summaryrefslogtreecommitdiffstats
path: root/perl-install/security
diff options
context:
space:
mode:
authorThierry Vignaud <tvignaud@mandriva.org>2002-09-10 08:24:01 +0000
committerThierry Vignaud <tvignaud@mandriva.org>2002-09-10 08:24:01 +0000
commita22f9e34f0dab6621f90e066e15fa563f836e468 (patch)
tree763c53ff8a8cb9a788d7c5d788e723edf30bbff2 /perl-install/security
parent18bca884ae5a1dd7a78019e39448129a5d66ff8c (diff)
downloaddrakx-a22f9e34f0dab6621f90e066e15fa563f836e468.tar
drakx-a22f9e34f0dab6621f90e066e15fa563f836e468.tar.gz
drakx-a22f9e34f0dab6621f90e066e15fa563f836e468.tar.bz2
drakx-a22f9e34f0dab6621f90e066e15fa563f836e468.tar.xz
drakx-a22f9e34f0dab6621f90e066e15fa563f836e468.zip
move back draksec's files in drakxtools
Diffstat (limited to 'perl-install/security')
-rw-r--r--perl-install/security/libsafe.pm18
-rw-r--r--perl-install/security/main.pm298
-rw-r--r--perl-install/security/msec.pm356
3 files changed, 672 insertions, 0 deletions
diff --git a/perl-install/security/libsafe.pm b/perl-install/security/libsafe.pm
new file mode 100644
index 000000000..1d6436b86
--- /dev/null
+++ b/perl-install/security/libsafe.pm
@@ -0,0 +1,18 @@
+package draksec::libsafe;
+
+use diagnostics;
+use strict;
+
+use common;
+
+sub config_libsafe {
+ my ($prefix, $libsafe) = @_;
+ my %t = getVarsFromSh("$prefix/etc/sysconfig/system");
+ if (@_ > 1) {
+ $t{LIBSAFE} = bool2yesno($libsafe);
+ setVarsInSh("$prefix/etc/sysconfig/system", \%t);
+ }
+ text2bool($t{LIBSAFE});
+}
+
+1;
diff --git a/perl-install/security/main.pm b/perl-install/security/main.pm
new file mode 100644
index 000000000..3e23a8ce9
--- /dev/null
+++ b/perl-install/security/main.pm
@@ -0,0 +1,298 @@
+use strict;
+use standalone;
+
+use standalone;
+use MDK::Common;
+use my_gtk qw(:helpers :wrappers :ask);
+use log;
+
+use security::libsafe;
+use security::msec;
+
+sub myexit { my_gtk::exit @_ }
+
+sub wait_msg {
+ my $mainw = my_gtk->new('wait');
+ my $label = new Gtk::Label($_[0]);
+ gtkadd($mainw->{window}, gtkpack(gtkadd(create_vbox(), $label)));
+ $label->signal_connect(expose_event => sub { $mainw->{displayed} = 1 });
+ $mainw->sync until $mainw->{displayed};
+ gtkset_mousecursor_wait($mainw->{rwindow}->window);
+ $mainw->flush;
+ $mainw;
+}
+
+sub remove_wait_msg { $_[0]->destroy }
+
+sub show_msec_help {
+ my $command = $_[0];
+}
+
+sub basic_seclevel_explanations {
+ my $msec = $_[0];
+ my $seclevel_explain = $msec->seclevel_explain();
+
+ my $text = new Gtk::Text(undef, undef);
+ $text->set_editable(0);
+ $text->insert(undef, $text->style->black, undef, $seclevel_explain);
+
+ gtkpack_(gtkshow(new Gtk::HBox(0, 0)), 1, $text);
+}
+
+sub basic_seclevel_option {
+ my ($seclevel_entry, $msec) = @_;
+ my @sec_levels = $msec->get_seclevel_list();
+ my $current_level = $msec->get_secure_level();
+
+ push(@sec_levels, $current_level) if ($current_level eq "Dangerous" || $current_level eq "Poor");
+
+ $$seclevel_entry->entry->set_editable(0);
+ $$seclevel_entry->set_popdown_strings(@sec_levels);
+ $$seclevel_entry->entry->set_text($current_level);
+
+ my $hbox = new Gtk::HBox(0, 0);
+ new Gtk::Label(_("Security Level:")), $$seclevel_entry;
+}
+
+sub basic_secadmin_check {
+ my ($secadmin_check, $msec) = @_;
+
+ $$secadmin_check->set_active(1) if ($msec->get_check_value('', "MAIL_WARN") eq "yes");
+
