# $Id: prototype,v 3.59 2000/11/17 17:22:39 chouanar Exp $ # # Author: Jean Chouanard # # ******************************************************************************************* # # Copyright (c) 2000 Xerox Corporation. All rights reserved. # # Redistribution and use in source and binary forms, with or without modification, # are permitted provided that the following conditions are met: # # Redistributions of source code must retain the above copyright notice, # this list of conditions and the following disclaimer. # # Redistributions in binary form must reproduce the above copyright notice, # this list of conditions and the following disclaimer in the documentation # and/or other materials provided with the distribution. # # Neither name of the Xerox, PARC, nor the names of its contributors may be # used to endorse or promote products derived from this software without # specific prior written permission. # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ``AS IS'' # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE XEROX CORPORATION OR CONTRIBUTORS BE # LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; # LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING # NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # # ******************************************************************************************* # ############################################################################ # # # Copyright (c) 1996 by Xerox Corporation. All rights reserved. # # # i pkginfo i postinstall i preinstall i postremove i preremove # i checkinstall # i request i space i depend # # Generic System cleanup # d none etc ? ? ? d none etc/rc0.d ? ? ? d none etc/rc1.d ? ? ? d none etc/rc2.d ? ? ? d none etc/rc3.d ? ? ? d none etc/rcS.d ? ? ? d none etc/inet ? ? ? d none etc/skel ? ? ? d none etc/default ? ? ? d none etc/init.d ? ? ? d none etc/cron.d ? ? ? d none etc/dt 0755 root bin d none etc/dt/config 0555 root root d none usr ? ? ? d none usr/sbin ? ? ? d none usr/bin ? ? ? d none usr/dt ? ? ? d none usr/dt/config ? ? ? d none var ? ? ? d none var/adm ? ? ? d none var/spool ? ? ? d none var/spool/cron ? ? ? d none var/spool/cron/crontabs ? ? ? d none opt ? ? ? # # Used by secclean as a restricted tmp directory # d none var/SECclean_tmp 0700 root sys # # Std directory for SECclean internal files and scripts # Based on /opt/local but it can be a symlink # d none opt/local/sbin 0755 root sys d none opt/local/bin 0755 root sys d none opt/local/etc 0755 root sys d none opt/local/man 0755 root sys d none opt/local/man/man1 0755 root sys d none opt/local/man/man4 0755 root sys # # ****************************** # Modified (Using sed) Files # ****************************** # # To add few common services # e sed etc/inet/services=services.sed ? ? ? # # System tuning, not only security # e sed etc/system=system.sed ? ? ? # # Disallow mounting suid # e sed etc/rmmount.conf=rmmount.conf.sed ? ? ? # # Turn off /usr/lib/saf/sac # e sed etc/inittab=inittab.sed ? ? ? # # PAM: disable the use of rcmd auth # e sed etc/pam.conf=pam_sed ? ? ? # # ****************************** # New Files # ****************************** # # The clean-up # d none opt/local/bin/clean-up 0700 root sys d none opt/local/bin/clean-up/Fix-modes 0700 root sys f none opt/local/bin/clean-up/Fix-modes/base_pkgs.h 0400 root sys f none opt/local/bin/clean-up/Fix-modes/exceptions.h 0400 root sys f none opt/local/bin/clean-up/Fix-modes/fix-modes 0500 root sys f none opt/local/bin/clean-up/Fix-modes/Makefile 0600 root sys d none opt/local/bin/clean-up/Fix-modes/old 