1 |
Some new stuff I thought should be implemented as well... And yes they keep |
2 |
on a coming!!!!!!!!! : ) |
3 |
|
4 |
######## Begin new stuff ############## |
5 |
#!/bin/bash |
6 |
|
7 |
#Logging |
8 |
|
9 |
echo "Would you like set to up addtional logging ?" |
10 |
echo "Logging will still go to its respected places in /var/log as well." |
11 |
WaitAnswer;clear |
12 |
if [[ ${answer} == yes ]]; then |
13 |
echo "Would you like for auth and warnings to be logged to tty11 ?" |
14 |
WaitAnswer;clear |
15 |
if [[ ${answer} == yes ]]; then |
16 |
AddRules "authpriv.* /dev/tty11" /etc/syslog.conf |
17 |
echo "Would you like kernel logging to go tty10 ?" |
18 |
WaitAnswer;clear |
19 |
if [[ ${answer} == yes ]]; then |
20 |
AddRules "kern.* /dev/tty10" /etc/syslog.conf |
21 |
echo "Would you like mail logging to go tty9 ?" |
22 |
echo "This is only useful if you're running a mail server(sendmail)." |
23 |
WaitAnswer;clear |
24 |
if [[ ${answer} == yes ]]; then |
25 |
AddRules "mail.* /dev/tty9" /etc/syslog.conf |
26 |
/etc/rc.d/init.d/syslog restart > /dev/null |
27 |
fi |
28 |
fi |
29 |
fi |
30 |
#End of logging |
31 |
|
32 |
Is BSD style process accounting on by default in Mandrake ? |
33 |
echo "We can setup your system to log who does what commands and when..." |
34 |
echo "May we set up proccess accounting ?" |
35 |
echo "The log file will get filled up VERY quickly |
36 |
WaitAnswer;clear |
37 |
if [[ ${answer} == yes ]]; then |
38 |
AddRules "/sbin/accton /var/log/pacct" /etc/rc.d/rc.local #This probablly needs |
39 |
it's own script though |
40 |
echo "/var/log/pacct { " >> /etc/logrotate.conf |
41 |
echo " postrotate" >> /etc/logrotate.conf |
42 |
echo " /usr/sbin/accton /var/log/pacct" >> /etc/logrotate.conf |
43 |
echo >> /etc/logrotate.conf |
44 |
echo >> "}" /etc/logrotate.conf |
45 |
#Got a be a cleaner way to do this : ) |
46 |
fi |
47 |
#End BSD style process accounting |
48 |
|
49 |
#PAM stuff |
50 |
#default file size limit |
51 |
dfsize=40000 |
52 |
echo "We help prevent certain types of DoS attacks through the use of |
53 |
PAM(Pluggable Authentication Modules.)" |
54 |
echo "By setting a limit on how big user files may get and how many processes a |
55 |
user may run." |
56 |
echo "Would you like to set up some PAM configuration ?" |
57 |
WaitAnswer;clear |
58 |
if [[ ${answer} == yes ]]; then |
59 |
AddRules "# Limit user processes" /etc/security/limits.conf |
60 |
AddRules "* soft nproc 100" /etc/security/limits.conf |
61 |
AddRules "* hard nproc 150" /etc/security/limits.conf |
62 |
echo "Would you like to set a maximum file size a user is allowed ?" |
63 |
WaitAnswer;clear |
64 |
if [[ ${answer} == yes ]]; then |
65 |
echo "What shall be the maximum file size(default it 40000 = 40MB)" |
66 |
echo -n "Size[40000]: " |
67 |
read fsize |
68 |
if [[ -z ${fsize} ]]; then |
69 |
AddRules "# limits size of any one of users' files" /etc/security/limits.conf |
70 |
AddRules "* hard $dfsize" /etc/security/limits.conf |
71 |
else |
72 |
AddRules "# limits size of any one of users' files" /etc/security/limits.conf |
73 |
AddRules "* hard $fsize" /etc/security/limits.conf |
74 |
fi |
75 |
fi |
76 |