+ new Gtk::Label(_("Security Alerts:")), $$secadmin_check;
+}
+
+sub basic_secadmin_entry {
+ my ($secadmin_entry, $msec) = @_;
+
+ $$secadmin_entry->set_text($msec->get_check_value('', "MAIL_USER"));
+
+ my $hbox = new Gtk::HBox(0, 0);
+ new Gtk::Label(_("Security Administrator:")), $$secadmin_entry;
+}
+
+sub network_generate_page {
+ my ($rsecurity_net_hash, $msec) = @_;
+ my @network_options = $msec->get_functions('', "network");
+ my @yesno_choices = qw(yes no default);
+ my @alllocal_choices = qw(ALL LOCAL NONE default);
+
+ my @items;
+
+ foreach my $tmp (@network_options) {
+# my $hbutton = gtksignal_connect(new Gtk::Button(_('Help')),
+# 'clicked' => sub { show_msec_help($tmp) } );
+ my $default = $msec->get_function_default('', $tmp);
+ if (member($default, @yesno_choices) || member($default, @alllocal_choices)) {
+ $$rsecurity_net_hash{$tmp} = new Gtk::Combo();
+ $$rsecurity_net_hash{$tmp}->entry->set_editable(0);
+ }
+ else {
+ $$rsecurity_net_hash{$tmp} = new Gtk::Entry();
+ $$rsecurity_net_hash{$tmp}->set_text($msec->get_check_value('', $tmp));
+ }
+ if (member($default, @yesno_choices)) {
+ $$rsecurity_net_hash{$tmp}->set_popdown_strings(@yesno_choices);
+ $$rsecurity_net_hash{$tmp}->entry->set_text($msec->get_check_value('', $tmp));
+ }
+ elsif (member($default, @alllocal_choices)) {
+ $$rsecurity_net_hash{$tmp}->set_popdown_strings(@alllocal_choices);
+ $$rsecurity_net_hash{$tmp}->entry->set_text($msec->get_check_value('', $tmp));
+ }
+ push @items, [ new Gtk::Label(_($tmp." (default: ".$default.")")), $$rsecurity_net_hash{$tmp} ]; #, $hbutton];
+ }
+
+ gtkpack(new Gtk::VBox(0, 0),
+ new Gtk::Label(_("The following options can be set to customize your\nsystem security. If you need explanations, click on Help.\n")),
+ create_packtable({ col_spacings => 10, row_spacings => 5 }, @items));
+}
+
+sub system_generate_page {
+ my ($rsecurity_system_hash, $msec) = @_;
+ my @system_options = $msec->get_functions('', "system");
+ my @yesno_choices = qw(yes no default);
+ my @alllocal_choices = qw(ALL LOCAL NONE default);
+
+ my @items;
+
+ foreach my $tmp (@system_options) {
+# my $hbutton = gtksignal_connect(new Gtk::Button(_('Help')),
+# 'clicked' => sub { show_msec_help($tmp) } );
+ my $default = $msec->get_function_default('', $tmp);
+ my $item_hbox = new Gtk::HBox(0, 0);
+ if (member($default, @yesno_choices) || member($default, @alllocal_choices)) {
+ $$rsecurity_system_hash{$tmp} = new Gtk::Combo();
+ $$rsecurity_system_hash{$tmp}->entry->set_editable(0);
+ } else {
+ $$rsecurity_system_hash{$tmp} = new Gtk::Entry();
+ $$rsecurity_system_hash{$tmp}->set_text($msec->get_check_value('', $tmp));
+ }
+ if (member($default, @yesno_choices)) {
+ $$rsecurity_system_hash{$tmp}->set_popdown_strings(@yesno_choices);
+ $$rsecurity_system_hash{$tmp}->entry->set_text($msec->get_check_value('', $tmp));
+ }
+ elsif (member($default, @alllocal_choices)) {
+ $$rsecurity_system_hash{$tmp}->set_popdown_strings(@alllocal_choices);
+ $$rsecurity_system_hash{$tmp}->entry->set_text($msec->get_check_value('', $tmp));
+ }
+ push @items, [ new Gtk::Label(_($tmp." (default: ".$default.")")), $$rsecurity_system_hash{$tmp} ]; #, $hbutton ];
+ }
+
+ createScrolledWindow(gtkpack(new Gtk::VBox(0, 0),
+ new Gtk::Label(_("The following options can be set to customize your\nsystem security. If you need explanations, click on Help.\n")),
