Manualshelf

User`s guide

ManualsBrandsProtogate ManualsComputer equipmentFreeway 3112
21222324252627282930
Appendix A. Sample rc.startsra File Protogate Freeway Security Features User’s Guide (SFUG)
cp -p /ro/etc/ssh/sshd_config /etc/ssh/
# sample banner
echo "WARNING WARNING WARNING" > /ro/etc/motd
echo "" >> /ro/etc/motd
echo " You are accessing an information system that" >> /ro/etc/motd
echo " is for authorized users only. If you are not" >> /ro/etc/motd
echo " authorized, you must log off now." >> /ro/etc/motd
echo "" >> /ro/etc/motd
echo "WARNING WARNING WARNING" >> /ro/etc/motd
if [ -f /read_only_mounts ]; then
mount -u -o ro / 2>/dev/null
fi
/bin/kill -HUP ‘head -1 /var/run/sshd.pid‘
fi
# Allow local configuration overrides (rc.startsra.local can be created
# by customers to customize a specific Freeway, without the risk of
# being overwritten by the next software upgrade -- because software
# upgrades will not overwrite any rc.startsra.local
*
file).
if [ -f /tmp/boot/rc.startsra.local ]; then
. /tmp/boot/rc.startsra.local
fi
## to synchronize with an NTP (Network Time Protocol) timeserver at powerup
if [ -n "${NTP_SERVER}" ] ; then
## /usr/bin2/ntpdate ${NTP_SERVER}
## to create an NTP configuration file
echo "server ${NTP_SERVER} prefer" > /tmp/ntp.conf
if [ -n "${NTP_SERVERB}" ] ; then
echo "server ${NTP_SERVERB}" >> /tmp/ntp.conf
fi
echo "driftfile /var/run/ntpd.driftfile" >> /tmp/ntp.conf
## to start an ntpd daemon (see "man ntpd" for details)
/usr/bin2/ntpd -g -p /tmp/ntpd.pid -c /tmp/ntp.conf
fi
# For security: prevent snmp from running on this Freeway
if [ -x /usr/local/sbin/snmpd ]; then
if [ -f /read_only_mounts ]; then
mount -u -o rw /usr 2>/dev/null
fi
chmod ugo-x /usr/local/sbin/snmpd
if [ -f /read_only_mounts ]; then
mount -u -o ro /usr 2>/dev/null
fi
fi
# For security:
# Add "ServerTokens Prod" line to Apache config, if not already there
export AP_SCMD1="‘sed -e \"/^[Ss][Ee][Rr][Vv][Ee][Rr][Tt][Oo][Kk][Ee][Nn][Ss]
*
[Pp][Rr][Oo][Dd]/!d\" \
/usr/local/etc/apache22/httpd.conf |sed -e \"2,//d\"‘"
if [ "${AP_SCMD1}X" = "X" ]; then
if [ -f /read_only_mounts ]; then
mount -u -o rw /usr 2>/dev/null
fi
30 Protogate DC-908-3004A