bsmconv.sh revision 45916cd2fec6e79bca5dee0421bd39e3c2910d1e
#
#
# CDDL HEADER START
#
# The contents of this file are subject to the terms of the
# Common Development and Distribution License (the "License").
# You may not use this file except in compliance with the License.
#
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
# See the License for the specific language governing permissions
# and limitations under the License.
#
# When distributing Covered Code, include this CDDL HEADER in each
# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
# If applicable, add the following below this CDDL HEADER, with the
# fields enclosed by brackets "[]" replaced with your own identifying
# information: Portions Copyright [yyyy] [name of copyright owner]
#
# CDDL HEADER END
#
# Copyright 2006 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
#
# ident "%Z%%M% %I% %E% SMI"
#
TEXTDOMAIN="SUNW_OST_OSCMD"
export TEXTDOMAIN
{
then
exit 1
fi
then
exit 1
fi
RESP="x"
do
gettext "This script is used to enable the Basic Security Module (BSM).\n"
echo "$form \c"
read RESP
done
then
exit 2
fi
}
# Do some sanity checks to see if the arguments to bsmconv
# are, in fact, root directories for clients.
{
do
then
# There is a root directory to write to,
# so we can potentially complete the conversion.
:
else
exit 4
fi
done
}
# bsmconvert
# All the real work gets done in this function
{
# then gripe about it.
then
fi
# Disable volume manager from running on reboot.
svcadm disable svc:/system/filesystem/volfs:default
SVC_UPGRADE
# store the current state of volfs service for restoring later
# in bsmunconv.sh
# Turn on auditing in the loadable module
then
fi
if [ $? -ne 0 ]
then
fi
# Initialize device allocation
then
# Trusted Extensions is installed.
else
then
mkdevalloc > ${ROOT}/$DEVALLOC
fi
then
fi
fi
# enable auditd. Since we're running as single user, auditd won't
# actually start until reboot.
}
# main loop
if [ $# -eq 0 ]
then
ROOT=
echo
gettext "The Basic Security Module is ready.\n"
gettext "If there were any errors, please fix them now.\n"
gettext "Reboot this system now to come up with BSM enabled.\n"
else
do
done
echo
gettext "The Basic Security Module is ready.\n"
gettext "If there were any errors, please fix them now.\n"
gettext "in the root directories of each host converted.\n"
gettext "Reboot each system converted to come up with BSM active.\n"
fi
exit 0