+ create_packtable({ col_spacings => 10, row_spacings => 5 }, @items)));
+}
+
+# TODO: Format label & entry in a table to make it nice to see
+sub checks_generate_page {
+ my ($rsecurity_checks_hash, $msec) = @_;
+ my @security_checks = $msec->get_checks('');
+ my @choices = qw(yes no default);
+ my @ignore_list = qw(MAIL_WARN MAIL_USER);
+
+ my @items;
+ foreach my $tmp (@security_checks) {
+ if (!member(@ignore_list, $tmp)) {
+# my $hbutton = gtksignal_connect(new Gtk::Button(_('Help')),
+# 'clicked' => sub { show_msec_help($tmp) } );
+ $$rsecurity_checks_hash{$tmp} = new Gtk::Combo();
+ $$rsecurity_checks_hash{$tmp}->entry->set_editable(0);
+ $$rsecurity_checks_hash{$tmp}->set_popdown_strings(@choices);
+ $$rsecurity_checks_hash{$tmp}->entry->set_text($msec->get_check_value('', $tmp));
+ push @items, [ new Gtk::Label(_($tmp)), $$rsecurity_checks_hash{$tmp} ]; #, $hbutton ];
+ }
+ }
+
+ createScrolledWindow(gtkpack(new Gtk::VBox(0, 0),
+ new Gtk::Label(_("The following options can be set to customize your\nsystem security. If you need explanations, click on Help.\n")),
+ create_packtable({ col_spacings => 10, row_spacings => 5 }, @items)));
+}
+
+sub draksec_main {
+ # Variable Declarations
+ my $msec = new security::msec;
+ my $w = my_gtk->new('draksec');
+ my $window = $w->{window};
+
+ ############################ MAIN WINDOW ###################################
+ # Set different options to Gtk::Window
+ unless ($::isEmbedded) {
+ $w->{rwindow}->set_policy(1,1,1);
+ $w->{rwindow}->set_position(1);
+ $w->{rwindow}->set_title("DrakSec - Basic Options" );
+ $window->set_usize( 598,490);
+ }
+
+ # Connect the signals
+ $window->signal_connect("delete_event", sub { $window->destroy(); } );
+ $window->signal_connect("destroy", sub { my_gtk->exit(); } );
+ $window->realize();
+
+ $window->add(my $vbox = gtkshow(new Gtk::VBox(0, 0)));
+
+ # Create the notebook (for bookmarks at the top)
+ my $notebook = create_notebook();
+ $notebook->set_tab_pos('top');
+
+ ######################## BASIC OPTIONS PAGE ################################
+ my $seclevel_entry = new Gtk::Combo();
+ my $secadmin_check = new Gtk::CheckButton();
+ my $secadmin_entry = new Gtk::Entry();
+
+ $notebook->append_page(gtkpack__(gtkshow(my $basic_page = new Gtk::VBox(0, 0)),
+ basic_seclevel_explanations($msec),
+ create_packtable ({ col_spacings => 10, row_spacings => 5 },
+ [ basic_seclevel_option(\$seclevel_entry, $msec) ],
+ [ basic_secadmin_check(\$secadmin_check, $msec) ],
+ [ basic_secadmin_entry(\$secadmin_entry, $msec) ] )),
+ gtkshow(new Gtk::Label("Basic")));
+
+ ######################### NETWORK OPTIONS ##################################
+ my %network_options_value;
+ $notebook->append_page(gtkpack__(gtkshow(new Gtk::VBox(0, 0)),
+ network_generate_page(\%network_options_value, $msec)),
+ gtkshow(new Gtk::Label("Network Options")));
+
+
+ ########################## SYSTEM OPTIONS ##################################
+ my %system_options_value;
+
+ $notebook->append_page(gtkpack_(
+ gtkshow(new Gtk::VBox(0, 0)),
+ 1, system_generate_page(\%system_options_value, $msec)),
+ gtkshow(new Gtk::Label("System Options")));
+
+ ######################## PERIODIC CHECKS ###################################
+ my %security_checks_value;
+
