#!/bin/ksh
 
echo "=== AIX Security Hardening Script Start ==="
 
##############################
# 2. cron 파일 권한
##############################
echo "[INFO] Fixing cron permissions..."
 
chmod 750 /usr/bin/crontab
 
if [ -f /var/adm/cron/cron.allow ]; then
    chown root:security /var/adm/cron/cron.allow
    chmod 640 /var/adm/cron/cron.allow
fi
 
if [ -f /var/adm/cron/cron.deny ]; then
    chown root:security /var/adm/cron/cron.deny
    chmod 640 /var/adm/cron/cron.deny
fi
 
##############################
# 3. tftp / talk / ntalk 주석 처리
##############################
echo "[INFO] Disabling tftp/talk/ntalk..."
 
cp /etc/inetd.conf /etc/inetd.conf.bak
 
sed 's/^[[:space:]]*tftp/#tftp/' /etc/inetd.conf > /etc/inetd.conf.tmp
sed 's/^[[:space:]]*talk/#talk/' /etc/inetd.conf.tmp > /etc/inetd.conf.tmp2
sed 's/^[[:space:]]*ntalk/#ntalk/' /etc/inetd.conf.tmp2 > /etc/inetd.conf.new
 
mv /etc/inetd.conf.new /etc/inetd.conf
rm -f /etc/inetd.conf.tmp /etc/inetd.conf.tmp2
 
refresh -s inetd
 
##############################
# 4. sendmail restrictqrun 적용
##############################
echo "[INFO] Applying Sendmail restrictqrun..."
 
cp /etc/mail/sendmail.cf /etc/mail/sendmail.cf.bak
 
sed 's/^O PrivacyOptions=.*/O PrivacyOptions=authwarnings,restrictqrun/' \
    /etc/mail/sendmail.cf > /etc/mail/sendmail.cf.new
 
mv /etc/mail/sendmail.cf.new /etc/mail/sendmail.cf
 
refresh -s sendmail
 
echo "=== Security Hardening Completed Successfully ==="