fi |
77 |
#End PAM stuff |
78 |
|
79 |
|
80 |
|
81 |
********************************** |
82 |
|
83 |
###########Begin modified custom.sh###################### |
84 |
#!/bin/bash |
85 |
|
86 |
# |
87 |
# Security level implementation... |
88 |
# Writen by Vandoorselaere Yoann |
89 |
# |
90 |
|
91 |
if [[ -f /usr/share/lsec/lib.sh ]]; then |
92 |
. /usr/share/lsec/lib.sh |
93 |
else |
94 |
echo "Can't find /usr/share/lsec/lib.sh, exiting." |
95 |
exit 1 |
96 |
fi |
97 |
|
98 |
clear |
99 |
|
100 |
WRITE_CRON="false" |
101 |
|
102 |
### |
103 |
echo "This script allows you to customize the security on your system. " |
104 |
echo "If you feel at all you don't know what you're doing abort now!!! " |
105 |
echo "'ctrl-c' to abort" |
106 |
echo -n "Otherwise, please press [enter] to continue " |
107 |
read FOO |
108 |
clear |
109 |
|
110 |
### |
111 |
echo "Do you want all system events to be logged on tty12 ?" |
112 |
WaitAnswer; clear |
113 |
if [[ ${answer} == yes ]]; then |
114 |
AddRules "*.* /dev/tty12" /etc/syslog.conf |
115 |
fi |
116 |
|
117 |
### |
118 |
echo "Do you want to be notified by mail of _all_ root logins ?" |
119 |
echo "(This is strongle recommended)" |
120 |
WaitAnswer; clear |
121 |
if [[ ${answer} == yes ]]; then |
122 |
if [[ -s /root/.bashrc ]]; then |
123 |
cp /root/.bashrc /tmp/bashrc |
124 |
sed '/root login/d' /tmp/bashrc > /root/.bashrc |
125 |
AddRules 'echo "root login Check your syslog /var/log/messages" | /bin/mail -s |
126 |
"Root Login" root' /root/.bashrc |
127 |
rm -f /tmp/bashrc |
128 |
echo "Done" |
129 |
fi |
130 |
fi |
131 |
|
132 |
|
133 |
### |
134 |
echo "Do you want to only allow ctrl-alt-del if root is logged locally ?" |
135 |
echo "( or if a user present in /etc/shutdown.allow is logged locally )" |
136 |
WaitAnswer; clear |
137 |
tmpfile=`mktemp /tmp/secure.XXXXXX` |
138 |
cp /etc/inittab ${tmpfile} |
139 |
if [[ ${answer} == yes ]]; then |
140 |
cat ${tmpfile} | \ |
141 |
sed s'/ca::ctrlaltdel:\/sbin\/shutdown -t3 -r |
142 |
now/ca::ctrlaltdel:\/sbin\/shutdown -a -t3 -r now/' > /etc/inittab |
143 |
else |
144 |
cat ${tmpfile} | \ |
145 |
sed s'/ca::ctrlaltdel:\/sbin\/shutdown -a -t3 -r |
146 |
now/ca::ctrlaltdel:\/sbin\/shutdown -t3 -r now/' > /etc/inittab |
147 |
fi |
148 |
rm -f ${tmpfile} |
149 |
|
150 |
#Compile tools |
151 |
#More needs to be added and this is very sloppy but you get the idea : ) |
152 |
mgtools() |
153 |
{ |
154 |
mgcon=mgcon1 |
155 |
echo "Do you want only root to have access to the system compiler(gcc/g++) ?" |
156 |
WaitAnswer; clear |
157 |
if [[ ${answer} == yes ]]; then |
158 |
chmod 0700 /usr/bin/gcc |
159 |
chmod 0700 /usr/bin/g++ |
160 |
fi |
161 |
} |
162 |
gtools() |
163 |
{ |
164 |
gcon=gcon0 |
165 |
dgrp=devel |
166 |
echo "Do you want to setup compiling tools(gcc,g++,etc..) so that they may" |
167 |
echo "be used by a certain group ?" |
168 |
echo -n "yes/no: " |
169 |
read answer |
170 |
if [[ ${answer} == yes ]]; then |
171 |
gcon=gcon1 |
172 |
echo |
173 |
echo -n "What shall the name of this group be [devel]: " |
174 |
read grp |
175 |
if [[ -z ${grp} ]]; then |
176 |
groupadd ${dgrp} |
177 |
.. /etc/security/lsec/perm.ctoolsd |
