From ee0303a5c9eda65949857d0d192c5910cd41f1e2 Mon Sep 17 00:00:00 2001
From: Julien Moutinho <julm+burette@autogeree.net>
Date: Fri, 15 Mar 2013 18:36:31 +0100
Subject: [PATCH] Ajout : vm_hosted : rule_boot_configure : molly-guard .

---
 vm_hosted | 27 +++++++++++++++++----------
 1 file changed, 17 insertions(+), 10 deletions(-)

diff --git a/vm_hosted b/vm_hosted
index 7a1e4a7..f1670ba 100755
--- a/vm_hosted
+++ b/vm_hosted
@@ -287,6 +287,13 @@ rule_boot_configure () {
 		EOF
 	sudo update-grub2 # NOTE: prend en compte /boot/grub/device.map
 	rule initramfs_configure
+	rule apt_get_install molly-guard
+	sudo install -m 644 -o root -g root /dev/stdin /etc/molly-guard/rc <<-EOF
+		ALWAYS_QUERY_HOSTNAME=true
+		 # NOTE: une alternative est de dire à sudo de conserver les SSH_*
+		 #       néamoins demander tout le temps n'est pas trop contraignant
+		 #       et davantage sécurisant.
+		EOF
  }
 rule_dovecot_configure () {
 	rule apt_get_install dovecot-imapd dovecot-managesieved dovecot-sieve
@@ -494,16 +501,6 @@ rule_locale_configure () {
 	sudo update-locale
  }
 rule_login_configure () {
-	grep -q '^hvc0$' /etc/securetty ||
-	sudo install -m 644 -o root -g root /dev/stdin /etc/securetty <<-EOF
-		$(cat /etc/securetty)
-		hvc0
-		EOF
-	grep -q '^xvc0$' /etc/securetty ||
-	sudo install -m 644 -o root -g root /dev/stdin /etc/securetty <<-EOF
-		$(cat /etc/securetty)
-		xvc0
-		EOF
 	sudo install -m 644 -o root -g root /dev/stdin /etc/inittab <<-EOF
 		# /etc/inittab: init(8) configuration.
 		
@@ -589,6 +586,16 @@ rule_login_configure () {
 		$(cat /etc/pam.d/common-session)
 		session optional pam_umask.so
 		EOF
+	grep -q '^hvc0$' /etc/securetty ||
+	sudo install -m 644 -o root -g root /dev/stdin /etc/securetty <<-EOF
+		$(cat /etc/securetty)
+		hvc0
+		EOF
+	grep -q '^xvc0$' /etc/securetty ||
+	sudo install -m 644 -o root -g root /dev/stdin /etc/securetty <<-EOF
+		$(cat /etc/securetty)
+		xvc0
+		EOF
  }
 rule_mail_configure () {
 	rule postfix_configure
-- 
2.20.1