Package: bastille
Version: 1:2.1.1-11
Followup-For: Bug #312182
i'm including the patch for the above bug about grub configuration file.
However, as i see the BootSecurity module does not work beyond this bug.
The patch replaces GLOBAL variable for configuration file for debian as
menu.lst and changes its path to its original location as /boot/grub/menu.lst
in several files. But being correctly working in InteractiveBastille it does
not edit it and set a grub password. The temporary file /root/GRUB-PASSWORD
cannot be created and an md5ed password could not be obtained. Thus grub
configuration still does not work.
I'm not sure if we open an other bug report for this insidence or continue from
here.
Well, patch is attached.
-- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.11-1-686
Locale: LANG=tr_TR, LC_CTYPE=tr_TR (charmap=ISO-8859-9)
Versions of packages bastille depends on:
ii libcurses-perl 1.08b-1 Curses interface for Perl
ii perl [perl5] 5.8.4-8 Larry Wall's Practical Extraction
-- no debconf information
diff -ruN bastille-2.1.1/Bastille/API.pm bastille-2.1.1.new/Bastille/API.pm
--- bastille-2.1.1/Bastille/API.pm 2005-06-06 10:17:29.000000000 +0300
+++ bastille-2.1.1.new/Bastille/API.pm 2005-06-06 09:47:06.000000000 +0300
@@ -771,7 +771,7 @@
$GLOBAL_FILE{"inittab"}="/etc/inittab";
$GLOBAL_FILE{"lilo.conf"}="/etc/lilo.conf";
- $GLOBAL_FILE{"grub.conf"}="/boot/grub/grub.conf";
+ $GLOBAL_FILE{"menu.lst"}="/boot/grub/menu.lst";
$GLOBAL_FILE{"limits.conf"}="/etc/security/limits.conf";
$GLOBAL_FILE{"mtab"}="/etc/mtab";
$GLOBAL_FILE{"pam_access.conf"}="/etc/security/access.conf";
diff -ruN bastille-2.1.1/Bastille/BootSecurity.pm
bastille-2.1.1.new/Bastille/BootSecurity.pm
--- bastille-2.1.1/Bastille/BootSecurity.pm 2005-06-06 10:18:10.000000000
+0300
+++ bastille-2.1.1.new/Bastille/BootSecurity.pm 2005-06-06 09:47:16.000000000
+0300
@@ -192,12 +192,12 @@
# If they want to modify the hard disk's grub file, make sure it exists.
# if (&getGlobalConfig("BootSecurity","lilosub_drive") eq "Y") {
- if ( -e &getGlobal('FILE', "grub.conf") ) {
- push @grub_config_files,&getGlobal('FILE', "grub.conf");
+ if ( -e &getGlobal('FILE', "menu.lst") ) {
+ push @grub_config_files,&getGlobal('FILE', "menu.lst");
}
else {
- &ErrorLog("Couldn't modify hard drive's grub.conf -- couldn't");
- &ErrorLog("find " . &getGlobal('FILE', "grub.conf") . "\n");
+ &ErrorLog("Couldn't modify hard drive's menu.lst -- couldn't");
+ &ErrorLog("find " . &getGlobal('FILE', "menu.lst") . "\n");
}
# }
diff -ruN bastille-2.1.1/debian/tmp/usr/lib/Bastille/API.pm
bastille-2.1.1.new/debian/tmp/usr/lib/Bastille/API.pm
--- bastille-2.1.1/debian/tmp/usr/lib/Bastille/API.pm 2005-06-06
10:23:45.000000000 +0300
+++ bastille-2.1.1.new/debian/tmp/usr/lib/Bastille/API.pm 2005-06-06
10:08:18.000000000 +0300
@@ -771,7 +771,7 @@
$GLOBAL_FILE{"inittab"}="/etc/inittab";
$GLOBAL_FILE{"lilo.conf"}="/etc/lilo.conf";
- $GLOBAL_FILE{"grub.conf"}="/boot/grub/grub.conf";
+ $GLOBAL_FILE{"menu.lst"}="/boot/grub/menu.lst";
$GLOBAL_FILE{"limits.conf"}="/etc/security/limits.conf";
$GLOBAL_FILE{"mtab"}="/etc/mtab";
$GLOBAL_FILE{"pam_access.conf"}="/etc/security/access.conf";
