2016-11-09 22:25:00 -06:00
|
|
|
#!/bin/bash
|
2016-11-16 16:23:52 -06:00
|
|
|
DEPRIV=depriv
|
2016-11-09 22:25:00 -06:00
|
|
|
if [ ! -f /usr/local/src/SharedLibraries/Bash/header ]; then
|
|
|
|
echo This script requires the SharedLibraries package.
|
|
|
|
exit 1;
|
|
|
|
fi
|
|
|
|
source /usr/local/src/SharedLibraries/Bash/header
|
|
|
|
export logfile="/var/log/silent-guardian.log"
|
|
|
|
|
|
|
|
logstatement "Started $(date)"
|
|
|
|
|
|
|
|
# Fix the Webserver permissions
|
2016-11-16 16:23:52 -06:00
|
|
|
if [ -f /srv/http ]; then
|
|
|
|
chown -R $DEPRIV:http /srv/http/*
|
2016-11-09 22:25:00 -06:00
|
|
|
find /srv/http/* -type f -exec chmod 0640 {} \;
|
|
|
|
find /srv/http/* -type d -exec chmod 0750 {} \;
|
2016-11-16 16:23:52 -06:00
|
|
|
fi;
|
2016-11-09 22:25:00 -06:00
|
|
|
|
|
|
|
# Fix the media permissions
|
2016-11-16 16:23:52 -06:00
|
|
|
if [ -f /usr/lib/systemd/system/yggdrasil.service ]; then
|
|
|
|
chown -R $DEPRIV:http /srv/yggdrasil
|
|
|
|
/usr/local/bin/yggdrasil-lock
|
|
|
|
fi
|
2016-11-09 22:25:00 -06:00
|
|
|
# fix the WolfPack results location
|
2016-11-16 16:23:52 -06:00
|
|
|
if [ -x /usr/local/bin/wolfpack ]; then
|
|
|
|
find /srv/wolfpack -type d -exec chmod 0755 {} \;
|
|
|
|
find /srv/wolfpack -type f -exec chmod 0644 {} \;
|
|
|
|
fi
|
2016-11-09 22:25:00 -06:00
|
|
|
|
|
|
|
# Seal the special directories.
|
|
|
|
for i in $(ls -a /srv/yggdrasil/Digital_Library/ | egrep '^\.[a-zA-Z0-9]+$'); do
|
2016-11-16 16:23:52 -06:00
|
|
|
chown $DEPRIV:$DEPRIV -R $i;
|
2016-11-09 22:25:00 -06:00
|
|
|
find $i -type f -exec chmod 0400 {} \;
|
|
|
|
find $i -type d -exec chmod 0500 {} \;
|
|
|
|
done
|
|
|
|
|
|
|
|
# Guard root
|
|
|
|
chmod 0700 /root
|
|
|
|
chown -R root:root /root
|
|
|
|
find /root -type d -exec chmod 0700 {} \;
|
|
|
|
|
|
|
|
# Guard home directories
|
|
|
|
chmod 0750 /home/*
|
|
|
|
|
|
|
|
# Guard API's
|
2016-11-16 16:23:52 -06:00
|
|
|
if [ -f /usr/local/bin/api-keys ]; then
|
|
|
|
chmod 0750 /usr/local/bin/api-keys
|
|
|
|
chown root:api /usr/local/bin/api-keys
|
|
|
|
fi
|
|
|
|
|
|
|
|
# Guard LDAP
|
|
|
|
if [ -d /etc/openldap ]; then
|
|
|
|
chown ldap:ldap /var/lib/openldap/openldap-data/*
|
|
|
|
fi
|
2016-11-09 22:25:00 -06:00
|
|
|
|
|
|
|
logstatement "Ended $(date)"
|
|
|
|
logstatement " "
|