+ $notebook->append_page(gtkpack(gtkshow(new Gtk::VBox(0, 0)),
+ checks_generate_page(\%security_checks_value, $msec)),
+ gtkshow(new Gtk::Label("Periodic Checks")));
+
+
+ ####################### OK CANCEL BUTTONS ##################################
+ my $bok = gtksignal_connect(new Gtk::Button(_("Ok")),
+ 'clicked' => sub {
+ my $seclevel_value = $seclevel_entry->entry->get_text();
+ my $secadmin_check_value = $secadmin_check->get_active();
+ my $secadmin_value = $secadmin_entry->get_text();
+ my $w;
+
+ standalone::explanations("Configuring msec");
+
+ if($seclevel_value ne $msec->get_secure_level()) {
+ $w = wait_msg(_("Please wait, setting security level..."));
+ standalone::explanations("Setting security level");
+ $msec->set_secure_level($seclevel_value);
+ remove_wait_msg($w);
+ }
+
+ $w = wait_msg(_("Please wait, setting security options..."));
+ standalone::explanations("Setting security administrator option");
+ if($secadmin_check_value == 1) { $msec->config_check('', 'MAIL_WARN', 'yes') }
+ else { $msec->config_check('', 'MAIL_WARN', 'no') }
+
+ standalone::explanations("Setting security administrator contact");
+ if($secadmin_value ne $msec->get_check_value('', 'MAIL_USER') && $secadmin_check_value) {
+ $msec->config_check('', 'MAIL_USER', $secadmin_value);
+ }
+
+ standalone::explanations("Setting security periodic checks");
+ foreach my $key (keys %security_checks_value) {
+ if ($security_checks_value{$key}->entry->get_text() ne $msec->get_check_value('', $key)) {
+ $msec->config_check('', $key, $security_checks_value{$key}->entry->get_text());
+ }
+ }
+
+ standalone::explanations("Setting msec functions related to networking");
+ foreach my $key (keys %network_options_value) {
+ if($network_options_value{$key} =~ /Combo/) { $msec->config_function('', $key, $network_options_value{$key}->entry->get_text()) }
+ else { $msec->config_check('', $key, $network_options_value{$key}->get_text()) }
+ }
+
+ standalone::explanations("Setting msec functions related to the system");
+ foreach my $key (keys %system_options_value) {
+ if($system_options_value{$key} =~ /Combo/) { $msec->config_function('', $key, $system_options_value{$key}->entry->get_text()) }
+ else { $msec->config_check('', $key, $system_options_value{$key}->get_text()) }
+ }
+ remove_wait_msg($w);
+
+ my_gtk->exit(0);
+ } );
+
+ my $bcancel = gtksignal_connect(new Gtk::Button(_("Cancel")),
+ 'clicked' => sub { my_gtk->exit(0) } );
+ gtkpack_($vbox,
+ 1, gtkshow($notebook),
+ 0, gtkadd(gtkadd(gtkshow(new Gtk::HBox(0, 0)),
+ gtkshow($bok)),
+ gtkshow($bcancel)));
+ $bcancel->can_default(1);
+ $bcancel->grab_default();
+
+ $w->main;
+ my_gtk->exit(0);
+
+}
+
+1;
diff --git a/perl-install/security/msec.pm b/perl-install/security/msec.pm
new file mode 100644
index 000000000..4e105f264
--- /dev/null
+++ b/perl-install/security/msec.pm
@@ -0,0 +1,356 @@
+package security::msec;
+
+use strict;
+use vars qw($VERSION);
+
+$VERSION = "0.2";
+
+=head1 NAME
+
+msec - Perl functions to handle msec configuration files
+
+=head1 SYNOPSYS
+
+ require security::msec;
+
+ my $msec = new msec;
+
+ $secure_level = get_secure_level($prefix);
+
+ @functions = $msec->get_functions($prefix);
+ foreach @functions { %options{$_} = $msec->get_function_value($prefix, $_) }
+ foreach @functions { %defaults{$_} = $msec->get_function_default($prefix, $_) }
