midore's blog: OS X 10.9.2: 05-chmod

# 05-chmod.sh

#!/bin/bash
# 05-chmod.sh
# OS X 10.9.2
#---------------------------------------------------------------------
# appleEvent
#---------------------------------------------------------------------
sudo chmod 0 /System/Library/Frameworks/CoreServices.framework/Frameworks/AE.framework/Versions/A/Support/AEServer

#---------------------------------------------------------------------
# Bonjour Plugins
#---------------------------------------------------------------------
sudo chmod 0 /System/Library/UserEventPlugins/com.apple.bonjour.plugin
sudo chmod 0 /System/Library/UserEventPlugins/BonjourEvents.plugin

#---------------------------------------------------------------------
# nat
#---------------------------------------------------------------------
sudo chmod 0 /usr/sbin/natd

#---------------------------------------------------------------------
# App
#---------------------------------------------------------------------
sudo chmod 0 /Applications/Utilities/Boot\ Camp\ Assistant.app/
sudo chmod 0 /Applications/Mail.app/
sudo chmod 0 /Applications/Messages.app/
sudo chmod 0 /Applications/FaceTime.app/
sudo chmod 0 /Applications/Photo\ Booth.app/
sudo chmod 0 /Applications/Image\ Capture.app/
sudo chmod 0 /Applications/QuickTime\ Player.app/

#---------------------------------------------------------------------
# root
#---------------------------------------------------------------------
# 2014-03-05
sudo rm -rf /private/var/root/Library/
sudo chmod 0 /private/var/root

#---------------------------------------------------------------------
# rlogin
#---------------------------------------------------------------------
sudo chmod 0 /usr/libexec/rshd
sudo chmod 0 /usr/libexec/rlogind
sudo chmod 0 /usr/libexec/rpcsvchost

#---------------------------------------------------------------------
# smbd, smbf, cups
#---------------------------------------------------------------------
sudo chmod 0 /sbin/mount_smbfs
sudo chmod 0 /usr/bin/smbutil

sudo chmod 0 /usr/lib/sasl2/smb_nt.la
sudo chmod 0 /usr/lib/sasl2/smb_nt.so
sudo chmod 0 /usr/lib/sasl2/smb_ntlmv2.la
sudo chmod 0 /usr/lib/sasl2/smb_ntlmv2.so

sudo chmod 0 /usr/libexec/cups/apple/smb
sudo chmod 0 /usr/libexec/cups/backend/smb
sudo chmod 0 /usr/libexec/dtrace/smbd
sudo chmod 0 /usr/libexec/dtrace/smbtrace.d

sudo chmod 0 /usr/libexec/smb-migrate-preferences
sudo chmod 0 /usr/libexec/smb-sync-preferences

sudo chmod 0 /usr/sbin/cupsaddsmb
sudo chmod 0 /usr/sbin/smbd
sudo chmod 0 /usr/share/doc/cups/help/man-cupsaddsmb.html

sudo chmod 0 /private/etc/openldap/schema/samba.schema
sudo chmod 0 /usr/share/cups/templates/samba-export.tmpl
sudo chmod 0 /usr/share/cups/templates/samba-exported.tmpl

sudo chmod 0 /usr/sbin/netbiosd

# The Mac OS X Bluetooth network daemon
sudo chmod 0 /usr/sbin/bnepd

# 2014-03-12
sudo chmod 0 /usr/sbin/blued
# http://midorex.blogspot.com/2014/03/os-x-1092-disable-airdrop.html
# sharing -- create share points for afp, ftp and smb services.
sudo chmod 0 /usr/sbin/sharing

#---------------------------------------------------------------------
# httpd
#---------------------------------------------------------------------
sudo chmod 0 /usr/sbin/httpd
sudo chmod 0 /usr/sbin/apachectl

sudo chmod 0 /usr/share/examples/DTTk/httpdstat_example.txt
sudo chmod 600 /usr/share/httpd
sudo chmod 0 /usr/bin/httpdstat.d

sudo srm -rf /Library/WebServer/
# /Library/WebServer/CGI-Executables/
# /Library/WebServer/share/

sudo srm -rf /private/etc/apache2
sudo srm -rf /usr/libexec/apache2
sudo chmod 0 /usr/bin/rails

#---------------------------------------------------------------------
# Internet Plugins
#---------------------------------------------------------------------
# sudo chmod 600 /System/Library/Java/
sudo chmod 0 /Library/Internet\ Plug-Ins/QuickTime\ Plugin.plugin/

#---------------------------------------------------------------------
# sshd
#---------------------------------------------------------------------
sudo chmod 0 /usr/sbin/sshd
sudo chmod 0 /private/etc/sshd_config

#---------------------------------------------------------------------
# ftpd
#---------------------------------------------------------------------
sudo chmod 0 /usr/libexec/ftpd
sudo chmod 0 /usr/libexec/sftp-server

