Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/app-admin/grsecurity-scripts/grsecurity-scripts-1.ebuild
diff options
context:
space:
mode:
Diffstat (limited to 'app-admin/grsecurity-scripts/grsecurity-scripts-1.ebuild')
-rw-r--r--app-admin/grsecurity-scripts/grsecurity-scripts-1.ebuild84
1 files changed, 84 insertions, 0 deletions
diff --git a/app-admin/grsecurity-scripts/grsecurity-scripts-1.ebuild b/app-admin/grsecurity-scripts/grsecurity-scripts-1.ebuild
new file mode 100644
index 0000000..ba4c951
--- /dev/null
+++ b/app-admin/grsecurity-scripts/grsecurity-scripts-1.ebuild
@@ -0,0 +1,84 @@
+# Copyright 1999-2007 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: $
+#
+# Created by Wolfram Schlich <wschlich@gentoo.org>
+# Feedback is greatly appreciated!
+#
+
+IUSE=""
+DESCRIPTION="grsecurity scripts"
+HOMEPAGE="http://dev.gentoo.org/~wschlich/"
+SRC_URI=""
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+DEPEND="sys-apps/gradm"
+
+src_unpack() {
+ : NOP
+}
+
+src_compile() {
+ : NOP
+}
+
+src_install() {
+ local scripts="grsecurity-sysctl grsecurity-rbac grsecurity-rbac-learning"
+ for s in ${scripts}; do
+ doinitd ${FILESDIR}/${s}
+ done
+
+ insinto /etc/grsec
+ doins ${FILESDIR}/sysctl.conf
+
+ dodoc ${FILESDIR}/sample-kernel-config-pax-grsec.txt
+}
+
+pkg_postinst() {
+ einfo
+ einfo "See the included sample kernel config file for kernel"
+ einfo "configuration options regarding PaX and grsecurity that"
+ einfo "fit the bundled grsecurity sysctl.conf settings:"
+ einfo " -> sample-kernel-config-pax-grsec.txt"
+ einfo
+ einfo "To set the grsecurity kernel parameters automagically on"
+ einfo "boot, you should now adjust /etc/grsec/sysctl.conf and add"
+ einfo "the 'grsecurity-sysctl' init script to the boot runlevel:"
+ einfo " rc-update add grsecurity-sysctl boot"
+ einfo
+
+ einfo
+ einfo "If you want to use the grsecurity RBAC system learning mode,"
+ einfo "you should add the init script 'grsecurity-rbac-learning' to the"
+ einfo "boot runlevel to catch as many events as possible:"
+ einfo " rc-update add grsecurity-rbac-learning boot"
+ einfo
+
+ ewarn
+ ewarn "If you enable the 'grsecurity-rbac-learning' init script to be"
+ ewarn "started on boot, you can only finish the grsecurity RBAC"
+ ewarn "system learning mode using 'gradm -D' from the terminal it"
+ ewarn "was initially being started on (/dev/console, in this case)!"
+ ewarn
+
+ einfo
+ einfo "To enable the grsecurity RBAC system automagically on"
+ einfo "boot, you should now adjust /etc/grsec/policy and add"
+ einfo "the 'grsecurity-rbac' init script to the boot runlevel:"
+ einfo " rc-update add grsecurity-rbac boot"
+ einfo
+
+ ewarn
+ ewarn "For both the grsecurity RBAC system learning and production"
+ ewarn "mode, you must create passwords for the RBAC system itself"
+ ewarn "and the RBAC system 'admin' role by running the following"
+ ewarn "commands:"
+ ewarn
+ ewarn "To create the grsecurity RBAC system main password:"
+ ewarn " gradm -P"
+ ewarn
+ ewarn "To create the grsecurity RBAC system role 'admin' password:"
+ ewarn " gradm -P admin"
+ ewarn
+}