0
|
1 |
#! /bin/sh
|
|
2 |
#
|
|
3 |
# CDDL HEADER START
|
|
4 |
#
|
|
5 |
# The contents of this file are subject to the terms of the
|
|
6 |
# Common Development and Distribution License, Version 1.0 only
|
|
7 |
# (the "License"). You may not use this file except in compliance
|
|
8 |
# with the License.
|
|
9 |
#
|
|
10 |
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
|
|
11 |
# or http://www.opensolaris.org/os/licensing.
|
|
12 |
# See the License for the specific language governing permissions
|
|
13 |
# and limitations under the License.
|
|
14 |
#
|
|
15 |
# When distributing Covered Code, include this CDDL HEADER in each
|
|
16 |
# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
|
|
17 |
# If applicable, add the following below this CDDL HEADER, with the
|
|
18 |
# fields enclosed by brackets "[]" replaced with your own identifying
|
|
19 |
# information: Portions Copyright [yyyy] [name of copyright owner]
|
|
20 |
#
|
|
21 |
# CDDL HEADER END
|
|
22 |
#
|
|
23 |
#
|
|
24 |
# Copyright 2005 Sun Microsystems, Inc. All rights reserved.
|
|
25 |
# Use is subject to license terms.
|
|
26 |
#
|
|
27 |
# ident "%Z%%M% %I% %E% SMI"
|
|
28 |
#
|
|
29 |
|
|
30 |
PROG=bsmunconv
|
|
31 |
TEXTDOMAIN="SUNW_OST_OSCMD"
|
|
32 |
export TEXTDOMAIN
|
|
33 |
|
|
34 |
permission()
|
|
35 |
{
|
|
36 |
cd /usr/lib
|
|
37 |
ZONE=`/sbin/zonename`
|
|
38 |
if [ ! "$ZONE" = "global" ]
|
|
39 |
then
|
|
40 |
form=`gettext "%s: ERROR: you must be in the global zone to run this script."`
|
|
41 |
printf "${form}\n" $PROG
|
|
42 |
exit 1
|
|
43 |
fi
|
|
44 |
|
|
45 |
WHO=`id | cut -f1 -d" "`
|
|
46 |
if [ ! "$WHO" = "uid=0(root)" ]
|
|
47 |
then
|
|
48 |
form=`gettext "%s: ERROR: you must be super-user to run this script."`
|
|
49 |
printf "${form}\n" $PROG
|
|
50 |
exit 1
|
|
51 |
fi
|
|
52 |
|
|
53 |
set -- `/usr/bin/who -r`
|
|
54 |
RUNLEVEL="$3"
|
|
55 |
if [ "$RUNLEVEL" -ne "S" ]
|
|
56 |
then
|
|
57 |
form=`gettext "%s: ERROR: this script should be run at run level S."`
|
|
58 |
printf "${form}\n" $PROG
|
|
59 |
form=`gettext "Are you sure you want to continue? [y/n]"`
|
|
60 |
echo "$form \c"
|
|
61 |
read RESP
|
|
62 |
case $RESP in
|
|
63 |
`gettext "n"`*|`gettext "N"`* ) exit 1 ;;
|
|
64 |
esac
|
|
65 |
fi
|
|
66 |
|
|
67 |
RESP="x"
|
|
68 |
while [ "$RESP" != `gettext "y"` -a "$RESP" != `gettext "n"` ]
|
|
69 |
do
|
|
70 |
gettext "This script is used to disable the Basic Security Module (BSM).\n"
|
|
71 |
form=`gettext "Shall we continue the reversion to a non-BSM system now? [y/n]"`
|
|
72 |
echo "$form \c"
|
|
73 |
read RESP
|
|
74 |
done
|
|
75 |
|
|
76 |
if [ "$RESP" = `gettext "n"` ]
|
|
77 |
then
|
|
78 |
form=`gettext "%s: INFO: aborted, due to user request."`
