#! /bin/sh
# OpenBSD hardening script
# (C)opyleft Jedi/Sector One <j@pureftpd.org>

CHFLAGS='/usr/bin/chflags -H'
CHFLAGS_RECURSION='-R'

if [ "x$1" = "x" ]; then
  echo 'Usage: ftree <attributes definition file>'
  exit 1
fi

exec > /dev/null
exec < "$1"

(sysctl kern.securelevel | fgrep 0) > /dev/null 2>&1
if [ $? != 0 ] ; then
  echo 'You must run this script in single-user mode.' >&2
  exit 2
fi

if [ $(id -u) != 0 ] ; then
  echo 'You must run that script as root.' >&2
  exit 3
fi  

while read file attrs; do
  if [ -z "$file" -o -z "$attrs" ] ; then
    continue
  fi
  flags='';  
  case "$file" in
    \#*) continue ;;
    */) flags="$flags $CHFLAGS_RECURSION" ;;
  esac
  ls $file > /dev/null 2>&1
  if [ $? != 0 ] ; then
    echo "* Warning: non-existent file [$file]" >&2
    continue
  fi
  $CHFLAGS $flags "$attrs" $file > /dev/null 2>&1
  if [ $? != 0 ] ; then
    echo "* Warning: unable to set [$attrs] flags on [$file]" >&2
  fi  
done
