#!/bin/bash
# This script enables certain Linux security features to simlulate a security
# hardened environment. It can also disable the same features.
# Usage:
# To emulate security hardening:
# toggle_security_features.sh 1
# To emulate standard security:
# toggle_security_features.sh 0
set -u
if [[ "${1:-0}" == 1 ]]; then
echo "Simulate Security Hardening - crontab disallowed by default."
[[ -r /etc/cron.allow ]] || touch /etc/cron.allow
chmod 644 /etc/cron.allow
[[ -e /etc/cron.deny ]] && truncate -s 0 /etc/cron.deny
echo "cron.allow exists, cron.deny does not exist or is truncated."
else
echo "Simulate Standard Security - crontab allowed by default."
[[ -r /etc/cron.allow ]] && rm -f /etc/cron.allow
[[ -r /etc/cron.deny ]] || touch /etc/cron.deny
chmod 644 /etc/cron.deny
echo "cron.deny exists, cron.allow does not exist."
fi
| # | Change | User | Description | Committed | |
|---|---|---|---|---|---|
| #2 | 31239 | C. Thomas Tyler |
Added new LocalInstallInitDataHighSec test to test with "high security" umask 0027. Modified supporting script toggle_security_features.sh. Modified all tests that call install_sdp.sh to set umask explicitly; 0022 for standard security, 0027 for high security. |
||
| #1 | 31229 | C. Thomas Tyler | Added script to toggle security features. |