diff -ruN bastille-2.1.1/debian/tmp/usr/lib/Bastille/BootSecurity.pm
bastille-2.1.1.new/debian/tmp/usr/lib/Bastille/BootSecurity.pm
--- bastille-2.1.1/debian/tmp/usr/lib/Bastille/BootSecurity.pm 2005-06-06
10:23:54.000000000 +0300
+++ bastille-2.1.1.new/debian/tmp/usr/lib/Bastille/BootSecurity.pm
2005-06-06 10:08:18.000000000 +0300
@@ -192,12 +192,12 @@
# If they want to modify the hard disk's grub file, make sure it exists.
# if (&getGlobalConfig("BootSecurity","lilosub_drive") eq "Y") {
- if ( -e &getGlobal('FILE', "grub.conf") ) {
- push @grub_config_files,&getGlobal('FILE', "grub.conf");
+ if ( -e &getGlobal('FILE', "menu.lst") ) {
+ push @grub_config_files,&getGlobal('FILE', "menu.lst");
}
else {
- &ErrorLog("Couldn't modify hard drive's grub.conf -- couldn't");
- &ErrorLog("find " . &getGlobal('FILE', "grub.conf") . "\n");
+ &ErrorLog("Couldn't modify hard drive's menu.lst -- couldn't");
+ &ErrorLog("find " . &getGlobal('FILE', "menu.lst") . "\n");
}
# }
diff -ruN bastille-2.1.1/debian/tmp/usr/share/Bastille/Questions.txt
bastille-2.1.1.new/debian/tmp/usr/share/Bastille/Questions.txt
--- bastille-2.1.1/debian/tmp/usr/share/Bastille/Questions.txt 2005-06-06
10:23:27.000000000 +0300
+++ bastille-2.1.1.new/debian/tmp/usr/share/Bastille/Questions.txt
2005-06-06 10:08:17.000000000 +0300
@@ -1341,7 +1341,7 @@
servers which are not locked away in their own room."
QUESTION: "Would you like to password-protect the GRUB prompt? [N]"
REQUIRE_DISTRO: LINUX SE TB
-REQUIRE_FILE_EXISTS: grub.conf
+REQUIRE_FILE_EXISTS: menu.lst
DEFAULT_ANSWER: N
YN_TOGGLE: 1
REG_EXP: "^Y$|^N$"
@@ -1360,7 +1360,7 @@
GRUB password will be stored unencrypted on the machine."
QUESTION: "Enter GRUB password, please. []"
REQUIRE_DISTRO: LINUX SE TB
-REQUIRE_FILE_EXISTS: grub.conf
+REQUIRE_FILE_EXISTS: menu.lst
DEFAULT_ANSWER:
YN_TOGGLE: 0
YES_CHILD: protectlilo
diff -ruN bastille-2.1.1/Questions.txt bastille-2.1.1.new/Questions.txt
--- bastille-2.1.1/Questions.txt 2005-06-06 10:16:40.000000000 +0300
+++ bastille-2.1.1.new/Questions.txt 2005-06-06 10:04:48.000000000 +0300
@@ -1341,7 +1341,7 @@
servers which are not locked away in their own room."
QUESTION: "Would you like to password-protect the GRUB prompt? [N]"
REQUIRE_DISTRO: LINUX SE TB
-REQUIRE_FILE_EXISTS: grub.conf
+REQUIRE_FILE_EXISTS: menu.lst
DEFAULT_ANSWER: N
YN_TOGGLE: 1
REG_EXP: "^Y$|^N$"
@@ -1360,7 +1360,7 @@
GRUB password will be stored unencrypted on the machine."
QUESTION: "Enter GRUB password, please. []"
REQUIRE_DISTRO: LINUX SE TB
-REQUIRE_FILE_EXISTS: grub.conf
+REQUIRE_FILE_EXISTS: menu.lst
DEFAULT_ANSWER:
YN_TOGGLE: 0
YES_CHILD: protectlilo
