|
version 1.45.2.22, 2024/08/01 12:57:23
|
version 1.45.2.24, 2024/11/27 17:27:54
|
|
Line 645 sub check_mysql_running {
|
Line 645 sub check_mysql_running {
|
| $proc_owner = 'mysql'; |
$proc_owner = 'mysql'; |
| $process = 'mysqld'; |
$process = 'mysqld'; |
| } |
} |
| if ($1 >= 15) { |
if ($1 >= 12) { |
| $mysqldaemon ='mariadb'; |
$mysqldaemon ='mariadb'; |
| } |
} |
| } elsif ($distro =~ /^suse(\d+)/) { |
} elsif ($distro =~ /^suse(\d+)/) { |
|
Line 731 sub chkconfig {
|
Line 731 sub chkconfig {
|
| $uses_systemctl{'ntp'} = 1; |
$uses_systemctl{'ntp'} = 1; |
| $uses_systemctl{'cups'} = 1; |
$uses_systemctl{'cups'} = 1; |
| $uses_systemctl{'memcached'} = 1; |
$uses_systemctl{'memcached'} = 1; |
| if (($name eq 'sles') && ($num >= 15)) { |
if ($name eq 'sles') { |
| $daemon{'ntp'} = 'chronyd'; |
if ($num >= 12) { |
| $daemon{'mysql'} = 'mariadb'; |
$daemon{'mysql'} = 'mariadb'; |
| |
} |
| |
if ($num >= 15) { |
| |
$daemon{'ntp'} = 'chronyd'; |
| |
} else { |
| |
$daemon{'ntp'} = 'ntpd'; |
| |
} |
| } else { |
} else { |
| $daemon{'ntp'} = 'ntpd'; |
$daemon{'ntp'} = 'ntpd'; |
| } |
} |
|
Line 763 sub chkconfig {
|
Line 769 sub chkconfig {
|
| (($distro =~ /^debian/) && ($version >= 10))) { |
(($distro =~ /^debian/) && ($version >= 10))) { |
| $daemon{'ntp'} = 'chrony'; |
$daemon{'ntp'} = 'chrony'; |
| } |
} |
| if (($distro =~ /^debian/) && ($version >= 11)) { |
if (($distro =~ /^debian/) && ($version >= 10)) { |
| $daemon{'mysql'} = 'mariadb'; |
$daemon{'mysql'} = 'mariadb'; |
| } |
} |
| } elsif ($distro =~ /^fedora(\d+)/) { |
} elsif ($distro =~ /^fedora(\d+)/) { |
|
Line 895 sub check_systemd_security {
|
Line 901 sub check_systemd_security {
|
| $service = 'apache2.service'; |
$service = 'apache2.service'; |
| } |
} |
| system("systemctl daemon-reload"); |
system("systemctl daemon-reload"); |
| if (open(PIPE,"systemctl show $service --property=ProtectHome 2>/dev/null |")) { |
if (open(PIPE,"systemctl show $service --property=ProtectHome --property=RestrictSUIDSGID 2>/dev/null |")) { |
| my $protection = <PIPE>; |
my ($protecthome,$suidsgid); |
| |
while (my $line = <PIPE>) { |
| |
chomp($line); |
| |
if ($line =~ /^ProtectHome=(read-only|yes)$/i) { |
| |
$protecthome = 1; |
| |
} elsif ($line =~ /^RestrictSUIDSGID=yes$/i) { |
| |
$suidsgid = 1; |
| |
} |
| |
} |
| close(PIPE); |
close(PIPE); |
| chomp($protection); |
if ($protecthome) { |
| if ($protection =~ /^ProtectHome=(read-only|yes)$/i) { |
return 1; |
| |
} |
| |
if ($suidsgid) { |
| return 1; |
return 1; |
| } |
} |
| } else { |
} else { |
|
Line 2553 sub check_systemd_update {
|
Line 2569 sub check_systemd_update {
|
| if (-d '/etc/systemd/system/'.$service.'.d') { |
if (-d '/etc/systemd/system/'.$service.'.d') { |
| if (-e '/etc/systemd/system/'.$service.'.d/override.conf') { |
if (-e '/etc/systemd/system/'.$service.'.d/override.conf') { |
| if (open(my $fh,'<','/etc/systemd/system/'.$service.'.d/override.conf')) { |
if (open(my $fh,'<','/etc/systemd/system/'.$service.'.d/override.conf')) { |
| my ($inservice,$addservice,$protectoff,$linenum,$change,@lines); |
my ($category,$addservice,$needs_update,$linenum,%is_no,%lines, |
| |
@move,@nocat,@ordered); |
| |
$linenum = 0; |
| while (my $entry = <$fh>) { |
while (my $entry = <$fh>) { |
| $linenum ++; |
$linenum ++; |
| chomp($entry); |
chomp($entry); |
| if ($entry eq '[Service]') { |
if ($entry =~ /^\s*\[([^\]]+)\]\s*$/) { |
| if (!$protectoff) { |
$category = $1; |
| $inservice = $linenum; |
if ($category =~ /^Service$/i) { |
| push(@lines,$entry); |
unless (grep(/^Service$/,@ordered)) { |
| |
push(@ordered,'Service'); |
| |
} |
| } else { |
} else { |
| $addservice = 1; |
unless (grep(/^\Q$category\E$/,@ordered)) { |
| next; |