# $ sudo find ./ -name "*ftpd*"
sudo chmod 0 /private/etc/ftpd.conf
sudo chmod 0 /private/etc/ftpd.conf.default

sudo chmod 0 /System/Library/Tcl/tcllib1.12/ftpd
sudo chmod 0 /System/Library/Tcl/tcllib1.12/ftpd/ftpd.tcl

sudo chmod 0 /usr/libexec/tftpd

sudo chmod 0 /usr/share/examples/tnftpd
sudo chmod 0 /usr/share/examples/tnftpd/ftpd.conf

sudo chmod 0 /usr/share/ftpd
sudo chmod 0 /usr/share/ftpd/examples/ftpd.conf

#---------------------------------------------------------------------
# nfsd
#---------------------------------------------------------------------
sudo chmod 0 /sbin/nfsd

#.//System/Library/Filesystems/acfs.fs/Contents/bin/snfsdefrag
#.//System/Library/Filesystems/acfs.fs/Contents/man/man1/snfsdefrag.1
# sudo chmod 0 /System/Library/LaunchDaemons/com.apple.nfsd.plist
# snfsdefrag - Xsan File System Defrag Utility

#---------------------------------------------------------------------
# cupsd
#---------------------------------------------------------------------
sudo chmod 0 /usr/sbin/cupsd
sudo chmod 0 /private/etc/cups/cupsd.conf
sudo chmod 0 /private/etc/cups/cupsd.conf.default

sudo chmod 400 /usr/bin/cups-config
sudo chmod 400 /usr/bin/cupstestdsc
sudo chmod 400 /usr/bin/cupstestppd

sudo chmod 600 /usr/sbin/cupsaccept
sudo chmod 600 /usr/sbin/cupsaddsmb
sudo chmod 600 /usr/sbin/cupsctl
sudo chmod 600 /usr/sbin/cupsenable
sudo chmod 600 /usr/sbin/cupsfilter
sudo chmod 600 /usr/sbin/cupsreject
sudo chmod 600 /usr/share/cups

#---------------------------------------------------------------------
# racoon
#---------------------------------------------------------------------
sudo chmod 0 /usr/sbin/racoon
sudo chmod 0 /private/etc/racoon
sudo chmod 0 /private/etc/racoon/racoon.conf

#---------------------------------------------------------------------
# pppd, vpnd
#---------------------------------------------------------------------
sudo chmod 0 /usr/sbin/pppd
sudo chmod 0 /usr/sbin/vpnd

#---------------------------------------------------------------------
# PPP Modem
#---------------------------------------------------------------------
sudo chmod 0 /Library/Modem\ Scripts/

#---------------------------------------------------------------------
# rpc
#---------------------------------------------------------------------
# 2014-03-03
sudo chmod 0 /etc/rpc
sudo chmod 0 /etc/rc.common
sudo chmod 0 /etc/snmp

# 2014-03-05
sudo chmod 0 /usr/sbin/postfix

sudo chmod 0 /usr/sbin/sendmail
sudo chmod 0 /var/jabberd
sudo chmod 0 /var/rpc
sudo chmod 0 /var/rwho

# 2014-03-02
# 追記と訂正。
重複していた行を削除。
pam.d に対するコマンドの # を削除。

# 2014-03-03
pam.dについては別の記事にした為
http://midorex.blogspot.com/2014/03/os-x-1092-pamd.html
下記を削除した。

#---------------------------------------------------------------------
# /etc/pam.d/
#---------------------------------------------------------------------
# sudo chmod 0 /private/etc/pam.d/smbd
# sudo chmod 0 /private/etc/pam.d/ftpd
# sudo chmod 0 /private/etc/pam.d/sshd
# sudo chmod 0 /private/etc/pam.d/rshd

# 2014-03-03
# rpc を追加。

# 2014-03-05
# root
# "#" を削除

# 2014-03-05
# s/postfix/\/usr\/sbin\/postfix/

# 2014-03-07
# 公開日時の訂正
http://midorex.blogspot.com/2014/03/published-date.html

# 2014-03-12
# added
sudo chmod 0 /usr/sbin/blued
sudo chmod 0 /usr/sbin/sharing

# $ man rexecd
# rexecd -- remote execution server
# $ sudo chmod 0 /usr/libexec/rexecd

# $ sudo chmod 0 /usr/libexec/AirPlayXPCHelper
# $ sudo chmod 0 /usr/libexec/InternetSharing

# $ tail -f /var/log/displaypolicyd.log
# $ sudo chmod 600 /usr/libexec/displaypolicyd

# $ pwd /etc
# $ sudo chmod 0 ppp
# $ sudo chmod 0 afpovertcp.cfg
# $ man mnthome
# $ whereis mnthome
# /usr/bin/mnthome

midore's blog

2014/03/01

OS X 10.9.2: 05-chmod

0 件のコメント: