#!/bin/bash
#获取安装时post脚本里生成的so，打v标记

hwe=/etc/kysec/tmp/.hwe
if [ ! -f $hwe ];then
	exit 0
else
	version=$(cat $hwe)
	if [ $version -ge 23 ];then
		rm -f $hwe
		exit 0
	fi
fi

#处理profile
/usr/sbin/kysec_get -r /etc/profile* |grep ":unknown" > /tmp/profile
cat /tmp/profile |awk -F ":" '{ print $1 }'  > /tmp/u-profile

for file in `cat /tmp/u-profile`
do
	if [ -f $file ] && [ ! -h $file ];then
		/usr/sbin/kysec_set -n exectl -v verified $file
	fi
done

#处理/etc/default/*
/usr/sbin/kysec_get -r /etc/default* |grep ":unknown" > /tmp/etc_default
cat /tmp/etc_default |awk -F ":" '{ print $1 }'  > /tmp/u-profile

for file in `cat /tmp/u-profile`
do
	if [ -f $file ] && [ ! -h $file ];then
		/usr/sbin/kysec_set -n exectl -v verified $file
	fi
done

#处理动态库
/usr/sbin/kysec_get -r /usr/lib* |grep ":unknown" > /tmp/unknown
#cat /tmp/unknown  |awk -F ":" '{ print $1 }' |grep "\.so$" > /tmp/u-file
cat /tmp/unknown  |awk -F ":" '{ print $1 }'  > /tmp/u-file

for file in `cat /tmp/u-file`
do
	if [ -f $file ] && [ ! -h $file ];then
		if [ -x $file ] || [ ! -z $(echo $file|grep "\.so*") ];then
			/usr/sbin/kysec_set -n exectl -v verified $file
		fi
	fi
done

#处理/home/$USER/.profile
/usr/sbin/kysec_get -r `ls /home/*/.profile` |grep ":unknown" > /tmp/user_profile
cat /tmp/user_profile |awk -F ":" '{ print $1 }'  > /tmp/u-profile

for file in `cat /tmp/u-profile`
do
	if [ -f $file ] && [ ! -h $file ];then
		/usr/sbin/kysec_set -n exectl -v verified $file
	fi
done

rm -f /tmp/unknown /tmp/u-file /tmp/profile /tmp/u-profile /tmp/etc_default /tmp/user_profile
rm -f $hwe
