Sophie

Sophie

distrib > Mandriva > 2009.1 > x86_64 > media > main-testing > by-pkgid > 89370a276a6f5aaa418243a78d653841 > scriptlet

msec-0.60.25-1mdv2009.1.x86_64.rpm

PREIN

/bin/sh
/usr/share/rpm-helper/add-group msec $1 xgrp  
/usr/share/rpm-helper/add-group msec $1 ntools  
/usr/share/rpm-helper/add-group msec $1 ctools

PREUN

/bin/sh
/usr/share/rpm-helper/del-service msec $1 msec

POSTIN

/bin/sh
/usr/share/rpm-helper/add-service msec $1 msec 

touch /var/log/security.log

if [ $1 != 1 ]; then
	# manage spelling change
     for i in /etc/security/msec/level.local /etc/security/msec/security.conf /var/lib/msec/security.conf; do
		if [ -f $i ]; then
			perl -pi -e 's/CHECK_WRITEABLE/CHECK_WRITABLE/g;s/CHECK_SUID_GROUP/CHECK_SGID/g' $i
		fi
	done
	for ext in today yesterday diff; do
		if [ -f /var/log/security/writeable.$ext ]; then
			mv -f /var/log/security/writeable.$ext /var/log/security/writable.$ext
		fi
		if [ -f /var/log/security/suid_group.$ext ]; then
			mv -f /var/log/security/suid_group.$ext /var/log/security/sgid.$ext
		fi
	done

	# find secure level
	SL=$SECURE_LEVEL
 	[ ! -r /etc/sysconfig/msec ] || SL=`sed -n 's/SECURE_LEVEL=//p' < /etc/sysconfig/msec` || :

	# upgrade from old style msec or rerun the new msec
	if grep -q "# Mandrake-Security : if you remove this comment" /etc/profile; then
		[ -z "$SL" -a -r /etc/profile.d/msec.sh ] && SL=`sed -n 's/.*SECURE_LEVEL=//p' <  /etc/profile.d/msec.sh` || :
		/usr/share/msec/cleanold.sh || :
	fi

	# remove the old way of doing the daily cron
	rm -f /etc/cron.d/msec

	# upgrading old config files
	if [ -n "$SL" ]; then
		# old msec installation, pre 2009.1
		# grab old configuration
		OLDCONFIG=`mktemp /etc/security/msec/upgrade.XXXXXX`
		[ -s /var/lib/msec/security.conf ] && cat /var/lib/msec/security.conf >> $OLDCONFIG
		[ -s /etc/security/msec/security.conf ] && cat /etc/security/msec/security.conf >> $OLDCONFIG
		if [ "$SL" -gt 3 ]; then
			NEWLEVEL="secure"
		elif [ "$SL" -gt 1 ]; then
			NEWLEVEL="standard"
		else
			NEWLEVEL="none"
		fi
		if [ ! -s /etc/security/msec/security.conf ]; then
			cp -f /etc/security/msec/level.$NEWLEVEL /etc/security/msec/security.conf
		fi
		if [ ! -s /etc/security/msec/perms.conf ]; then
			cp -f /etc/security/msec/perm.$NEWLEVEL /etc/security/msec/perms.conf
		fi

		if [ -f /etc/sysconfig/msec ]; then
			cat /etc/sysconfig/msec | grep -v SECURE_LEVEL > /etc/security/shell
		fi

		# upgrading old configuration
		if [ -s "$OLDCONFIG" ]; then
			cat ${OLDCONFIG} | sort | uniq >> /etc/security/msec/security.conf
		fi
		rm -f $OLDCONFIG
	fi

	# fixing spelling
	if [ -f /etc/security/msec/security.conf ]; then
		# without-password config setting
		sed -i -e 's/without_password/without-password/g' /etc/security/msec/security.conf
		# level name changes
		sed -i -e 's/=default$/=standard/g' /etc/security/msec/security.conf
		# variable name changes
		sed -i -e 's/RPM_CHECK=/CHECK_RPM=/g' -e 's/CHKROOTKIT_CHECK=/CHECK_CHKROOTKIT=/g' /etc/security/msec/security.conf
		# fixing WIN_PARTS_UMASK upgrade parameters
		sed -i -e 's/\(WIN_PARTS_UMASK\)=no/\1=0/g' /etc/security/msec/security.conf
		# serverlink changes
		sed -i -e 's/\(CREATE_SERVER_LINK\)=standard/\1=no/g' \
			-e 's/\(CREATE_SERVER_LINK\)=secure/\1=remote/g' \
			/etc/security/msec/security.conf
		# removing duplicated entries
		TEMPFILE=`mktemp /etc/security/msec/upgrade.XXXXXX`
		cat /etc/security/msec/security.conf | sort | uniq > $TEMPFILE 2>/dev/null && mv -f $TEMPFILE /etc/security/msec/security.conf
		test -f $TEMPFILE && rm -f $TEMPFILE
	fi
fi

# creating default configuration if not installed by installer
if [ "$DURING_INSTALL" != "1" ]; then
	if [ ! -s /etc/security/msec/security.conf ]; then
		# creating default level configuration
		cp -f /etc/security/msec/level.standard /etc/security/msec/security.conf
	fi

	if [ ! -s /etc/security/msec/perms.conf ]; then
		# creating default level configuration
		cp -f /etc/security/msec/perm.standard /etc/security/msec/perms.conf
	fi
fi

POSTUN

/bin/sh

if [ $1 = 0 ]; then
	# cleanup crontabs on package removal
	rm -f /etc/cron.d/msec /etc/cron.hourly/msec /etc/cron.daily/msec
fi

/usr/share/rpm-helper/del-group msec $1 xgrp 
/usr/share/rpm-helper/del-group msec $1 ntools 
/usr/share/rpm-helper/del-group msec $1 ctools