178 |
else |
179 |
groupadd ${grp} |
180 |
.. /etc/security/lsec/perm.ctools |
181 |
fi |
182 |
fi |
183 |
} |
184 |
gtools |
185 |
#if [[ ${gcon} = gcon1 ]]; then |
186 |
#ntools |
187 |
#else |
188 |
#mgtools |
189 |
#fi |
190 |
|
191 |
#network tools |
192 |
mntools() |
193 |
{ |
194 |
echo "Do you want to disable 'ping' to all users except root ?" |
195 |
WaitAnswer; clear |
196 |
if [[ $answer} == yes ]]; then |
197 |
chmod 0700 /bin/ping |
198 |
fi |
199 |
|
200 |
echo "Do you want to disable 'traceroute' to all users except root ?" |
201 |
WaitAnswer; clear |
202 |
if [[ $answer == yes ]]; then |
203 |
chmod 0700 /usr/sbin/traceroute |
204 |
fi |
205 |
|
206 |
echo "Do you want to disable 'who' to all users except root ?" |
207 |
WaitAnswer; clear |
208 |
if [[ $answer == yes ]]; then |
209 |
chmod 0700 /usr/bin/who |
210 |
fi |
211 |
|
212 |
echo "Do you want to disable 'w' to all users except root ?" |
213 |
WaitAnswer; clear |
214 |
if [[ $answer == yes ]]; then |
215 |
chmod 0700 /usr/bin/w |
216 |
fi |
217 |
|
218 |
echo "Do you want to disable 'finger' to all users except root ?" |
219 |
WaitAnswer; clear |
220 |
if [[ $answer == yes ]]; then |
221 |
chmod 0700 /usr/bin/finger |
222 |
fi |
223 |
|
224 |
echo "Do you want to disable telnet client to all users except root ?" |
225 |
WaitAnswer; clear |
226 |
if [[ $answer == yes ]]; then |
227 |
chmod 0700 /usr/bin/telnet |
228 |
fi |
229 |
|
230 |
echo "Do you want to disable ssh client to all users except root ?" |
231 |
WaitAnswer; clear |
232 |
if [[ $answer == yes ]]; then |
233 |
chmod 0700 /usr/bin/ssh |
234 |
fi |
235 |
} |
236 |
ntools() |
237 |
{ |
238 |
ncon=ncon0 |
239 |
ngrpd=netsys |
240 |
echo "Do you want to set up network tools so that they may be used only" |
241 |
echo "by users of a certain group ?" |
242 |
echo -n "yes/no: " |
243 |
read answer |
244 |
if [[ ${answer} == yes ]]; then |
245 |
ncon=ncon1 |
246 |
echo |
247 |
echo -n "What shall the name of this group be [netsys]: " |
248 |
read ngrp |
249 |
if [[ -z ${ngrp} ]]; then |
250 |
groupadd ${ngrpd} |
251 |
.. /etc/security/lsec/perm.netsysd |
252 |
else |
253 |
groupadd ${ngrp} |
254 |
.. /etc/security/lsec/perm.netsysd |
255 |
fi |
256 |
fi |
257 |
} |
258 |
if [[ ${gcon} = gcon1 ]]; then |
259 |
ntools |
260 |
else |
261 |
mgtools |
262 |
fi |
263 |
|
264 |
if [[ ${mgcon} = mgcon1 ]]; then |
265 |
ntools |
266 |
else |
267 |
mntools |
268 |
fi |
269 |
|
270 |
if [[ $ncon = ncon1 ]]; then |
271 |
echo "Done" |
272 |
else |
273 |
mntools |
274 |
fi |
275 |
|
276 |
### |
277 |
echo "Do you want to deny any machine to connect to yours ?" |
278 |
WaitAnswer |
279 |
if [[ ${answer} == yes ]]; then |
280 |
echo "Do you want only localhost to be allowed ?" |
281 |
WaitAnswer; clear |
282 |
if [[ ${answer} == yes ]]; then |
283 |
AddRules "ALL:ALL EXCEPT localhost:DENY" /etc/hosts.deny |
284 |
else |
285 |
AddRules "ALL:ALL:DENY" /etc/hosts.deny |
286 |
fi |
287 |
fi |
288 |
|
289 |
### |
290 |
echo "Do you want root console login to be allowed ?" |
291 |
WaitAnswer; clear |
292 |
if [[ ${answer} == yes ]]; then |
293 |
AddRules "tty1" /etc/securetty quiet |
294 |
