[Bastille-linux-discuss] Patch for bastille-firewall-reset and Bastille/Firewall.pm
This tool locks down Linux and UNIX systems.
Brought to you by:
jay
From: Javier <jf...@co...> - 2002-01-24 21:45:41
|
First off: - if you look at the patch it was diffed from version 1.2 to 1.3 so you have to read it "in reverse". - it should not be applied blindly since the Global_Config thing has been changed in 1.3, it's just for getting the idea through (if it's approved I will commit the changes to the CVS myself) Anyway. The start of this patch comes from bug 129635 in Debian's BTS (bugs.debian.org/129635), this will (hopefully) fix it. The reason is: the bastille-firewall-reset has (still) some hardcoded paths in it that make it distribution dependant: rc.d and init.d After checking the bastille sources I've seen that Firewall.pm tries to fix this doing some global replacements in the file before installing it, it does not, however, change the rc.d directories (just the init.d location) The fix (see adjointed *untested* patch, read in "reverse") - have 'bastille-firewall-reset' use two global variables: RCDIR and INITDIR, defined at the beginning of the script, in any operation. - have Firewall.pm change *both* variables to the ones defined in the Global variables. Should I fix this myself in CVS? (and BTW, which CVS directory should I be using 'working_tree' or '1.3.x'?) Is everybody ok with this patch? Regards Javier Fernandez-Sanguino Peña |