Archiving a bunch of old stuff

2015-06-22 13:15:42 -05:00
parent a6ec1d560e
commit bd1abd8734
395 changed files with 1 additions and 76 deletions
--- a/oldstuff/selinux/.vagrant-provision-as-vagrant.sh
+++ b/oldstuff/selinux/.vagrant-provision-as-vagrant.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+for f in $(find /vagrant/.vagrant-skel -type f) ; do
+  ln -svf $f /home/vagrant/${f##/vagrant/.vagrant-skel/}
+done
--- a/oldstuff/selinux/.vagrant-provision.sh
+++ b/oldstuff/selinux/.vagrant-provision.sh
@@ -0,0 +1,9 @@
+#!/bin/bash
+
+set -ex
+
+if [[ ! -e /vagrant/wipe ]] ; then
+  exit 0
+fi
+
+/vagrant/base-box-wipe.sh
--- a/oldstuff/selinux/.vagrant-skel/.bashrc
+++ b/oldstuff/selinux/.vagrant-skel/.bashrc
@@ -0,0 +1,5 @@
+export DEVROOT=/vagrant
+export POLICY_LOCATION=${DEVROOT}/centralized/hardened-refpolicy
+
+[[ $PS1 ]] && cd $DEVROOT
+[[ -e $DEVROOT/bin/functions.sh ]] && source $DEVROOT/bin/functions.sh
--- a/oldstuff/selinux/Vagrantfile
+++ b/oldstuff/selinux/Vagrantfile
@@ -0,0 +1,11 @@
+Vagrant.configure('2') do |config|
+  config.vm.box = 'meatballhat/gentoo-hardened'
+  config.vm.box_version = '>= 0.1.2'
+  config.vm.provision 'shell', path: '.vagrant-provision.sh'
+  config.vm.provision 'shell', path: '.vagrant-provision-as-vagrant.sh', privileged: false
+
+  config.vm.provider 'virtualbox' do |vbox|
+    vbox.cpus = 4
+    vbox.memory = 2048
+  end
+end
--- a/oldstuff/selinux/base-box-wipe.sh
+++ b/oldstuff/selinux/base-box-wipe.sh
@@ -0,0 +1,30 @@
+#!/bin/bash
+
+set -ex
+
+rm -rf /usr/portage /usr/src /tmp/* /var/tmp/*
+
+dd if=/dev/zero of=/EMPTY bs=1M || true
+rm -f /EMPTY
+
+unset HISTFILE
+rm -f /root/.bash_history
+rm -f /home/vagrant/.bash_history
+
+find /var/log -type f | while read f; do echo -ne '' > $f; done
+
+count=`df --sync -kP / | tail -n1  | awk -F ' ' '{print $4}'`
+let count--
+dd if=/dev/zero of=/tmp/whitespace bs=1024 count=$count || true
+rm /tmp/whitespace
+
+count=`df --sync -kP /boot | tail -n1 | awk -F ' ' '{print $4}'`
+let count--
+dd if=/dev/zero of=/boot/whitespace bs=1024 count=$count || true
+rm /boot/whitespace
+
+swappart=`cat /proc/swaps | tail -n1 | awk -F ' ' '{print $1}'`
+swapoff $swappart
+dd if=/dev/zero of=$swappart || true
+mkswap $swappart
+swapon $swappart
--- a/oldstuff/selinux/bin/functions.sh
+++ b/oldstuff/selinux/bin/functions.sh
@@ -0,0 +1,81 @@
+# sefindif - Find interface definitions that have a string that matches the
+# given regular expression
+sefindif() {
+  REGEXP="$1";
+  if [ -d ${POLICY_LOCATION}/policy/modules ];
+  then
+    pushd ${POLICY_LOCATION}/policy/modules > /dev/null 2>&1;
+  elif [ -d ${POLICY_LOCATION}/include ];
+  then
+    pushd ${POLICY_LOCATION}/include > /dev/null 2>&1;
+  else
+    echo "Variable POLICY_LOCATION is not properly defined.";
+    return 1;
+  fi
+  for FILE in */*.if;
+  do
+    awk "BEGIN { P=1 } /(interface\(|template\()/ { NAME=\$0; P=0 }; /${REGEXP}/ { if (P==0) {P=1; print NAME}; if (NAME!=\$0) print };" ${FILE} | sed -e "s:^:${FILE}\: :g";
+  done
+  popd > /dev/null 2>&1;
+}
+
+# seshowif - Show the interface definition
+seshowif() {
+  INTERFACE="$1";
+  if [ -d ${POLICY_LOCATION}/policy/modules ];
+  then
+    pushd ${POLICY_LOCATION}/policy/modules > /dev/null 2>&1;
+  elif [ -d ${POLICY_LOCATION}/include ];
+  then
+    pushd ${POLICY_LOCATION}/include > /dev/null 2>&1;
+  else
+    echo "Variable POLICY_LOCATION is not properly defined.";
+    return 1;
+  fi
+  for FILE in */*.if;
+  do
+    grep -A 9999 "\(interface(\`${INTERFACE}'\|template(\`${INTERFACE}'\)" ${FILE} | grep -B 9999 -m 1 "^')";
+  done
+  popd > /dev/null 2>&1;
+}
+
+# sefinddef - Find macro definitions that have a string that matches the given
+# regular expression
+sefinddef() {
+  REGEXP="$1";
+  if [ -d ${POLICY_LOCATION}/policy/support ];
+  then
+    pushd ${POLICY_LOCATION}/policy/support > /dev/null 2>&1;
+  elif [ -d ${POLICY_LOCATION}/include/support ];
+  then
+    pushd ${POLICY_LOCATION}/include/support > /dev/null 2>&1;
+  else
+    echo "Variable POLICY_LOCATION is not properly defined.";
+    return 1;
+  fi
+  for FILE in *;
+  do
+    awk "BEGIN { P=1; } /(define\(\`[^\`]*\`$)/ { NAME=\$0; P=0 }; /${REGEXP}/ { if (P==0) {P=1; print NAME}; if (NAME!=\$0) print };" ${FILE};
+  done
+  popd > /dev/null 2>&1;
+}
+
+# seshowdef - Show the macro definition
+seshowdef() {
+  MACRONAME="$1";
+  if [ -d ${POLICY_LOCATION}/policy/support ];
+  then
+    pushd ${POLICY_LOCATION}/policy/support > /dev/null 2>&1;
+  elif [ -d ${POLICY_LOCATION}/include/support ];
+  then
+    pushd ${POLICY_LOCATION}/include/support > /dev/null 2>&1;
+  else
+    echo "Variable POLICY_LOCATION is not properly defined.";
+    return 1;
+  fi
+  for FILE in *.spt;
+  do
+    grep -A 9999 "define(\`${MACRONAME}'" ${FILE} | grep -B 999 -m 1 "')";
+  done
+  popd > /dev/null 2>&1;
+}
--- a/oldstuff/selinux/centralized/hardened-refpolicy
+++ b/oldstuff/selinux/centralized/hardened-refpolicy