From b9fb2a43edfea11a3f12b8400768d7992a590f6b Mon Sep 17 00:00:00 2001
From: Jonas Smedegaard <dr@jones.dk>
Date: Sun, 1 Jun 2003 12:33:19 +0000
Subject: Update integrit handling to post-woody (giving up on bug#153420 and
 backport a newer integrit instead).

---
 cfengine/cf.services.harden | 24 +++++++++++++++++-------
 1 file changed, 17 insertions(+), 7 deletions(-)

(limited to 'cfengine')

diff --git a/cfengine/cf.services.harden b/cfengine/cf.services.harden
index ebd5753..69ceeb1 100644
--- a/cfengine/cf.services.harden
+++ b/cfengine/cf.services.harden
@@ -55,7 +55,7 @@ editfiles:
 			InsertLine "!/dev/ttyS* # Added by cfengine"
 		EndGroup
 	}
-	## logcheck section
+	## integrit section
 	{ /etc/integrit/integrit.conf
 		#
 		# Uncomment suggested defaults
@@ -91,15 +91,25 @@ editfiles:
 		AppendIfNoSuchLine "!/usr/src"
 		AppendIfNoSuchLine "!/dev/cpu/mtrr"
 	}
-	{ /etc/cron.daily/integrit
+	{ /etc/integrit/integrit-debian.conf
 		#
-		# Uncomment defaults
+		# Make sure CONFIGS is set to /etc/integrit/integrit.conf
 		#
-		SetCommentStart "    # ! "
-		SetCommentEnd ""
-		UnCommentLinesMatching "    # ! if .*"
-		UnCommentLinesMatching "    # ! fi"
+		LocateLineMatching "^CONFIGS=.*"
+		BeginGroupIfNoLineMatching '^CONFIGS="/etc/integrit/integrit.conf"'
+			ReplaceLineWith 'CONFIGS="/etc/integrit/integrit.conf"'
+		EndGroup
 	}
+# BROKEN!!! See Debian bug#153420
+#	{ /etc/cron.daily/integrit
+#		#
+#		# Uncomment defaults
+#		#
+#		SetCommentStart "    # ! "
+#		SetCommentEnd ""
+#		UnCommentLinesMatching "    # ! if .*"
+#		UnCommentLinesMatching "    # ! fi"
+#	}
 
 	## logcheck section
 # FIXME: Put all files into $(LocalCommon)/logcheck/ignore.d.$(type)/local to support post-woody logcheck
-- 
cgit v1.2.3