0700 root sys f none opt/local/bin/clean-up/Fix-modes/old/fix-modes 0700 root sys f none opt/local/bin/clean-up/Fix-modes/old/modes.c 0600 root sys f none opt/local/bin/clean-up/Fix-modes/pmodes 0700 root sys f none opt/local/bin/clean-up/Fix-modes/pmodes.c 0400 root sys f none opt/local/bin/clean-up/Fix-modes/README.fix-modes 0600 root sys f none opt/local/bin/clean-up/Fix-modes/secure-modes 0700 root sys f none opt/local/bin/clean-up/Fix-modes/secure-modes.c 0400 root sys d none opt/local/bin/clean-up/Fix-modes_i386 0700 root sys f none opt/local/bin/clean-up/Fix-modes_i386/base_pkgs.h 0400 root sys f none opt/local/bin/clean-up/Fix-modes_i386/exceptions.h 0400 root sys f none opt/local/bin/clean-up/Fix-modes_i386/fix-modes 0500 root sys f none opt/local/bin/clean-up/Fix-modes_i386/Makefile 0600 root sys d none opt/local/bin/clean-up/Fix-modes_i386/old 0700 root sys f none opt/local/bin/clean-up/Fix-modes_i386/old/fix-modes 0700 root sys f none opt/local/bin/clean-up/Fix-modes_i386/old/modes.c 0600 root sys f none opt/local/bin/clean-up/Fix-modes_i386/pmodes 0700 root sys f none opt/local/bin/clean-up/Fix-modes_i386/pmodes.c 0400 root sys f none opt/local/bin/clean-up/Fix-modes_i386/README.fix-modes 0600 root sys f none opt/local/bin/clean-up/Fix-modes_i386/secure-modes 0700 root sys f none opt/local/bin/clean-up/Fix-modes_i386/secure-modes.c 0400 root sys f none opt/local/bin/clean-up/cleanup_5.8 0500 root sys f none opt/local/bin/clean-up/cleanup_5.7 0500 root sys f none opt/local/bin/clean-up/cleanup_5.6 0500 root sys f none opt/local/bin/clean-up/install.sh 0500 root sys # # Manual pages # f none opt/local/man/man1/yassp.1 0444 root sys f none opt/local/man/man1/secclean.1 0444 root sys f none opt/local/man/man1/clean_passwd.1 0444 root sys f none opt/local/man/man4/yassp.conf.4 0444 root sys # # The passwd cleanup awk script # f none opt/local/sbin/clean_passwd 0700 root sys f none opt/local/sbin/passwd.nawk 0400 root sys # # New startup script # f none etc/init.d/umask.sh 0744 root sys s none etc/rc0.d/S00umask.sh=../init.d/umask.sh 0744 root sys s none etc/rc1.d/S00umask.sh=../init.d/umask.sh 0744 root sys s none etc/rc2.d/S00umask.sh=../init.d/umask.sh 0744 root sys s none etc/rc3.d/S00umask.sh=../init.d/umask.sh 0744 root sys s none etc/rcS.d/S00umask.sh=../init.d/umask.sh 0744 root sys e none etc/init.d/nettune 0744 root sys s none etc/rcS.d/S31nettune=../init.d/nettune 0744 root sys # # Startup script we will replaced with the right # version depending on the OS # e sed etc/inet/inetd.conf=inetd.conf.sed ? ? ? e none etc/init.d/inetsvc_5.6 0744 root sys e none etc/init.d/inetinit_5.6 0744 root sys e none etc/init.d/inetsvc_5.7 0744 root sys e none etc/init.d/inetinit_5.7 0744 root sys e none etc/init.d/inetsvc_5.8 0744 root sys e none etc/init.d/inetinit_5.8 0744 root sys e none etc/init.d/network_5.8 0744 root sys # # The std shells file will be installed by the postinstall *only* # it doesn't already exist e none etc/shells 0644 root sys # # We want to log bad login # v none var/adm/loginlog=/dev/null 0600 root sys # f none etc/notrouter=/dev/null 0444 root sys # # Wrappers # f none usr/bin/openwin 0755 root root # # The fews binaries we install # f none usr/sbin/noshell_sparc 0755 root root f none usr/sbin/noshell_i386 0755 root root f none opt/local/bin/md5_sparc 0755 root root f none opt/local/bin/md5_i386 0755 root root # # ****************************** # Replaced Files # ****************************** # # Banners files # f none etc/SECclean_issue=etc/issue 0444 root sys f none