From 1a9bc2960c427a5737719d054fa9ad156a42892b Mon Sep 17 00:00:00 2001 From: Jonas Smedegaard Date: Tue, 2 Apr 2002 06:51:01 +0000 Subject: harden: Uncommenting works now! (solution: the hashmark needs to be included in the match string). --- cfengine/cf.services.harden | 128 +++++++++++++------------------------------- 1 file changed, 38 insertions(+), 90 deletions(-) diff --git a/cfengine/cf.services.harden b/cfengine/cf.services.harden index 21f8bf1..c34638c 100644 --- a/cfengine/cf.services.harden +++ b/cfengine/cf.services.harden @@ -47,94 +47,42 @@ editfiles: # # Uncomment suggested defaults # -# SetCommentStart "#" -# SetCommentEnd "" - ResetSearch "1" - LocateLineMatching "^#[[:blank:]]*root=.*" - ReplaceLineWith "root=/" - ResetSearch "1" - LocateLineMatching "^#[[:blank:]]*known=.*" - ReplaceLineWith "known=/var/lib/integrit/known.cdb" - ResetSearch "1" - LocateLineMatching "^#[[:blank:]]*current=.*" - ReplaceLineWith "current=/var/lib/integrit/current.cdb" - ResetSearch "1" - LocateLineMatching "^#[[:blank:]]*!/cdrom" - ReplaceLineWith "!/cdrom" - ResetSearch "1" - LocateLineMatching "^#[[:blank:]]*!/dev" - ReplaceLineWith "!/dev" - ResetSearch "1" - LocateLineMatching "^#[[:blank:]]*!/etc" - ReplaceLineWith "!/etc" - ResetSearch "1" - LocateLineMatching "^#[[:blank:]]*!/floppy" - ReplaceLineWith "!/floppy" - ResetSearch "1" - LocateLineMatching "^#[[:blank:]]*!/home" - ReplaceLineWith "!/home" - ResetSearch "1" - LocateLineMatching "^#[[:blank:]]*!/lost\+found" - ReplaceLineWith "!/lost+found" - ResetSearch "1" - LocateLineMatching "^#[[:blank:]]*!/mnt" - ReplaceLineWith "!/mnt" - ResetSearch "1" - LocateLineMatching "^#[[:blank:]]*!/proc" - ReplaceLineWith "!/proc" - ResetSearch "1" - LocateLineMatching "^#[[:blank:]]*!/root" - ReplaceLineWith "!/root" - ResetSearch "1" - LocateLineMatching "^#[[:blank:]]*!/tmp" - ReplaceLineWith "!/tmp" - ResetSearch "1" - LocateLineMatching "^#[[:blank:]]*!/var" - ReplaceLineWith "!/var" - ResetSearch "1" - LocateLineMatching "^#[[:blank:]]*=/usr/include" - ReplaceLineWith "=/usr/include" - ResetSearch "1" - LocateLineMatching "^#[[:blank:]]*=/usr/X11R6/include" - ReplaceLineWith "=/usr/X11R6/include" - ResetSearch "1" - LocateLineMatching "^#[[:blank:]]*=/usr/doc" - ReplaceLineWith "=/usr/doc" - ResetSearch "1" - LocateLineMatching "^#[[:blank:]]*=/usr/info" - ReplaceLineWith "=/usr/info" - ResetSearch "1" - LocateLineMatching "^#[[:blank:]]*=/usr/share" - ReplaceLineWith "=/usr/share" - ResetSearch "1" - LocateLineMatching "^#[[:blank:]]*=/usr/X11R6/man" - ReplaceLineWith "=/usr/X11R6/man" - ResetSearch "1" - LocateLineMatching "^#[[:blank:]]*=/usr/X11R6/lib/X11/fonts" - ReplaceLineWith "=/usr/X11R6/lib/X11/fonts" - ResetSearch "1" - LocateLineMatching "^#[[:blank:]]*!/usr/local" - ReplaceLineWith "!/usr/local" - ResetSearch "1" - LocateLineMatching "^#[[:blank:]]*!/usr/src" - ReplaceLineWith "!/usr/src" - ResetSearch "1" - CatchAbort - AppendIfNoLineMatching "!/initrc" - AppendIfNoLineMatching "!/.journal" - AppendIfNoLineMatching "!/usr/local" - AppendIfNoLineMatching "!/usr/src" + SetCommentStart "# " + SetCommentEnd "" + UnCommentLinesMatching "^# root=/" + UnCommentLinesMatching "^# known=/var/lib/integrit/.*" + UnCommentLinesMatching "^# current=/var/lib/integrit/.*" + UnCommentLinesMatching "^# !/cdrom" + UnCommentLinesMatching "^# !/dev" + UnCommentLinesMatching "^# !/etc" + UnCommentLinesMatching "^# !/floppy" + UnCommentLinesMatching "^# !/home" + UnCommentLinesMatching "^# !/lost\+found" + UnCommentLinesMatching "^# !/mnt" + UnCommentLinesMatching "^# !/proc" + UnCommentLinesMatching "^# !/root" + UnCommentLinesMatching "^# !/tmp" + UnCommentLinesMatching "^# !/var" + UnCommentLinesMatching "^# =/usr/include" + UnCommentLinesMatching "^# =/usr/X11R6/include" + UnCommentLinesMatching "^# =/usr/doc" + UnCommentLinesMatching "^# =/usr/info" + UnCommentLinesMatching "^# =/usr/share" + UnCommentLinesMatching "^# =/usr/X11R6/man" + UnCommentLinesMatching "^# =/usr/X11R6/lib/X11/fonts" + UnCommentLinesMatching "^# !/usr/local" + UnCommentLinesMatching "^# !/usr/src" + AppendIfNoSuchLine "!/initrc" + AppendIfNoSuchLine "!/.journal" + AppendIfNoSuchLine "!/usr/local" + AppendIfNoSuchLine "!/usr/src" + } + { /etc/cron.daily/integrit + # + # Uncomment defaults + # + SetCommentStart " # ! " + SetCommentEnd "" + UnCommentLinesMatching " # ! if .*" + UnCommentLinesMatching " # ! fi" } -# { /etc/cron.daily/integrit -# # -# # Uncomment defaults -# # -## SetCommentStart "# ! " -## SetCommentEnd "" -# ResetSearch "1" -# LocateLineMatching '^[[:blank:]]*\#[[:blank:]]*\# ! if \[ "$\(echo "$output".*' -# ReplaceLineWith ' if [ "$\(echo "$output" | egrep -v "^integrit: ")" ]; then' -# ResetSearch "1" -# LocateLineMatching "^[[:blank:]]*#[[:blank:]]*# ! fi" -# ReplaceLineWith " fi" -# } -- cgit v1.2.3