AddRules "tty2" /etc/securetty quiet |
295 |
AddRules "tty3" /etc/securetty quiet |
296 |
AddRules "tty4" /etc/securetty quiet |
297 |
AddRules "tty5" /etc/securetty quiet |
298 |
AddRules "tty6" /etc/securetty |
299 |
fi |
300 |
### |
301 |
|
302 |
if [[ -f /usr/lib/libsafe.so.1.2 ]]; then |
303 |
echo "Do you want to enable the libsafe stack overflow protection ?" |
304 |
echo "This stack overflow protection work by catching dangerous function call" |
305 |
echo "like strcpy, strcat, getwd, gets, [vf]scanf, realpath, [v]sprintf" |
306 |
echo "and verify the address & the size of the destination buffer in the stack" |
307 |
echo "this is done by searching in the stack frame the one which contain the" |
308 |
echo "destination address, and by substracting the frame address to the |
309 |
destination buffer one" |
310 |
WaitAnswer; clear |
311 |
if [[ ${answer} == yes ]]; then |
312 |
AddRules "export LD_PRELOAD=/usr/lib/libsafe.so.1.2" /etc/profile |
313 |
fi |
314 |
fi |
315 |
|
316 |
### |
317 |
echo "Do you want your system to daily check important security problem ?" |
318 |
WaitAnswer; clear |
319 |
if [[ ${answer} == yes ]]; then |
320 |
AddRules "CHECK_SECURITY=yes" /etc/security/lsec/security.conf |
321 |
WRITE_CRON="true" |
322 |
fi |
323 |
|
324 |
### |
325 |
echo "Do you want your system to daily check new open port listening ?" |
326 |
WaitAnswer; clear |
327 |
if [[ ${answer} == yes ]]; then |
328 |
AddRules "CHECK_OPEN_PORT=yes" /etc/security/lsec/security.conf |
329 |
WRITE_CRON="true" |
330 |
fi |
331 |
|
332 |
### |
333 |
echo "Do you want your system to check for grave permission problem on |
334 |
sensibles files ?" |
335 |
WaitAnswer; clear |
336 |
if [[ ${answer} == yes ]]; then |
337 |
AddRules "CHECK_PERMS=yes" /etc/security/lsec/security.conf |
338 |
WRITE_CRON="true" |
339 |
fi |
340 |
|
341 |
### |
342 |
echo "Do you want your system to daily check SUID Root file change ?" |
343 |
WaitAnswer; clear |
344 |
if [[ ${answer} == yes ]]; then |
345 |
AddRules "CHECK_SUID_ROOT=yes" /etc/security/lsec/security.conf |
346 |
WRITE_CRON="true" |
347 |
fi |
348 |
|
349 |
### |
350 |
echo "Do you want your system to daily check suid files md5 checksum changes ?" |
351 |
WaitAnswer; clear |
352 |
if [[ ${answer} == yes ]]; then |
353 |
AddRules "CHECK_SUID_MD5=yes" /etc/security/lsec/security.conf |
354 |
WRITE_CRON="true" |
355 |
fi |
356 |
|
357 |
### |
358 |
echo "Do you want your system to daily check SUID Group file change ?" |
359 |
WaitAnswer; clear |
360 |
if [[ ${answer} == yes ]]; then |
361 |
AddRules "CHECK_SUID_GROUP=yes" /etc/security/lsec/security.conf |
362 |
WRITE_CRON="true" |
363 |
fi |
364 |
|
365 |
### |
366 |
echo "Do you want your system to daily check Writeable file change ?" |
367 |
WaitAnswer; clear |
368 |
if [[ ${answer} == yes ]]; then |
369 |
AddRules "CHECK_WRITEABLE=yes" /etc/security/lsec/security.conf |
370 |
WRITE_CRON="true" |
371 |
fi |
372 |
|
373 |
### |
374 |
echo "Do you want your system to daily check Unowned file change ?" |
375 |
WaitAnswer; clear |
376 |
if [[ ${answer} == yes ]]; then |
377 |
AddRules "CHECK_UNOWNED=yes" /etc/security/lsec/security.conf |
