--- lspp-eal4-config-ibm-0.18.orig/bin/eal4-config.in	2007-02-01 17:20:40.660187976 -0500
+++ eal4-config-0.16/bin/eal4-config.in	2007-01-08 14:15:09.000000000 -0500
@@ -1,10 +1,11 @@
 #!/bin/bash
 #
 #   System hardening script for converting a RHEL5 system to the
-#   LSPP/EAL4+ evaluated configuration.
+#   CAPP/EAL4+ or LSPP/EAL4+ evaluated configuration.
 #
 #   Copyright (C) 2004,2005,2006 Red Hat, Inc.
 #   Changes Copyright (C) 2006 IBM Corporation
+#   Changes (c) Copyright Hewlett-Packard Development Company, L.P., 2007
 #
 #   Licenced under the terms of the GNU Public License.  See the
 #   file COPYING distributed with this one for a description of
@@ -51,7 +52,7 @@ AliasSU() {
 	cp /etc/profile /etc/profile.new
 
 	echo >> /etc/profile.new '
-# su alias, added for LSPP/EAL4+ configuration
+# su alias, added for EAL4+ configuration
 alias su="echo \"Always use '\''/bin/su -'\'' (see '"$_ECG_FULL"')\"; echo >/dev/null"
 
 # The evaluated configuration recommends the rnano editor, you MAY change this
@@ -761,6 +762,14 @@ Main() {
 		_VERBOSE=
 		shift
 		;;
+	    -c|--capp)
+	    	_PROFILE=capp
+		shift
+		;;
+	    -l|--lspp)
+	    	_PROFILE=lspp
+		shift
+		;;
 	    *)  Usage
 		exit 1
 		;;
@@ -792,8 +801,21 @@ Please read the documentation before pro
 	    Die "root filesystem must be ext3 with ACL support on. See $_ECG."
 	}
     }
+    [ "$_PROFILE" == "" ] && {
+	    if ShallI "Configure for the CAPP protection profile?"; then
+		_PROFILE=capp
+	    else
+		if ShallI "Configure for the LSPP protection profile?"; then
+			_PROFILE=lspp
+		else
+			Die "Must specify either CAPP or LSPP.  See $_ECG."
+		fi
+	    fi
+    }
 
-    ConfigureLsppPolicy
+    [ $_PROFILE == "lspp" ] && {
+	    ConfigureLsppPolicy
+    }
     HardenServiceLinks
     HardenPamConfig
     HardenPermissions
@@ -804,8 +826,10 @@ Please read the documentation before pro
     ConfigureFTP
     ConfigureAudit
     ConfigurePostfix
-    ConfigureCups
-    ConfigurePolyinstantiation
+    [ $_PROFILE == "lspp" ] && {
+	    ConfigureCups
+	    ConfigurePolyinstantiation
+    }
     DisableUsbfs
     SetRunLevel 3
     Reboot
@@ -1054,13 +1078,13 @@ UpdateFSTAB() {
 readonly _ECG=ECG
 readonly _ECG_FULL="Evaluated Configuration Guide"
 
-readonly _LOGFILE=/var/log/lspp-config.log
+readonly _LOGFILE=/var/log/eal4-config.log
 
 # the following variable gets set by "make install"
 readonly _BASE=--BASE--
 
-readonly _PERMSFILE=$_BASE/lspp-perms.conf
-readonly _ROOT_ONLY_FILE=$_BASE/lspp-root-only.conf
+readonly _PERMSFILE=$_BASE/eal4-perms.conf
+readonly _ROOT_ONLY_FILE=$_BASE/eal4-root-only.conf
 
 readonly _MODULES_CONF=/etc/modules.conf
 readonly _SERVICEBASE=/etc/rc.d/init.d
@@ -1107,6 +1131,7 @@ _INTERACTIVE=yes
 _PRINT_ONLY=
 _VERBOSE=
 _TICKPID=
+_PROFILE=
 
 : --Usage
 #  Print summary of supported options
@@ -1117,6 +1142,8 @@ Options:
     -i|--interactive    Prompt for permission before changes (default)
     -a|--automated      No prompts, take all default answers
     -q|--quiet          Be less verbose
+    -c|--capp		Configure for CAPP
+    -l|--lspp		Configure for LSPP
                         (see $_LOGFILE for detailed msgs)
 Example:
 $0 -a