+ foreach @functions { $msec->config_function($prefix, $_, %options{$_}) }
+
+ @checks = $msec->get_checks($prefix);
+ foreach @checks { %options{$_} = $msec->get_check_value($prefix, $_) }
+ foreach @checks { %defaults{$_} = $msec->get_check_default($prefix, $_) }
+ foreach @checks { $msec->config_check($prefix, $_, %options{$_}) }
+
+=head1 DESCRIPTION
+
+C<msec> is a perl module used by draksec to customize the different options
+that can be set in msec's configuration files.
+
+=head1 COPYRIGHT
+
+Copyright (C) 2000,2001,2002 MandrakeSoft <cbelisle@mandrakesoft.com>
+
+This program is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program; if not, write to the Free Software
+Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+
+=cut
+
+use MDK::Common;
+
+# ***********************************************
+# PRIVATE FUNCTIONS
+# ***********************************************
+sub config_option {
+ my ($prefix, $option, $value, $category) =@_;
+ my %options_hash = ( );
+ my $key = "";
+ my $options_file = "";
+
+ if($category eq "functions") { $options_file = "$prefix/etc/security/msec/level.local"; }
+ elsif($category eq "checks") { $options_file ="$prefix/etc/security/msec/security.conf"; }
+
+ if(-e $options_file) {
+ open F, $options_file;
+ if($category eq "functions") {
+ while(<F>) {
+ if (!($_ =~ /^from mseclib/) && $_ ne "\n") {
+ my ($name, $value_set) = split (/\(/, $_);
+ chop $value_set; chop $value_set;
+ $options_hash{$name} = $value_set;
+ }
+ }
+ }
+ elsif($category eq "checks") {
+ %options_hash = getVarsFromSh($options_file);
+ }
+ close F;
+ }
+
+ $options_hash{$option} = $value;
+
+ open F, '>'.$options_file;
+ if ($category eq "functions") { print F "from mseclib import *\n\n"; }
+ foreach $key (keys %options_hash) {
+ if ($options_hash{$key} ne "default") {
+ if($category eq "functions") { print F "$key"."($options_hash{$key})\n"; }
+ elsif($category eq "checks") { print F "$key=$options_hash{$key}\n"; }
+ }
+ }
+ close F;
+}
+
+sub get_default {
+ my ($prefix, $option, $category) = @_;
+ my $default_file = "";
+ my $default_value = "";
+ my $num_level = 0;
+
+ if ($category eq "functions") {
+ my $word_level = get_secure_level($prefix);
+ if ($word_level eq "Dangerous") { $num_level = 0 }
+ elsif ($word_level eq "Poor") { $num_level = 1 }
+ elsif ($word_level eq "Standard") { $num_level = 2 }
+ elsif ($word_level eq "High") { $num_level = 3 }
+ elsif ($word_level eq "Higher") { $num_level = 4 }
+ elsif ($word_level eq "Paranoid") { $num_level = 5 }
+ $default_file = "$prefix/usr/share/msec/level.".$num_level;
+ }
+ elsif ($category eq "checks") { $default_file = "$prefix/var/lib/msec/security.conf"; }
+
+ open F, $default_file;
+ if($category eq "functions") {
+ while(<F>) {
+ if ($_ =~ /^$option/) { (undef, $default_value) = split(/ /, $_); }
+ }
+ }
+ elsif ($category eq "checks") {
+ while(<F>) {
+ if ($_ =~ /^$option/) { (undef, $default_value) = split(/=/, $_); }
+ }
+ }
+ close F;
+ chop $default_value;
+
+ $default_value;
+}
+
+# ***********************************************
+# EXPLANATIONS
+# ***********************************************
+sub seclevel_explain {
+"Standard: This is the standard security recommended for a computer that will be used to connect
+ to the Internet as a client.
