KR20010070729A

KR20010070729A - Secure cop

Info

Publication number: KR20010070729A
Application number: KR1020010030952A
Authority: KR
Inventors: 정대근
Original assignee: 유진영; (주)한울시스템
Priority date: 2001-06-02
Filing date: 2001-06-02
Publication date: 2001-07-27

Abstract

PURPOSE: A secure cop is provided to enable a general user to set a supervision of an automated intellectual system in a specific field of security. CONSTITUTION: The Secure Cop program is currently modularized with a C language which is a configuration language of Linux. In addition, the Secure Cop program is formed of binary files compiled. The Secure Cop program is composed of one binary file. Also, a source composed of the program is composed of one file. The program intellectually performs a system security setting and configuration without the intervention of a user. The program internally checks and changes the weakness of the system. Therefore, the performance of security for the integrated system is increased.

Description

Secure cop {secure cop}

자동 보안세팅 분야,미비한 수준의 보안세팅 디지탈 처리제품은In the field of automatic security setting, the digital processing products of the low level security setting

많이 있으나 보안에 대한 전문적인 시스템 검색과 더블어 보안세팅을There are many but specialized system search and security settings for security.

유저의 개입없이 해주는 제품은 없음.There is no product without user intervention.

지동화된 지능형 시스템 보안 세팅을 하고 일반사용자들이Automated intelligent system security settings and end users

접근할수 없는 보안이라는 특수한 분야에서 사용자의 편리성을User convenience in a special field of inaccessible security

돕는것을 그 목적으로 한다.Its purpose is to help.

사용자의 개입 없이 지능적으로 시스템 보안세팅 및 구성을 하고Intelligent system security settings and configuration without user intervention

내부적으로 자체 시스템을 보안의 취약성을 점검하여 변경시킴으로서By internally checking and changing security systems for vulnerabilities

통합적인 시스템의 보안 성능을 높이는 신 아이디어 제품이다.It is a new idea product that increases the security of integrated systems.

1.Secure Cop 의 구성원리1.Membership of Secure Cop

◎현재 Secure Cop 프로그램은 리눅스의 구성 랭귀지인 C 언어로 모듈화 되어Currently, Secure Cop program is modularized in C language which is Linux's composition language.

있으며 프로그램은 컴파일 된 바이너리 파일로 만들어져 있습니다.And the program is made of compiled binary files.

3.Secure Cop 분석3.Secure Cop Analysis

◎ 본 프로그램은 하나의 바이너리 파일로 이루어져 있으며◎ This program consists of one binary file

프로그램을 이루는 소스 또한 하나의 단일파일로 구성되어 있습니다.The source of the program also consists of a single file.

이 소스의 내용을 보면 다음과 같은 작업들을 하게 되어 있습니다.Looking at the contents of this source, you will be able to:

소스코드Source code

/*/ *

* 보안 퍼미션 적용 익스플로잇* Exploit Security Permissions

**

* <작업내용>* <Work details>

* 1.suid file 체크* 1.suid file check

* 2.sgid file 체크* 2.sgid file check

* 3.suid file 의 suid bit 제거* 3.Remove suid bit of suid file

* 4.sgid file 의 sgid bit 제거4. Remove the sgid bit of the sgid file

* 5./bin/su 의 permission 처리와 그룹권한 수정* 5. / bin / su permission processing and group permission modification

* 6./etc/group 파일에 임의의 계정 wheel 로 추가6. Add any account wheel to / etc / group file

* 7./etc/pam.d/su 의 내용 추가* 7. Added contents of /etc/pam.d/su

* 8.daemon setting (/bin/bash)8.daemon setting (/ bin / bash)

* 9.log file security9.log file security

* 10.named.conf 파일을 수정하여 DNS 에 대한 보안수준 높이기* Modify the 10.named.conf file to increase the security level for DNS

* 11./etc/sysctl.conf 파일 수정하여 ping 에 대해 응답 안하기 설정* 11. Stop responding to ping by modifying /etc/sysctl.conf file

* 12.추가적으로 중요한 파일들에 chattr 적용 (/bin/bash)12. Apply chattr to additional important files (/ bin / bash)

* 13.마무리 작업으로 각 툴 (fileutils)들에 대한 보안퍼미션 설정* 13. Set security permissions for each tool (fileutils) by finishing

* 14.작업내용 recording* 14.Record of work

**

*/* /

#include <stdio.h>#include <stdio.h>

#include <unistd.h>#include <unistd.h>

#include <sys/types.h>#include <sys / types.h>

#include <sys/stat.h>#include <sys / stat.h>

char *suidfind = "/usr/bin/find / -perm +4000 2>/dev/null > perm4000";char * suidfind = "/ usr / bin / find / -perm +4000 2> / dev / null> perm4000";

char *sgidfind = "/usr/bin/find / -perm +2000 2>/dev/null > perm2000";char * sgidfind = "/ usr / bin / find / -perm +2000 2> / dev / null> perm2000";

char *clear = "/usr/bin/clear";char * clear = "/ usr / bin / clear";

int main(int argc, char **argv)int main (int argc, char ** argv)

{{

struct stat st; /* file PATH 확인을 위한 변수지정 */struct stat st; / * Specify a variable to check file PATH * /

FILE *f; /* 특정 파일내용 추가를 위한 fopen() 변수지정 */FILE * f; / * Set fopen () variable to add specific file contents * /

char q; /* question 을 위한 char 형 변수 */char q; / * char variable for question * /

int uid; /* 시작 시 root 인지 확인하기 위한 변수지정 */int uid; / * Specify a variable to check if it is root at startup * /

uid = getuid();uid = getuid ();

/* uid 가 0 인지 확인하는 if 문 *// * if statement to check if uid is 0 * /

if(!( uid == 0 )) {if (! (uid == 0)) {

printf("\nYou are not root! :(\n");printf ("\ nYou are not root!: (\ n");

printf("Only root access to this program\n\n");printf ("Only root access to this program \ n \ n");

exit(0);exit (0);

}}

printf("\nSecurity exploit\n\n");printf ("\ nSecurity exploit \ n \ n");

printf("Advise by poly, alex <help@gnuhacker.com>\n");printf ("Advise by poly, alex <help@gnuhacker.com> \ n");

printf("Written by 1ndr4 <1ndr4@hanmail.net>\n\n");printf ("Written by 1ndr4 <1ndr4@hanmail.net> \ n \ n");

sleep(1);sleep (1);

/* 프로그램에 필요한 파일들 체크 *// * Check the files needed for the program * /

printf("checking /usr/bin/find file.......");printf ("checking / usr / bin / find file .......");

if(stat("/usr/bin/find", &st) < 0) {if (stat ("/ usr / bin / find", & st) <0) {

printf("failed!");printf ("failed!");

exit(0);exit (0);

}}

elseelse

printf("ok!\n");printf ("ok! \ n");

printf("checking /usr/bin/clear.......");printf ("checking / usr / bin / clear .......");

if(stat("/usr/bin/clear", &st) < 0) {if (stat ("/ usr / bin / clear", & st) <0) {

printf("failed!\n");printf ("failed! \ n");

exit(0);exit (0);

}}

elseelse

printf("ok!\n");printf ("ok! \ n");

printf("checking /bin/su.......");printf ("checking / bin / su .......");

if(stat("/bin/su", &st) < 0) {if (stat ("/ bin / su", & st) <0) {

printf("failed!\n");printf ("failed! \ n");

exit(0);exit (0);

}}

elseelse

printf("ok!\n");printf ("ok! \ n");

printf("checking /etc/group.......");printf ("checking / etc / group .......");

if(stat("/etc/group", &st) < 0) {if (stat ("/ etc / group", & st) <0) {

printf("failed!\n");printf ("failed! \ n");

exit(0);exit (0);

}}

elseelse

printf("ok!\n");printf ("ok! \ n");

printf("checking /bin/vi.......");printf ("checking / bin / vi .......");

if(stat("/bin/vi", &st) < 0) {if (stat ("/ bin / vi", & st) <0) {

printf("failed!\n");printf ("failed! \ n");

exit(0);exit (0);

}}

elseelse

printf("ok!\n");printf ("ok! \ n");

printf("checking /etc/pam.d/su.......");printf ("checking /etc/pam.d/su .......");

if(stat("/etc/pam.d/su", &st) < 0) {if (stat ("/ etc / pam.d / su", & st) <0) {

printf("failed!\n");printf ("failed! \ n");

exit(0);exit (0);

}}

elseelse

printf("ok!\n");printf ("ok! \ n");

printf("checking /bin/ps.......");printf ("checking / bin / ps .......");

if(stat("/bin/ps", &st) < 0) {if (stat ("/ bin / ps", & st) <0) {

printf("failed!\n");printf ("failed! \ n");

exit(0);exit (0);

}}

elseelse

printf("ok!\n");printf ("ok! \ n");

printf("checking /usr/bin/chattr.......");printf ("checking / usr / bin / chattr .......");

if(stat("/usr/bin/chattr", &st) < 0) {if (stat ("/ usr / bin / chattr", & st) <0) {

printf("failed!\n");printf ("failed! \ n");

exit(0);exit (0);

}}

elseelse

printf("ok!\n");printf ("ok! \ n");

printf("checking /etc/sysctl.conf.......");printf ("checking /etc/sysctl.conf .......");

if(stat("/etc/sysctl.conf", &st) < 0) {if (stat ("/ etc / sysctl.conf", & st) <0) {

printf("failed!\n");printf ("failed! \ n");

exit(0);exit (0);

}}

elseelse

printf("ok!\n");printf ("ok! \ n");

sleep(3);sleep (3);

system(clear);system (clear);

/* 1. suid file 체킹 시작 및 완성된 목록보기 *// * 1. Start suid file checking and see the complete list * /

printf("[1] find to suid permission 4000 !\n\n");printf ("[1] find to suid permission 4000! \ n \ n");

system(suidfind);system (suidfind);

system("/bin/more perm4000");system ("/ bin / more perm4000");

printf("[1] = [OK!]\n\n");printf ("[1] = [OK!] \ n \ n");

sleep(3);sleep (3);

/* 2. sgid file 체킹 시작 및 완성된 목록 보기 *// * 2. Start sgid file checking and view the complete list * /

printf("[2] find to sgid permission 2000 !\n\n");printf ("[2] find to sgid permission 2000! \ n \ n");

system(sgidfind);system (sgidfind);

system("/bin/more perm2000");system ("/ bin / more perm2000");

printf("[2] = [OK!]\n\n");printf ("[2] = [OK!] \ n \ n");

sleep(3);sleep (3);

/* 3~4. suid , sgid file 퍼미션 수정 *// * 3-4. suid, sgid file permissions modified * /

printf("[3] modify suid file permission for security\n\n");printf ("[3] modify suid file permission for security \ n \ n");

system("find / -perm +4000 2>/dev/null -exec chmod -s {} \\;\n");system ("find / -perm +4000 2> / dev / null -exec chmod -s {} \\; \ n");

printf("[3] = [OK!]\n\n");printf ("[3] = [OK!] \ n \ n");

sleep(3);sleep (3);

printf("[4] modify sgid file permission for security\n\n");printf ("[4] modify sgid file permission for security \ n \ n");

system("find / -perm +2000 2>/dev/null -exec chmod -s {} \\;\n");system ("find / -perm +2000 2> / dev / null -exec chmod -s {} \\; \ n");

printf("[4] = [OK!]\n\n");printf ("[4] = [OK!] \ n \ n");

sleep(3);sleep (3);

/*/ *

* 5. /bin/su 의 퍼미션을 4750 으로 주고 그룹권한을 root:root* 5. Set / bin / su permission to 4750 and group permissions to root: root

* 에서 root:wheel 로 바꿉니다Replace * with root: wheel

*/* /

printf("[5] modify permission of /bin/su\n\n");printf ("[5] modify permission of / bin / su \ n \ n");

sleep(3);sleep (3);

chown("/bin/su" , 0 , 10);chown ("/ bin / su", 0, 10);

chmod("/bin/su" , 04750);chmod ("/ bin / su", 04750);

printf("[5] = [OK!]\n\n");printf ("[5] = [OK!] \ n \ n");

sleep(3);sleep (3);

/* 6. /etc/group file 에 임의의 관리자 격 계정을 wheel 그룹에 추가 *// * 6. Add any administrator account to the wheel group in the / etc / group file * /

printf("[6] write to the /etc/group\n\n");printf ("[6] write to the / etc / group \ n \ n");

sleep(3);sleep (3);

system("/bin/vi /etc/group");system ("/ bin / vi / etc / group");

printf("[6] = [OK!]\n\n");printf ("[6] = [OK!] \ n \ n");

sleep(3);sleep (3);

