PREIN
/bin/sh
/usr/share/rpm-helper/add-group msec $1 xgrp
/usr/share/rpm-helper/add-group msec $1 ntools
/usr/share/rpm-helper/add-group msec $1 ctools
PREUN
/bin/sh
/usr/share/rpm-helper/del-service msec $1 msec
POSTIN
/bin/sh
/usr/share/rpm-helper/add-service msec $1 msec
touch /var/log/security.log
if [ $1 != 1 ]; then
# manage spelling change
for i in /etc/security/msec/level.local /etc/security/msec/security.conf /var/lib/msec/security.conf; do
if [ -f $i ]; then
perl -pi -e 's/CHECK_WRITEABLE/CHECK_WRITABLE/g;s/CHECK_SUID_GROUP/CHECK_SGID/g' $i
fi
done
for ext in today yesterday diff; do
if [ -f /var/log/security/writeable.$ext ]; then
mv -f /var/log/security/writeable.$ext /var/log/security/writable.$ext
fi
if [ -f /var/log/security/suid_group.$ext ]; then
mv -f /var/log/security/suid_group.$ext /var/log/security/sgid.$ext
fi
done
# find secure level
SL=$SECURE_LEVEL
[ ! -r /etc/sysconfig/msec ] || SL=`sed -n 's/SECURE_LEVEL=//p' < /etc/sysconfig/msec` || :
# upgrade from old style msec or rerun the new msec
if grep -q "# Mandrake-Security : if you remove this comment" /etc/profile; then
[ -z "$SL" -a -r /etc/profile.d/msec.sh ] && SL=`sed -n 's/.*SECURE_LEVEL=//p' < /etc/profile.d/msec.sh` || :
/usr/share/msec/cleanold.sh || :
fi
# remove the old way of doing the daily cron
rm -f /etc/cron.d/msec
# upgrading old config files
if [ -n "$SL" ]; then
# old msec installation, pre 2009.1
# grab old configuration
OLDCONFIG=`mktemp /etc/security/msec/upgrade.XXXXXX`
[ -s /var/lib/msec/security.conf ] && cat /var/lib/msec/security.conf >> $OLDCONFIG
[ -s /etc/security/msec/security.conf ] && cat /etc/security/msec/security.conf >> $OLDCONFIG
if [ "$SL" -gt 3 ]; then
NEWLEVEL="secure"
elif [ "$SL" -gt 1 ]; then
NEWLEVEL="standard"
else
NEWLEVEL="none"
fi
if [ ! -s /etc/security/msec/security.conf ]; then
cp -f /etc/security/msec/level.$NEWLEVEL /etc/security/msec/security.conf
fi
if [ ! -s /etc/security/msec/perms.conf ]; then
cp -f /etc/security/msec/perm.$NEWLEVEL /etc/security/msec/perms.conf
fi
if [ -f /etc/sysconfig/msec ]; then
cat /etc/sysconfig/msec | grep -v SECURE_LEVEL > /etc/security/shell
fi
# upgrading old configuration
if [ -s "$OLDCONFIG" ]; then
cat ${OLDCONFIG} | sort | uniq >> /etc/security/msec/security.conf
fi
rm -f $OLDCONFIG
fi
# fixing spelling
if [ -f /etc/security/msec/security.conf ]; then
# without-password config setting
sed -i -e 's/without_password/without-password/g' /etc/security/msec/security.conf
# level name changes
sed -i -e 's/=default$/=standard/g' /etc/security/msec/security.conf
# variable name changes
sed -i -e 's/RPM_CHECK=/CHECK_RPM=/g' -e 's/CHKROOTKIT_CHECK=/CHECK_CHKROOTKIT=/g' /etc/security/msec/security.conf
# fixing WIN_PARTS_UMASK upgrade parameters
sed -i -e 's/\(WIN_PARTS_UMASK\)=no/\1=0/g' /etc/security/msec/security.conf
# serverlink changes
sed -i -e 's/\(CREATE_SERVER_LINK\)=standard/\1=no/g' \
-e 's/\(CREATE_SERVER_LINK\)=secure/\1=remote/g' \
/etc/security/msec/security.conf
# removing duplicated entries
TEMPFILE=`mktemp /etc/security/msec/upgrade.XXXXXX`
cat /etc/security/msec/security.conf | sort | uniq > $TEMPFILE 2>/dev/null && mv -f $TEMPFILE /etc/security/msec/security.conf
test -f $TEMPFILE && rm -f $TEMPFILE
fi
fi
# creating default configuration if not installed by installer
if [ "$DURING_INSTALL" != "1" ]; then
if [ ! -s /etc/security/msec/security.conf ]; then
# creating default level configuration
cp -f /etc/security/msec/level.standard /etc/security/msec/security.conf
fi
if [ ! -s /etc/security/msec/perms.conf ]; then
# creating default level configuration
cp -f /etc/security/msec/perm.standard /etc/security/msec/perms.conf
fi
fi
POSTUN
/bin/sh
if [ $1 = 0 ]; then
# cleanup crontabs on package removal
rm -f /etc/cron.d/msec /etc/cron.hourly/msec /etc/cron.daily/msec
fi
/usr/share/rpm-helper/del-group msec $1 xgrp
/usr/share/rpm-helper/del-group msec $1 ntools
/usr/share/rpm-helper/del-group msec $1 ctools