1874,9 → 1874,8 |
{ |
|
# Apply fileserver security level |
$SED "s?BASE_LEVEL=.*?BASE_LEVEL=fileserver?g" /etc/security/msec/security.conf |
# Disable Magic SysReq Keys |
$SED "s?^ALLOW_REBOOT=.*?ALLOW_REBOOT=no?g" /etc/security/msec/level.fileserver |
[ -e /etc/security/msec/security.conf.default ] || cp /etc/security/msec/security.conf /etc/security/msec/security.conf.default |
echo "BASE_LEVEL=fileserver" > /etc/security/msec/security.conf |
|
# Set permissions monitoring and enforcement |
cat <<EOF > /etc/security/msec/perm.local |
1892,16 → 1891,17 |
/etc/raddb/huntgroups root.radius 640 |
/etc/raddb/attrs.access_reject root.radius 640 |
/etc/raddb/attrs.accounting_response root.radius 640 |
/etc/raddb/acct_users root.raidus 640 |
/etc/raddb/acct_users root.radius 640 |
/etc/raddb/preproxy_users root.radius 640 |
/etc/raddb/modules/ldap radius.apache 660 |
/etc/raddb/sites-available/alcasar radius.apache 660 |
/etc/pki/* root.apache 750 |
/var/log/netflow/porttracker apache.apache 770 |
/var/log/netflow/porttracker/* apache.apache 770 |
/var/log/netflow/porttracker root.apache 770 |
/var/log/netflow/porttracker/* root.apache 660 |
EOF |
# apply now |
# apply now hourly & daily checks |
/usr/sbin/msec |
/etc/cron.weekly/msec |
|
} # END msec() |
|