+
+High: There are already some restrictions, and more automatic checks are run every night.
+
+Higher: The security is now high enough to use the system as a server which can accept
+ connections from many clients. If your machine is only a client on the Internet, you
+ should choose a lower level.
+
+Paranoid: This is similar to the previous level, but the system is entirely closed and security
+ features are at their maximum
+
+Security Administrator:
+ If the 'Security Alerts' option is set, security alerts will be sent to this user (username or
+ email)";
+}
+
+# ***********************************************
+# SPECIFIC OPTIONS
+# ***********************************************
+
+# get_secure_level(prefix) - Get the secure level
+sub get_secure_level {
+ shift @_;
+ my $prefix = $_;
+ my $num_level = 2;
+
+ $num_level = cat_("$prefix/etc/profile") =~ /export SECURE_LEVEL=(\d+)/ && $1 ||
+ cat_("$prefix/etc/profile.d/msec.sh") =~ /export SECURE_LEVEL=(\d+)/ && $1 ||
+ ${{ getVarsFromSh("$prefix/etc/sysconfig/msec") }}{SECURE_LEVEL};
+ # || $ENV{SECURE_LEVEL};
+
+ if ($num_level == 0) { return "Dangerous" }
+ elsif ($num_level == 1) { return "Poor" }
+ elsif ($num_level == 2) { return "Standard" }
+ elsif ($num_level == 3) { return "High" }
+ elsif ($num_level == 4) { return "Higher" }
+ elsif ($num_level == 5) { return "Paranoid" }
+}
+
+sub get_seclevel_list {
+ qw(Standard High Higher Paranoid);
+}
+
+sub set_secure_level {
+ my $word_level = $_[1];
+ my $num_level = 0;
+
+ if ($word_level eq "Dangerous") { $num_level = 0 }
+ elsif ($word_level eq "Poor") { $num_level = 1 }
+ elsif ($word_level eq "Standard") { $num_level = 2 }
+ elsif ($word_level eq "High") { $num_level = 3 }
+ elsif ($word_level eq "Higher") { $num_level = 4 }
+ elsif ($word_level eq "Paranoid") { $num_level = 5 }
+
+ system "/usr/sbin/msec", $num_level;
+}
+
+# ***********************************************
+# FUNCTIONS (level.local) RELATED
+# ***********************************************
+
+# get_functions(prefix) -
+# return a list of functions handled by level.local (see
+# man mseclib for more info).
+sub get_functions {
+ shift;
+ my ($prefix, $category) = @_;
+ my @functions = ();
+ my (@tmp_network_list, @tmp_system_list);
+
+ ## TODO handle 3 last functions here so they can be removed from this list
+ my @ignore_list = qw(indirect commit_changes closelog error initlog log set_secure_level
+ set_security_conf set_server_level print_changes get_translation
+ create_server_link);
+
+ my @network_list = qw(accept_bogus_error_responses accept_broadcasted_icmp_echo accept_icmp_echo
+ enable_dns_spoofing_protection enable_ip_spoofing_protection
+ enable_log_strange_packets enable_promisc_check no_password_aging_for);
+
+ my @system_list = qw(allow_autologin allow_issues allow_reboot allow_remote_root_login
+ allow_root_login allow_user_list allow_x_connections allow_xserver_to_listen
+ authorize_services enable_at_crontab enable_console_log enable_libsafe
+ enable_msec_cron enable_pam_wheel_for_su enable_password enable_security_check
+ enable_sulogin password_aging password_history password_length set_root_umask
+ set_shell_history_size set_shell_timeout set_user_umask);
+
+ my $file = "$prefix/usr/share/msec/mseclib.py";
+ my $function = '';
+
+ print "$prefix\n";
+ # read mseclib.py to get each function's name and if it's
+ # not in the ignore list, add it to the returned list.
