    fi
 else
+    # Upgrade mode: restart the service if already running
     if [ -f /var/lock/subsys/$srv ]; then
 	/sbin/service $srv restart > /dev/null 2>/dev/null || :
 	# restart services that depend of portmap