ShadowArch/Admin/silent-guardian

#!/bin/bash
DEPRIV=depriv
if [ ! -f /usr/local/src/SharedLibraries/Bash/header ]; then
    echo This script requires the SharedLibraries package.
    exit 1;
fi
source /usr/local/src/SharedLibraries/Bash/header
export logfile="/var/log/silent-guardian.log"

logstatement "Started $(date)"

# Fix the Webserver permissions
if [ -f /srv/http ]; then
chown -R $DEPRIV:http /srv/http/*
find /srv/http/* -type f -exec chmod 0640 {} \;
find /srv/http/* -type d -exec chmod 0750 {} \;
fi;

# Fix the media permissions
if [ -f /usr/lib/systemd/system/yggdrasil.service ]; then
    chown -R $DEPRIV:http /srv/yggdrasil
    /usr/local/bin/yggdrasil-lock
fi
# fix the WolfPack results location
if [ -x /usr/local/bin/wolfpack ]; then 
    find /srv/wolfpack -type d -exec chmod 0755 {} \;
    find /srv/wolfpack -type f -exec chmod 0644 {} \;
fi

# Seal the special directories.
for i in $(ls -a /srv/yggdrasil/Digital_Library/ | egrep '^\.[a-zA-Z0-9]+$'); do    
    chown $DEPRIV:$DEPRIV -R $i;
    find $i -type f -exec chmod 0400 {} \;
    find $i -type d -exec chmod 0500 {} \;
done

# Guard root
chmod 0700 /root
chown -R root:root /root
find /root -type d -exec chmod 0700 {} \;

# Guard home directories
chmod 0750 /home/*

# Guard API's
if [ -f /usr/local/bin/api-keys ]; then
    chmod 0750 /usr/local/bin/api-keys
    chown root:api /usr/local/bin/api-keys
fi

# Guard LDAP
if [ -d /etc/openldap ]; then 
    chown ldap:ldap /var/lib/openldap/openldap-data/*
fi

logstatement "Ended $(date)"
logstatement " "
Adding Admin and Shared scripts 2016-11-09 22:25:00 -06:00			`#!/bin/bash`
CVE-2016-4484 2016-11-16 16:23:52 -06:00			`DEPRIV=depriv`
Adding Admin and Shared scripts 2016-11-09 22:25:00 -06:00			`if [ ! -f /usr/local/src/SharedLibraries/Bash/header ]; then`
			`echo This script requires the SharedLibraries package.`
			`exit 1;`
			`fi`
			`source /usr/local/src/SharedLibraries/Bash/header`
			`export logfile="/var/log/silent-guardian.log"`

			`logstatement "Started $(date)"`

			`# Fix the Webserver permissions`
CVE-2016-4484 2016-11-16 16:23:52 -06:00			`if [ -f /srv/http ]; then`
			`chown -R $DEPRIV:http /srv/http/*`
Adding Admin and Shared scripts 2016-11-09 22:25:00 -06:00			`find /srv/http/* -type f -exec chmod 0640 {} \;`
			`find /srv/http/* -type d -exec chmod 0750 {} \;`
CVE-2016-4484 2016-11-16 16:23:52 -06:00			`fi;`
Adding Admin and Shared scripts 2016-11-09 22:25:00 -06:00
			`# Fix the media permissions`
CVE-2016-4484 2016-11-16 16:23:52 -06:00			`if [ -f /usr/lib/systemd/system/yggdrasil.service ]; then`
			`chown -R $DEPRIV:http /srv/yggdrasil`
			`/usr/local/bin/yggdrasil-lock`
			`fi`
Adding Admin and Shared scripts 2016-11-09 22:25:00 -06:00			`# fix the WolfPack results location`
CVE-2016-4484 2016-11-16 16:23:52 -06:00			`if [ -x /usr/local/bin/wolfpack ]; then`
			`find /srv/wolfpack -type d -exec chmod 0755 {} \;`
			`find /srv/wolfpack -type f -exec chmod 0644 {} \;`
			`fi`
Adding Admin and Shared scripts 2016-11-09 22:25:00 -06:00
			`# Seal the special directories.`
			`for i in $(ls -a /srv/yggdrasil/Digital_Library/ \| egrep '^\.[a-zA-Z0-9]+$'); do`
CVE-2016-4484 2016-11-16 16:23:52 -06:00			`chown $DEPRIV:$DEPRIV -R $i;`
Adding Admin and Shared scripts 2016-11-09 22:25:00 -06:00			`find $i -type f -exec chmod 0400 {} \;`
			`find $i -type d -exec chmod 0500 {} \;`
			`done`

			`# Guard root`
			`chmod 0700 /root`
			`chown -R root:root /root`
			`find /root -type d -exec chmod 0700 {} \;`

			`# Guard home directories`
			`chmod 0750 /home/*`

			`# Guard API's`
CVE-2016-4484 2016-11-16 16:23:52 -06:00			`if [ -f /usr/local/bin/api-keys ]; then`
			`chmod 0750 /usr/local/bin/api-keys`
			`chown root:api /usr/local/bin/api-keys`
			`fi`

			`# Guard LDAP`
			`if [ -d /etc/openldap ]; then`
			`chown ldap:ldap /var/lib/openldap/openldap-data/*`
			`fi`
Adding Admin and Shared scripts 2016-11-09 22:25:00 -06:00
			`logstatement "Ended $(date)"`
			`logstatement " "`