+ open F, $file;
+ while (<F>) {
+ if ($_ =~ /^def/) {
+ (undef, $function) = split(/ /, $_);
+ ($function, undef) = split(/\(/, $function);
+ if (!(member($function, @ignore_list))) {
+ if($category eq "network" && member($function, @network_list)) { push(@functions, $function) }
+ elsif($category eq "system" && member($function, @system_list)) { push(@functions, $function) }
+ }
+ }
+ }
+ close F;
+
+ @functions;
+}
+
+# get_function_value(prefix, function) -
+# return the value of the function passed in argument. If no value is set,
+# return "default".
+sub get_function_value {
+ my ($prefix, $function) = @_;
+ my $value = '';
+ my $msec_options = "$prefix/etc/security/msec/level.local";
+ my $found = 0;
+
+ if (-e $msec_options) {
+ open F, $msec_options;
+ while(<F>) {
+ if($_ =~ /^$function/) {
+ (undef, $value) = split(/\(/, $_);
+ chop $value; chop $value;
+ $found = 1;
+ }
+ }
+ close F;
+ if ($found == 0) { $value = "default" }
+ }
+ else { $value = "default" }
+
+ $value;
+}
+
+# get_function_default(prefix, function) -
+# return the default value of the function according to the security level
+sub get_function_default {
+ shift;
+ my ($prefix, $function) = @_;
+ return get_default($prefix, $function, "functions");
+}
+
+# config_function(prefix, function, value) -
+# Apply the configuration to 'prefix'/etc/security/msec/level.local
+sub config_function {
+ my ($prefix, $function, $value) = @_;
+ config_option($prefix, $function, $value, "functions");
+}
+
+# ***********************************************
+# PERIODIC CHECKS (security.conf) RELATED
+# ***********************************************
+
+# get_checks(prefix) -
+# return a list of periodic checks handled by security.conf
+sub get_checks {
+ my $prefix = $_;
+ my $check;
+ my @checks = ();
+
+ my $check_file = "$prefix/var/lib/msec/security.conf";
+ my @ignore_list = qw(MAIL_USER);
+
+ if (-e $check_file) {
+ open F, $check_file;
+ while (<F>) {
+ ($check, undef) = split(/=/, $_);
+ if(!(member($check, @ignore_list))) { push(@checks, $check) }
+ }
+ close F;
+ }
+
+ @checks;
+}
+
+# get_check_value(prefix, check)
+# return the value of the check passed in argument
+sub get_check_value {
+ shift @_;
+ my ($prefix, $check) = @_;
+ my $check_file = "$prefix/etc/security/msec/security.conf";
+ my $value = '';
+ my $found = 0;
+
+ if (-e $check_file) {
+ open F, $check_file;
+ while(<F>) {
+ if($_ =~ /^$check/) {
+ (undef, $value) = split(/=/, $_);
+ chop $value;
+ $found = 1;
+ }
+ }
+ close F;
+ if ($found == 0) { $value = "default" }
+ }
+ else { $value = "default" }
+
+ $value;
+}
+
+# get_check_default(prefix, check)
+# Get the default value according to the security level
+sub get_check_default {
+ my ($prefix, $check) = @_;
+ return get_default($prefix, $check, "checks");
+}
+
+# config_check(prefix, check, value)
+# Apply the configuration to "prefix"/etc/security/msec/security.conf
+sub config_check {
+ shift @_;
+ my ($prefix, $check, $value) = @_;
+ config_option($prefix, $check, $value, "checks");
+}
+
+sub new { shift }
+1;