Skip to content
Permalink
Browse files

Make files read-only for non-root

  • Loading branch information...
NEMS Linux
NEMS Linux committed May 1, 2019
1 parent 10c7b31 commit 20936e83f4ebfa71fb9920d3c747e82f60fb852b
Showing with 19 additions and 4 deletions.
  1. +3 −0 benchmark.sh
  2. +2 −2 info.sh
  3. +14 −2 init.sh
@@ -186,6 +186,9 @@ else
fi
echo "---------------------------------" >> $tmpdir/nems-benchmark.log

# Ensure only root can write to the benchmark result files
chmod 644 -R /var/log/nems/benchmarks/

echo "Filesystem:" >> $tmpdir/nems-benchmark.log
/bin/df -h >> $tmpdir/nems-benchmark.log

@@ -124,7 +124,7 @@ elif [[ $COMMAND == "hwid" ]]; then
elif (( $platform >= 15 )) && (( $platform <= 16 )); then
cat /proc/cpuinfo | grep Serial | printf '%s' $(cut -n -d ' ' -f 2) | md5sum | cut -d"-" -f1 -
# NANOPI M4
elif (( $platform >= 68 )) && (( $platform <= 69 )); then
elif (( $platform == 67 )) || (( $platform == 68 )); then
cat /proc/cpuinfo | grep Serial | printf '%s' $(cut -n -d ' ' -f 2) | md5sum | cut -d"-" -f1 -
# Tinker Board / S
elif (( $platform == 100 )) || (( $platform == 101 )); then
@@ -136,7 +136,7 @@ elif [[ $COMMAND == "hwid" ]]; then
elif (( $platform == 32 )); then
cat /proc/cpuinfo | grep Serial | printf '%s' $(cut -n -d ' ' -f 2) | md5sum | cut -d"-" -f1 -
# NanoPi NEO Plus2
elif (( $platform == 69 )); then
elif (( $platform == 69 )) || (( $platform == 70 )); then
/sbin/ifconfig $(/usr/local/bin/nems-info nic) | grep -o -E '([[:xdigit:]]{1,2}:){5}[[:xdigit:]]{1,2}' | md5sum | cut -d"-" -f1 -
fi

16 init.sh
@@ -43,8 +43,8 @@ else
# can cause all kinds of problems, including security issues.
if [[ $platform == 20 ]]; then
hwid=$(/usr/local/bin/nems-info hwid)
# Bad HWID for MAC 080027C75EC1
if [[ $hwid == *'4f6c6d8a4d2670e87004329b99bf517d'* ]]; then
# Bad HWID for MAC 080027C75EC1 (Development HWID for VM)
if [[ $hwid == *'4f6c6d8a4d2670e87004329b99bf517d'* ]] || [[ $hwid == *'d41d8cd98f00b204e9800998ecf8427e'* ]]; then
echo "You need to initialize a unique MAC address for your"
echo "virtual Network Interface. Shut down your NEMS appliance"
echo "and modify the Network Interface in your hypervisor."
@@ -54,6 +54,18 @@ else
exit 1
fi
fi
# Also bad for HWID d41d8cd98f00b204e9800998ecf8427e (NULL Response)
hwid=$(/usr/local/bin/nems-info hwid)
if [[ $hwid == *'4f6c6d8a4d2670e87004329b99bf517d'* ]] || [[ $hwid == *'d41d8cd98f00b204e9800998ecf8427e'* ]]; then
echo "Invalid hardware ID for this NEMS server."
printf "Please report this error: "
four=$(echo $hwid | cut -c1-4)
echo ${platform}-${four}-init
echo ""
echo "CANNOT CONTINUE"
echo ""
exit 1
fi

online=$(/usr/local/share/nems/nems-scripts/info.sh online)
if [[ $online == 0 ]]; then

0 comments on commit 20936e8

Please sign in to comment.
You can’t perform that action at this time.