Commit b5ffe2df authored by Dan Reading's avatar Dan Reading

modified: GNUmakefile.in

include unreferenced target: sysetc-onceonly-install
	modified:   selinux-config
add emulab-fstab-fixup.service
add sysconfig/network
add sudoers
	modified:   sudoers
include verbage from dist sudoers, keeping our local changes
parent cc49e1fc
......@@ -57,7 +57,8 @@ COMMON = $(SRCDIR)/../common
DEFRUNLVLDIR = $(RCDIR)/rc3.d
install client-install: baselinux-client-install common-install etc-install \
sup-install script-install bin-install
sup-install script-install bin-install \
sysetc-onceonly-install
@echo "Remember to install the PEM files if necessary"
mfs-install: client-install baselinux-mfs-install
......@@ -113,10 +114,10 @@ sysetc-install: ifcfgs dir-install
# $(INSTALL) -m 644 ifcfg-eth[0-9]* $(SYSETCDIR)/sysconfig/network-scripts
# $(INSTALL) -m 744 $(SRCDIR)/ifup-emulabcnet $(SYSETCDIR)/sysconfig/network-scripts
# $(INSTALL) -m 644 $(SRCDIR)/logrotate-syslog $(SYSETCDIR)/logrotate.d/syslog
# $(INSTALL) -m 644 $(SRCDIR)/emulab-fstab-fixup.service $(SYSETCDIR)/systemd/system
$(INSTALL) -m 644 $(SRCDIR)/emulab-fstab-fixup.service $(SYSETCDIR)/systemd/system
# $(INSTALL) -m 644 $(SRCDIR)/ntpd.service $(SYSETCDIR)/systemd/system
# rm -f $(SYSETCDIR)/systemd/system/multi-user.target.wants/ntpd.service
# systemctl enable emulab-fstab-fixup.service
systemctl enable emulab-fstab-fixup.service
# systemctl enable ntpd.service
@echo "XXX sysetc-install commented out"
......@@ -128,14 +129,14 @@ sysetc-remove:
# or sufficient for all FCs
sysetc-onceonly-install:
# @$(MYINSTALL) $(SRCDIR)/emulab-ld.so.conf $(SYSETCDIR)/ld.so.conf.d/emulab.conf
# @$(MYINSTALL) $(SRCDIR)/network $(SYSETCDIR)/sysconfig/network
@$(MYINSTALL) $(SRCDIR)/network $(SYSETCDIR)/sysconfig/network
# @$(MYINSTALL) $(SRCDIR)/init $(SYSETCDIR)/sysconfig/init
# @$(MYINSTALL) -m 644 $(SRCDIR)/i18n $(SYSETCDIR)/sysconfig/i18n
# @$(MYINSTALL) -m 600 $(SRCDIR)/login.defs $(SYSETCDIR)/login.defs
# @$(MYINSTALL) -m 600 $(SRCDIR)/securetty $(SYSETCDIR)/securetty
# @$(MYINSTALL) -m 440 $(SRCDIR)/sudoers $(SYSETCDIR)/sudoers
@$(MYINSTALL) -m 440 $(SRCDIR)/sudoers $(SYSETCDIR)/sudoers
# @$(MYINSTALL) $(SRCDIR)/rsyslog.conf $(SYSETCDIR)/rsyslog.conf
# @$(MYINSTALL) $(SRCDIR)/selinux-config $(SYSETCDIR)/selinux/config
@$(MYINSTALL) $(SRCDIR)/selinux-config $(SYSETCDIR)/selinux/config
@echo "XXX sysetc-onceonly-install commented out"
script-install: dir-install $(SCRIPTS)
......
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
......@@ -8,6 +7,4 @@ SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
SELINUXTYPE=targeted
......@@ -55,6 +55,21 @@
#
Defaults requiretty
#
# Refuse to run if unable to disable echo on the tty. This setting should also be
# changed in order to be able to use sudo without a tty. See requiretty above.
#
Defaults !visiblepw
#
# Preserving HOME has security implications since many programs
# use it when searching for configuration files. Note that HOME
# is already set when the the env_reset option is enabled, so
# this option is only effective for configurations where either
# env_reset is disabled or HOME is present in the env_keep list.
#
Defaults always_set_home
Defaults env_reset
Defaults env_keep = "COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR LS_COLORS"
Defaults env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE"
......@@ -62,6 +77,12 @@ Defaults env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES
Defaults env_keep += "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE"
Defaults env_keep += "LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY"
#
# Adding HOME to env_keep may enable a user to run unrestricted
# commands via sudo.
#
# Defaults env_keep += "HOME"
Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin
## Next comes the main part: which users can run what software on
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment