| 1874,9 → 1874,8 |
|---|
| { |
| |
| # Apply fileserver security level |
| $SED "s?BASE_LEVEL=.*?BASE_LEVEL=fileserver?g" /etc/security/msec/security.conf |
| # Disable Magic SysReq Keys |
| $SED "s?^ALLOW_REBOOT=.*?ALLOW_REBOOT=no?g" /etc/security/msec/level.fileserver |
| [ -e /etc/security/msec/security.conf.default ] || cp /etc/security/msec/security.conf /etc/security/msec/security.conf.default |
| echo "BASE_LEVEL=fileserver" > /etc/security/msec/security.conf |
| |
| # Set permissions monitoring and enforcement |
| cat <<EOF > /etc/security/msec/perm.local |
| 1892,16 → 1891,17 |
|---|
| /etc/raddb/huntgroups root.radius 640 |
| /etc/raddb/attrs.access_reject root.radius 640 |
| /etc/raddb/attrs.accounting_response root.radius 640 |
| /etc/raddb/acct_users root.raidus 640 |
| /etc/raddb/acct_users root.radius 640 |
| /etc/raddb/preproxy_users root.radius 640 |
| /etc/raddb/modules/ldap radius.apache 660 |
| /etc/raddb/sites-available/alcasar radius.apache 660 |
| /etc/pki/* root.apache 750 |
| /var/log/netflow/porttracker apache.apache 770 |
| /var/log/netflow/porttracker/* apache.apache 770 |
| /var/log/netflow/porttracker root.apache 770 |
| /var/log/netflow/porttracker/* root.apache 660 |
| EOF |
| # apply now |
| # apply now hourly & daily checks |
| /usr/sbin/msec |
| /etc/cron.weekly/msec |
| |
| } # END msec() |
| |