/* 7. /etc/pam.d/su 의 내용을 추가합니다. *// * 7. Add the contents of /etc/pam.d/su. * /

/* 이는 /bin/su 에 대한 퍼미션에 대한 적용을 뚜렷히 하기 위한것 입니다. *// * This is to clarify the application of permissions to / bin / su. * /

printf("[7] add to the /etc/pam.d/su\n\n");printf ("[7] add to the /etc/pam.d/su\n\n");

sleep(3);sleep (3);

if (stat("/etc/pam.d/su" , &st) < 0){if (stat ("/ etc / pam.d / su", & st) <0) {

printf("Failed!! Not found data of /etc/pam.d/su\n\n");printf ("Failed !! Not found data of /etc/pam.d/su\n\n");

f = fopen("pam.d", "a");f = fopen ("pam.d", "a");

fprintf(f, "\n\n=====/etc/pam.d/su=====\n\n");fprintf (f, "\ n \ n ===== / etc / pam.d / su ===== \ n \ n");

fprintf(f, "Not found data of /etc/pam.d/su.. :(\n\n");fprintf (f, "Not found data of /etc/pam.d/su ..: (\ n \ n");

fclose(f);fclose (f);

exit(0);exit (0);

}}

f = fopen("/etc/pam.d/su", "a");f = fopen ("/ etc / pam.d / su", "a");

fprintf(f, "auth sufficient /lib/security/pam_rootok.so debug\n");fprintf (f, "auth sufficient /lib/security/pam_rootok.so debug \ n");

fprintf(f, "auth required /lib/security/pam_wheel.so group=wheel");fprintf (f, "auth required /lib/security/pam_wheel.so group = wheel");

fclose(f);fclose (f);

f = fopen("pam.d", "a");f = fopen ("pam.d", "a");

fprintf(f, "Added next contents\n\n");fprintf (f, "Added next contents \ n \ n");

fprintf(f, "'auth sufficient /lib/security/pam_rootok.so debug'\n");fprintf (f, "'auth sufficient /lib/security/pam_rootok.so debug' \ n");

fprintf(f, "'auth required /lib/security/pam_wheel.so group=wheel'\n");fprintf (f, "'auth required /lib/security/pam_wheel.so group = wheel' \ n");

fclose(f);fclose (f);

printf("[7] = [OK!]\n\n")printf ("[7] = [OK!] \ n \ n")

sleep(3);sleep (3);

system(clear);system (clear);

/*/ *

* 8. 대몬 세팅.8. Daemon settings.

* 불필요한 대몬정리등 대몬세팅을 하기 위하여* To do Daemon setting such as unnecessary Daemon Cleanup

* 잠시 쉘을 띄웁니다. 이는 프로그램이 완전히 끝나는 것이 아니라* Float the shell for a while. This does not mean that the program is completely over

* exit 명령을 내리면 다시 프로그램 실행상태로 돌아옵니다.* If you issue the exit command, you will return to program execution.

*/* /

printf("[8] Daemon Setting start\n");printf ("[8] Daemon Setting start \ n");

f = fopen("daemon1", "a");f = fopen ("daemon1", "a");

fprintf(f, "=====Process state before daemon setting=====\n\n");fprintf (f, "===== Process state before daemon setting ==== \ n \ n");

fclose(f);fclose (f);

system("ps -aux >> daemon1");system ("ps -aux >> daemon1");

printf("Input 'exit' command at daemon setting done\n\n");printf ("Input 'exit' command at daemon setting done \ n \ n");

sleep(3);sleep (3);

system("/bin/bash");system ("/ bin / bash");

printf("\n\n[8] = [OK!]\n\n");printf ("\ n \ n [8] = [OK!] \ n \ n");

f = fopen("daemon2", "a");f = fopen ("daemon2", "a");

fprintf(f, "=====Process state next daemon setting=====\n\n");fprintf (f, "===== Process state next daemon setting ==== \ n \ n");

fclose(f);fclose (f);

system("ps -aux >> daemon2");system ("ps -aux >> daemon2");

sleep(3);sleep (3);

/*/ *

* 9. 새로운 syslog.conf 파일 정의하기9. Defining a New syslog.conf File

* syslog.conf 내용을 추가하여 로그파일들을 이중으로 기록되게끔 합니다.* Add the contents of syslog.conf so that log files are logged twice.

*/* /

printf("[9] Log file security\n\n");printf ("[9] Log file security \ n \ n");

printf("1. Move /etc/syslog.conf file\n");printf ("1. Move /etc/syslog.conf file \ n");

/* 원래의 syslog.conf 를 없애지 않고 syslog.conf.bak 파일로 남깁니다. *// * Do not destroy the original syslog.conf but leave it in the syslog.conf.bak file. * /

rename("/etc/syslog.conf" , "/etc/syslog.conf.bak");rename ("/ etc / syslog.conf", "/etc/syslog.conf.bak");

if (!(stat("/etc/syslog.conf" , &st) < 0)) {if (! (stat ("/ etc / syslog.conf", & st) <0)) {

printf("\nFailed!!\n");printf ("\ nFailed !! \ n");

}}

sleep(2);sleep (2);

/* 새로운 로그파일이 저장될 디렉토리 생성 *// * Create a directory to store new log files * /

printf("2. Make another logfile save directory\n");printf ("2. Make another logfile save directory \ n");

mkdir("/Security" , 0700);mkdir ("/ Security", 0700);

mkdir("/Security/logs" , 0700);mkdir ("/ Security / logs", 0700);

sleep(2);sleep (2);

/* 새로운 syslog.conf 정의 *// * New syslog.conf definition * /

printf("3. Writing in to /etc/syslog.conf file\n");printf ("3. Writing in to /etc/syslog.conf file \ n");

sleep(3);sleep (3);

f = fopen("/etc/syslog.conf", "a");f = fopen ("/ etc / syslog.conf", "a");

fprintf(f, "# Log all kernel messages to the console.\n");fprintf (f, "# Log all kernel messages to the console. \ n");

fprintf(f, "# Logging much else clutters up the screen.\n");fprintf (f, "# Logging much else clutters up the screen. \ n");

fprintf(f, "kern.* /dev/console\n");fprintf (f, "kern. * / dev / console \ n");

fprintf(f, "kern.* /Security/logs/console\n\n");fprintf (f, "kern. * / Security / logs / console \ n \ n");

fprintf(f, "# Log anything (except mail) of level info or higher.\n");fprintf (f, "# Log anything (except mail) of level info or higher. \ n");

fprintf(f, "# Don't log private authentication messages!\n");fprintf (f, "# Don't log private authentication messages! \ n");

fprintf(f, "*.info;mail.none;authpriv.none /var/log/messages\n");fprintf (f, "* .info; mail.none; authpriv.none / var / log / messages \ n");

fprintf(f, "*.info;mail.none;authpriv.none /Security/logs/messages\n\n");fprintf (f, "* .info; mail.none; authpriv.none / Security / logs / messages \ n \ n");

fprintf(f, "# The authpriv file has restricted access.\n");fprintf (f, "# The authpriv file has restricted access. \ n");

fprintf(f, "authpriv.* /var/log/secure\n");fprintf (f, "authpriv. * / var / log / secure \ n");

fprintf(f, "authpriv.* /Security/logs/secure\n\n");fprintf (f, "authpriv. * / Security / logs / secure \ n \ n");

fprintf(f, "# Log all the mail messages in one place.\n");fprintf (f, "# Log all the mail messages in one place. \ n");

fprintf(f, "mail.* /var/log/maillog\n");fprintf (f, "mail. * / var / log / maillog \ n");

fprintf(f, "mail.* /Security/logs/maillog\n\n");fprintf (f, "mail. * / Security / logs / maillog \ n \ n");

fprintf(f, "# Everybody gets emergency messages, plus log them on another\n");fprintf (f, "# Everybody gets emergency messages, plus log them on another \ n");

fprintf(f, "# machine.\n");fprintf (f, "# machine. \ n");

fprintf(f, "*.emerg *\n\n");fprintf (f, "* .emerg * \ n \ n");

fprintf(f, "# Save mail and news errors of level err and higherin a\n");fprintf (f, "# Save mail and news errors of level err and higherin a \ n");

fprintf(f, "# special file.\n");fprintf (f, "# special file. \ n");

fprintf(f, "uucp,news.crit /var/log/spooler\n");fprintf (f, "uucp, news.crit / var / log / spooler \ n");

fprintf(f, "uucp,news.crit /Security/logs/spooler\n\n");fprintf (f, "uucp, news.crit / Security / logs / spooler \ n \ n");

fprintf(f, "# Save boot messages also to boot.log\n");fprintf (f, "# Save boot messages also to boot.log \ n");

fpritnf(f, "local7.* /var/log/boot.log\n");fpritnf (f, "local7. * /var/log/boot.log\n");

fprintf(f, "local7.* /Security/logs/boot.log\n\n");fprintf (f, "local7. * /Security/logs/boot.log\n\n");

fclose(f);fclose (f);

/* syslog.conf 파일에 정의 되어 있지 않은 다른 로그파일들의 하드링크 *// * Hard links to other log files not defined in syslog.conf file * /

printf("4. Move remaining logfiles your self\n");printf ("4. Move remaining logfiles your self \ n");

printf("ex) ln -bf /var/log/?? /Security/logs/??\n\n");printf ("ex) ln -bf / var / log / ?? / Security / logs / ?? \ n \ n");

printf("1./var/log/wtmp\n");printf ("1./var/log/wtmp\n");

printf("2./var/log/lastlog\n");printf ("2./var/log/lastlog\n");

printf("3./var/log/xferlog\n");printf ("3./var/log/xferlog\n");

printf("4./var/run/utmp\n\n");printf ("4./var/run/utmp\n\n");

sleep(3);sleep (3);

system("/bin/bash");system ("/ bin / bash");

sleep(3);sleep (3);

/* syslog daemon 재시작 *// * Restart syslog daemon * /

printf("5. Restart syslog daemon\n");printf ("5. Restart syslog daemon \ n");

system("/etc/rc.d/init.d/syslog restart");system ("/ etc / rc.d / init.d / syslog restart");

sleep(3);sleep (3);

system(clear);system (clear);

printf("[9] = [OK!]\n\n");printf ("[9] = [OK!] \ n \ n");

/* 10. named 와 관련된 DNS 보안 설정 *// * 10. DNS security settings related to named * /

printf("[10] Modify the named.conf or named.boot\n\n");printf ("[10] Modify the named.conf or named.boot \ n \ n");

sleep(3);sleep (3);

/*/ *

* if 문을 사용 named.conf 가 존재하면 bind8.x 버전 , named.boot 가 존재하면If the statement named.conf exists, bind8.x version, if named.boot exists

* bind4.x 버전 으로 인식하게 하였음* recognized as bind4.x version

*/* /

if(!(stat("/etc/named.conf", &st) < 0)) {if (! (stat ("/ etc / named.conf", & st) <0)) {

printf("\nThis named version is 8.x....\n\n");printf ("\ nThis named version is 8.x .... \ n \ n");

printf("Writing in to named.conf messages\n");printf ("Writing in to named.conf messages \ n");

printf("'Contact domain@domain.co.kr if you have question'\n");printf ("'Contact domain@domain.com if you have question' \ n");

printf("and ACL Security Policy Setting..\n");printf ("and ACL Security Policy Setting .. \ n");

printf("A u ready?\n\n");printf ("A u ready? \ n \ n");

sleep(5);sleep (5);

system("/bin/vi /etc/named.conf");system ("/ bin / vi /etc/named.conf");

}}

if(!(stat("/etc/named.boot", &st) < 0)) {if (! (stat ("/ etc / named.boot", & st) <0)) {

printf("\nThis named version is 4.x....\n\n");printf ("\ nThis named version is 4.x .... \ n \ n");

printf("Writing in to named.boot messages\n");printf ("Writing in to named.boot messages \ n");

printf("A u ready?\n\n");printf ("A u ready? \ n \ n");

sleep(5);sleep (5);

system("/bin/vi /etc/named.boot");system ("/ bin / vi /etc/named.boot");

}}

printf("[10] = [OK!]\n\n");printf ("[10] = [OK!] \ n \ n");

sleep(3);sleep (3);

/* 11. 외부로부터의 ping 을 막기 위해 sysctl.conf 파일의 내용을 추가 *// * 11. Add the contents of the sysctl.conf file to prevent ping from the outside * /

printf("[11] Modify the /etc/sysctl.conf\n\n");printf ("[11] Modify the /etc/sysctl.conf\n\n");

f = fopen("/etc/sysctl.conf", "a");f = fopen ("/ etc / sysctl.conf", "a");

fprintf(f, "# ping ignore all request\n");fprintf (f, "# ping ignore all request \ n");

fprintf(f, "net.ipv4.icmp_echo_ignore_all=1");fprintf (f, "net.ipv4.icmp_echo_ignore_all = 1");

fclose(f);fclose (f);

system("/etc/rc.d/init.d/network restart");system ("/ etc / rc.d / init.d / network restart");

sleep(3);sleep (3);

printf("[11] = [OK!]\n\n");printf ("[11] = [OK!] \ n \ n");

sleep(3);sleep (3);

