diff options
author | Thierry Vignaud <tvignaud@mandriva.org> | 2002-09-10 08:24:01 +0000 |
---|---|---|
committer | Thierry Vignaud <tvignaud@mandriva.org> | 2002-09-10 08:24:01 +0000 |
commit | a22f9e34f0dab6621f90e066e15fa563f836e468 (patch) | |
tree | 763c53ff8a8cb9a788d7c5d788e723edf30bbff2 /perl-install/security | |
parent | 18bca884ae5a1dd7a78019e39448129a5d66ff8c (diff) | |
download | drakx-a22f9e34f0dab6621f90e066e15fa563f836e468.tar drakx-a22f9e34f0dab6621f90e066e15fa563f836e468.tar.gz drakx-a22f9e34f0dab6621f90e066e15fa563f836e468.tar.bz2 drakx-a22f9e34f0dab6621f90e066e15fa563f836e468.tar.xz drakx-a22f9e34f0dab6621f90e066e15fa563f836e468.zip |
move back draksec's files in drakxtools
Diffstat (limited to 'perl-install/security')
-rw-r--r-- | perl-install/security/libsafe.pm | 18 | ||||
-rw-r--r-- | perl-install/security/main.pm | 298 | ||||
-rw-r--r-- | perl-install/security/msec.pm | 356 |
3 files changed, 672 insertions, 0 deletions
diff --git a/perl-install/security/libsafe.pm b/perl-install/security/libsafe.pm new file mode 100644 index 000000000..1d6436b86 --- /dev/null +++ b/perl-install/security/libsafe.pm @@ -0,0 +1,18 @@ +package draksec::libsafe; + +use diagnostics; +use strict; + +use common; + +sub config_libsafe { + my ($prefix, $libsafe) = @_; + my %t = getVarsFromSh("$prefix/etc/sysconfig/system"); + if (@_ > 1) { + $t{LIBSAFE} = bool2yesno($libsafe); + setVarsInSh("$prefix/etc/sysconfig/system", \%t); + } + text2bool($t{LIBSAFE}); +} + +1; diff --git a/perl-install/security/main.pm b/perl-install/security/main.pm new file mode 100644 index 000000000..3e23a8ce9 --- /dev/null +++ b/perl-install/security/main.pm @@ -0,0 +1,298 @@ +use strict; +use standalone; + +use standalone; +use MDK::Common; +use my_gtk qw(:helpers :wrappers :ask); +use log; + +use security::libsafe; +use security::msec; + +sub myexit { my_gtk::exit @_ } + +sub wait_msg { + my $mainw = my_gtk->new('wait'); + my $label = new Gtk::Label($_[0]); + gtkadd($mainw->{window}, gtkpack(gtkadd(create_vbox(), $label))); + $label->signal_connect(expose_event => sub { $mainw->{displayed} = 1 }); + $mainw->sync until $mainw->{displayed}; + gtkset_mousecursor_wait($mainw->{rwindow}->window); + $mainw->flush; + $mainw; +} + +sub remove_wait_msg { $_[0]->destroy } + +sub show_msec_help { + my $command = $_[0]; +} + +sub basic_seclevel_explanations { + my $msec = $_[0]; + my $seclevel_explain = $msec->seclevel_explain(); + + my $text = new Gtk::Text(undef, undef); + $text->set_editable(0); + $text->insert(undef, $text->style->black, undef, $seclevel_explain); + + gtkpack_(gtkshow(new Gtk::HBox(0, 0)), 1, $text); +} + +sub basic_seclevel_option { + my ($seclevel_entry, $msec) = @_; + my @sec_levels = $msec->get_seclevel_list(); + my $current_level = $msec->get_secure_level(); + + push(@sec_levels, $current_level) if ($current_level eq "Dangerous" || $current_level eq "Poor"); + + $$seclevel_entry->entry->set_editable(0); + $$seclevel_entry->set_popdown_strings(@sec_levels); + $$seclevel_entry->entry->set_text($current_level); + + my $hbox = new Gtk::HBox(0, 0); + new Gtk::Label(_("Security