#!/usr/bin/ksh # IBM_PROLOG_BEGIN_TAG # This is an automatically generated prolog. # # bos72L src/bos/usr/sbin/C2admin/rmCCadmin.sh 1.2.1.1 # # Licensed Materials - Property of IBM # # Restricted Materials of IBM # # COPYRIGHT International Business Machines Corp. 2002,2018 # All Rights Reserved # # US Government Users Restricted Rights - Use, duplication or # disclosure restricted by GSA ADP Schedule Contract with IBM Corp. # # IBM_PROLOG_END_TAG # @(#)96 1.2.1.1 src/bos/usr/sbin/C2admin/rmCCadmin.sh, cmdsadm, bos72L, l2018_12A5 3/19/18 07:20:40 # # rmCCadmin # # Remove the configuration files for a CC system host # # Usage: # rmCCadmin [ -m ] # umask 027 unset PATH export PATH=/usr/bin:/etc:/usr/sbin:/sbin:/usr/ucb # ignore signals to prevent inconsistent state trap "" INT HUP TERM QUIT EXIT ### # This array exists in mkCCadmin and rmCCadmin. # It should be changed in both places. # # /etc/security/audit/objects MUST be the first entry. ### #opt? orig file targ file owner group mode TCB fileset? set -A SHARED \ 0 "/etc/security/audit/objects" "objects" "root" "audit" 0640 "" \ 0 "/etc/security/.ids" ".ids" "root" "security" 0600 "" \ 0 "/etc/security/environ" "environ" "root" "security" 0640 "" \ 0 "/etc/group" "etc.group" "root" "security" 0644 bos.rte.security \ 0 "/etc/passwd" "etc.passwd" "root" "security" 0644 bos.rte.security \ 0 "/etc/security/group" "group" "root" "security" 0640 bos.rte.security \ 0 "/etc/hosts" "hosts" "root" "system" 0644 "" \ 0 "/etc/security/limits" "limits" "root" "security" 0640 "" \ 0 "/etc/security/passwd" "passwd" "root" "security" 0600 bos.rte.security \ 0 "/etc/security/user" "user" "root" "security" 0640 bos.rte.security \ 0 "/etc/security/services" "services" "root" "security" 0640 "" \ 0 "/etc/security/priv" "priv" "root" "security" 0640 "" \ 0 "/etc/security/acl" "acl" "root" "security" 0640 "" \ 0 "/etc/security/audit/bincmds" "bincmds" "root" "audit" 0640 "" \ 0 "/etc/security/audit/config" "config" "root" "audit" 0640 "" \ 0 "/etc/security/audit/events" "events" "root" "audit" 0640 "" \ 0 "/etc/security/audit/streamcmds" "streamcmds" "root" "audit" 0640 "" \ 1 "/etc/security/.profile" ".profile" "root" "security" 0660 "" function find_opt_file { # Usage: # find_opt_file file # returns 0 if file is shared # returns 1 otherwise. [[ -z $1 ]] && return 1 awk -F\| -vfile=$1 ' BEGIN{rc=1} /^#/ {next} $2 == file { if (match($1, /^[ ]*[yY][ ]*$/)) rc=0 exit } END{exit rc}' /etc/security/files.config 2>/dev/null return $? } function rm_shared_files { typeset -i i=0; typeset opt orig targ owner group mode tcb while [[ $i -lt ${#SHARED[*]} ]] ; do opt=${SHARED[$i]} ; i=$i+1 orig=${SHARED[$i]} ; i=$i+1 targ=${SHARED[$i]} ; i=$i+1 owner=${SHARED[$i]} ; i=$i+1 group=${SHARED[$i]} ; i=$i+1 mode=${SHARED[$i]} ; i=$i+1 tcb=${SHARED[$i]} ; i=$i+1 [[ $opt -eq 1 ]] && { find_opt_file $orig || continue } [[ -L $orig ]] && { rm -f $orig || return 1 ex - /etc/security/audit/objects </dev/null case $? in 0): # check if currently in CC mode [[ ! -d /etc/data.shared ]] && { dspmsg CC.cat 3 "%s: This system was not configured to operate in CC mode.\n" ${0##*/} >&2 exit 1 } ;; 1): # CC installed but not initialized dspmsg CC.cat 3 "%s: This system was not configured to operate in CC mode.\n" ${0##*/} >&2 exit 1 ;; 2): # CC not installed dspmsg CC.cat 2 "%s: This system was not installed using the CC option.\n" ${0##*/} >&2 exit 2 ;; *): dspmsg CC.cat 10 "%s: An error occurred removing the CC distributed system information.\n" ${0##*/} >&2 exit 3 ;; esac while getopts a:m var do case $var in m) mflg=1;; *) dspmsg CC.cat 9 "Usage: rmCCadmin [ -m ]\n" >&2 exit 4 ;; esac done shift $(( $OPTIND - 1 )) [[ $mflg -eq 1 ]] && { # "loopback" is hard-coded in mkCCadmin if ! fgrep -q "loopback" /etc/security/admin_host 2>/dev/null then dspmsg CC.cat 16 "%s: This machine was not configured as a CC administrative host.\n" ${0##*/} >&2 exit 3 fi } [[ $PWD = /etc/data.shared ]] && { dspmsg CC.cat 15 "%s: Cannot unmount %s. Ensure that it is not your current directory.\n" ${0##*/} /etc/data.shared >&2 exit 3 } dspmsg CC.cat 14 "%s: The system may be left in an inconsistent state if this script is interrupted.\n" ${0##*/} rm -f /etc/security/admin_host rm_shared_files || { dspmsg CC.cat 10 "%s: An error occurred removing the CC distributed system information.\n" ${0##*/} >&2 exit 3 } restore_sysck_cfg || { dspmsg CC.cat 10 "%s: An error occurred removing the CC distributed system information.\n" ${0##*/} >&2 exit 3 } umount -f /etc/data.shared >/dev/null rmfs -r /etc/data.shared >/dev/null rm -rf /etc/data.shared >/dev/null [[ $mflg -eq 1 ]] && { # remove /etc/data.master filesystem # and the hd10sec logical volume. exportfs -uv /etc/data.master >/dev/null umount -f /etc/data.master >/dev/null rmnfsexp -d /etc/data.master -B >/dev/null rmfs -r /etc/data.master >/dev/null } # remove entries from /etc/inittab rmitab isCChost >/dev/null && rmitab rcCC >/dev/null && rmitab rcdacinet >/dev/null [[ $? -ne 0 ]] && { dspmsg CC.cat 10 "%s: An error occurred removing the CC distributed system information.\n" ${0##*/} >&2 exit 3 } dspmsg -s 1 CC.cat 11 "%s: The system must be rebooted for this change to take effect.\n" ${0##*/} exit 0