#!/bin/sh # # Taken from Sun's undoable-hardening.driver # # This script differs from the file "hardening.driver" in # that all elements of this script can be successfully # backed out using the 'undo' feature of the Toolkit. # # Added the following finish scripts: # disable-serial-break.fin # enable-root-mailforward.fin # enable-sar.fin # install-boltpget.fin # install-bootmail.fin # install-prngd.fin # install-ssh.fin # install-ssl.fin # install-wget.fin # set-defaultrouter.fin # set-usrlocal-path.fin # Harry Hoffman DIR="`/bin/dirname $0`" export DIR . ${DIR}/uoa-driver.init JASS_FILES=" /etc/dt/config/Xaccess /etc/init.d/inetsvc /etc/init.d/nddconfig /etc/init.d/set-tmp-permissions /etc/issue /etc/motd /etc/notrouter /etc/rc2.d/S00set-tmp-permissions /etc/rc2.d/S07set-tmp-permissions /etc/rc2.d/S70nddconfig /etc/syslog.conf /etc/default/kbd " # Note: install-strong-permissions.fin and install-fix-modes.fin are # generally always the last Finish scripts to run as their effects # could be undone by Finish scripts that would follow them. The # install-fix-modes.fin script is generally run first. If additional # tightening is required, install-strong-permissions.fin can be used. # # Note: install-security-mode.fin is not included in the script list # since it requires manual intervention. For more information, refer # to the script source code. JASS_SCRIPTS=" disable-ab2.fin disable-apache.fin disable-asppp.fin disable-autoinst.fin disable-automount.fin disable-dhcpd.fin disable-directory.fin disable-dmi.fin disable-dtlogin.fin disable-ipv6.fin disable-kdc.fin disable-keyserv-uid-nobody.fin disable-ldap-client.fin disable-lp.fin disable-mipagent.fin disable-nfs-client.fin disable-nfs-server.fin disable-nscd-caching.fin # disable-picld.fin disable-ppp.fin disable-preserve.fin disable-power-mgmt.fin disable-remote-root-login.fin disable-rhosts.fin disable-rpc.fin disable-samba.fin disable-sendmail.fin disable-serial-break.fin disable-slp.fin disable-snmp.fin disable-spc.fin disable-syslogd-listen.fin disable-system-accounts.fin disable-uucp.fin disable-vold.fin disable-xserver-listen.fin disable-wbem.fin enable-ftpaccess.fin enable-ftp-syslog.fin enable-inetd-syslog.fin enable-priv-nfs-ports.fin # enable-process-accounting.fin enable-rfc1948.fin enable-root-mailforward.fin enable-sar.fin enable-stack-protection.fin # enable-tcpwrappers.fin install-at-allow.fin install-boltpget.fin install-bootmail.fin install-ftpusers.fin install-loginlog.fin install-newaliases.fin install-prngd.fin install-sadmind-options.fin install-security-mode.fin install-shells.fin install-ssh.fin install-ssl.fin install-sulog.fin install-wget.fin remove-unneeded-accounts.fin set-banner-ftpd.fin set-banner-telnetd.fin set-defaultrouter.fin set-ftpd-umask.fin set-login-retries.fin set-power-restrictions.fin set-root-group.fin set-rmmount-nosuid.fin set-sys-suspend-restrictions.fin set-system-umask.fin set-tmpfs-limit.fin set-user-password-reqs.fin set-user-umask.fin set-usrlocal-path.fin update-at-deny.fin update-cron-allow.fin update-cron-deny.fin update-cron-log-size.fin update-inetd-conf.fin install-md5.fin install-fix-modes.fin " . ${DIR}/uoa-driver.run