46,6 → 46,7 |
# cron : Logs export + watchdog + connexion statistics |
# fail2ban : Fail2ban IDS installation and configuration |
# gammu_smsd : Autoregister addon via SMS (gammu-smsd) |
# msec : Mandriva security package configuration |
# post_install : Security, log rotation, etc. |
|
DATE=`date '+%d %B %Y - %Hh%M'` |
1863,7 → 1864,52 |
|
} # END gammu_smsd() |
|
########################################################## |
|
################################################################## |
## Fonction "msec" ## |
## - Application du niveau de sécurité fileserver ## |
## - Désactiver l'autorisation de redémarrage ## |
## - forcer les permissions sur les configurations ## |
## - forcer les permissions sur les log ## |
################################################################## |
msec() |
{ |
|
# Apply fileserver security level |
$SED "s?BASE_LEVEL=.*?BASE_LEVEL=fileserver?g" /etc/security/msec/security.conf |
# Disable Magic SysReq Keys |
$SED "s?^ALLOW_REBOOT=.*?ALLOW_REBOOT=no?g" /etc/security/msec/level.fileserver |
|
|
# Configure permissions monitoring and enforcement |
cat <<EOF > /etc/security/msec/perm.local |
/var/log/firefwall/ root.apache 750 |
/var/log/firewall/* root.apache 640 |
/etc/security/msec/perm.local root.root 640 |
/etc/security/msec/level.local root.root 640 |
/etc/freeradius-web root.apache 750 |
/etc/freeradius-web/admin.conf root.apache 640 |
/etc/raddb/dictionnary root.apache 640 |
/etc/raddb/ldap.attrmap root.radius 640 |
/etc/raddb/hints root.radius 640 |
/etc/raddb/huntgroups root.radius 640 |
/etc/raddb/attrs.access_reject root.radius 640 |
/etc/raddb/attrs.accounting_response root.radius 640 |
/etc/raddb/acct_users root.raidus 640 |
/etc/raddb/preproxy_users root.radius 640 |
/etc/raddb/modules/ldap radius.apache 660 |
/etc/raddb/sites-available/alcasar radius.apache 660 |
/etc/pki/* root.apache 750 |
/var/log/netflow/porttracker apache.apache 770 |
/var/log/netflow/porttracker/* apache.apache 770 |
|
EOF |
|
/usr/sbin/msec |
|
} # END msec() |
|
################################################################## |
## Fonction "post_install" ## |
## - Modifying banners (locals et ssh) & prompts ## |
## - SSH config ## |
2144,7 → 2190,7 |
UPD_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f3` |
mode="update" |
fi |
for func in init network ACC CA time_server init_db radius chilli dansguardian antivirus tinyproxy ulogd nfsen vnstat dnsmasq BL cron fail2ban gammu_smsd post_install |
for func in init network ACC CA time_server init_db radius chilli dansguardian antivirus tinyproxy ulogd nfsen vnstat dnsmasq BL cron fail2ban gammu_smsd msec post_install |
do |
$func |
# echo "*** 'debug' : end of function $func ***"; read a |