1 #! /bin/sh 2 # 3 # 4 # 5 # CDDL HEADER START 6 # 7 # The contents of this file are subject to the terms of the 8 # Common Development and Distribution License (the "License"). 9 # You may not use this file except in compliance with the License. 10 # 11 # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 12 # or http://www.opensolaris.org/os/licensing. 13 # See the License for the specific language governing permissions 14 # and limitations under the License. 15 # 16 # When distributing Covered Code, include this CDDL HEADER in each 17 # file and include the License file at usr/src/OPENSOLARIS.LICENSE. 18 # If applicable, add the following below this CDDL HEADER, with the 19 # fields enclosed by brackets "[]" replaced with your own identifying 20 # information: Portions Copyright [yyyy] [name of copyright owner] 21 # 22 # CDDL HEADER END 23 # 24 # Copyright 2008 Sun Microsystems, Inc. All rights reserved. 25 # Use is subject to license terms. 26 # 27 # ident "%Z%%M% %I% %E% SMI" 28 # 29 30 PROG=bsmunconv 31 TEXTDOMAIN="SUNW_OST_OSCMD" 32 export TEXTDOMAIN 33 34 # Perform required permission checks, depending on value of LOCAL_ROOT 35 # (whether we are converting the active OS or just alternative boot 36 # environments). 37 permission() 38 { 39 cd /usr/lib 40 ZONE=`/sbin/zonename` 41 if [ ! "$ZONE" = "global" -a "$LOCAL_ROOT" = "true" ] 42 then 43 form=`gettext "%s: ERROR: you must be in the global zone to run this script."` 44 printf "${form}\n" $PROG 45 exit 1 46 fi 47 48 WHO=`id | cut -f1 -d" "` 49 if [ ! "$WHO" = "uid=0(root)" ] 50 then 51 form=`gettext "%s: ERROR: you must be super-user to run this script."` 52 printf "${form}\n" $PROG 53 exit 1 54 fi 55 56 set -- `/usr/bin/who -r` 57 RUNLEVEL="$3" 58 if [ "$RUNLEVEL" -ne "S" -a "$LOCAL_ROOT" = "true" ] 59 then 60 form=`gettext "%s: ERROR: this script should be run at run level S."` 61 printf "${form}\n" $PROG 62 form=`gettext "Are you sure you want to continue? [y/n]"` 63 echo "$form \c" 64 read RESP 65 case $RESP in 66 `gettext "n"`*|`gettext "N"`* ) exit 1 ;; 67 esac 68 fi 69 70 RESP="x" 71 while [ "$RESP" != `gettext "y"` -a "$RESP" != `gettext "n"` ] 72 do 73 gettext "This script is used to disable Solaris Auditing and device allocation.\n" 74 form=`gettext "Would you like to continue now? [y/n]"` 75 echo "$form \c" 76 read RESP 77 done 78 79 if [ "$RESP" = `gettext "n"` ] 80 then 81 form=`gettext "%s: INFO: aborted, due to user request."` 82 printf "${form}\n" $PROG 83 exit 2 84 fi 85 } 86 87 bsmunconvert() 88 { 89 # Turn off device allocation. This is not currently done for alternate 90 # boot environments. 91 if [ -z "$ROOT" -o "$ROOT" = "/" ] 92 then 93 /usr/sbin/devfsadm -d 94 fi 95 96 # disable auditd service on next boot 97 cat >> ${ROOT}/var/svc/profile/upgrade <<SVC_UPGRADE 98 /usr/sbin/svcadm disable system/auditd 99 SVC_UPGRADE 100 101 # Restore default policy for removable and hotpluggable volumes 102 rm -f ${ROOT}/etc/hal/fdi/policy/30user/90-solaris-device-allocation.fdi 103 104 # Turn off auditing in the loadable module 105 106 if [ -f ${ROOT}/etc/system ] 107 then 108 form=`gettext "%s: INFO: removing c2audit:audit_load from %s/etc/system."` 109 printf "${form}\n" $PROG $ROOT 110 grep -v "c2audit:audit_load" ${ROOT}/etc/system > /tmp/etc.system.$$ 111 mv /tmp/etc.system.$$ ${ROOT}/etc/system 112 else 113 form=`gettext "%s: ERROR: can't find %s/etc/system."` 114 printf "${form}\n" $PROG $ROOT 115 form=`gettext "%s: ERROR: audit module may not be disabled."` 116 printf "${form}\n" $PROG 117 fi 118 119 # If we are currently converting the active host (${ROOT}="/") we will 120 # need to ensure that cron is not running. cron should not be running 121 # at run-level S, but it may have been started by hand. 122 123 if [ -z "$ROOT" -o "$ROOT" = "/" ] 124 then 125 /usr/bin/pgrep -u root -f /usr/sbin/cron > /dev/null 126 if [ $? -eq 0 ]; then 127 form=`gettext "%s: INFO: stopping the cron daemon."` 128 printf "${form}\n" $PROG 129 130 /usr/sbin/svcadm disable -t system/cron 131 fi 132 fi 133 134 rm -f ${ROOT}/var/spool/cron/atjobs/*.au 135 rm -f ${ROOT}/var/spool/cron/crontabs/*.au 136 137 } 138 139 # main 140 141 if [ $# -eq 0 ] 142 then 143 144 # converting local root, perform all permission checks 145 LOCAL_ROOT=true 146 permission 147 148 # begin conversion 149 ROOT= 150 bsmunconvert 151 echo 152 gettext "Solaris Auditing and device allocation has been disabled.\n" 153 gettext "Reboot the system now to come up without these features.\n" 154 else 155 156 # determine if local root is being converted ("/" passed on 157 # command line), if so, full permission check required 158 LOCAL_ROOT=false 159 for ROOT in $@ 160 do 161 if [ "$ROOT" = "/" ] 162 then 163 LOCAL_ROOT=true 164 fi 165 done 166 167 # perform required permission checks (depending on value of 168 # LOCAL_ROOT) 169 permission 170 171 for ROOT in $@ 172 do 173 bsmunconvert $ROOT 174 done 175 176 echo 177 gettext "Solaris Auditing and device allocation has been disabled.\n" 178 gettext "Reboot each system that was disabled to come up without these features.\n" 179 fi 180 181 exit 0 182 183
Terms of Use |
Privacy |
Trademarks |
Copyright Policy |
Site Guidelines |
Help
Your use of this web site or any of its content or software indicates your agreement to be bound by these Terms of Use.
Copyright © 1995-2008 Sun Microsystems, Inc.