/* 12. 중요한 파일에 대한 chattr 설정 *// * 12. Set chattr for important files * /

printf("[12] Apply chattr to other files\n\n");printf ("[12] Apply chattr to other files \ n \ n");

sleep(3);sleep (3);

printf("Do you apply chattr to other files? (y/n):");printf ("Do you apply chattr to other files? (y / n):");

scanf("%c", &q);scanf ("% c", &q);

if ( q=='Y' || q=='y' )if (q == 'Y' || q == 'y')

system("/bin/bash");system ("/ bin / bash");

elseelse

printf("\nGo to Next phase..\n");printf ("\ nGo to Next phase .. \ n");

printf("\n\n[12] = [OK!]\n\n");printf ("\ n \ n [12] = [OK!] \ n \ n");

sleep(3);sleep (3);

/* 13. 각 fileutil 들에 대한 퍼미션 설정 *// * 13. Set permissions for each fileutil * /

printf("[13] Apply permissison to fileutils\n\n");printf ("[13] Apply permissison to fileutils \ n \ n");

printf("- information -\n");printf ("-information-\ n");

printf("This program standard owner group setting 'adm'\n");printf ("This program standard owner group setting 'adm' \ n");

printf("'adm'user is default uid = 4..\n");printf ("'adm'user is default uid = 4 .. \ n");

printf("A u confirm 'adm' user uid of this server? (y/n):");printf ("A u confirm 'adm' user uid of this server? (y / n):");

scanf("%c", &q);scanf ("% c", &q);

if( q=='Y'|| q=='y' ) {if (q == 'Y' || q == 'y') {

printf("\n");printf ("\ n");

system("/bin/more /etc/group | grep adm:x:");system ("/ bin / more / etc / group | grep adm: x:");

printf("\n\n");printf ("\ n \ n");

}}

printf("U choose 'automatic' or 'manual'\n\n");printf ("U choose 'automatic' or 'manual' \ n \ n");

printf("- information -\n\n");printf ("-information-\ n \ n");

printf("'automatic' - not inquire about apply permission of this program\n");printf ("'automatic'-not inquire about apply permission of this program \ n");

printf(" to user.\n\n");printf ("to user. \ n \ n");

printf("'manual' - step by step to apply permission\n\n");printf ("'manual'-step by step to apply permission \ n \ n");

printf("1 - 'automatic'\n");printf ("1-'automatic' \ n");

printf("2 - 'manual'\n\n");printf ("2-'manual' \ n \ n");

printf("Your choose (1/2):");printf ("Your choose (1/2):");

scanf("%d", &q);scanf ("% d", &q);

if( q==1 || q==1 ) {if (q == 1 || q == 1) {

printf("\nok..u choose 'automatic' mode. :)\n");printf ("\ nok..u choose 'automatic' mode.:) \ n");

printf("working........\n");printf ("working ........ \ n");

printf("wait a minute..\n");printf ("wait a minute .. \ n");

chmod("/bin", 0711);chmod ("/ bin", 0711);

chmod("/boot", 0700);chmod ("/ boot", 0700);

chmod("/dev", 0711);chmod ("/ dev", 0711);

chown("/dev/audio", 0 , 0);chown ("/ dev / audio", 0, 0);

chmod("/dev/audio", 0600);chmod ("/ dev / audio", 0600);

chown("/dev/dsp", 0 , 0);chown ("/ dev / dsp", 0, 0);

chmod("/dev/dsp", 0600);chmod ("/ dev / dsp", 0600);

chown("/dev/esd.conf", 0 , 4);chown ("/ dev / esd.conf", 0, 4);

chmod("/dev/esd.conf", 0640);chmod ("/ dev / esd.conf", 0640);

chown("/etc", 0 , 4);chown ("/ etc", 0, 4);

chmod("/etc", 0711);chmod ("/ etc", 0711);

chown("/etc/conf.modules", 0 , 4);chown ("/ etc / conf.modules", 0, 4);

chmod("/etc/conf.modules", 0640);chmod ("/ etc / conf.modules", 0640);

chown("/etc/cron.daily", 0 , 4);chown ("/ etc / cron.daily", 0, 4);

chmod("/etc/cron.daily", 0750);chmod ("/ etc / cron.daily", 0750);

chown("/etc/cron.hourly" , 0 , 4);chown ("/ etc / cron.hourly", 0, 4);

chmod("/etc/cron.hourly", 0750);chmod ("/ etc / cron.hourly", 0750);

chown("/etc/cron.monthly", 0 , 4);chown ("/ etc / cron.monthly", 0, 4);

chmod("/etc/cron.monthly", 0750);chmod ("/ etc / cron.monthly", 0750);

chown("/etc/cron.weekly", 0 , 4);chown ("/ etc / cron.weekly", 0, 4);

chmod("/etc/cron.weekly", 0750);chmod ("/ etc / cron.weekly", 0750);

chown("/etc/crontab", 0 , 4);chown ("/ etc / crontab", 0, 4);

chmod("/etc/crontab", 0640);chmod ("/ etc / crontab", 0640);

chown("/etc/dhcpcd", 0 , 4);chown ("/ etc / dhcpcd", 0, 4);

chmod("/etc/dhcpcd", 0750);chmod ("/ etc / dhcpcd", 0750);

system("/bin/chown root:adm /etc/dhcpcd/* ; /bin/chmod 640 /etc/dhcpcd/*");system ("/ bin / chown root: adm / etc / dhcpcd / *; / bin / chmod 640 / etc / dhcpcd / *");

chown("/etc/gettydefs", 0 , 4);chown ("/ etc / gettydefs", 0, 4);

chmod("/etc/gettydefs", 0640);chmod ("/ etc / gettydefs", 0640);

chown("/etc/ftpaccess", 0 , 4);chown ("/ etc / ftpaccess", 0, 4);

chmod("/etc/ftpaccess", 0640);chmod ("/ etc / ftpaccess", 0640);

chown("/etc/ftpconversion", 0 , 4);chown ("/ etc / ftpconversion", 0, 4);

chmod("/etc/ftpconversion", 0640);chmod ("/ etc / ftpconversion", 0640);

chown("/etc/ftp/groups", 0 , 4);chown ("/ etc / ftp / groups", 0, 4);

chmod("/etc/ftp/groups", 0640);chmod ("/ etc / ftp / groups", 0640);

chown("/etc/ftpusers", 0 , 4);chown ("/ etc / ftpusers", 0, 4);

chmod("/etc/ftpusers", 0640);chmod ("/ etc / ftpusers", 0640);

chown("/etc/hosts", 0 , 4);chown ("/ etc / hosts", 0, 4);

chmod("/etc/hosts", 0640);chmod ("/ etc / hosts", 0640);

chown("/etc/hosts.allow" , 0 , 4);chown ("/ etc / hosts.allow", 0, 4);

chmod("/etc/hosts.allow", 0640);chmod ("/ etc / hosts.allow", 0640);

chown("/etc/hosts.deny", 0 , 4);chown ("/ etc / hosts.deny", 0, 4);

chmod("/etc/hosts.deny", 0640);chmod ("/ etc / hosts.deny", 0640);

chown("/etc/hosts.equiv", 0 , 4);chown ("/ etc / hosts.equiv", 0, 4);

chmod("/etc/hosts.equiv" , 0640);chmod ("/ etc / hosts.equiv", 0640);

chown("/etc/inetd.conf", 0 , 4);chown ("/ etc / inetd.conf", 0, 4);

chmod("/etc/inetd.conf", 0640);chmod ("/ etc / inetd.conf", 0640);

chown("/etc/ld.so.conf", 0 , 4);chown ("/ etc / ld.so.conf", 0, 4);

chmod("/etc/ld.so.conf", 0640);chmod ("/ etc / ld.so.conf", 0640);

chown("/etc/lilo.conf", 0 , 4);chown ("/ etc / lilo.conf", 0, 4);

chmod("/etc/lilo.conf", 0600);chmod ("/ etc / lilo.conf", 0600);

chown("/etc/syslog.conf", 0 , 4);chown ("/ etc / syslog.conf", 0, 4);

chmod("/etc/syslog.conf", 0640);chmod ("/ etc / syslog.conf", 0640);

chown("/etc/updatadb.conf", 0 , 4);chown ("/ etc / updatadb.conf", 0, 4);

chmod("/etc/updatadb.conf", 0640);chmod ("/ etc / updatadb.conf", 0640);

chown("/etc/modules.conf", 0 , 4);chown ("/ etc / modules.conf", 0, 4);

chmod("/etc/modules.conf", 0640);chmod ("/ etc / modules.conf", 0640);

chown("/etc/sendmail.cf", 0 , 4);chown ("/ etc / sendmail.cf", 0, 4);

chmod("/etc/sendmail.cf", 0640);chmod ("/ etc / sendmail.cf", 0640);

chown("/etc/rc.d/init.d", 0 , 4);chown ("/ etc / rc.d / init.d", 0, 4);

chmod("/etc/rc.d/init.d", 0750);chmod ("/ etc / rc.d / init.d", 0750);

chown("/etc/rc.d/init.d/syslog", 0 , 4);chown ("/ etc / rc.d / init.d / syslog", 0, 4);

chmod("/etc/rc.d/init.d/syslog", 0740);chmod ("/ etc / rc.d / init.d / syslog", 0740);

chown("/etc/rc.d", 0 , 4);chown ("/ etc / rc.d", 0, 4);

chmod("/etc/rc.d", 0640);chmod ("/ etc / rc.d", 0640);

chown("/etc/inittab", 0 , 4);chown ("/ etc / inittab", 0, 4);

chmod("/etc/inittab", 0640);chmod ("/ etc / inittab", 0640);

chown("/etc/motd", 0 , 4);chown ("/ etc / motd", 0, 4);

chmod("/etc/motd", 0644);chmod ("/ etc / motd", 0644);

chmod("/etc/printcap" , 0640);chmod ("/ etc / printcap", 0640);

chmod("/etc/profile", 0644);chmod ("/ etc / profile", 0644);

chown("/etc/securetty", 0 , 4);chown ("/ etc / securetty", 0, 4);

chmod("/etc/securetty", 0640);chmod ("/ etc / securetty", 0640);

chmod("/etc/shutdown.allow", 0600);chmod ("/ etc / shutdown.allow", 0600);

chmod("/etc/ssh_config", 0644);chmod ("/ etc / ssh_config", 0644);

chown("/etc/ssh_host_key", 0 , 4);chown ("/ etc / ssh_host_key", 0, 4);

chmod("/etc/ssh_host_key", 0640);chmod ("/ etc / ssh_host_key", 0640);

chown("/etc/ssh_host_key.pub", 0 , 4);chown ("/ etc / ssh_host_key.pub", 0, 4);

chmod("/etc/ssh_host_key.pub", 0644);chmod ("/ etc / ssh_host_key.pub", 0644);

chown("/etc/sshd_config", 0 , 4);chown ("/ etc / sshd_config", 0, 4);

chmod("/etc/sshd_config", 0640);chmod ("/ etc / sshd_config", 0640);

chown("/home", 0 , 4);chown ("/ home", 0, 4);

chmod("/home", 0751);chmod ("/ home", 0751);

system("/bin/chmod 701 /home/*");system ("/ bin / chmod 701 / home / *");

chown("/lib", 0 , 4);chown ("/ lib", 0, 4);

chmod("/lib", 0751);chmod ("/ lib", 0751);

chown("/mnt", 0 , 4);chown ("/ mnt", 0, 4);

chmod("/mnt", 0750);chmod ("/ mnt", 0750);

chmod("/root", 700);chmod ("/ root", 700);

chown("/sbin", 0 , 4);chown ("/ sbin", 0, 4);

chmod("/sbin", 0751);chmod ("/ sbin", 0751);

chmod("/tmp", 01777);chmod ("/ tmp", 01777);

chown("/usr", 0 , 4);chown ("/ usr", 0, 4);

chmod("/usr", 0751);chmod ("/ usr", 0751);

system("/bin/chown root:adm /usr/* ; /bin/chmod 751 /usr/*");system ("/ bin / chown root: adm / usr / *; / bin / chmod 751 / usr / *");

chmod("/usr/X11R6", 0751);chmod ("/ usr / X11R6", 0751);

chown("/usr/bin", 0 , 4);chown ("/ usr / bin", 0, 4);

chmod("/usr/bin", 0751);chmod ("/ usr / bin", 0751);

system("/bin/chown root:root /usr/bin/* ; /bin/chmod 755/usr/bin/*");system ("/ bin / chown root: root / usr / bin / *; / bin / chmod 755 / usr / bin / *");

chown("/usr/sbin", 0 , 4);chown ("/ usr / sbin", 0, 4);

chmod("/usr/sbin", 0751);chmod ("/ usr / sbin", 0751);

system("/bin/chown root:root /usr/sbin/* ; /bin/chmod 755 /usr/sbin/*");system ("/ bin / chown root: root / usr / sbin / *; / bin / chmod 755 / usr / sbin / *");

chown("/var", 0 , 0);chown ("/ var", 0, 0);

chmod("/var", 0755);chmod ("/ var", 0755);

chown("/var/log", 0 , 0);chown ("/ var / log", 0, 0);

chmod("/var/log", 0755);chmod ("/ var / log", 0755);

