#!/bin/bash # Create /root/do-restore.sh cat < /root/do-restore.sh #!/bin/bash # This script restores the files changed by the CISecurity # Linux Benchmark do-backup.sh script. unalias rm mv cp sed -n "31,9999p" /root/do-restore.sh | while read LINE; do FILE=\`echo \$LINE | awk '{print \$1}'\` PERMS=\`echo \$LINE | awk '{print \$2}'\` echo "Restoring \$FILE with \$PERMS permissions" [ -f \${FILE}-preCIS ] && /bin/cp -p \${FILE}-preCIS \${FILE} /bin/chmod \${PERMS} \${FILE} [ -f \${FILE}-preCIS ] && /bin/rm \${FILE}-preCIS done echo "Completed file restoration - restoring directories" for DIR in \ /etc/xinetd.d /etc/rc.d \ /var/spool/cron /etc/cron.* \ /etc/pam.d /etc/skel do if [ -d \${DIR}-preCIS ]; then echo "Restoring \${DIR}" /bin/cp -pr \${DIR}-preCIS \${DIR} /bin/rm -rf \${DIR}-preCIS fi done echo "If you installed Bastille, please run " echo "/usr/sbin/RevertBastille and examine its list of changed files." exit 0 ### END OF SCRIPT. DYNAMIC DATA FOLLOWS. ### EOF /bin/chmod 700 /root/do-restore.sh echo "Backing up individual files" for FILE in \ /etc/ssh/ssh_config /etc/ssh/sshd_config /etc/hosts.deny /etc/sysconfig/init \ /etc/hosts.allow /etc/init.d/functions /etc/sysconfig/sendmail \ /etc/inittab /etc/sysctl.conf /etc/syslog.conf /etc/ftpaccess \ /etc/vsftpd.conf /etc/vsftpd/vsftpd.conf /etc/syslog.conf /etc/fstab \ /etc/security/console.perms /etc/passwd /etc/shadow /etc/ftpusers \ /etc/vsftpd.ftpusers /etc/X11/xdm/Xservers /etc/X11/gdm/gdm.conf \ /etc/X11/xinit/xserverrc /etc/cron.deny /etc/at.deny /etc/crontab \ /etc/securetty /etc/lilo.conf /etc/grub.conf /etc/exports \ /etc/init.d/syslog /etc/profile /etc/csh.login /etc/csh.cshrc \ /etc/bashrc /root/.bash_profile /root/.bashrc /root/.cshrc \ /root/.tcshrc /etc/security/limits.conf /etc/issue /etc/motd \ /etc/issue.net /etc/X11/xdm/Xresources /etc/X11/xdm/kdmrc; do if [ -f ${FILE} ]; then # Backup file /bin/cp -p ${FILE} ${FILE}-preCIS # Add it to the do-restore script echo ${FILE} `find ${FILE} -printf "%m"` >> /root/do-restore.sh fi done echo "Completed file backups - backing up directories" for DIR in \ /etc/xinetd.d /etc/rc.d \ /var/spool/cron /etc/cron.* \ /etc/pam.d /etc/skel do echo ${DIR} [ -d ${DIR} ] && /bin/cp -pr ${DIR} ${DIR}-preCIS done echo "Recording log permissions" find /var/log -printf "%h/%f %m\n" >> /root/do-restore.sh echo "Backup complete."