#!/bin/sh

protect()
{
  chflags noschg "$1"
  if [ "x$2" = "x" ]; then
    chmod 111 "$1"
  else
    chmod "$2" "$1"
  fi
  chflags schg "$1"
}

for i in /bin/df /bin/rcp /sbin/ccdconfig /sbin/ping /sbin/ping6 /sbin/route /sbin/shutdown \
/usr/bin/at /usr/bin/atq /usr/bin/atrm /usr/bin/batch /usr/bin/btsockstat /usr/bin/chfn \
/usr/bin/chpass /usr/bin/chsh /usr/bin/crontab /usr/bin/cu /usr/bin/fstat /usr/bin/ipcs \
/usr/bin/lock /usr/bin/login /usr/bin/lpq /usr/bin/lpq /usr/bin/lpr /usr/bin/lpr /usr/bin/lprm \
/usr/bin/lprm /usr/bin/man /usr/bin/netstat /usr/bin/netstat /usr/bin/opieinfo /usr/bin/opiepasswd \
/usr/bin/quota /usr/bin/rlogin /usr/bin/rsh /usr/bin/systat /usr/bin/top /usr/bin/vmstat \
/usr/bin/wall /usr/bin/write /usr/bin/ypchfn /usr/bin/ypchpass /usr/bin/ypchsh /usr/bin/yppasswd \
/usr/libexec/pt_chown /usr/libexec/sendmail/sendmail /usr/local/bin/artswrapper \
/usr/local/bin/lockfile /usr/local/bin/mutt_dotlock /usr/local/bin/procmail /usr/local/bin/screen \
/usr/local/bin/sperl5.6.1 /usr/local/sbin/gkrellmd /usr/local/sbin/lsof \
/usr/local/sbin/mtr /usr/sbin/iostat /usr/sbin/lpc /usr/sbin/mrinfo /usr/sbin/mtrace /usr/sbin/ppp \
/usr/sbin/pppd /usr/sbin/pstat /usr/sbin/sliplogin /usr/sbin/swapinfo /usr/sbin/timedc \
/usr/sbin/traceroute /usr/sbin/traceroute6 /usr/sbin/trpt /usr/X11R6/bin/gkrellm \
/usr/X11R6/bin/wterm /usr/X11R6/bin/xterm /usr/X11R6/lib/X11/xmcd/bin-FreeBSD_5-i386/cda \
/usr/X11R6/lib/X11/xmcd/bin-FreeBSD_5-i386/xmcd; do
  if [ -e "$i" ]; then
    protect "$i"
  fi
done

protect /sbin/umount 4110
protect /sbin/mount 4110
protect /sbin/mksnap_ffs 100
protect /usr/bin/su 4110
protect /usr/local/sbin/postdrop 2111
protect /usr/local/sbin/postqueue 2111

# Filesystem
chmod 600 /etc/crontab
chmod 600 /etc/ftpchroot
chmod 600 /etc/ftpusers
chmod 600 /etc/inetd.conf
chgrp bind /etc/namedb
chmod 770 /etc/namedb
chown root /etc/namedb
chmod 600 /etc/rc.conf
chmod 600 /etc/ssh/sshd_config
chmod 600 /etc/sysctl.conf
chmod 600 /etc/syslog.conf
chmod 600 /etc/ttys
chmod 700 /root
chmod 700 /var/games
chmod 755 /var/mail
chmod 755 /var/run/ppp
chmod 700 /var/rwho