system("/bin/chown root:root /var/log/* ; /bin/chmod 600 /var/log/*");system ("/ bin / chown root: root / var / log / *; / bin / chmod 600 / var / log / *");

chown("/var/spool/mail", 0 , 14);chown ("/ var / spool / mail", 0, 14);

chmod("/var/spool/mail", 0771);chmod ("/ var / spool / mail", 0771);

chmod("/usr/bin/gcc", 0700);chmod ("/ usr / bin / gcc", 0700);

chmod("/usr/bin/g++", 0700);chmod ("/ usr / bin / g ++", 0700);

chmod("/usr/bin/colorgcc", 0700);chmod ("/ usr / bin / colorgcc", 0700);

chmod("/usr/bin/uudecode", 0700);chmod ("/ usr / bin / uudecode", 0700);

chmod("/usr/bin/w", 0700);chmod ("/ usr / bin / w", 0700);

chmod("/usr/bin/who", 0700);chmod ("/ usr / bin / who", 0700);

chmod("/usr/bin/finger", 0700);chmod ("/ usr / bin / finger", 0700);

chmod("/bin/ping", 0700);chmod ("/ bin / ping", 0700);

chmod("/usr/bin/telnet", 0700);chmod ("/ usr / bin / telnet", 0700);

chmod("/usr/bin/ssh", 0700);chmod ("/ usr / bin / ssh", 0700);

chmod("/usr/sbin/traceroute", 0700);chmod ("/ usr / sbin / traceroute", 0700);

sleep(3);sleep (3);

f = fopen("fileutil", "a");f = fopen ("fileutil", "a");

fprintf(f, "\n\n=====fileutil permission setting=====\n\n");fprintf (f, "\ n \ n ===== fileutil permission setting ===== \ n \ n");

fprintf(f, "Security permission Setting\n\n");fprintf (f, "Security permission Setting \ n \ n");

fprintf(f, "/bin - root:root , 711\n");fprintf (f, "/ bin-root: root, 711 \ n");

fprintf(f, "/boot - root:root , 700\n");fprintf (f, "/ boot-root: root, 700 \ n");

fprintf(f, "/dev - root:root , 711\n");fprintf (f, "/ dev-root: root, 711 \ n");

fprintf(f, "/dev/audio - root:root , 600\n");fprintf (f, "/ dev / audio-root: root, 600 \ n");

fprintf(f, "/dev/dsp - root:root , 600\n");fprintf (f, "/ dev / dsp-root: root, 600 \ n");

fprintf(f, "/etc/esd.conf - root:adm , 640\n");fprintf (f, "/etc/esd.conf-root: adm, 640 \ n");

fprintf(f, "/etc - root:adm ,711\n");fprintf (f, "/ etc-root: adm, 711 \ n");

fprintf(f, "/etc/conf.modules - root:adm , 640\n");fprintf (f, "/etc/conf.modules-root: adm, 640 \ n");

fprintf(f, "/etc/cron.daily - root:adm , 750\n");fprintf (f, "/etc/cron.daily-root: adm, 750 \ n");

fprintf(f, "/etc/cron.hourly - root:adm , 750\n");fprintf (f, "/etc/cron.hourly-root: adm, 750 \ n");

fprintf(f, "/etc/cron.monthly - root:adm , 750\n");fprintf (f, "/etc/cron.monthly-root: adm, 750 \ n");

fprintf(f, "/etc/cron.weekly - root:adm , 750\n");fprintf (f, "/etc/cron.weekly-root: adm, 750 \ n");

fprintf(f, "/etc/crontab - root:adm , 640\n");fprintf (f, "/ etc / crontab-root: adm, 640 \ n");

fprintf(f, "/etc/dhcpcd - root:adm , 750\n");fprintf (f, "/ etc / dhcpcd-root: adm, 750 \ n");

fprintf(f, "/etc/dhcpcd/* - root:adm , 640\n");fprintf (f, "/ etc / dhcpcd / *-root: adm, 640 \ n");

fprintf(f, "/etc/gettydefs - root:adm , 640\n");fprintf (f, "/ etc / gettydefs-root: adm, 640 \ n");

fprintf(f, "/etc/ftpaccess - root:adm , 640\n");fprintf (f, "/ etc / ftpaccess-root: adm, 640 \ n");

fprintf(f, "/etc/ftpconversions- root:adm , 640\n");fprintf (f, "/ etc / ftpconversions- root: adm, 640 \ n");

fprintf(f, "/etc/ftp/groups - root:adm , 640\n");fprintf (f, "/ etc / ftp / groups-root: adm, 640 \ n");

fprintf(f, "/etc/ftpusers - root:adm , 640\n");fprintf (f, "/ etc / ftpusers-root: adm, 640 \ n");

fprintf(f, "/etc/hosts - root:adm , 640\n");fprintf (f, "/ etc / hosts-root: adm, 640 \ n");

fprintf(f, "/etc/hosts.allow - root:adm , 640\n");fprintf (f, "/etc/hosts.allow-root: adm, 640 \ n");

fprintf(f, "/etc/hosts.deny - root:adm , 640\n");fprintf (f, "/etc/hosts.deny-root: adm, 640 \ n");

fprintf(f, "/etc/hosts.equiv - root:adm , 640\n");fprintf (f, "/etc/hosts.equiv-root: adm, 640 \ n");

fprintf(f, "/etc/inetd.conf - root:adm , 640\n");fprintf (f, "/etc/inetd.conf-root: adm, 640 \ n");

fprintf(f, "/etc/ld.so.conf - root:adm , 640\n");fprintf (f, "/etc/ld.so.conf-root: adm, 640 \ n");

fprintf(f, "/etc/lilo.conf - root:adm , 600\n");fprintf (f, "/etc/lilo.conf-root: adm, 600 \ n");

fprintf(f, "/etc/syslog.conf - root:adm ,640\n");fprintf (f, "/etc/syslog.conf-root: adm, 640 \ n");

fprintf(f, "/etc/updatadb.conf - root:adm , 640\n");fprintf (f, "/etc/updatadb.conf-root: adm, 640 \ n");

fprintf(f, "/etc/modules.conf - root:adm , 640\n");fprintf (f, "/etc/modules.conf-root: adm, 640 \ n");

fprintf(f, "/etc/sendmail.cf - root:adm , 640\n");fprintf (f, "/etc/sendmail.cf-root: adm, 640 \ n");

fprintf(f, "/etc/rc.d/init.d - root:adm , 750\n");fprintf (f, "/etc/rc.d/init.d-root: adm, 750 \ n");

fprintf(f, "/etc/rc.d/init.d/dydlog-root:adm , 740\n");fprintf (f, "/etc/rc.d/init.d/dydlog-root:adm, 740 \ n");

fprintf(f, "/etc/rc.d - root:adm , 640\n");fprintf (f, "/etc/rc.d-root: adm, 640 \ n");

fprintf(f, "/etc/inittab - root:adm , 640\n");fprintf (f, "/ etc / inittab-root: adm, 640 \ n");

fprintf(f, "/etc/motd - root:adm , 644\n");fprintf (f, "/ etc / motd-root: adm, 644 \ n");

fprintf(f, "/etc/printcap - - , 640\n");fprintf (f, "/ etc / printcap--, 640 \ n");

fprintf(f, "/etc/profile - root:root , 644\n");fprintf (f, "/ etc / profile-root: root, 644 \ n");

fprintf(f, "/etc/securetty - root:adm , 640\n");fprintf (f, "/ etc / securetty-root: adm, 640 \ n");

fprintf(f, "/etc/shutdown.allow- root:root , 600\n");fprintf (f, "/etc/shutdown.allow-root:root, 600 \ n");

fprintf(f, "/etc/ssh_config - root:adm , 644\n");fprintf (f, "/ etc / ssh_config-root: adm, 644 \ n");

fprintf(f, "/etc/ssh_host_key - root:adm , 640\n");fprintf (f, "/ etc / ssh_host_key-root: adm, 640 \ n");

fprintf(f, "/etc/ssh_host_key.pub- root:adm , 644\n");fprintf (f, "/etc/ssh_host_key.pub-root:adm, 644 \ n");

fprintf(f, "/etc/sshd_config - root:adm , 640\n");fprintf (f, "/ etc / sshd_config-root: adm, 640 \ n");

fprintf(f, "/home - root:adm , 751\n");fprintf (f, "/ home-root: adm, 751 \ n");

fprintf(f, "/home/* - - , 701\n");fprintf (f, "/ home / *--, 701 \ n");

fprintf(f, "/lib - root:adm , 751\n");fprintf (f, "/ lib-root: adm, 751 \ n");

fprintf(f, "/mnt - root:adm , 750\n");fprintf (f, "/ mnt-root: adm, 750 \ n");

fprintf(f, "/root - root:root ,700\n");fprintf (f, "/ root-root: root, 700 \ n");

fprintf(f, "/sbin - root:adm , 751\n");fprintf (f, "/ sbin-root: adm, 751 \ n");

fprintf(f, "/tmp - root:root , 1777\n");fprintf (f, "/ tmp-root: root, 1777 \ n");

fprintf(f, "/usr - root:adm , 751\n");fprintf (f, "/ usr-root: adm, 751 \ n");

fprintf(f, "/usr/* - root:adm , 751\n");fprintf (f, "/ usr / *-root: adm, 751 \ n");

fprintf(f, "/usr/X11R6 - - , 751\n");fprintf (f, "/ usr / X11R6--, 751 \ n");

fprintf(f, "/usr/bin - root:adm , 751\n");fprintf (f, "/ usr / bin-root: adm, 751 \ n");

fprintf(f, "/usr/bin/* - root:root , 755\n");fprintf (f, "/ usr / bin / *-root: root, 755 \ n");

fprintf(f, "/usr/sbin - root:adm , 751\n");fprintf (f, "/ usr / sbin-root: adm, 751 \ n");

fprintf(f, "/usr/sbin/* - root:root , 755\n");fprintf (f, "/ usr / sbin / *-root: root, 755 \ n");

fprintf(f, "/var/spool/mail - root:mail , 771\n");fprintf (f, "/ var / spool / mail-root: mail, 771 \ n");

fprintf(f, "/usr/bin/gcc - - , 700\n");fprintf (f, "/ usr / bin / gcc--, 700 \ n");

fprintf(f, "/usr/bin/g++ - - , 700\n");fprintf (f, "/ usr / bin / g ++--, 700 \ n");

fprintf(f, "/usr/bin/colorgcc - - , 700\n");fprintf (f, "/ usr / bin / colorgcc--, 700 \ n");

fprintf(f, "/usr/bin/uudecode - - , 700\n");fprintf (f, "/ usr / bin / uudecode--, 700 \ n");

fprintf(f, "/usr/bin/w - - , 700\n");fprintf (f, "/ usr / bin / w--, 700 \ n");

fprintf(f, "/usr/bin/who - - , 700\n");fprintf (f, "/ usr / bin / who--, 700 \ n");

fprintf(f, "/usr/bin/finger - - , 700\n");fprintf (f, "/ usr / bin / finger--, 700 \ n");

fprintf(f, "/bin/ping - - , 700\n");fprintf (f, "/ bin / ping--, 700 \ n");

fprintf(f, "/usr/bin/telnet - - , 700\n");fprintf (f, "/ usr / bin / telnet--, 700 \ n");

fprintf(f, "/usr/bin/ssh - - , 700\n");fprintf (f, "/ usr / bin / ssh--, 700 \ n");

fprintf(f, "/usr/sbin/traceriute- - ,700\n\n");fprintf (f, "/ usr / sbin / traceriute--, 700 \ n \ n");

fclose(f);fclose (f);

printf("\nOK! modify permission to all files");printf ("\ nOK! modify permission to all files");

printf("\n\n[13] = [OK!]\n\n");printf ("\ n \ n [13] = [OK!] \ n \ n");

sleep(3);sleep (3);

system(clear);system (clear);

}}

if( q==2 || q==2 ) {if (q == 2 || q == 2) {

printf("\nok..u choose 'manual' mode. :)\n\n");printf ("\ nok..u choose 'manual' mode.:) \ n \ n");

printf("1. /bin directory\n");printf ("1. / bin directory \ n");

/* /bin 디렉토리의 퍼미션을 711 로 바꿀것인지에 대한 question *// * Question whether to change the permissions of the / bin directory to 711 * /

printf("Do you modify /bin directory to permission 711 ?(y/n):");printf ("Do you modify / bin directory to permission 711? (y / n):");

scanf("%c", &q);scanf ("% c", &q);

if( q=='Y' || q=='y' ) {if (q == 'Y' || q == 'y') {

chmod("/bin" , 0711);chmod ("/ bin", 0711);

f = fopen("fileutil", "a");f = fopen ("fileutil", "a");

fclose(f);fclose (f);

}}

printf("\n2. /boot directory\n");printf ("\ n2. / boot directory \ n");

