bsmconv.sh revision ec923578dda4b00379ef69992f7046a207e57328
#
#
# CDDL HEADER START
#
# The contents of this file are subject to the terms of the
# Common Development and Distribution License (the "License").
# You may not use this file except in compliance with the License.
#
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
# See the License for the specific language governing permissions
# and limitations under the License.
#
# When distributing Covered Code, include this CDDL HEADER in each
# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
# If applicable, add the following below this CDDL HEADER, with the
# fields enclosed by brackets "[]" replaced with your own identifying
# information: Portions Copyright [yyyy] [name of copyright owner]
#
# CDDL HEADER END
#
# Copyright 2008 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
#
# ident "%Z%%M% %I% %E% SMI"
#
TEXTDOMAIN="SUNW_OST_OSCMD"
export TEXTDOMAIN
# Perform required permission checks, depending on value of LOCAL_ROOT
# (whether we are converting the active OS or just alternative boot
# environments).
{
then
exit 1
fi
then
exit 1
fi
RESP="x"
do
gettext "This script is used to enable Solaris Auditing and device allocation.\n"
echo "$form \c"
read RESP
done
then
exit 2
fi
}
# Do some sanity checks to see if the arguments to bsmconv
# are, in fact, root directories for clients.
{
do
then
# There is a root directory to write to,
# so we can potentially complete the conversion.
:
else
exit 4
fi
done
}
# bsmconvert
# All the real work gets done in this function
{
# If there is no startup file to be read by /lib/svc/method/svc-auditd,
# then gripe about it.
then
fi
# Prevent automount of removable and hotpluggable volumes
# by forcing volume.ignore HAL property on all such volumes.
<?xml version="1.0" encoding="UTF-8"?>
<deviceinfo version="0.2">
<device>
<match key="info.capabilities" contains="volume">
<match key="@block.storage_device:storage.removable" bool="true">
<merge key="volume.ignore" type="bool">true</merge>
</match>
<match key="@block.storage_device:storage.hotpluggable" bool="true">
<merge key="volume.ignore" type="bool">true</merge>
</match>
</match>
</device>
</deviceinfo>
FDI
fi
# Turn on auditing in the loadable module
then
fi
if [ $? -ne 0 ]
then
fi
# Initialize device allocation
# Need to determine if Trusted Extensions is enabled. This is tricky
# because we need to know if TX will be active on the boot following
# because TX is likely not yet fully active.)
#
if [ $? = 0 ]; then
# Trusted Extensions is enabled (but possibly not yet booted).
# This is not currently done for alternate boot environments.
then
fi
else
then
mkdevalloc > ${ROOT}/$DEVALLOC
fi
then
fi
fi
# enable auditd at next boot.
/usr/sbin/svcadm enable system/auditd
SVC_UPGRADE
}
# main loop
sanity_check $@
if [ $# -eq 0 ]
then
# converting local root, perform all permission checks
LOCAL_ROOT=true
ROOT=
echo
gettext "Solaris Auditing and device allocation is ready.\n"
gettext "If there were any errors, please fix them now.\n"
gettext "Configure Solaris Auditing and device allocation by editing "
gettext "Reboot this system now to come up with auditing "
gettext "and device allocation enabled.\n"
else
# determine if local root is being converted ("/" passed on
# command line), if so, full permission check required
LOCAL_ROOT=false
do
if [ "$ROOT" = "/" ]
then
LOCAL_ROOT=true
fi
done
# perform required permission checks (depending on value of
# LOCAL_ROOT)
do
done
echo
gettext "Solaris Auditing and device allocation is ready.\n"
gettext "If there were any errors, please fix them now.\n"
gettext "Configure Solaris auditing and device allocation by editing "
gettext "of each host converted.\n"
gettext "Reboot each system converted to come up with auditing "
gettext "and device\nallocation enabled.\n"
fi
exit 0