etc/SECclean_motd=etc/motd 0444 root sys f none etc/SECclean_ftp-banner=etc/ftp-banner 0444 root sys # # The rhosts files # f none etc/SECclean_hosts.equiv=/dev/null 0400 root sys f none SECclean_.rhosts=/dev/null 0400 root sys # # The cron root # e none var/spool/cron/crontabs/SECclean_root=var/spool/cron/crontabs/root 0600 root root # f none etc/cron.d/SECclean_at.allow=etc/cron.d/at.allow 0444 root sys f none etc/cron.d/SECclean_cron.allow=etc/cron.d/cron.allow 0444 root sys # # Default setup # f none etc/default/SECclean_su=etc/default/su 0444 root sys f none etc/default/SECclean_sys-suspend=etc/default/sys-suspend 0444 root sys f none etc/default/SECclean_login=etc/default/login 0444 root sys f none etc/default/SECclean_passwd=etc/default/passwd 0444 root sys e none etc/default/SECclean_inetinit=etc/default/inetinit 0444 root sys f none etc/default/SECclean_ftpd=etc/default/ftpd 0444 root sys f none etc/default/SECclean_telnetd=etc/default/telnetd 0444 root sys # # e none etc/SECclean_syslog.conf=etc/syslog.conf 0600 root sys f none etc/syslog.conf.server 0600 root sys e none etc/SECclean_profile=etc/profile 0644 root sys f none etc/SECclean_ftpusers=etc/ftpusers 0644 root sys f none etc/SECclean_.login=etc/.login 0644 root sys # # For XDMCP f none usr/dt/config/SECclean_Xaccess=Xaccess 0444 root bin f none etc/dt/config/SECclean_Xaccess=Xaccess 0444 root bin # f none etc/skel/SECclean_local.profile=etc/skel/local.profile 0644 root sys f none etc/skel/SECclean_local.cshrc=etc/skel/local.cshrc 0644 root sys # # Add the /etc/yassp.conf file which control the /etc/rc?.d/S* files managed by SECClean # e none etc/yassp.conf 0755 root sys # # We now include what was PARCpkgu + the new way of dealing with # the rc files f none opt/local/sbin/cleanlib.sh=cleanlib.sh 0700 root sys # # # END # ********************************************************************** # $Log: prototype,v $ # Revision 3.59 2000/11/17 17:22:39 chouanar # Add syslog.conf.server # change syslog.conf # moved md5 from sbin to bin # # Revision 3.58 2000/11/16 20:20:13 chouanar # no more rpc sed script # # Revision 3.57 2000/11/12 00:50:27 chouanar # *** empty log message *** # # Revision 3.56 2000/11/08 17:29:01 chouanar # *** empty log message *** # # Revision 3.55 2000/11/08 00:04:04 chouanar # added: usr/sbin/noshell_i386, opt/local/sbin/md5_sparc and opt/local/sbin/md5_i386 # # Revision 3.54 2000/07/18 23:52:30 chouanar # license # # Revision 3.53 2000/07/13 19:36:01 chouanar # moved the startup files beiing installed as sym-link rather than hard-link # # Revision 3.52 2000/07/05 19:32:34 chouanar # re-add the root cronjob as an empty file # # Revision 3.51 2000/07/04 17:50:19 chouanar # license # # Revision 3.50 2000/06/26 18:44:32 chouanar # removed the root crontab # # Revision 3.49 2000/06/26 04:07:29 chouanar # it's clean_passwd.1 not cleanup_passwd.1 for the man page. # # Revision 3.48 2000/06/25 22:32:29 chouanar # change the mode for the clean-up_OS script # # Revision 3.47 2000/06/25 21:38:00 chouanar # Include the clean-up directory and tools (cleanup(OS) and fix-modes) # # Revision 3.46 2000/06/14 05:37:30 chouanar # corrected /etc/default/passwd (Repported by Susan Ng ) # # Revision 3.45 2000/05/30 19:17:29 chouanar # add /etc/.login for seting up the UMASK correctly for csh users # # Revision 3.44 2000/05/25 16:58:54 chouanar # rc.conf -> yassp.conf # # Revision 3.43 2000/05/22 19:10:17 chouanar # removed opt/local from the prototype # # Revision 3.42 2000/05/22 05:04:32 chouanar # add noshell_sparc # # Revision 3.41 