/* /boot 디렉토리의 퍼미션을 700 로 바꿀것인지에 대한 question *// * Question whether to change the permissions of the / boot directory to 700 * /

printf("Do you modify /boot directory to permission 700 ?(y/n):");printf ("Do you modify / boot directory to permission 700? (y / n):");

scanf("%c", &q);scanf ("% c", &q);

if( q=='Y' || q=='y' ) {if (q == 'Y' || q == 'y') {

chmod("/boot" , 0700);chmod ("/ boot", 0700);

f = fopen("fileutil", "a");f = fopen ("fileutil", "a");

fclose(f);fclose (f);

}}

printf("\n3. /dev directory\n");printf ("\ n3. / dev directory \ n");

/* /dev 디렉토리의 퍼미션을 711 로 바꿀것인지에 대한 question *// * Question about whether to change the permissions of the / dev directory to 711 * /

printf("Do you modify /dev directory to permission 711 ?(y/n):");printf ("Do you modify / dev directory to permission 711? (y / n):");

scanf("%c", &q);scanf ("% c", &q);

if( q=='Y' || q=='y' ) {if (q == 'Y' || q == 'y') {

chmod("/dev" , 0711);chmod ("/ dev", 0711);

f = fopen("fileutil", "a");f = fopen ("fileutil", "a");

fclose(f);fclose (f);

}}

printf("\n4. /home directory and under directories in the /home\n");printf ("\ n4. / home directory and under directories in the / home \ n");

/* /home 디렉토리와 하위디렉토리들의 퍼미션 설정 *// * Set permissions of the / home directory and its subdirectories * /

printf("Do you modify /home directory andprintf ("Do you modify / home directory and

subdirectories in the /home to permission [751 , 701]?(y/n):");subdirectories in the / home to permission [751, 701]? (y / n): ");

scanf("%c", &q);scanf ("% c", &q);

if(q=='Y' || q=='y') {if (q == 'Y' || q == 'y') {

chown("/home", 0 , 4);chown ("/ home", 0, 4);

chmod("/home", 0751);chmod ("/ home", 0751);

system("/bin/chmod 701 /home/*");system ("/ bin / chmod 701 / home / *");

f = fopen("fileutil", "a");f = fopen ("fileutil", "a");

fprintf(f, "/home/* - - , 701\n");fprintf (f, "/ home / *--, 701 \ n");

fclose(f);fclose (f);

}}

printf("\n5. /lib, /mnt, /root, /sbin, /tmp directory\n\n");printf ("\ n5. / lib, / mnt, / root, / sbin, / tmp directory \ n \ n");

printf("/lib directory - 751 permission , root:adm\n");printf ("/ lib directory-751 permission, root: adm \ n");

printf("/mnt directory - 750 permission , root:adm\n");printf ("/ mnt directory-750 permission, root: adm \ n");

printf("/root directory - 700 permission , root:root\n");printf ("/ root directory-700 permission, root: root \ n");

printf("/sbin directory - 751 permission , root:adm\n");printf ("/ sbin directory-751 permission, root: adm \ n");

printf("/tmp directory - 1777 permission , root:root\n\n");printf ("/ tmp directory-1777 permission, root: root \ n \ n");

/* /lib , /mnt , /root , /sbin , /tmp 디렉들에 대한 퍼미션 설정 *// * Set permissions on / lib, / mnt, / root, / sbin and / tmp directories * /

printf("Do you modify this directory to permission ?(y/n):");printf ("Do you modify this directory to permission? (y / n):");

scanf("%c", &q);scanf ("% c", &q);

if(q=='Y' || q=='y') {if (q == 'Y' || q == 'y') {

chown("/lib" , 0 , 4);chown ("/ lib", 0, 4);

chmod("/lib" , 0751);chmod ("/ lib", 0751);

chown("/mnt" , 0 , 4);chown ("/ mnt", 0, 4);

chmod("/mnt" , 0750);chmod ("/ mnt", 0750);

chown("/root" , 0 , 0);chown ("/ root", 0, 0);

chmod("/root" , 0700);chmod ("/ root", 0700);

chown("/sbin" , 0 , 4);chown ("/ sbin", 0, 4);

chmod("/sbin" , 0751);chmod ("/ sbin", 0751);

chown("/tmp" , 0 , 4);chown ("/ tmp", 0, 4);

chmod("/tmp" , 01777);chmod ("/ tmp", 01777);

f = fopen("fileutil", "a");f = fopen ("fileutil", "a");

fprintf(f, "/lib - root:adm , 751\n");fprintf (f, "/ lib-root: adm, 751 \ n");

fprintf(f, "/mnt - root:adm , 750\n");fprintf (f, "/ mnt-root: adm, 750 \ n");

fprintf(f, "/root - root:root , 700\n");fprintf (f, "/ root-root: root, 700 \ n");

fclose(f);fclose (f);

}}

printf("\n6. subdirectories in the /usr directory\n\n");printf ("\ n6. subdirectories in the / usr directory \ n \ n");

printf("/usr directory - 751 permission , root:adm\n");printf ("/ usr directory-751 permission, root: adm \ n");

printf("subdirectories in /usr - 751 permission , root:adm\n");printf ("subdirectories in / usr-751 permission, root: adm \ n");

printf("/usr/bin - 751 permission , root:adm\n");printf ("/ usr / bin-751 permission, root: adm \ n");

printf("subdirectories in /usr/bin - 755 permission , root:root\n");printf ("subdirectories in / usr / bin-755 permission, root: root \ n");

printf("/usr/sbin - 751 permission , root:adm\n");printf ("/ usr / sbin-751 permission, root: adm \ n");

printf("subdirectories in /usr/sbin - 755 permission , root:root\n");printf ("subdirectories in / usr / sbin-755 permission, root: root \ n");

printf("/usr/X11R6 - 751 permission\n\n");printf ("/ usr / X11R6-751 permission \ n \ n");

/* /usr 디렉토리에 존재하는 하위디렉토리들에 대한 퍼미션 설정 *// * Set permissions for subdirectories in the / usr directory * /

scanf("%c", &q);scanf ("% c", &q);

if(q=='Y' || q=='y') {if (q == 'Y' || q == 'y') {

chown("/usr" , 0 , 4);chown ("/ usr", 0, 4);

chmod("/usr" , 0751);chmod ("/ usr", 0751);

chown("/usr/sbin" , 0 , 4);chown ("/ usr / sbin", 0, 4);

chmod("/usr/sbin", 0751);chmod ("/ usr / sbin", 0751);

chmod("/usr/X11R6", 0751);chmod ("/ usr / X11R6", 0751);

system("/bin/chmod 755 /usr/sbin/*");system ("/ bin / chmod 755 / usr / sbin / *");

f = fopen("fileutil", "a");f = fopen ("fileutil", "a");

fprintf(f, "/usr - root:adm , 751\n");fprintf (f, "/ usr-root: adm, 751 \ n");

fprintf(f, "/usr/X11R6 - - , 751\n");fprintf (f, "/ usr / X11R6--, 751 \ n");

fclose(f);fclose (f);

}}

printf("\n7. subdirectories in the /var directory\n\n");printf ("\ n7. subdirectories in the / var directory \ n \ n");

printf("/var - 755 permission\n");printf ("/ var-755 permission \ n");

printf("/var/spool/mail - 771 permission , root:mail\n\n");printf ("/ var / spool / mail-771 permission, root: mail \ n \ n");

/* /var 디렉토리 아래에 있는 하위 디렉토리들에 대한 퍼미션 설정 *// * Set permissions for subdirectories under / var directory * /

scanf("%c", &q);scanf ("% c", &q);

if(q=='Y' || q=='y') {if (q == 'Y' || q == 'y') {

chmod("/var" , 0755);chmod ("/ var", 0755);

chown("/var/spool/mail" , 0 , 12);chown ("/ var / spool / mail", 0, 12);

chmod("/var/spool/mail" , 771);chmod ("/ var / spool / mail", 771);

f = fopen("fileutil", "a");f = fopen ("fileutil", "a");

fclose(f);fclose (f);

}}

printf("\n8. /dev/audio file\n");printf ("\ n8. / dev / audio file \ n");

/* /dev/audio 파일의 퍼미션을 600 으로 바꿀것인지에 대한 question *// * Question about whether to change the permissions of the / dev / audio file to 600 * /

printf("Checking /dev/audio file.......");printf ("Checking / dev / audio file .......");

if(stat("/dev/audio", &st) < 0)if (stat ("/ dev / audio", & st) <0)

printf("failed!\n");printf ("failed! \ n");

elseelse

printf("ok!\n");printf ("ok! \ n");

printf("Checking /dev/dsp file.......");printf ("Checking / dev / dsp file .......");

if(stat("/dev/dsp", &st) < 0)if (stat ("/ dev / dsp", & st) <0)

printf("failed!\n");printf ("failed! \ n");

elseelse

printf("ok!\n");printf ("ok! \ n");

printf("Checking /etc/esd.conf.......");printf ("Checking /etc/esd.conf .......");

if(stat("/etc/esd.conf", &st) < 0)if (stat ("/ etc / esd.conf", & st) <0)

printf("failed!\n\n");printf ("failed! \ n \ n");

elseelse

printf("ok!\n\n");printf ("ok! \ n \ n");

printf("Do you modify /dev/audio , dsp and /etc/esd.conf fileprintf ("Do you modify / dev / audio, dsp and /etc/esd.conf file

to permission 600,640 ?(y/n):");to permission 600,640? (y / n): ");

scanf("%c", &q);scanf ("% c", &q);

if( q=='Y' || q=='y' ) {if (q == 'Y' || q == 'y') {

chmod("/dev/audio" , 0600);chmod ("/ dev / audio", 0600);

chmod("/dev/dsp" , 0600);chmod ("/ dev / dsp", 0600);

chown("/etc/esd.conf", 0 , 4);chown ("/ etc / esd.conf", 0, 4);

chmod("/etc/esd.conf" , 0640);chmod ("/ etc / esd.conf", 0640);

f = fopen("fileutil", "a");f = fopen ("fileutil", "a");

fclose(f);fclose (f);

}}

printf("\n9. /etc directory\n");printf ("\ n9. / etc directory \ n");

/* /etc 디렉토리의 소유그룹과 퍼미션 변경에 대한 question *// * Question about changing the owning group and permissions in the / etc directory * /

printf("Do you modify /etc directory to permission 711 and owner group ?(y/n):");printf ("Do you modify / etc directory to permission 711 and owner group? (y / n):");

scanf("%c", &q);scanf ("% c", &q);

if( q=='Y' || q=='y' ) {if (q == 'Y' || q == 'y') {

chown("/etc", 0 , 4);chown ("/ etc", 0, 4);

chmod("/etc" , 0711);chmod ("/ etc", 0711);

f = fopen("fileutil", "a");f = fopen ("fileutil", "a");

fprintf(f, "/etc - root:adm , 711\n");fprintf (f, "/ etc-root: adm, 711 \ n");

fclose(f);fclose (f);

}}

printf("\n10. /etc/conf.modules\n");printf ("\ n10. /etc/conf.modules\n");

/* /etc/conf.modules 파일의 소유그룹과 퍼미션변경에 대한 question *// * Question about changing ownership group and permissions in /etc/conf.modules * /

printf("Checking /etc/conf.modules.......");printf ("Checking /etc/conf.modules .......");

if(stat("/etc/conf.modules", &st) < 0) {if (stat ("/ etc / conf.modules", & st) <0) {

printf("failed!\n\n");printf ("failed! \ n \ n");

printf("Not found, /etc/conf.modules file...\n");printf ("Not found, /etc/conf.modules file ... \ n");

}}

else {else {

printf("ok!\n\n");printf ("ok! \ n \ n");

printf("Do you modify /etc/conf.modules file toprintf ("Do you modify /etc/conf.modules file to

permission 640 and owner group?(y/n):");permission 640 and owner group? (y / n): ");

scanf("%c", &q);scanf ("% c", &q);

if( q=='Y' || q=='y' ) {if (q == 'Y' || q == 'y') {

chown("/etc/conf.modules", 0 , 4);chown ("/ etc / conf.modules", 0, 4);

chmod("/etc/conf.modules" , 0640);chmod ("/ etc / conf.modules", 0640);

f = fopen("fileutil", "a");f = fopen ("fileutil", "a");

fclose(f);fclose (f);

}}

printf("\n11. /etc/cron files\n\n");printf ("\ n11. / etc / cron files \ n \ n");

