BlueGreycalmElegant

Català-Valencià – Catalan中文 – Chinese (Simplified)中文 – Chinese (Traditional)Česky – CzechDansk – DanishNederlands – DutchEnglish – EnglishSuomi – FinnishFrançais – FrenchDeutsch – Germanעברית – Hebrewहिंदी – HindiMagyar – HungarianBahasa Indonesia – IndonesianItaliano – Italian日本語 – Japanese한국어 – KoreanМакедонски – Macedonianमराठी – MarathiNorsk – NorwegianPolski – PolishPortuguês – PortuguesePortuguês – Portuguese (Brazil)Русский – RussianSlovenčina – SlovakSlovenščina – SlovenianEspañol – SpanishSvenska – SwedishTürkçe – TurkishУкраїнська – UkrainianOëzbekcha – Uzbek

Compare Revisions

• This comparison shows the changes necessary to convert path

  → /alcasar.sh @ 2201

  → /alcasar.sh @ 2202

  ↔ Reverse comparison

• Compare Path:	Rev

  With Path:	Rev

Ignore whitespace Rev 2201 → Rev 2202

/alcasar.sh
46,6 → 46,7
# cron : Logs export + watchdog + connexion statistics
# fail2ban : Fail2ban IDS installation and configuration
# gammu_smsd : Autoregister addon via SMS (gammu-smsd)
# msec : Mandriva security package configuration
# post_install : Security, log rotation, etc.
DATE=`date '+%d %B %Y - %Hh%M'`
1863,7 → 1864,52
} # END gammu_smsd()
##########################################################
##################################################################
## Fonction "msec" ##
## - Application du niveau de sécurité fileserver ##
## - Désactiver l'autorisation de redémarrage ##
## - forcer les permissions sur les configurations ##
## - forcer les permissions sur les log ##
##################################################################
msec()
{
# Apply fileserver security level
$SED "s?BASE_LEVEL=.*?BASE_LEVEL=fileserver?g" /etc/security/msec/security.conf
# Disable Magic SysReq Keys
$SED "s?^ALLOW_REBOOT=.*?ALLOW_REBOOT=no?g" /etc/security/msec/level.fileserver
# Configure permissions monitoring and enforcement
cat <<EOF > /etc/security/msec/perm.local
/var/log/firefwall/ root.apache 750
/var/log/firewall/* root.apache 640
/etc/security/msec/perm.local root.root 640
/etc/security/msec/level.local root.root 640
/etc/freeradius-web root.apache 750
/etc/freeradius-web/admin.conf root.apache 640
/etc/raddb/dictionnary root.apache 640
/etc/raddb/ldap.attrmap root.radius 640
/etc/raddb/hints root.radius 640
/etc/raddb/huntgroups root.radius 640
/etc/raddb/attrs.access_reject root.radius 640
/etc/raddb/attrs.accounting_response root.radius 640
/etc/raddb/acct_users root.raidus 640
/etc/raddb/preproxy_users root.radius 640
/etc/raddb/modules/ldap radius.apache 660
/etc/raddb/sites-available/alcasar radius.apache 660
/etc/pki/* root.apache 750
/var/log/netflow/porttracker apache.apache 770
/var/log/netflow/porttracker/* apache.apache 770
EOF
/usr/sbin/msec
} # END msec()
##################################################################
## Fonction "post_install" ##
## - Modifying banners (locals et ssh) & prompts ##
## - SSH config ##
2144,7 → 2190,7
UPD_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f3`
mode="update"
fi
for func in init network ACC CA time_server init_db radius chilli dansguardian antivirus tinyproxy ulogd nfsen vnstat dnsmasq BL cron fail2ban gammu_smsd post_install
for func in init network ACC CA time_server init_db radius chilli dansguardian antivirus tinyproxy ulogd nfsen vnstat dnsmasq BL cron fail2ban gammu_smsd msec post_install
do
$func
# echo "*** 'debug' : end of function $func ***"; read a