diff options
author | Thierry Vignaud <tvignaud@mandriva.org> | 2002-09-17 14:44:15 +0000 |
---|---|---|
committer | Thierry Vignaud <tvignaud@mandriva.org> | 2002-09-17 14:44:15 +0000 |
commit | edce396f9017cc6e72b3d2b7f2d5eee329a00b0d (patch) | |
tree | 9268d63c955f3c922ee137542067fb9b1d7b4e75 /perl-install/security/msec.pm | |
parent | c45ff957e2fbec2e946acfbc1f10c8d177392416 (diff) | |
download | drakx-edce396f9017cc6e72b3d2b7f2d5eee329a00b0d.tar drakx-edce396f9017cc6e72b3d2b7f2d5eee329a00b0d.tar.gz drakx-edce396f9017cc6e72b3d2b7f2d5eee329a00b0d.tar.bz2 drakx-edce396f9017cc6e72b3d2b7f2d5eee329a00b0d.tar.xz drakx-edce396f9017cc6e72b3d2b7f2d5eee329a00b0d.zip |
- security::msec :
o config_check: use MDK::Common to set option rather
than overwriting config file
o remove all stupid prefix that just ofuscate code
whereas it's always set to '',
$::prefix will be a lot better
o s/shift @_/shift/
o kill config_option()
o simplify get_default()
o get_secure_level() : replace if cascade by an array
o set_secure_level() :
* replace if cascade by an hash
* default to runlevel 3 if undefined
o get_functions() : simplify by merging code paths
- security::main :
o security::libsafe is unneeded
o don't pass useless prefix
o begin to read default values
Diffstat (limited to 'perl-install/security/msec.pm')
-rw-r--r-- | perl-install/security/msec.pm | 34 |
1 files changed, 16 insertions, 18 deletions
diff --git a/perl-install/security/msec.pm b/perl-install/security/msec.pm index e15459126..905705003 100644 --- a/perl-install/security/msec.pm +++ b/perl-install/security/msec.pm @@ -118,8 +118,8 @@ sub set_secure_level { my $word_level = $_[1]; my %sec_levels = ("Dangerous" => 0, "Poor" => 1, "Standard" => 2, "High" => 3, "Higher" => 4, "Paranoid" => 5); - my $num_level = $sec_levels{$word_level}; - system "/usr/sbin/msec", $num_level ? $run_level : 3; + my $run_level = $sec_levels{$word_level}; + system "/usr/sbin/msec", $run_level ? $run_level : 3; } # *********************************************** @@ -137,24 +137,22 @@ sub get_functions { ## TODO handle 3 last functions here so they can be removed from this list my @ignore_list = qw(indirect commit_changes closelog error initlog log set_secure_level - set_security_conf set_server_level print_changes get_translation - create_server_link); + set_security_conf set_server_level print_changes get_translation create_server_link); - my @network_list = qw(accept_bogus_error_responses accept_broadcasted_icmp_echo accept_icmp_echo - enable_dns_spoofing_protection enable_ip_spoofing_protection - enable_log_strange_packets enable_promisc_check no_password_aging_for); - - my @system_list = qw(allow_autologin allow_issues allow_reboot allow_remote_root_login + my %options = ( + 'network' => [qw(accept_bogus_error_responses accept_broadcasted_icmp_echo accept_icmp_echo + enable_dns_spoofing_protection enable_ip_spoofing_protection + enable_log_strange_packets enable_promisc_check no_password_aging_for)], + 'system' => [qw(allow_autologin allow_issues allow_reboot allow_remote_root_login allow_root_login allow_user_list allow_x_connections allow_xserver_to_listen authorize_services enable_at_crontab enable_console_log enable_msec_cron enable_pam_wheel_for_su enable_password enable_security_check enable_sulogin password_aging password_history password_length set_root_umask - set_shell_history_size set_shell_timeout set_user_umask); + set_shell_history_size set_shell_timeout set_user_umask)]); my $file = "$::prefix/usr/share/msec/mseclib.py"; my $function = ''; - print "$::prefix\n"; # read mseclib.py to get each function's name and if it's # not in the ignore list, add it to the returned list. open F, $file; @@ -163,8 +161,7 @@ sub get_functions { (undef, $function) = split(/ /, $_); ($function, undef) = split(/\(/, $function); if (!(member($function, @ignore_list))) { - if($category eq "network" && member($function, @network_list)) { push(@functions, $function) } - elsif($category eq "system" && member($function, @system_list)) { push(@functions, $function) } + push(@functions, $function) if (member($function, @{$options{$category}})); } } } @@ -258,15 +255,16 @@ sub get_check_value { if (-e $check_file) { open F, $check_file; - while(<F>) { + while(<F>) { if($_ =~ /^$check/) { (undef, $value) = split(/=/, $_); - chop $value; - $found = 1; + chop $value; + $found = 1; + close F; } } - close F; - if ($found == 0) { $value = "default" } + close F; + $value = "default" if ($found == 0); } else { $value = "default" } |