/* /etc/cron.daily 디렉토리의 소유그룹과 퍼미션 변경에 대한 question *// * Question about changing owning groups and permissions in the /etc/cron.daily directory * /

printf("Checking /etc/cron.daily.......");printf ("Checking /etc/cron.daily .......");

if(stat("/etc/cron.daily" , &st) < 0)if (stat ("/ etc / cron.daily", & st) <0)

printf("failed!\n");printf ("failed! \ n");

elseelse

printf("ok!\n");printf ("ok! \ n");

printf("Checking /etc/cron.hourly.......");printf ("Checking /etc/cron.hourly .......");

if(stat("/etc/cron.hourly", &st) < 0)if (stat ("/ etc / cron.hourly", & st) <0)

printf("failed!\n");printf ("failed! \ n");

elseelse

printf("ok!\n");printf ("ok! \ n");

printf("Checking /etc/cron.monthly.......");printf ("Checking /etc/cron.monthly .......");

if(stat("/etc/cron.monthly", &st) < 0)if (stat ("/ etc / cron.monthly", & st) <0)

printf("failed!\n");printf ("failed! \ n");

elseelse

printf("ok!\n");printf ("ok! \ n");

printf("Checking /etc/cron.weekly.......");printf ("Checking /etc/cron.weekly .......");

if(stat("/etc/cron.weekly", &st) < 0)if (stat ("/ etc / cron.weekly", & st) <0)

printf("failed!\n");printf ("failed! \ n");

elseelse

printf("ok!\n");printf ("ok! \ n");

printf("Checking /etc/crontab.......");printf ("Checking / etc / crontab .......");

if(stat("/etc/crontab", &st) < 0)if (stat ("/ etc / crontab", & st) <0)

printf("failed!\n\n");printf ("failed! \ n \ n");

elseelse

printf("ok!\n\n");printf ("ok! \ n \ n");

printf("(1) /etc/cron.daily\n");printf ("(1) /etc/cron.daily\n");

printf("(2) /etc/cron.hourly\n");printf ("(2) /etc/cron.hourly\n");

printf("(3) /etc/cron.monthly\n");printf ("(3) /etc/cron.monthly\n");

printf("(4) /etc/cron.weekly\n");printf ("(4) /etc/cron.weekly\n");

printf("(5) /etc/crontab (permission 640)\n\n");printf ("(5) / etc / crontab (permission 640) \ n \ n");

printf("Do you modify cron files of /etc directory toprintf ("Do you modify cron files of / etc directory to

permission 750 and owner group ?(y/n):");permission 750 and owner group? (y / n): ");

scanf("%c", &q);scanf ("% c", &q);

if( q=='Y' || q=='y' ) {if (q == 'Y' || q == 'y') {

chown("/etc/cron.daily", 0 , 4);chown ("/ etc / cron.daily", 0, 4);

chmod("/etc/cron.daily" , 0750);chmod ("/ etc / cron.daily", 0750);

chown("/etc/cron.hourly", 0 , 4);chown ("/ etc / cron.hourly", 0, 4);

chmod("/etc/cron.hourly" , 0750);chmod ("/ etc / cron.hourly", 0750);

chown("/etc/cron.monthly", 0 , 4);chown ("/ etc / cron.monthly", 0, 4);

chmod("/etc/cron.monthly" , 0750);chmod ("/ etc / cron.monthly", 0750);

chown("/etc/cron.weekly", 0 , 4);chown ("/ etc / cron.weekly", 0, 4);

chmod("/etc/cron.weekly" , 0750);chmod ("/ etc / cron.weekly", 0750);

chown("/etc/crontab", 0 , 4);chown ("/ etc / crontab", 0, 4);

chmod("/etc/crontab" , 0640);chmod ("/ etc / crontab", 0640);

f = fopen("fileutil", "a");f = fopen ("fileutil", "a");

fclose(f);fclose (f);

}}

/* /etc/dhcpcd 디렉토리와 그 안의 파일들의 퍼미션 변경 *// * Change the permissions of the / etc / dhcpcd directory and the files in it * /

printf("\n12. /etc/dhcpcd directory and all files\n\n");printf ("\ n12. / etc / dhcpcd directory and all files \ n \ n");

printf("(1) /etc/dhcpcd directory (permission 750)\n");printf ("(1) / etc / dhcpcd directory (permission 750) \ n");

printf("(2) all files of /etc/dhcpcd directory (permission 640)\n\n");printf ("(2) all files of / etc / dhcpcd directory (permission 640) \ n \ n");

printf("Do you modify all files of /etc/dhcpcd directory toprintf ("Do you modify all files of / etc / dhcpcd directory to

permission 640 , 750 and owner group ?(y/n):");permission 640, 750 and owner group? (y / n): ");

scanf("%c", &q);scanf ("% c", &q);

if( q=='Y' || q=='y' ) {if (q == 'Y' || q == 'y') {

chown("/etc/dhcpcd", 0 , 4);chown ("/ etc / dhcpcd", 0, 4);

chmod("/etc/dhcpcd" , 0750);chmod ("/ etc / dhcpcd", 0750);

system("chmod 640 /etc/dhcpcd/* ; chown root:adm /etc/dhcpcd/*");system ("chmod 640 / etc / dhcpcd / *; chown root: adm / etc / dhcpcd / *");

f = fopen("fileutil", "a");f = fopen ("fileutil", "a");

fclose(f);fclose (f);

}}

/* /etc/gettydefs 파일과 /etc 디렉 안의 ftp 관련 파일들의 퍼미션변경 *// * Change the permissions of the / etc / gettydefs file and ftp related files in the / etc directory * /

printf("\n13. /etc/gettydefs file and ftp files of /etc directory\n\n");printf ("\ n13. / etc / gettydefs file and ftp files of / etc directory \ n \ n");

printf("(1) Checking /etc/gettydefs file.......");printf ("(1) Checking / etc / gettydefs file .......");

if(stat("/etc/gettydefs", &st) < 0)if (stat ("/ etc / gettydefs", & st) <0)

printf("failed!\n");printf ("failed! \ n");

elseelse

printf("ok!\n");printf ("ok! \ n");

printf("(2) Checking /etc/ftpaccess.......");printf ("(2) Checking / etc / ftpaccess .......");

if(stat("/etc/ftpaccess", &st) < 0)if (stat ("/ etc / ftpaccess", & st) <0)

printf("failed!\n");printf ("failed! \ n");

elseelse

printf("ok!\n");printf ("ok! \ n");

printf("(3) Checking /etc/ftpconversions.......");printf ("(3) Checking / etc / ftpconversions .......");

if(stat("/etc/ftpconversions", &st) < 0)if (stat ("/ etc / ftpconversions", & st) <0)

printf("failed!\n");printf ("failed! \ n");

elseelse

printf("ok!\n");printf ("ok! \ n");

printf("(4) Checking /etc/ftp/groups.......");printf ("(4) Checking / etc / ftp / groups .......");

if(stat("/etc/ftp/groups", &st) < 0)if (stat ("/ etc / ftp / groups", & st) <0)

printf("failed!\n");printf ("failed! \ n");

elseelse

printf("ok!\n");printf ("ok! \ n");

printf("(5) Checking /etc/ftpusers.......");printf ("(5) Checking / etc / ftpusers .......");

if(stat("/etc/ftpusers", &st) < 0)if (stat ("/ etc / ftpusers", & st) <0)

printf("failed!\n\n");printf ("failed! \ n \ n");

elseelse

printf("ok!\n\n");printf ("ok! \ n \ n");

printf("Do you modify /etc/gettydefs file and ftp files of the /etc directory toprintf ("Do you modify / etc / gettydefs file and ftp files of the / etc directory to

permission 640 and owner group ?(y/n):");permission 640 and owner group? (y / n): ");

scanf("%c", &q);scanf ("% c", &q);

if( q=='Y' || q=='y' ) {if (q == 'Y' || q == 'y') {

chown("/etc/gettydefs" , 0 , 4);chown ("/ etc / gettydefs", 0, 4);

chmod("/etc/gettydefs" , 0640);chmod ("/ etc / gettydefs", 0640);

chown("/etc/ftpaccess" , 0 , 4);chown ("/ etc / ftpaccess", 0, 4);

chmod("/etc/ftpaccess" , 0640);chmod ("/ etc / ftpaccess", 0640);

chown("/etc/ftpconversions" , 0 , 4);chown ("/ etc / ftpconversions", 0, 4);

chmod("/etc/ftpconversions" , 0640);chmod ("/ etc / ftpconversions", 0640);

chown("/etc/ftp/groups" , 0 , 4);chown ("/ etc / ftp / groups", 0, 4);

chmod("/etc/ftp/groups" , 0640);chmod ("/ etc / ftp / groups", 0640);

chown("/etc/ftpusers" , 0 , 4);chown ("/ etc / ftpusers", 0, 4);

chmod("/etc/ftpusers" , 0640);chmod ("/ etc / ftpusers", 0640);

f = fopen("fileutil", "a");f = fopen ("fileutil", "a");

fclose(f);fclose (f);

}}

/* /etc 디렉 안에 있는 host 관련 파일들 *// * host related files in the / etc directory * /

printf("\n14. host files of /etc directory\n\n");printf ("\ n14. host files of / etc directory \ n \ n");

printf("(1) /etc/hosts.......");printf ("(1) / etc / hosts .......");

if(stat("/etc/hosts", &st) < 0)if (stat ("/ etc / hosts", & st) <0)

printf("failed!\n");printf ("failed! \ n");

elseelse

printf("ok!\n");printf ("ok! \ n");

printf("(2) /etc/hosts.allow.......");printf ("(2) /etc/hosts.allow .......");

if(stat("/etc/hosts.allow", &st) < 0)if (stat ("/ etc / hosts.allow", & st) <0)

printf("failed!\n");printf ("failed! \ n");

elseelse

printf("ok!\n");printf ("ok! \ n");

printf("(3) /etc/hosts.deny.......");printf ("(3) /etc/hosts.deny .......");

if(stat("/etc/hosts.deny", &st) < 0)if (stat ("/ etc / hosts.deny", & st) <0)

printf("failed!\n");printf ("failed! \ n");

elseelse

printf("ok!\n");printf ("ok! \ n");

printf("(4) /etc/hosts.equiv.......");printf ("(4) /etc/hosts.equiv .......");

if(stat("/etc/hosts.equiv", &st) < 0)if (stat ("/ etc / hosts.equiv", & st) <0)

printf("failed!\n\n");printf ("failed! \ n \ n");

elseelse

printf("ok!\n\n");printf ("ok! \ n \ n");

printf("Do you modify host files of the /etc directory toprintf ("Do you modify host files of the / etc directory to

scanf("%c", &q);scanf ("% c", &q);

if( q=='Y' || q=='y' ) {if (q == 'Y' || q == 'y') {

chown("/etc/hosts" , 0 , 4);chown ("/ etc / hosts", 0, 4);

chmod("/etc/hosts", 0640);chmod ("/ etc / hosts", 0640);

chown("/etc/hosts.allow", 0 , 4);chown ("/ etc / hosts.allow", 0, 4);

chmod("/etc/hosts.allow", 0640);chmod ("/ etc / hosts.allow", 0640);

chown("/etc/hosts.deny", 0 , 4);chown ("/ etc / hosts.deny", 0, 4);

chmod("/etc/hosts.deny", 0640);chmod ("/ etc / hosts.deny", 0640);

chown("/etc/hosts.equiv", 0 , 4);chown ("/ etc / hosts.equiv", 0, 4);

chmod("/etc/hosts.equiv", 0640);chmod ("/ etc / hosts.equiv", 0640);

f = fopen("fileutil", "a");f = fopen ("fileutil", "a");

fclose(f);fclose (f);

}}

/* /etc 디렉의 conf 파일 중 보안에 취약할수 있는 파일 퍼미션수정 *// * Modify file permissions that may be vulnerable to conf files in the / etc directory * /

printf("\n15. conf files of /etc directory\n\n");printf ("\ n15. conf files of / etc directory \ n \ n");

printf("(1) Checking /etc/inetd.conf.......");printf ("(1) Checking /etc/inetd.conf .......");

if(stat("/etc/inetd.conf", &st) < 0)if (stat ("/ etc / inetd.conf", & st) <0)

printf("failed!\n");printf ("failed! \ n");

elseelse

printf("ok!\n");printf ("ok! \ n");

printf("(2) Checking /etc/ld.so.conf.......");printf ("(2) Checking /etc/ld.so.conf .......");

if(stat("/etc/ld.so.conf", &st) < 0)if (stat ("/ etc / ld.so.conf", & st) <0)

printf("failed!\n");printf ("failed! \ n");

elseelse

printf("ok!\n");printf ("ok! \ n");

printf("(3) Checking /etc/lilo.conf.......");printf ("(3) Checking /etc/lilo.conf .......");

if(stat("/etc/lilo.conf", &st) < 0)if (stat ("/ etc / lilo.conf", & st) <0)

printf("failed!\n");printf ("failed! \ n");

elseelse

printf("ok!\n");printf ("ok! \ n");

printf("(4) Checking /etc/syslog.conf.......");printf ("(4) Checking /etc/syslog.conf .......");

if(stat("/etc/syslog.conf", &st) < 0)if (stat ("/ etc / syslog.conf", & st) <0)

printf("failed!\n");printf ("failed! \ n");

elseelse

printf("ok!\n");printf ("ok! \ n");

printf("(5) Checking /etc/updatadb.conf.......");printf ("(5) Checking /etc/updatadb.conf .......");

if(stat("/etc/updatadb.conf", &st) < 0)if (stat ("/ etc / updatadb.conf", & st) <0)

printf("failed!\n");printf ("failed! \ n");

elseelse

printf("ok!\n");printf ("ok! \ n");

