Manualshelf

User`s guide

ManualsBrandsProtogate ManualsComputer equipmentFreeway 3112
21222324252627282930
Protogate Freeway Security Features User’s Guide (SFUG) Chapter 6. Hardening a Freeway
echo "# See the echo statements near the end of" >> /etc/security/audit_user
echo "# /usr/local/freeway/boot.src/rc.startsra for examples." >> /etc/security/audit_user
echo "#" >> /etc/security/audit_user
echo "# All users which should be audited must be added here." >> /etc/security/audit_user
echo "#" >> /etc/security/audit_user
echo "user:ex,ap,aa,lo,ad,na,fm,fd,fc,fw,-fr:no" >> /etc/security/audit_user
echo "freeway:ex,ap,aa,lo,ad,na,fm,fd,fc,fw,-fr:no" >> /etc/security/audit_user
echo "#" >> /etc/security/audit_user
fi
# For a description of the format of the /etc/security/audit_user file,
# run "man audit_user". For the available event types, see the
# /etc/security/audit_class and /etc/security/audit_event files.
# Here is an example of how the audit_warn file could be used to
# zip and copy each audit trail file when it becomes full.
# This is commented out, but could be copied to rc.startsra.local
# and uncommented.
# if [ 6 = ‘cat /etc/security/audit_warn |wc -l‘ ]; then
#
# echo "#" >> /etc/security/audit_warn
# echo "# Added by /usr/local/freeway/boot.src/rc.startsra:" >> /etc/security/audit_warn
# echo "#" >> /etc/security/audit_warn
# echo "# Compress and move audit trail files when they are full." >> /etc/security/audit_warn
# echo "#" >> /etc/security/audit_warn
# echo "export DATEDIR=\"\‘date -u -v ’-5S’ ’+%Y%m%d’\‘\"" >> /etc/security/audit_warn
# echo "if [ \"\$1\" = closefile ]; then" >> /etc/security/audit_warn
# echo " /usr/bin/touch /var/save/\${DATEDIR}.audit_records.zip" >> /etc/security/audit_warn
# echo " /sbin/chown root:audit /var/save/\${DATEDIR}.audit_records.zip" >> /etc/security/audit_warn
# echo " /sbin/chmod 600 /var/save/\${DATEDIR}.audit_records.zip" >> /etc/security/audit_warn
# echo " /usr/local/bin/zip -r /var/save/\${DATEDIR}.audit_records.zip \$2" \
>> /etc/security/audit_warn
## echo " /usr/bin/touch \$2.txt" >> /etc/security/audit_warn
## echo " /sbin/chown root:audit \$2.txt" >> /etc/security/audit_warn
## echo " /sbin/chmod 600 \$2.txt" >> /etc/security/audit_warn
## echo " /usr/sbin/praudit -d ’|’ \$2 > \$2.txt" >> /etc/security/audit_warn
## echo " /sbin/chmod 400 \$2.txt" >> /etc/security/audit_warn
## echo " /usr/local/bin/zip -r /var/save/\${DATEDIR}.audit_records.zip \$2.txt" \
>> /etc/security/audit_warn
## echo " /sbin/rm -f \$2.txt" >> /etc/security/audit_warn
# echo "fi" >> /etc/security/audit_warn
#
# fi
# Start the kernel-level audit daemon.
/usr/sbin/auditd
# Add posixrules file to prevent creating unnecessary audit records
if [ -f /usr/share/zoneinfo/posixrules ]; then
echo "posixrules file exists."
else
if [ -f /read_only_mounts ]; then
mount -u -o rw /usr 2>/dev/null
fi
mkdir /usr/share/zoneinfo
Protogate DC-908-3004A 25