378 |
WRITE_CRON="true" |
379 |
fi |
380 |
|
381 |
### |
382 |
echo "Do you want your system to verify every minutes if a network interface" |
383 |
echo "is in promiscuous state (which mean someone is probably running a sniffer |
384 |
on your machine ) ?" |
385 |
WaitAnswer; clear |
386 |
if [[ ${answer} == yes ]]; then |
387 |
AddRules "CHECK_PROMISC=yes" /etc/security/lsec/security.conf |
388 |
AddRules "*/1 * * * * root nice --adjustment=+19 |
389 |
/usr/share/lsec/promisc_check.sh" /etc/crontab |
390 |
fi |
391 |
### |
392 |
|
393 |
### |
394 |
echo "Do you want security report to be done in syslog ?" |
395 |
WaitAnswer; clear |
396 |
if [[ ${answer} == yes ]]; then |
397 |
AddRules "SYSLOG_WARN=yes" /etc/security/lsec/security.conf |
398 |
else |
399 |
AddRules "SYSLOG_WARN=no" /etc/security/lsec/security.conf |
400 |
fi |
401 |
### |
402 |
|
403 |
echo "Do you want security report to be done by mail ?" |
404 |
WaitAnswer; clear |
405 |
if [[ ${answer} == yes ]]; then |
406 |
AddRules "MAIL_WARN=yes" /etc/security/lsec/security.conf |
407 |
else |
408 |
AddRules "MAIL_WARN=no" /etc/security/lsec/security.conf |
409 |
fi |
410 |
### |
411 |
|
412 |
if [[ ${WRITE_CRON} == "true" ]]; then |
413 |
AddRules "0 0-23 * * * root nice --adjustment=+19 |
414 |
/usr/share/lsec/security.sh" /etc/crontab |
415 |
fi |
416 |
|
417 |
LiloUpdate; |
418 |
/sbin/lilo >& /dev/null |
419 |
|
420 |
### |
421 |
echo "Do you want to disable all services except(gpm,xfs,keytable," |
422 |
echo "network,crond, and syslogd ?" |
423 |
echo "This is _highly_ recommended if you have not configured other" |
424 |
echo "said services." |
425 |
WaitAnswer; clear |
426 |
if [[ ${answer} == yes ]]; then |
427 |
echo -n "Disabling all service, except : {" |
428 |
chkconfig --list | awk '{print $1}' | while read service; do |
429 |
if grep -qx ${service} /etc/security/lsec/server.4; then |
430 |
echo -n " ${service}" |
431 |
fi |
432 |
done |
433 |
echo " } : " |
434 |
|
435 |
chkconfig --list | awk '{print $1}' | while read service; do |
436 |
chkconfig --del "${service}" |
437 |
if ! chkconfig --add "${service}"; then |
438 |
echo -e "\t- Services ${service} is now disabled." |
439 |
fi |
440 |
done |
441 |
chkconfig --add gpm |
442 |
chkconfig --add xfs |
443 |
chkconfig --add network |
444 |
chkconfig --add keytable |
445 |
chkconfig --add syslog |
446 |
chkconfig --add crond |
447 |
echo -e "done.\n"; |
448 |
fi |
449 |
|
450 |
### |
451 |
echo "Do you want an easy, normal, restricted, or paranoid umask ?" |
452 |
echo "easy ( 002 ) = user = rwx, group = rwx, other = rx" |
453 |
echo "normal ( 022 ) = user = rwx, group = rx, other = rx" |
454 |
echo "restricted ( for users ) ( 077 ) = user = rwx, group =, other =" |
455 |
echo "restricted ( for root ) ( 022 ) = user = rwx, = group = rx, other = rx" |
456 |
echo "paranoid ( 077 ) = user = rwx, group = , other =" |
457 |
answer="nothing" |
458 |
while [[ "${answer}" != "easy" && "${answer}" != "normal" && "${answer}" != |
459 |
"restricted" && "${answer}" != "paranoid" ]]; do |
460 |
echo -n "easy/normal/restricted/paranoid : " |
461 |
read answer |
462 |
done |
463 |
case "${answer}" in |