printf("(6) Checking /etc/modules.conf.......");printf ("(6) Checking /etc/modules.conf .......");

if(stat("/etc/modules.conf", &st) < 0)if (stat ("/ etc / modules.conf", & st) <0)

printf("failed!\n");printf ("failed! \ n");

elseelse

printf("ok!\n");printf ("ok! \ n");

printf("(7) Checking /etc/sendmail.cf.......");printf ("(7) Checking /etc/sendmail.cf .......");

if(stat("/etc/sendmail.cf", &st) < 0)if (stat ("/ etc / sendmail.cf", & st) <0)

printf("failed!\n\n");printf ("failed! \ n \ n");

elseelse

printf("ok!\n\n");printf ("ok! \ n \ n");

printf("Do you modify conf files of the /etc directory toprintf ("Do you modify conf files of the / etc directory to

scanf("%c", &q);scanf ("% c", &q);

if( q=='Y' || q=='y' ) {if (q == 'Y' || q == 'y') {

chown("/etc/inetd.conf", 0 , 4);chown ("/ etc / inetd.conf", 0, 4);

chmod("/etc/inetd.conf", 0640);chmod ("/ etc / inetd.conf", 0640);

chown("/etc/ld.so.conf", 0 , 4);chown ("/ etc / ld.so.conf", 0, 4);

chmod("/etc/ld.so.conf", 0640);chmod ("/ etc / ld.so.conf", 0640);

chown("/etc/lilo.conf", 0 , 4);chown ("/ etc / lilo.conf", 0, 4);

chmod("/etc/lilo.conf", 0640);chmod ("/ etc / lilo.conf", 0640);

chown("/etc/syslog.conf", 0 , 4);chown ("/ etc / syslog.conf", 0, 4);

chmod("/etc/syslog.conf", 0640);chmod ("/ etc / syslog.conf", 0640);

chown("/etc/updatadb.conf", 0 , 4);chown ("/ etc / updatadb.conf", 0, 4);

chmod("/etc/updatadb.conf", 0640);chmod ("/ etc / updatadb.conf", 0640);

chown("/etc/modules.conf", 0 , 4);chown ("/ etc / modules.conf", 0, 4);

chmod("/etc/modules.conf", 0640);chmod ("/ etc / modules.conf", 0640);

chown("/etc/sendmail.cf" , 0 , 4);chown ("/ etc / sendmail.cf", 0, 4);

chmod("/etc/sendmail.cf", 0640);chmod ("/ etc / sendmail.cf", 0640);

f = fopen("fileutil", "a");f = fopen ("fileutil", "a");

fprintf(f, "/etc/syslog.conf - root:adm , 640\n");fprintf (f, "/etc/syslog.conf-root: adm, 640 \ n");

fclose(f);fclose (f);

}}

/* /etc/rc.d/init.d 인 대몬디렉의 설정과 부팅파일인 inittab , motd 파일에 대한 설정 *// * Configuration of the daemon directory in /etc/rc.d/init.d and configuration of the boot file inittab and motd * /

printf("\n16. daemon directory and syslogd , inittab , motd file\n\n");printf ("\ n16. daemon directory and syslogd, inittab, motd file \ n \ n");

printf("(1) Checking /etc/rc.d/init.d/syslog.......");printf ("(1) Checking /etc/rc.d/init.d/syslog .......");

if(stat("/etc/rc.d/init.d/syslog", &st) < 0)if (stat ("/ etc / rc.d / init.d / syslog", & st) <0)

printf("failed!\n");printf ("failed! \ n");

elseelse

printf("ok!\n");printf ("ok! \ n");

printf("(2) Checking /etc/inittab.......");printf ("(2) Checking / etc / inittab .......");

if(stat("/etc/inittab", &st) < 0)if (stat ("/ etc / inittab", & st) <0)

printf("failed!\n");printf ("failed! \ n");

elseelse

printf("ok!\n");printf ("ok! \ n");

printf("(3) Checking /etc/motd.......");printf ("(3) Checking / etc / motd .......");

if(stat("/etc/motd", &st) < 0)if (stat ("/ etc / motd", & st) <0)

printf("failed!\n");printf ("failed! \ n");

elseelse

printf("ok!\n");printf ("ok! \ n");

printf("Do you modify syslogd files and /etc/inittab,printf ("Do you modify syslogd files and / etc / inittab,

/etc/motd file to permission and owner group ?(y/n):");/ etc / motd file to permission and owner group? (y / n): ");

scanf("%c", &q);scanf ("% c", &q);

if( q=='Y' || q=='y' ) {if (q == 'Y' || q == 'y') {

chown("/etc/rc.d/init.d/syslog" , 0 , 4);chown ("/ etc / rc.d / init.d / syslog", 0, 4);

chmod("/etc/rc.d/init.d/syslog" , 0740);chmod ("/ etc / rc.d / init.d / syslog", 0740);

chown("/etc/rc.d/init.d" , 0 , 4);chown ("/ etc / rc.d / init.d", 0, 4);

chmod("/etc/rc.d/init.d", 0750);chmod ("/ etc / rc.d / init.d", 0750);

chown("/etc/rc.d", 0 , 4);chown ("/ etc / rc.d", 0, 4);

chmod("/etc/rc.d", 0640);chmod ("/ etc / rc.d", 0640);

chown("/etc/inittab", 0 , 4);chown ("/ etc / inittab", 0, 4);

chmod("/etc/inittab", 0640);chmod ("/ etc / inittab", 0640);

chown("/etc/motd" , 0 , 4);chown ("/ etc / motd", 0, 4);

chmod("/etc/motd" , 0644);chmod ("/ etc / motd", 0644);

f = fopen("fileutil", "a");f = fopen ("fileutil", "a");

fclose(f);fclose (f);

}}

/*/ *

* /etc/printcap , /etc/profile , /etc/securetty , /etc/shutdown.allow* / etc / printcap, / etc / profile, / etc / securetty, /etc/shutdown.allow

* /etc 디렉의 ssh 관련 파일들의 퍼미션 수정* Modify permissions of ssh related files in / etc directory

*/* /

printf("\n17. /etc/printcap , profile , /etc/securetty , shutdown.allowprintf ("\ n17. / etc / printcap, profile, / etc / securetty, shutdown.allow

files and ssh file\n\n");files and ssh file \ n \ n ");

printf("(1) Checking /etc/printcap.......");printf ("(1) Checking / etc / printcap .......");

if(stat("/etc/printcap", &st) < 0)if (stat ("/ etc / printcap", & st) <0)

printf("failed!\n");printf ("failed! \ n");

elseelse

printf("ok!\n");printf ("ok! \ n");

printf("(2) Checking /etc/profile.......");printf ("(2) Checking / etc / profile .......");

if(stat("/etc/profile" , &st) < 0)if (stat ("/ etc / profile", & st) <0)

printf("failed!\n");printf ("failed! \ n");

elseelse

printf("ok!\n");printf ("ok! \ n");

printf("(3) Checking /etc/securetty.......");printf ("(3) Checking / etc / securetty .......");

if(stat("/etc/securetty", &st) < 0)if (stat ("/ etc / securetty", & st) <0)

printf("failed!\n");printf ("failed! \ n");

elseelse

printf("ok!\n");printf ("ok! \ n");

printf("(4) Checking /etc/shutdown.allow.......");printf ("(4) Checking /etc/shutdown.allow .......");

if(stat("/etc/shutdown.allow", &st) < 0)if (stat ("/ etc / shutdown.allow", & st) <0)

printf("failed!\n");printf ("failed! \ n");

elseelse

printf("ok!\n");printf ("ok! \ n");

printf("(5) Checking /etc/ssh_config......");printf ("(5) Checking / etc / ssh_config ......");

if(stat("/etc/ssh_config", &st) < 0)if (stat ("/ etc / ssh_config", & st) <0)

printf("failed!\n");printf ("failed! \ n");

elseelse

printf("ok!\n");printf ("ok! \ n");

printf("(6) Checking /etc/ssh_host_key.......");printf ("(6) Checking / etc / ssh_host_key .......");

if(stat("/etc/ssh_host_key", &st) < 0)if (stat ("/ etc / ssh_host_key", & st) <0)

printf("failed!\n");printf ("failed! \ n");

elseelse

printf("ok!\n");printf ("ok! \ n");

printf("(7) Checking /etc/ssh_host_key.pub.......");printf ("(7) Checking /etc/ssh_host_key.pub .......");

if(stat("/etc/ssh_host_key.pub", &st) < 0)if (stat ("/ etc / ssh_host_key.pub", & st) <0)

printf("failed!\n");printf ("failed! \ n");

elseelse

printf("ok!\n");printf ("ok! \ n");

printf("(8) Checking /etc/sshd_config.......");printf ("(8) Checking / etc / sshd_config .......");

if(stat("/etc/sshd_config", &st) < 0)if (stat ("/ etc / sshd_config", & st) <0)

printf("failed!\n\n");printf ("failed! \ n \ n");

elseelse

printf("ok!\n\n");printf ("ok! \ n \ n");

printf("printcap , securitty , ssh_host_key , sshd_config = permission 640");printf ("printcap, securitty, ssh_host_key, sshd_config = permission 640");

printf("\nprofile , ssh_config , ssh_host_key.pub = permission 644\n");printf ("\ nprofile, ssh_config, ssh_host_key.pub = permission 644 \ n");

printf("shutdown.allow = permission 600\n\n");printf ("shutdown.allow = permission 600 \ n \ n");

printf("Do you modify this files and to permission and owner group ?(y/n):");printf ("Do you modify this files and to permission and owner group? (y / n):");

scanf("%c", &q);scanf ("% c", &q);

if( q=='Y' || q=='y' ) {if (q == 'Y' || q == 'y') {

chmod("/etc/printcap", 0640);chmod ("/ etc / printcap", 0640);

chown("/etc/profile" , 0 , 4);chown ("/ etc / profile", 0, 4);

chmod("/etc/profile" , 0644);chmod ("/ etc / profile", 0644);

chown("/etc/securetty" , 0 , 4);chown ("/ etc / securetty", 0, 4);

chmod("/etc/securetty" , 0640);chmod ("/ etc / securetty", 0640);

chown("/etc/shutdown.allow" , 0 , 0);chown ("/ etc / shutdown.allow", 0, 0);

chmod("/etc/shutdown.allow" , 0600);chmod ("/ etc / shutdown.allow", 0600);

chown("/etc/ssh_config" , 0 , 0);chown ("/ etc / ssh_config", 0, 0);

chmod("/etc/ssh_config" , 0644);chmod ("/ etc / ssh_config", 0644);

chown("/etc/ssh_host_key" , 0 , 4);chown ("/ etc / ssh_host_key", 0, 4);

chmod("/etc/ssh_host_key" , 0640);chmod ("/ etc / ssh_host_key", 0640);

chown("/etc/ssh_host_key.pub" , 0 , 4);chown ("/ etc / ssh_host_key.pub", 0, 4);

chmod("/etc/ssh_host_key.pub" , 0644);chmod ("/ etc / ssh_host_key.pub", 0644);

chown("/etc/sshd_config" , 0 , 4);chown ("/ etc / sshd_config", 0, 4);

chmod("/etc/sshd_config" , 0640);chmod ("/ etc / sshd_config", 0640);

f = fopen("fileutil", "a");f = fopen ("fileutil", "a");

fclose(f);fclose (f);

}}

printf("18. compiler\n\n");printf ("18. compiler \ n \ n");

/* 컴파일러들에 대한 설정 *// * Configuration for compilers * /

printf("Checking /usr/bin/gcc.......");printf ("Checking / usr / bin / gcc .......");

if(stat("/usr/bin/gcc", &st) < 0)if (stat ("/ usr / bin / gcc", & st) <0)

printf("failed!\n");printf ("failed! \ n");

elseelse

printf("ok!\n");printf ("ok! \ n");

printf("Checking /usr/bin/g++.......");printf ("Checking / usr / bin / g ++ .......");

if(stat("/usr/bin/g++", &st) < 0)if (stat ("/ usr / bin / g ++", & st) <0)

printf("failed!\n");printf ("failed! \ n");

elseelse

printf("ok!\n");printf ("ok! \ n");

printf("Checking /usr/bin/colorgcc.......");printf ("Checking / usr / bin / colorgcc .......");

if(stat("/usr/bin/colorgcc", &st) < 0)if (stat ("/ usr / bin / colorgcc", & st) <0)

printf("failed!\n");printf ("failed! \ n");

elseelse

printf("ok!\n");printf ("ok! \ n");

printf("Checking /usr/bin/uudecode.......");printf ("Checking / usr / bin / uudecode .......");

if(stat("/usr/bin/uudecode", &st) < 0)if (stat ("/ usr / bin / uudecode", & st) <0)

printf("failed!\n\n");printf ("failed! \ n \ n");

elseelse

printf("ok!\n\n");printf ("ok! \ n \ n");

printf("Do you modify this files and to 700 permission ?(y/n):");printf ("Do you modify this files and to 700 permission? (y / n):");

scanf("%c", &q);scanf ("% c", &q);

if( q=='Y' || q=='y' ) {if (q == 'Y' || q == 'y') {

chmod("/usr/bin/gcc" , 0700);chmod ("/ usr / bin / gcc", 0700);

chmod("/usr/bin/g++" , 0700);chmod ("/ usr / bin / g ++", 0700);

chmod("/usr/bin/colorgcc" , 0700);chmod ("/ usr / bin / colorgcc", 0700);

chmod("/usr/bin/uudecode" , 0700);chmod ("/ usr / bin / uudecode", 0700);

f = fopen("fileutil", "a");f = fopen ("fileutil", "a");

fclose(f);fclose (f);

