Navigation

Changeset 113

Timestamp:

11/21/07 08:45:36 (1 year ago)

Author:

slawrence

Message:

Added/fixed STIG scripts

Files:

r112	r113
12	12	if [ -z `echo $USERINFO \| cut -d: -f2` ]
13	13	then
14		usermod -L -s /dev/null `echo $USERINFO \| cut -d: -f1`
	14	/usr/sbin/usermod -L -s /dev/null `echo $USERINFO \| cut -d: -f1`
15	15	fi
16	16	done;

r110	r113
6	6	echo 'Patching GEN005000: Set shell of ftp user'
7	7	echo '==================================================='
8		usermod -s /dev/null ftp
	8	/usr/sbin/usermod -s /dev/null ftp

r110	r113
12	12	NAMEID=`id -u $NAME`
13	13	if [ $NAMEID -lt 500 -a $NAME != 'root' ]; then
14		usermod -L -s /dev/null $NAME
	14	/usr/sbin/usermod -L -s /dev/null $NAME
15	15	fi
16	16	done

r106	r113
1	1	#!/bin/sh
2	2
3		# Default system accounts are not to be run as at jobs.
	3	## (GEN003320: CAT II) (Previously â G213) The SA will ensure default system
	4	## accounts (with the possible exception of root) are not listed in the
	5	## at.allow file. If there is only an at.deny file, the default accounts
	6	## (with the possible exception of root) will be listed there.
4	7	echo '==================================================='
5		echo ' Patching GEN003320: Disallow system account access'
6		echo ' as at jobs.'
	8	echo ' Patching GEN003320: Only root may be in at.allow'
7	9	echo '==================================================='
8		echo "daemon
9		bin
10		adm
11		uucp
12		lp
13		news
14		nobody
15		ftp
16		sshd
17		smmsp" > /etc/at.deny
	10	echo "root" > /etc/at.allow

r106	r113
7	7	echo 'Patching Cat III Secuity issues'
8	8	for i in `ls cat3`; do cat3/$i; done;
	9	echo 'Patching Cat IV Secuity issues'
	10	for i in `ls cat4`; do cat4/$i; done;
	11
9	12	echo "run-fixes.sh completed" >> /root/stig-fixes-run.txt

* Generating other formats may take time.