Home | History | Annotate | Download | only in bsmunconv
      1 #! /bin/sh
      2 #
      3 #
      4 #
      5 # CDDL HEADER START
      6 #
      7 # The contents of this file are subject to the terms of the
      8 # Common Development and Distribution License (the "License").
      9 # You may not use this file except in compliance with the License.
     10 #
     11 # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
     12 # or http://www.opensolaris.org/os/licensing.
     13 # See the License for the specific language governing permissions
     14 # and limitations under the License.
     15 #
     16 # When distributing Covered Code, include this CDDL HEADER in each
     17 # file and include the License file at usr/src/OPENSOLARIS.LICENSE.
     18 # If applicable, add the following below this CDDL HEADER, with the
     19 # fields enclosed by brackets "[]" replaced with your own identifying
     20 # information: Portions Copyright [yyyy] [name of copyright owner]
     21 #
     22 # CDDL HEADER END
     23 #
     24 # Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
     25 # Use is subject to license terms.
     26 #
     27 # ident	"%Z%%M%	%I%	%E% SMI"
     28 #
     29 
     30 PROG=bsmunconv
     31 TEXTDOMAIN="SUNW_OST_OSCMD"
     32 export TEXTDOMAIN
     33 
     34 # Perform required permission checks, depending on value of LOCAL_ROOT
     35 # (whether we are converting the active OS or just alternative boot
     36 # environments).
     37 permission()
     38 {
     39 cd /usr/lib
     40 ZONE=`/sbin/zonename`
     41 if [ ! "$ZONE" = "global" -a "$LOCAL_ROOT" = "true" ]
     42 then
     43 	form=`gettext "%s: ERROR: you must be in the global zone to run this script."`
     44 	printf "${form}\n" $PROG
     45 	exit 1
     46 fi
     47 
     48 WHO=`id | cut -f1 -d" "`
     49 if [ ! "$WHO" = "uid=0(root)" ]
     50 then
     51 	form=`gettext "%s: ERROR: you must be super-user to run this script."`
     52 	printf "${form}\n" $PROG
     53 	exit 1
     54 fi
     55 
     56 set -- `/usr/bin/who -r`
     57 RUNLEVEL="$3"
     58 if [ "$RUNLEVEL" -ne "S" -a "$LOCAL_ROOT" = "true" ]
     59 then
     60 	form=`gettext "%s: ERROR: this script should be run at run level S."`
     61 	printf "${form}\n" $PROG
     62 	form=`gettext "Are you sure you want to continue? [y/n]"`
     63 	echo "$form \c"
     64 	read RESP
     65 	case $RESP in
     66 		`gettext "n"`*|`gettext "N"`* ) exit 1 ;;
     67 	esac
     68 fi
     69 
     70 RESP="x"
     71 while [ "$RESP" != `gettext "y"` -a "$RESP" != `gettext "n"` ]
     72 do
     73 gettext "This script is used to disable Solaris Auditing and device allocation.\n"
     74 form=`gettext "Would you like to continue now? [y/n]"`
     75 echo "$form \c"
     76 read RESP
     77 done
     78 
     79 if [ "$RESP" = `gettext "n"` ]
     80 then
     81 	form=`gettext "%s: INFO: aborted, due to user request."`
     82 	printf "${form}\n" $PROG
     83 	exit 2
     84 fi
     85 }
     86 
     87 bsmunconvert()
     88 {
     89 # Turn off device allocation. This is not currently done for alternate
     90 # boot environments.
     91 if [ -z "$ROOT" -o "$ROOT" = "/" ]
     92 then
     93 	/usr/sbin/devfsadm -d
     94 fi
     95 
     96 # disable auditd service on next boot
     97 cat >> ${ROOT}/var/svc/profile/upgrade <<SVC_UPGRADE
     98 /usr/sbin/svcadm disable system/auditd 
     99 SVC_UPGRADE
    100 
    101 # Restore default policy for removable and hotpluggable volumes
    102 rm -f ${ROOT}/etc/hal/fdi/policy/30user/90-solaris-device-allocation.fdi
    103 
    104 # Turn off auditing in the loadable module
    105 
    106 if [ -f ${ROOT}/etc/system ]
    107 then
    108 	form=`gettext "%s: INFO: removing c2audit:audit_load from %s/etc/system."`
    109 	printf "${form}\n" $PROG $ROOT
    110 	grep -v "c2audit:audit_load" ${ROOT}/etc/system > /tmp/etc.system.$$
    111 	mv /tmp/etc.system.$$ ${ROOT}/etc/system
    112 else
    113 	form=`gettext "%s: ERROR: can't find %s/etc/system."`
    114 	printf "${form}\n" $PROG $ROOT
    115 	form=`gettext "%s: ERROR: audit module may not be disabled."`
    116 	printf "${form}\n" $PROG
    117 fi
    118 
    119 # If we are currently converting the active host (${ROOT}="/") we will
    120 # need to ensure that cron is not running. cron should not be running
    121 # at run-level S, but it may have been started by hand.
    122 
    123 if [ -z "$ROOT" -o "$ROOT" = "/" ]
    124 then
    125 	/usr/bin/pgrep -u root -f /usr/sbin/cron > /dev/null
    126 	if [ $? -eq 0 ]; then
    127 		form=`gettext "%s: INFO: stopping the cron daemon."`
    128 		printf "${form}\n" $PROG
    129 
    130 		/usr/sbin/svcadm disable -t system/cron
    131 	fi
    132 fi
    133 
    134 rm -f ${ROOT}/var/spool/cron/atjobs/*.au
    135 rm -f ${ROOT}/var/spool/cron/crontabs/*.au
    136 
    137 }
    138 
    139 # main
    140 
    141 if [ $# -eq 0 ]
    142 then
    143 
    144 	# converting local root, perform all permission checks
    145 	LOCAL_ROOT=true
    146 	permission
    147 
    148 	# begin conversion
    149 	ROOT=
    150 	bsmunconvert
    151 	echo
    152 	gettext "Solaris Auditing and device allocation has been disabled.\n"
    153 	gettext "Reboot the system now to come up without these features.\n"
    154 else
    155 
    156 	# determine if local root is being converted ("/" passed on
    157 	# command line), if so, full permission check required
    158 	LOCAL_ROOT=false
    159 	for ROOT in $@
    160 	do
    161 		if [ "$ROOT" = "/" ]
    162 		then
    163 			LOCAL_ROOT=true
    164 		fi
    165 	done
    166 
    167 	# perform required permission checks (depending on value of
    168 	# LOCAL_ROOT)
    169 	permission
    170 
    171 	for ROOT in $@
    172 	do
    173 		bsmunconvert $ROOT
    174 	done
    175 
    176 	echo
    177 	gettext "Solaris Auditing and device allocation has been disabled.\n"
    178 	gettext "Reboot each system that was disabled to come up without these features.\n"
    179 fi
    180 
    181 exit 0
    182 
    183