2000/05/21 20:19:43 chouanar # remove yassp.conf as we merged rc.conf and yassp.conf # # Revision 3.40 2000/05/21 18:21:11 chouanar # add inittab # # Revision 3.39 2000/05/19 21:50:24 chouanar # add syslog.conf # # Revision 3.38 2000/05/19 21:14:02 chouanar # Solaris 8 Support # # Revision 3.37 2000/05/16 23:27:41 chouanar # add the changes to handle /opt/local or /usr/local # # Revision 3.36 2000/05/16 20:41:04 chouanar # commented out the checkinstall. # # Revision 3.35 2000/05/08 19:54:44 chouanar # *** empty log message *** # # Revision 3.34 2000/04/12 19:32:11 chouanar # *** empty log message *** # # Revision 3.33 2000/04/12 19:30:24 chouanar # *** empty log message *** # # Revision 3.32 2000/04/11 23:44:06 chouanar # *** empty log message *** # # Revision 3.31 2000/04/11 23:41:52 chouanar # add the Xaccess files # # Revision 3.30 2000/04/11 21:58:41 chouanar # add etc/default/telnetd # # Revision 3.29 2000/04/11 21:25:43 chouanar # add at.allow and cron.allow with root only # # Revision 3.28 2000/04/11 21:20:03 chouanar # re-order # # Revision 3.27 2000/04/11 20:47:04 chouanar # add /etc/default/ftpd # # Revision 3.26 2000/04/11 20:42:58 chouanar # add /etc/ftp-banner # # Revision 3.25 2000/04/11 00:40:02 chouanar # *** empty log message *** # # Revision 3.24 2000/04/11 00:29:42 chouanar # add /etc/skel/local.cshrc and local.profile to delete the '.' from the path # also reset the umask to 077 # # Revision 3.23 2000/04/10 23:35:22 chouanar # add sys-suspend # # Revision 3.22 2000/03/22 19:12:34 chouanar # yassp.conf must be readable # # Revision 3.21 2000/03/15 21:43:43 chouanar # typo # # Revision 3.20 2000/03/15 21:35:33 chouanar # add new inet[svc|init] which use SUNSTARTUP and MULTICAST, and which ar OS dependent # # Revision 3.19 2000/03/15 06:54:02 chouanar # typo on passwordd => password # # Revision 3.18 2000/03/15 06:30:31 chouanar # add the /ect/default/password file # # Revision 3.17 2000/03/08 21:43:10 chouanar # add yassp.conf # # Revision 3.16 2000/03/07 00:24:56 chouanar # first try with the new way of handling the startup script through rc.conf # # Revision 3.15 2000/03/05 21:07:45 chouanar # add /etc/notrouter /etc/motd /etc/issue and rc.conf # # Revision 3.14 2000/02/20 17:59:57 chouanar # *** empty log message *** # # Revision 3.13 2000/02/20 16:29:52 chouanar # commented out request # # Revision 3.12 2000/02/20 08:22:12 chouanar # remove tmpfix which is in fact included on the OS # # Revision 3.11 2000/02/19 21:09:32 chouanar # add tmpfix # # Revision 3.10 2000/02/19 18:42:37 chouanar # *** empty log message *** # # Revision 3.9 2000/02/19 04:24:06 chouanar # Start to register for the new version of SECclean # # Revision 3.8 1999/12/23 01:52:26 chouanar # wrong mode for the passwd file # # Revision 3.7 1999/07/19 18:17:50 chouanar # add pam.conf sed script to get rid of ruser authentication # # Revision 3.6 1999/07/08 23:39:55 chouanar # typo again # # Revision 3.5 1999/07/08 23:39:18 chouanar # typo # # Revision 3.4 1999/07/08 22:25:36 chouanar # add the /var/adm/loginlog file # # Revision 3.3 1999/06/30 19:41:33 chouanar # Add the /etc/init.d/umask.sh + /etc/rc?.d/ links # # Revision 3.2 1999/06/20 16:41:28 chouanar # add hosts.equiv and .rhosts, deleted in.identd # # Revision 3.1 1999/03/15 06:10:57 chouanar # first version using PARCpkgu # # Revision 3.0 1999/03/14 23:16:04 chouanar # new SECclean, Compatible 2.[67], using the new PARCpkgu # # Revision 2.0 1998/11/17 22:48:51 jean # *** empty log message *** # # # **********************************************************************