push(@ordered,$category); |
| |
} |
| } |
} |
| } |
} elsif ($entry =~ /^(ProtectHome|RestrictSUIDSGID)\s*=\s*([\w-]+)\s*$/) { |
| if ($entry =~ /^ProtectHome\s*=\s*([\w-]+)\s*$/) { |
my ($key,$value) = ($1,$2); |
| my $value = $1; |
next if ($is_no{$key}); |
| if ($protectoff) { |
if (lc($value) eq 'no') { |
| next; |
if ($category =~ /^Service$/i) { |
| if (lc($value) eq 'no') { |
push(@{$lines{'Service'}},$entry); |
| $protectoff = $linenum; |
|
| push(@lines,$entry); |
|
| } else { |
} else { |
| if ($protectoff) { |
push(@move,$entry); |
| next; |
$needs_update = 1; |
| } else { |
} |
| push(@lines,'ProtectHome=no'); |
} else { |
| $protectoff = $linenum; |
my $offstr = $key.'=no'; |
| $change = $linenum; |
if ($category =~ /^Service$/i) { |
| } |
push(@{$lines{'Service'}},$offstr); |
| |
} else { |
| |
push(@move,$offstr); |
| } |
} |
| |
$needs_update = 1; |
| |
} |
| |
$is_no{$key} = $linenum; |
| |
} else { |
| |
next if ($entry =~ /^\s*$/); |
| |
if ($category =~ /^Service$/i) { |
| |
push(@{$lines{'Service'}},$entry); |
| |
} elsif ($category ne '') { |
| |
push(@{$lines{$category}},$entry); |
| |
} else { |
| |
push(@nocat,$entry); |
| } |
} |
| } |
} |
| } |
} |
| close($fh); |
close($fh); |
| if ($addservice || $change || !$protectoff) { |
unless (grep(/^Service$/,@ordered)) { |
| |
$addservice = 1; |
| |
unshift(@ordered,'Service'); |
| |
} |
| |
foreach my $item ('ProtectHome','RestrictSUIDSGID') { |
| |
unless (exists($is_no{$item})) { |
| |
push(@{$lines{'Service'}},$item.'=no'); |
| |
$needs_update = 1; |
| |
} |
| |
} |
| |
if ($addservice || $needs_update) { |
| if (open(my $fh,'>','/etc/systemd/system/'.$service.'.d/override.conf')) { |
if (open(my $fh,'>','/etc/systemd/system/'.$service.'.d/override.conf')) { |
| if ($addservice) { |
if (@ordered) { |
| print $fh "[Service]\n"; |
foreach my $category (@ordered) { |
| |
print $fh "[$category]\n"; |
| |
if (ref($lines{$category}) eq 'ARRAY') { |
| |
foreach my $item (@{$lines{$category}}) { |
| |
print $fh "$item\n"; |
| |
} |
| |
} |
| |
if ($category eq 'Service') { |
| |
if (@move) { |
| |
foreach my $item (@move) { |
| |
if ($item =~ /^(ProtectHome|RestrictSUIDSGID)\s*=\s*no\s*$/i) { |
| |
my $key = $1; |
| |
unless (grep/^$key\s*=\s*no\s*$/i,@{$lines{$category}}) { |
| |
print $fh "$item\n"; |
| |
} |
| |
} else { |
| |
print $fh "$item\n"; |
| |
} |
| |
} |
| |
} |
| |
} |
| |
print $fh "\n"; |
| |
} |
| } |
} |
| foreach my $entry (@lines) { |
if (@nocat) { |
| print $fh "$entry\n"; |
foreach my $item (@nocat) { |
| |
print $fh "$item\n"; |
| |
} |
| } |
} |
| close($fh); |
close($fh); |
| print_and_log('Updated /etc/systemd/system/'.$service.'.d/override.conf'); |
print_and_log('Updated /etc/systemd/system/'.$service.'.d/override.conf'); |
|
Line 2608 sub check_systemd_update {
|
Line 2674 sub check_systemd_update {
|
| } |
} |
| } else { |
} else { |
| if (open(my $fh,'>','/etc/systemd/system/'.$service.'.d/override.conf')) { |
if (open(my $fh,'>','/etc/systemd/system/'.$service.'.d/override.conf')) { |
| print $fh '[Service]'."\n".'ProtectHome=no'."\n"; |
print $fh '[Service]'."\n".'ProtectHome=no'."\n".'RestrictSUIDSGID=no'."\n"; |
| close($fh); |
close($fh); |
| print_and_log('Created /etc/systemd/system/'.$service.'.d/override.conf'); |
print_and_log('Created /etc/systemd/system/'.$service.'.d/override.conf'); |
| system('systemctl daemon-reload'); |
system('systemctl daemon-reload'); |
| |
} else { |
| |
print_and_log('Could not open /etc/systemd/system/'.$service.'.d/override.conf for writing.'); |
| } |
} |
| } |
} |
| } else { |
} else { |
![[BACK]](/icons/back.gif){kind=icon}
Return to install.pl CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [LON-CAPA] / doc / install / linux