bsmconv.sh revision f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01
#
#
# CDDL HEADER START
#
# The contents of this file are subject to the terms of the
# Common Development and Distribution License (the "License").
# You may not use this file except in compliance with the License.
#
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
# See the License for the specific language governing permissions
# and limitations under the License.
#
# When distributing Covered Code, include this CDDL HEADER in each
# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
# If applicable, add the following below this CDDL HEADER, with the
# fields enclosed by brackets "[]" replaced with your own identifying
# information: Portions Copyright [yyyy] [name of copyright owner]
#
# CDDL HEADER END
#
# Copyright 2007 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
#
# ident "%Z%%M% %I% %E% SMI"
#
TEXTDOMAIN="SUNW_OST_OSCMD"
export TEXTDOMAIN
# Perform required permission checks, depending on value of LOCAL_ROOT
# (whether we are converting the active OS or just alternative boot
# environments).
{
then
exit 1
fi
then
exit 1
fi
RESP="x"
do
gettext "This script is used to enable the Basic Security Module (BSM).\n"
echo "$form \c"
read RESP
done
then
exit 2
fi
}
# Do some sanity checks to see if the arguments to bsmconv
# are, in fact, root directories for clients.
{
do
then
# There is a root directory to write to,
# so we can potentially complete the conversion.
:
else
exit 4
fi
done
}
# bsmconvert
# All the real work gets done in this function
{
# If there is no startup file to be read by /lib/svc/method/svc-auditd,
# then gripe about it.
then
fi
# Prevent automount of removable and hotpluggable volumes
# by forcing volume.ignore HAL property on all such volumes.
<?xml version="1.0" encoding="UTF-8"?>
<deviceinfo version="0.2">
<device>
<match key="info.capabilities" contains="volume">
<match key="@block.storage_device:storage.removable" bool="true">
<merge key="volume.ignore" type="bool">true</merge>
</match>
<match key="@block.storage_device:storage.hotpluggable" bool="true">
<merge key="volume.ignore" type="bool">true</merge>
</match>
</match>
</device>
</deviceinfo>
FDI
fi
# Turn on auditing in the loadable module
then
fi
if [ $? -ne 0 ]
then
fi
# Initialize device allocation
# Need to determine if Trusted Extensions is enabled. This is tricky
# because we need to know if TX will be active on the boot following
# because TX is likely not yet fully active.)
#
if [ $? = 0 ]; then
# Trusted Extensions is enabled (but possibly not yet booted).
# This is not currently done for alternate boot environments.
then
fi
else
then
mkdevalloc > ${ROOT}/$DEVALLOC
fi
then
fi
fi
# enable auditd at next boot.
/usr/sbin/svcadm enable system/auditd
SVC_UPGRADE
}
# main loop
sanity_check $@
if [ $# -eq 0 ]
then
# converting local root, perform all permission checks
LOCAL_ROOT=true
ROOT=
echo
gettext "The Basic Security Module is ready.\n"
gettext "If there were any errors, please fix them now.\n"
gettext "Reboot this system now to come up with BSM enabled.\n"
else
# determine if local root is being converted ("/" passed on
# command line), if so, full permission check required
LOCAL_ROOT=false
do
if [ "$ROOT" = "/" ]
then
LOCAL_ROOT=true
fi
done
# perform required permission checks (depending on value of
# LOCAL_ROOT)
do
done
echo
gettext "The Basic Security Module is ready.\n"
gettext "If there were any errors, please fix them now.\n"
gettext "in the root directories of each host converted.\n"
gettext "Reboot each system converted to come up with BSM active.\n"
fi
exit 0