Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/app-admin/grsecurity-scripts/grsecurity-scripts-1.ebuild
blob: ba4c951ba0cdb5da2b558e1381222e66b80cd067 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84

# Copyright 1999-2007 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: $
#
# Created by Wolfram Schlich <wschlich@gentoo.org>
# Feedback is greatly appreciated!
#

IUSE=""
DESCRIPTION="grsecurity scripts"
HOMEPAGE="http://dev.gentoo.org/~wschlich/"
SRC_URI=""
LICENSE="GPL-2"
SLOT="0"
KEYWORDS="~amd64 ~x86"
DEPEND="sys-apps/gradm"

src_unpack() {
	: NOP
}

src_compile() {
	: NOP
}

src_install() {
	local scripts="grsecurity-sysctl grsecurity-rbac grsecurity-rbac-learning"
	for s in ${scripts}; do
		doinitd ${FILESDIR}/${s}
	done

	insinto /etc/grsec
	doins ${FILESDIR}/sysctl.conf

	dodoc ${FILESDIR}/sample-kernel-config-pax-grsec.txt
}

pkg_postinst() {
	einfo
	einfo "See the included sample kernel config file for kernel"
	einfo "configuration options regarding PaX and grsecurity that"
	einfo "fit the bundled grsecurity sysctl.conf settings:"
	einfo "  -> sample-kernel-config-pax-grsec.txt"
	einfo
	einfo "To set the grsecurity kernel parameters automagically on"
	einfo "boot, you should now adjust /etc/grsec/sysctl.conf and add"
	einfo "the 'grsecurity-sysctl' init script to the boot runlevel:"
	einfo "  rc-update add grsecurity-sysctl boot"
	einfo

	einfo
	einfo "If you want to use the grsecurity RBAC system learning mode,"
	einfo "you should add the init script 'grsecurity-rbac-learning' to the"
	einfo "boot runlevel to catch as many events as possible:"
	einfo "  rc-update add grsecurity-rbac-learning boot"
	einfo

	ewarn
	ewarn "If you enable the 'grsecurity-rbac-learning' init script to be"
	ewarn "started on boot, you can only finish the grsecurity RBAC"
	ewarn "system learning mode using 'gradm -D' from the terminal it"
	ewarn "was initially being started on (/dev/console, in this case)!"
	ewarn

	einfo
	einfo "To enable the grsecurity RBAC system automagically on"
	einfo "boot, you should now adjust /etc/grsec/policy and add"
	einfo "the 'grsecurity-rbac' init script to the boot runlevel:"
	einfo "  rc-update add grsecurity-rbac boot"
	einfo

	ewarn
	ewarn "For both the grsecurity RBAC system learning and production"
	ewarn "mode, you must create passwords for the RBAC system itself"
	ewarn "and the RBAC system 'admin' role by running the following"
	ewarn "commands:"
	ewarn
	ewarn "To create the grsecurity RBAC system main password:"
	ewarn "  gradm -P"
	ewarn
	ewarn "To create the grsecurity RBAC system role 'admin' password:"
	ewarn "  gradm -P admin"
	ewarn
}