|
|
79 |
printf "${form}\n" $PROG
|
|
80 |
exit 2
|
|
81 |
fi
|
|
82 |
}
|
|
83 |
|
|
84 |
bsmunconvert()
|
|
85 |
{
|
|
86 |
|
|
87 |
# deallocate user allocatable devices and turn off device allocation
|
|
88 |
/usr/sbin/deallocate -Is
|
|
89 |
/usr/sbin/devfsadm -d
|
|
90 |
|
196
|
91 |
# disable auditd service
|
|
92 |
/usr/sbin/svcadm disable system/auditd
|
0
|
93 |
|
196
|
94 |
# restore volume manager startup on next boot using the
|
|
95 |
# previous state saved by bsmconv.sh
|
|
96 |
state="enable"
|
|
97 |
if [ -f ${ROOT}/etc/security/spool/vold.state ]; then
|
|
98 |
prev_state=`cat ${ROOT}/etc/security/spool/vold.state`
|
|
99 |
if [ ${prev_state} != "online" ]; then
|
|
100 |
state="disable"
|
0
|
101 |
fi
|
|
102 |
fi
|
196
|
103 |
touch ${ROOT}/var/svc/profile/upgrade
|
|
104 |
cat >> ${ROOT}/var/svc/profile/upgrade <<SVC_UPGRADE
|
|
105 |
svcadm ${state} svc:/system/filesystem/volfs:default
|
|
106 |
SVC_UPGRADE
|
0
|
107 |
|
|
108 |
# Turn off auditing in the loadable module
|
|
109 |
|
|
110 |
if [ -f ${ROOT}/etc/system ]
|
|
111 |
then
|
|
112 |
form=`gettext "%s: INFO: removing c2audit:audit_load from %s/etc/system."`
|
|
113 |
printf "${form}\n" $PROG $ROOT
|
|
114 |
grep -v "c2audit:audit_load" ${ROOT}/etc/system > /tmp/etc.system.$$
|
|
115 |
mv /tmp/etc.system.$$ ${ROOT}/etc/system
|
|
116 |
else
|
|
117 |
form=`gettext "%s: ERROR: can't find %s/etc/system."`
|
|
118 |
printf "${form}\n" $PROG $ROOT
|
|
119 |
form=`gettext "%s: ERROR: audit module may not be disabled."`
|
|
120 |
printf "${form}\n" $PROG
|
|
121 |
fi
|
|
122 |
|
|
123 |
# Even though cron should not be running at run-level 1, it may have
|
|
124 |
# been started by hand.
|
|
125 |
|
|
126 |
/usr/bin/pgrep -u root -f /usr/sbin/cron > /dev/null
|
|
127 |
if [ $? -eq 0 ]; then
|
|
128 |
form=`gettext "%s: INFO: stopping the cron daemon."`
|
|
129 |
printf "${form}\n" $PROG
|
|
130 |
|
|
131 |
/usr/sbin/svcadm disable -t system/cron
|
|
132 |
fi
|
|
133 |
|
|
134 |
rm -f /var/spool/cron/atjobs/*.au
|
|
135 |
rm -f /var/spool/cron/crontabs/*.au
|
|
136 |
|
|
137 |
}
|
|
138 |
|
|
139 |
# main
|
|
140 |
|
|
141 |
permission
|
|
142 |
|
|
143 |
if [ $# -eq 0 ]
|
|
144 |
then
|
|
145 |
ROOT=
|
|
146 |
bsmunconvert
|
|
147 |
echo
|
|
148 |
gettext "The Basic Security Module has been disabled.\n"
|
|
149 |
gettext "Reboot this system now to come up without BSM.\n"
|
|
150 |
else
|
|
151 |
for ROOT in $@
|
|
152 |
do
|
|
153 |
bsmunconvert $ROOT
|
|
154 |
done
|
|
155 |
echo
|
|
156 |
gettext "The Basic Security Module has been disabled.\n"
|
|
157 |
gettext "Reboot each system that was disabled to come up without BSM.\n"
|
|
158 |
fi
|
|
159 |
|
|
160 |
exit 0
|
|
161 |
|