}}

printf("\n19. system util\n\n");printf ("\ n19. system util \ n \ n");

/* 시스템 툴들에 대한 퍼미션 설정 *// * Set permissions for system tools * /

if(stat("/usr/bin/w", &st) < 0)if (stat ("/ usr / bin / w", & st) <0)

printf("failed!\n");printf ("failed! \ n");

elseelse

printf("ok!\n");printf ("ok! \ n");

if(stat("/usr/bin/who", &st) < 0)if (stat ("/ usr / bin / who", & st) <0)

printf("failed!\n");printf ("failed! \ n");

elseelse

printf("ok!\n");printf ("ok! \ n");

if(stat("/usr/bin/finger", &st) < 0)if (stat ("/ usr / bin / finger", & st) <0)

printf("failed!\n\n");printf ("failed! \ n \ n");

elseelse

printf("ok!\n\n");printf ("ok! \ n \ n");

scanf("%c", &q);scanf ("% c", &q);

if( q=='Y' || q=='y' ) {if (q == 'Y' || q == 'y') {

chmod("/usr/bin/w" , 0700);chmod ("/ usr / bin / w", 0700);

chmod("/usr/bin/who" , 0700);chmod ("/ usr / bin / who", 0700);

chmod("/usr/bin/finger", 0700);chmod ("/ usr / bin / finger", 0700);

f = fopen("fileutil", "a");f = fopen ("fileutil", "a");

fprintf(f, "/usr/bin/w - - , 700\n");fprintf (f, "/ usr / bin / w--, 700 \ n");

fclose(f);fclose (f);

}}

printf("\n20. Network util\n\n");printf ("\ n20. Network util \ n \ n");

/* 네트워크 툴들에 대한 퍼미션 설정 *// * Set permissions for network tools * /

if(stat("/bin/ping", &st) < 0)if (stat ("/ bin / ping", & st) <0)

printf("failed!\n");printf ("failed! \ n");

elseelse

printf("ok!\n");printf ("ok! \ n");

if(stat("/usr/bin/telnet", &st) < 0)if (stat ("/ usr / bin / telnet", & st) <0)

printf("failed!\n");printf ("failed! \ n");

elseelse

printf("ok!\n");printf ("ok! \ n");

if(stat("/usr/bin/ssh", &st) < 0)if (stat ("/ usr / bin / ssh", & st) <0)

printf("failed!\n");printf ("failed! \ n");

elseelse

printf("ok!\n");printf ("ok! \ n");

if(stat("/usr/sbin/traceroute", &st) < 0)if (stat ("/ usr / sbin / traceroute", & st) <0)

printf("failed!\n\n");printf ("failed! \ n \ n");

elseelse

printf("ok!\n");printf ("ok! \ n");

scanf("%c", &q);scanf ("% c", &q);

if( q=='Y' || q=='y' ) {if (q == 'Y' || q == 'y') {

chmod("/bin/ping", 0700);chmod ("/ bin / ping", 0700);

chmod("/usr/bin/telnet", 0700);chmod ("/ usr / bin / telnet", 0700);

chmod("/usr/bin/ssh", 0700);chmod ("/ usr / bin / ssh", 0700);

chmod("/usr/sbin/traceroute", 0700);chmod ("/ usr / sbin / traceroute", 0700);

f = fopen("fileutil", "a");f = fopen ("fileutil", "a");

fprintf(f, "/bin/ping - - , 700\n");fprintf (f, "/ bin / ping--, 700 \ n");

fprintf(f, "/usr/sbin/traceroute- - , 700\n\n");fprintf (f, "/ usr / sbin / traceroute--, 700 \ n \ n");

fclose(f);fclose (f);

}}

sleep(3);sleep (3);

printf("\n\n[13] = [OK!]\n\n");printf ("\ n \ n [13] = [OK!] \ n \ n");

sleep(3);sleep (3);

system(clear);system (clear);

}}

/* 14. 작업 내용 recording 하기 *// * 14. Recording your work * /

printf("[14] work contents recording\n");printf ("[14] work contents recording \ n");

printf("Hitherto do work contents recording..\n");printf ("Hitherto do work contents recording .. \ n");

printf("Wait a minutes... :)\n");printf ("Wait a minutes ...:) \ n");

/* suid,sgid 파일들에 대한 작업 recording *// * work with suid, sgid files recording * /

f = fopen("README", "a");f = fopen ("README", "a");

fprintf(f, "=====before to modify suidbit of suidfile=====\n\n");fprintf (f, "===== before to modify suidbit of suidfile ==== \ n \ n");

fclose(f);fclose (f);

system("cat >> README < perm4000");system ("cat >> README <perm4000");

f = fopen("README", "a");f = fopen ("README", "a");

fprintf(f, "\n\n=====before to modify sgidbit of sgidfile=====\n\n");fprintf (f, "\ n \ n ===== before to modify sgidbit of sgidfile ===== \ n \ n");

fclose(f);fclose (f);

system("cat >> README < perm2000");system ("cat >> README <perm2000");

f = fopen("README", "a");f = fopen ("README", "a");

fprintf(f, "\n\nThis files remove suid,sgid bits...\n");fprintf (f, "\ n \ nThis files remove suid, sgid bits ... \ n");

fprintf(f, "remains suidfile only /bin/su\n");fprintf (f, "remains suidfile only / bin / su \ n");

fprintf(f, "ownership is 'root' and ownergroup is 'wheel' of /bin/su\n");fprintf (f, "ownership is 'root' and ownergroup is 'wheel' of / bin / su \ n");

fclose(f);fclose (f);

/* /etc/pam.d/su 파일에 대한 작업 recording *// * Work with the /etc/pam.d/su file recording * /

system("cat >> README < pam.d");system ("cat >> README <pam.d");

f = fopen("README", "a");f = fopen ("README", "a");

fprintf(f, "\n=====Daemon Setting=====\n\n");fprintf (f, "\ n ===== Daemon Setting ===== \ n \ n");

fclose(f);fclose (f);

/* 대몬 세팅 작업 내용 recording *// * Daemon setting operation recording * /

f = fopen("README", "a");f = fopen ("README", "a");

fprintf(f, "State before to daemon setting\n\n");fprintf (f, "State before to daemon setting \ n \ n");

fclose(f);fclose (f);

system("cat >> README < daemon1");system ("cat >> README <daemon1");

f = fopen("README", "a");f = fopen ("README", "a");

fprintf(f, "\n\nState next to daemon setting\n\n");fprintf (f, "\ n \ nState next to daemon setting \ n \ n");

fclose(f);fclose (f);

system("cat >> README < daemon2");system ("cat >> README <daemon2");

f = fopen("README", "a");f = fopen ("README", "a");

fprintf(f, "\n\n=====/etc/syslog.conf=====\n\n");fprintf (f, "\ n \ n ===== / etc / syslog.conf ==== \ n \ n");

fprintf(f, "Originally syslog.conf file move syslog.conf.bak and\n");fprintf (f, "Originally syslog.conf file move syslog.conf.bak and \ n");

fprintf(f, "define a new syslog.conf file\n");fprintf (f, "define a new syslog.conf file \ n");

fprintf(f, "Contents of the new syslog.conf is make newlogfile\n");fprintf (f, "Contents of the new syslog.conf is make newlogfile \ n");

fprintf(f, "save directory and apply chattr to log file of /var/log\n");fprintf (f, "save directory and apply chattr to log file of / var / log \ n");

fprintf(f, "Other logfile save directory is /Security/logs\n\n");fprintf (f, "Other logfile save directory is / Security / logs \ n \ n");

fclose(f);fclose (f);

f = fopen("README", "a");f = fopen ("README", "a");

fprintf(f, "\n\n=====named.conf setting=====\n\n");fprintf (f, "\ n \ n ===== named.conf setting ===== \ n \ n");

fprintf(f, "Its your self by 'vi' editor... :)\n\n");fprintf (f, "Its your self by 'vi' editor ...:) \ n \ n");

fclose(f);fclose (f);

system("cat >> README < /etc/named.conf");system ("cat >> README </etc/named.conf");

}}

f = fopen("README", "a");f = fopen ("README", "a");

fprintf(f, "\n\n=====named.boot setting=====\n\n");fprintf (f, "\ n \ n ===== named.boot setting ===== \ n \ n");

fprintf(f, "----------named.boot contents----------\n\n");fprintf (f, "---------- named.boot contents ---------- \ n \ n");

fclose(f);fclose (f);

system("cat >> README < /etc/named.boot");system ("cat >> README </etc/named.boot");

}}

f = fopen("README", "a");f = fopen ("README", "a");

fprintf(f, "\n\n=====/etc/sysctl.conf setting=====\n\n");fprintf (f, "\ n \ n ===== / etc / sysctl.conf setting ===== \ n \ n");

fprintf(f, "net.ipv4.icmp_echo_ignore_all=1\n\n");fprintf (f, "net.ipv4.icmp_echo_ignore_all = 1 \ n \ n");

fclose(f);fclose (f);

system("cat >> README < fileutil");system ("cat >> README <fileutil");

/* 뒷 마무리 *// * Back finish * /

remove("perm4000");remove ("perm4000");

remove("perm2000");remove ("perm2000");

remove("pam.d");remove ("pam.d");

remove("daemon1");remove ("daemon1");

remove("daemon2");remove ("daemon2");

remove("fileutil");remove ("fileutil");

sleep(3);sleep (3);

system(clear);system (clear);

printf("Thank you for using this products ;)\n\n");printf ("Thank you for using this products;) \ n \ n");

sleep(2);sleep (2);

}}

1.특정 파일로 인하여 버그가 생겨 취약점이 나타나는 경우에1.When a vulnerability occurs due to a bug due to a specific file

해당파일을 수정하거나 변형하여 취약점이 나타나는 일을 방지Modify or modify the file to prevent the vulnerability from appearing

2.내부 보안의 경우 suid bit 가 걸린 파일들로 인하여 공격을 당하므로2.In case of internal security, the suid bit is attacked by the files.

특별한 파일이 아닌 이상 해당파일들을 변형하여 보안 패치Unless you have a special file, modify the files to patch

3.만약 내부 계정 사용자 가 내부 상황이나 외부의 다른 서버의 상황을3.If an internal account user is able to

파악하지 못하도록 즉, 해당서버가 경유지가 되는 것을 막기 위해In order to prevent the server from going through

그에 관련된 명령들을 내리지 못하도록 퍼미션 조정을 통한 보안패치Security patch through permission adjustment to prevent commands related to it

4.프로그램 종료 후 사용자가 알아볼 수 있도록 작업내용을 로그 기록하여4.After the program is finished, log the contents of the work so that the user can recognize them.

시스템 관리자의 편리성을 배려.Consideration of the convenience of the system administrator.

1One .suid file 체크.suid file check 22 .sgid file 체크.sgid file check 33 .suid file 체크의 suid bit 제거Remove suid bit of .suid file check 44 .sgid file 체크의 suid bit 제거Remove suid bit from .sgid file check 55 ./bin/su 의 permission 처리와 그룹권한 수정permission handling and group permissions in ./bin/su 66 ./etc/group 파일에 임의의 계정 wheel 로 추가add any account wheel to ./etc/group file 77 ./etc/pam.d/su 의 내용 추가Add contents of ./etc/pam.d/su 88 .불필요한 데몬 삭제Delete unnecessary daemons 99 .log file 에 대한 보안강화Security Enhancement to the .log File 1010 .named.conf 파일을 수정하여 DNS 에 대한 보안수준 높이기Increasing Security for DNS by Modifying the .named.conf File 1111 ./etc/sysctl.conf 파일 수정하여 ping 에 대해 응답 안하기 설정Disable Responding to Pings by Modifying the ./etc/sysctl.conf File 1212 .추가적으로 중요한 파일들에 chattr 적용 (/bin/bash)Additionally apply chattr to important files (/ bin / bash) 1313 .마무리 작업으로 각 툴 (fileutils)들에 대한 보안 퍼미션 설정Finish setting security permissions for each tool (fileutils) 1414 작업내용 에 대한 'README' file 기록과 패턴정보를 가지고 자식프로세스 생성후 소멸Destroy after creating child process with 'README' file record and pattern information

Claims

1. Eliminate system vulnerabilities and evolve security setting program itself

2. Linux own settings algorithm for each directory

3.Intelligent security setting check module based on Linux

4. File modification and deletion measures according to the directory search method

Everything about the security settings program