464 |
"easy") |
465 |
AddRules "umask 002" /etc/profile |
466 |
;; |
467 |
"normal") |
468 |
AddRules "umask 022" /etc/profile |
469 |
;; |
470 |
"restricted") |
471 |
AddRules "if [[ \${UID} == 0 ]]; then umask 022; else umask 077; fi" |
472 |
/etc/profile |
473 |
;; |
474 |
"paranoid") |
475 |
AddRules "umask 077" /etc/profile |
476 |
;; |
477 |
esac |
478 |
|
479 |
### |
480 |
echo "Do you want a "." in your PATH variable ?" |
481 |
echo "This permit you to not use ./progname & to just type progname" |
482 |
echo "However this is a *high* security risk." |
483 |
WaitAnswer; clear |
484 |
if [[ ${answer} == yes ]]; then |
485 |
AddRules "PATH=\$PATH:/usr/X11R6/bin:/usr/games:." /etc/profile quiet |
486 |
else |
487 |
AddRules "PATH=\$PATH:/usr/X11R6/bin:/usr/games" /etc/profile quiet |
488 |
fi |
489 |
|
490 |
AddRules "export PATH SECURE_LEVEL" /etc/profile |
491 |
|
492 |
echo "Do you want normal, restricted, or paranoid file permissions ?" |
493 |
while [[ "${answer}" != "normal" && "${answer}" != "strict" && "${answer}" != |
494 |
"paranoid" ]]; do |
495 |
echo -n "normal/restricted/paranoid : " |
496 |
read answer |
497 |
done |
498 |
case "${answer}" in |
499 |
"normal") |
500 |
/usr/share/lsec/file_perm.sh /etc/security/lsec/perm.3 |
501 |
;; |
502 |
"strict") |
503 |
/usr/share/lsec/file_perm.sh /etc/security/lsec/perm.4 |
504 |
;; |
505 |
"paranoid")#!/bin/bash |
506 |
/usr/share/lsec/file_perm.sh /etc/security/lsec/perm.5 |
507 |
;; |
508 |
esac |
509 |
#EOF |
510 |
# /etc/security/msec/perm.ctools |
511 |
chown root.$grp /usr/bin/gcc |
512 |
chmod 750 /usr/bin/gcc |
513 |
chown root.$grp /usr/bin/cc |
514 |
chmod 750 /usr/bin/cc |
515 |
chown root.$grp /usr/bin/g++ |
516 |
chmod 750 /usr/bin/g++ |
517 |
|
518 |
# /etc/security/msec/perm.ctoolsd |
519 |
chown root.$dgrp /usr/bin/gcc |
520 |
chmod 750 /usr/bin/gcc |
521 |
chown root.$dgrp /usr/bin/cc |
522 |
chmod 750 /usr/bin/cc |
523 |
chown root.$dgrp /usr/bin/g++ |
524 |
chmod 750 /usr/bin/g++ |
525 |
|
526 |
|
527 |
# /etc/security/msec/perm.netsys |
528 |
chown root.$ngrp /usr/bin/ping |
529 |
chmod 750 /usr/bin/gcc |
530 |
chown root.$ngrp /usr/bin/w |
531 |
chmod 750 /usr/bin/w |
532 |
chown root.$ngrp /usr/bin/w |
533 |
chmod 750 /usr/bin/who |
534 |
chown root.$ngrp /usr/bin/telnet |
535 |
chmod 750 /usr/bin/telnet |
536 |
chown root.$ngrp /usr/bin/ssh |
537 |
chmod 750 /usr/bin/ssh |
538 |
chown root.$ngrp /usr/sbin/traceroute |
539 |
chmod 750 /usr/sbin/traceoute |
540 |
chown root.$ngrp /usr/bin/finger |
541 |
chmod 750 /usr/bin/finger |
542 |
|
543 |
# /etc/security/msec/perm.netsys.d |
544 |
chown root.$ngrpd /bin/ping |
545 |
chmod 750 /usr/bin/gcc |
546 |
chown root.$ngrpd /usr/bin/w |
547 |
chmod 750 /usr/bin/w |
548 |
chown root.$ngrpd /usr/bin/w |
549 |
chmod 750 /usr/bin/who |
550 |
chown root.$ngrpd /usr/bin/telnet |
551 |
chmod 750 /usr/bin/telnet |
552 |
chown root.$ngrpd /usr/bin/ssh |
553 |
chmod 750 /usr/bin/ssh |
554 |
chown root.$ngrpd /usr/sbin/traceroute |
555 |
chmod 750 /usr/sbin/traceroute |
556 |
chown root.$ngrpd /usr/bin/finger |
557 |
chmod 750 /usr/bin/finger |
558 |
|
559 |
######## END |
560 |
|
561 |
|