#!/usr/bin/ksh # IBM_PROLOG_BEGIN_TAG # This is an automatically generated prolog. # # bos72L src/bos/usr/sbin/C2admin/rmC2admin.sh 1.8.1.1 # # Licensed Materials - Property of IBM # # Restricted Materials of IBM # # COPYRIGHT International Business Machines Corp. 1998,2018 # All Rights Reserved # # US Government Users Restricted Rights - Use, duplication or # disclosure restricted by GSA ADP Schedule Contract with IBM Corp. # # IBM_PROLOG_END_TAG # @(#)81 1.8.1.1 src/bos/usr/sbin/C2admin/rmC2admin.sh, cmdsadm, bos72L, l2018_12A5 3/19/18 07:18:16 # # rmC2admin # # Remove the configuration files for a C2 system host # # Usage: # rmC2admin [ -m ] # umask 027 unset PATH export PATH=/usr/bin:/etc:/usr/sbin:/sbin:/usr/ucb # ignore signals to prevent inconsistent state trap "" INT HUP TERM QUIT EXIT ### # This array exists in mkC2admin and rmC2admin. # It should be changed in both places. # # /etc/security/audit/objects MUST be the first entry. ### #opt? orig file targ file owner group mode TCB fileset? set -A SHARED \ 0 "/etc/security/audit/objects" "objects" "root" "audit" 0640 "" \ 0 "/etc/security/.ids" ".ids" "root" "security" 0600 "" \ 0 "/etc/security/environ" "environ" "root" "security" 0640 "" \ 0 "/etc/group" "etc.group" "root" "security" 0644 bos.rte.security \ 0 "/etc/passwd" "etc.passwd" "root" "security" 0644 bos.rte.security \ 0 "/etc/security/group" "group" "root" "security" 0640 bos.rte.security \ 0 "/etc/hosts" "hosts" "root" "system" 0644 "" \ 0 "/etc/security/limits" "limits" "root" "security" 0640 "" \ 0 "/etc/security/passwd" "passwd" "root" "security" 0600 bos.rte.security \ 0 "/etc/security/user" "user" "root" "security" 0640 bos.rte.security \ 0 "/etc/security/services" "services" "root" "security" 0640 "" \ 0 "/etc/security/priv" "priv" "root" "security" 0640 "" \ 0 "/etc/security/acl" "acl" "root" "security" 0640 "" \ 0 "/etc/security/audit/bincmds" "bincmds" "root" "audit" 0640 "" \ 0 "/etc/security/audit/config" "config" "root" "audit" 0640 "" \ 0 "/etc/security/audit/events" "events" "root" "audit" 0640 "" \ 0 "/etc/security/audit/streamcmds" "streamcmds" "root" "audit" 0640 "" \ 1 "/etc/security/.profile" ".profile" "root" "security" 0660 "" function find_opt_file { # Usage: # find_opt_file file # returns 0 if file is shared # returns 1 otherwise. [[ -z $1 ]] && return 1 awk -F\| -vfile=$1 ' BEGIN{rc=1} /^#/ {next} $2 == file { if (match($1, /^[ ]*[yY][ ]*$/)) rc=0 exit } END{exit rc}' /etc/security/files.config 2>/dev/null return $? } function rm_shared_files { typeset -i i=0; typeset opt orig targ owner group mode tcb while [[ $i -lt ${#SHARED[*]} ]] ; do opt=${SHARED[$i]} ; i=$i+1 orig=${SHARED[$i]} ; i=$i+1 targ=${SHARED[$i]} ; i=$i+1 owner=${SHARED[$i]} ; i=$i+1 group=${SHARED[$i]} ; i=$i+1 mode=${SHARED[$i]} ; i=$i+1 tcb=${SHARED[$i]} ; i=$i+1 [[ $opt -eq 1 ]] && { find_opt_file $orig || continue } [[ -L $orig ]] && { rm -f $orig || return 1 ex - /etc/security/audit/objects </dev/null case $? in 0): # check if currently in C2 mode [[ ! -d /etc/data.shared ]] && { dspmsg C2.cat 3 "%s: This system was not configured to operate in C2 mode.\n" ${0##*/} >&2 exit 1 } ;; 1): # C2 installed but not initialized dspmsg C2.cat 3 "%s: This system was not configured to operate in C2 mode.\n" ${0##*/} >&2 exit 1 ;; 2): # C2 not installed dspmsg C2.cat 2 "%s: This system was not installed using the C2 option.\n" ${0##*/} >&2 exit 1 ;; *): dspmsg C2.cat 10 "%s: An error occurred removing the C2 distributed system information.\n" ${0##*/} >&2 exit 2 ;; esac while getopts a:m var do case $var in m) mflg=1;; *) dspmsg C2.cat 9 "Usage: rmC2admin [ -m ]\n" >&2 exit 4 ;; esac done shift $(( $OPTIND - 1 )) [[ $mflg -eq 1 ]] && { # "loopback" is hard-coded in mkC2admin if ! fgrep -q "loopback" /etc/security/admin_host 2>/dev/null then dspmsg C2.cat 16 "%s: This machine was not configured as a C2 administrative host.\n" ${0##*/} >&2 exit 3 fi } [[ $PWD = /etc/data.shared ]] && { dspmsg C2.cat 15 "%s: Cannot unmount %s. Ensure that it is not your current directory.\n" ${0##*/} /etc/data.shared >&2 exit 2 } dspmsg C2.cat 14 "%s: The system may be left in an inconsistent state if this script is interrupted.\n" ${0##*/} rm -f /etc/security/admin_host rm_shared_files || { dspmsg C2.cat 10 "%s: An error occurred removing the C2 distributed system information.\n" ${0##*/} >&2 exit 2 } restore_sysck_cfg || { dspmsg C2.cat 10 "%s: An error occurred removing the C2 distributed system information.\n" ${0##*/} >&2 exit 2 } umount -f /etc/data.shared >/dev/null rmfs -r /etc/data.shared >/dev/null rm -rf /etc/data.shared >/dev/null [[ $mflg -eq 1 ]] && { # remove /etc/data.master filesystem # and the hd10sec logical volume. exportfs -uv /etc/data.master >/dev/null umount -f /etc/data.master >/dev/null rmnfsexp -d /etc/data.master -B >/dev/null rmfs -r /etc/data.master >/dev/null } # remove entries from /etc/inittab rmitab isC2host >/dev/null && rmitab rcC2 >/dev/null && rmitab rcdacinet >/dev/null [[ $? -ne 0 ]] && { dspmsg C2.cat 10 "%s: An error occurred removing the C2 distributed system information.\n" ${0##*/} >&2 exit 2 } dspmsg -s 1 C2.cat 11 "%s: The system must be rebooted for this change to take effect.\n" ${0##*/} exit 0