diff options
| author | Colin Watson <cjwatson@debian.org> | 2005-06-17 12:44:30 +0000 |
|---|---|---|
| committer | Colin Watson <cjwatson@debian.org> | 2005-06-17 12:44:30 +0000 |
| commit | 4c2d1c67cea075107aadaa6d81fe456687c69e67 (patch) | |
| tree | 4f31813c8306491c908948bd75254912385ed651 /contrib | |
| parent | bed4bb0fe9380912ecb90e5f918bce8825ec0a38 (diff) | |
Manoj Srivastava:
- Added SELinux capability, and turned it on be default. Added
restorecon calls in preinst and postinst (should not matter if the
machine is not SELinux aware). By and large, the changes made should
have no effect unless the rules file calls --with-selinux; and even
then there should be no performance hit for machines not actively
running SELinux.
- Modified the preinst and postinst to call restorecon to set the
security context for the generated public key files.
- Added a comment to /etc/pam.d/ssh to indicate that an SELinux system
may want to also include pam_selinux.so.
Diffstat (limited to 'contrib')
| -rwxr-xr-x | contrib/redhat/sshd.init | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/contrib/redhat/sshd.init b/contrib/redhat/sshd.init index 4ee8630c3..ffa66cd52 100755 --- a/contrib/redhat/sshd.init +++ b/contrib/redhat/sshd.init | |||
| @@ -35,6 +35,9 @@ do_rsa1_keygen() { | |||
| 35 | if $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N '' >&/dev/null; then | 35 | if $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N '' >&/dev/null; then |
| 36 | chmod 600 $RSA1_KEY | 36 | chmod 600 $RSA1_KEY |
| 37 | chmod 644 $RSA1_KEY.pub | 37 | chmod 644 $RSA1_KEY.pub |
| 38 | if type restorecon >/dev/null 2>&1; then | ||
| 39 | restorecon $RSA1_KEY.pub | ||
| 40 | fi | ||
| 38 | success $"RSA1 key generation" | 41 | success $"RSA1 key generation" |
| 39 | echo | 42 | echo |
| 40 | else | 43 | else |
| @@ -51,6 +54,9 @@ do_rsa_keygen() { | |||
| 51 | if $KEYGEN -q -t rsa -f $RSA_KEY -C '' -N '' >&/dev/null; then | 54 | if $KEYGEN -q -t rsa -f $RSA_KEY -C '' -N '' >&/dev/null; then |
| 52 | chmod 600 $RSA_KEY | 55 | chmod 600 $RSA_KEY |
| 53 | chmod 644 $RSA_KEY.pub | 56 | chmod 644 $RSA_KEY.pub |
| 57 | if type restorecon >/dev/null 2>&1; then | ||
| 58 | restorecon $RSA_KEY.pub | ||
| 59 | fi | ||
| 54 | success $"RSA key generation" | 60 | success $"RSA key generation" |
| 55 | echo | 61 | echo |
| 56 | else | 62 | else |
| @@ -67,6 +73,9 @@ do_dsa_keygen() { | |||
| 67 | if $KEYGEN -q -t dsa -f $DSA_KEY -C '' -N '' >&/dev/null; then | 73 | if $KEYGEN -q -t dsa -f $DSA_KEY -C '' -N '' >&/dev/null; then |
| 68 | chmod 600 $DSA_KEY | 74 | chmod 600 $DSA_KEY |
| 69 | chmod 644 $DSA_KEY.pub | 75 | chmod 644 $DSA_KEY.pub |
| 76 | if type restorecon >/dev/null 2>&1; then | ||
| 77 | restorecon $DSA_KEY.pub | ||
| 78 | fi | ||
| 70 | success $"DSA key generation" | 79 | success $"DSA key generation" |
| 71 | echo | 80 | echo |
| 72 | else | 81 | else |