WebSVN – ALCASAR – Path Comparison – /

Ignore whitespace Rev 2201 → Rev 2202

 /alcasar.sh
 ,6 → 46,7
 #       cron                    : Logs export + watchdog + connexion statistics
 #       fail2ban                : Fail2ban IDS installation and configuration
 #       gammu_smsd              : Autoregister addon via SMS (gammu-smsd)
+#       msec                    : Mandriva security package configuration
 #       post_install            : Security, log rotation, etc.
 DATE=`date '+%d %B %Y - %Hh%M'`
 ,7 → 1864,52
 } # END gammu_smsd()
-##########################################################
+##################################################################
+##                      Fonction "msec"                         ##
+## - Application du niveau de sécurité fileserver             ##
+## - Désactiver l'autorisation de redémarrage                 ##
+## - forcer les permissions sur les configurations              ##
+## - forcer les permissions sur les log                         ##
+##################################################################
+msec()
+{
+# Apply fileserver security level
+$SED "s?BASE_LEVEL=.*?BASE_LEVEL=fileserver?g" /etc/security/msec/security.conf
+# Disable Magic SysReq Keys
+$SED "s?^ALLOW_REBOOT=.*?ALLOW_REBOOT=no?g" /etc/security/msec/level.fileserver
+# Configure permissions monitoring and enforcement
+cat <<EOF > /etc/security/msec/perm.local
+/var/log/firefwall/                     root.apache     750
+/var/log/firewall/*                     root.apache     640
+/etc/security/msec/perm.local           root.root       640
+/etc/security/msec/level.local          root.root       640
+/etc/freeradius-web                     root.apache     750
+/etc/freeradius-web/admin.conf          root.apache     640
+/etc/raddb/dictionnary                  root.apache     640
+/etc/raddb/ldap.attrmap                 root.radius     640
+/etc/raddb/hints                        root.radius     640
+/etc/raddb/huntgroups                   root.radius     640
+/etc/raddb/attrs.access_reject          root.radius     640
+/etc/raddb/attrs.accounting_response    root.radius     640
+/etc/raddb/acct_users                   root.raidus     640
+/etc/raddb/preproxy_users               root.radius     640
+/etc/raddb/modules/ldap                 radius.apache   660
+/etc/raddb/sites-available/alcasar      radius.apache   660
+/etc/pki/*                              root.apache     750
+/var/log/netflow/porttracker            apache.apache   770
+/var/log/netflow/porttracker/*          apache.apache   770
+EOF
+/usr/sbin/msec
+} # END msec()
+##################################################################
 ##              Fonction "post_install"                 ##
 ## - Modifying banners (locals et ssh) & prompts        ##
 ## - SSH config                                         ##
 ,7 → 2190,7
                         UPD_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f3`
                         mode="update"
                 fi
-                for func in init network ACC CA time_server init_db radius chilli dansguardian antivirus tinyproxy ulogd nfsen vnstat dnsmasq BL cron fail2ban gammu_smsd post_install
+                for func in init network ACC CA time_server init_db radius chilli dansguardian antivirus tinyproxy ulogd nfsen vnstat dnsmasq BL cron fail2ban gammu_smsd msec post_install
                 do
                         $func
 # echo "*** 'debug' : end of function $func ***"; read a

 /scripts/alcasar-urpmi.sh
 ,7 → 14,7
 # The kernel version we compile netflow for
 KERNEL="kernel-server-4.4.59-1.mga5-1-1.mga5"
 # ****** Alcasar needed RPMS - paquetages nécessaires au fonctionnement d'Alcasar ******
-PACKAGES="arp-scan vim-enhanced freeradius freeradius-mysql freeradius-ldap apache apache-mod_ssl apache-mod_php dansguardian postfix mariadb ntp bind-utils openssh-server php-xml php-ldap php-mysqli php-mbstring php-sockets php-cli php-curl php-pdo_sqlite php-json rng-utils rsync clamav perl-rrdtool perl-MailTools perl-Socket6 fail2ban gnupg ulogd pm-fallback-policy ipset cronie-anacron gammu usbutils locales-en usb_modeswitch tinyproxy vnstat php-gd sudo iftop man kernel-firmware-nonfree dos2unix p7zip bc"
+PACKAGES="arp-scan vim-enhanced freeradius freeradius-mysql freeradius-ldap apache apache-mod_ssl apache-mod_php dansguardian postfix mariadb ntp bind-utils openssh-server php-xml php-ldap php-mysqli php-mbstring php-sockets php-cli php-curl php-pdo_sqlite php-json rng-utils rsync clamav perl-rrdtool perl-MailTools perl-Socket6 fail2ban gnupg ulogd pm-fallback-policy ipset cronie-anacron gammu usbutils locales-en usb_modeswitch tinyproxy vnstat php-gd sudo iftop man kernel-firmware-nonfree dos2unix p7zip bc msec"
 rpm_repository_sync ()
 {
 ,7 → 216,7
 else
         echo "Nettoyage du système : "
 fi
-for rm_rpm in shorewall mandi avahi mageia-gfxboot-theme privoxy cpupower squid gamin wkhtmltopdf
+for rm_rpm in shorewall mandi avahi mageia-gfxboot-theme privoxy cpupower squid gamin
 do
         /usr/sbin/urpme --auto $rm_rpm --auto-orphans 2>/dev/null
         echo -n "."

Subversion Repositories ALCASAR

Compare Revisions

Ignore whitespace Rev 2201 → Rev 2202