Level:")), $$seclevel_entry; +} + +sub basic_secadmin_check { + my ($secadmin_check, $msec) = @_; + + $$secadmin_check->set_active(1) if ($msec->get_check_value('', "MAIL_WARN") eq "yes"); + + new Gtk::Label(_("Security Alerts:")), $$secadmin_check; +} + +sub basic_secadmin_entry { + my ($secadmin_entry, $msec) = @_; + + $$secadmin_entry->set_text($msec->get_check_value('', "MAIL_USER")); + + my $hbox = new Gtk::HBox(0, 0); + new Gtk::Label(_("Security Administrator:")), $$secadmin_entry; +} + +sub network_generate_page { + my ($rsecurity_net_hash, $msec) = @_; + my @network_options = $msec->get_functions('', "network"); + my @yesno_choices = qw(yes no default); + my @alllocal_choices = qw(ALL LOCAL NONE default); + + my @items; + + foreach my $tmp (@network_options) { +# my $hbutton = gtksignal_connect(new Gtk::Button(_('Help')), +# 'clicked' => sub { show_msec_help($tmp) } ); + my $default = $msec->get_function_default('', $tmp); + if (member($default, @yesno_choices) || member($default, @alllocal_choices)) { + $$rsecurity_net_hash{$tmp} = new Gtk::Combo(); + $$rsecurity_net_hash{$tmp}->entry->set_editable(0); + } + else { + $$rsecurity_net_hash{$tmp} = new Gtk::Entry(); + $$rsecurity_net_hash{$tmp}->set_text($msec->get_check_value('', $tmp)); + } + if (member($default, @yesno_choices)) { + $$rsecurity_net_hash{$tmp}->set_popdown_strings(@yesno_choices); + $$rsecurity_net_hash{$tmp}->entry->set_text($msec->get_check_value('', $tmp)); + } + elsif (member($default, @alllocal_choices)) { + $$rsecurity_net_hash{$tmp}->set_popdown_strings(@alllocal_choices); + $$rsecurity_net_hash{$tmp}->entry->set_text($msec->get_check_value('', $tmp)); + } + push @items, [ new Gtk::Label(_($tmp." (default: ".$default.")")), $$rsecurity_net_hash{$tmp} ]; #, $hbutton]; + } + + gtkpack(new Gtk::VBox(0, 0), + new Gtk::Label(_("The following options can be set to customize your\nsystem security. If you need explanations, click on Help.\n")), + create_packtable({ col_spacings => 10, row_spacings => 5 }, @items)); +} + +sub system_generate_page { + my ($rsecurity_system_hash, $msec) = @_; + my @system_options = $msec->get_functions('', "system"); + my @yesno_choices = qw(yes no default); + my @alllocal_choices = qw(ALL LOCAL NONE default); + + my @items; + + foreach my $tmp (@system_options) { +# my $hbutton = gtksignal_connect(new Gtk::Button(_('Help')), +# 'clicked' => sub { show_msec_help($tmp) } ); + my $default = $msec->get_function_default('', $tmp); + my $item_hbox = new Gtk::HBox(0, 0); + if (member($default, @yesno_choices) || member($default, @alllocal_choices)) { + $$rsecurity_system_hash{$tmp} = new Gtk::Combo(); + $$rsecurity_system_hash{$tmp}->entry->set_editable(0); + } else { + $$rsecurity_system_hash{$tmp} = new Gtk::Entry(); + $$rsecurity_system_hash{$tmp}->set_text($msec->get_check_value('', $tmp)); + } + if (member($default, @yesno_choices)) { + $$rsecurity_system_hash{$tmp}->set_popdown_strings(@yesno_choices); + $$rsecurity_system_hash{$tmp}->entry->set_text($msec->get_check_value('', $tmp)); + } + elsif (member($default, @alllocal_choices)) { + $$rsecurity_system_hash{$tmp}->set_popdown_strings(@alllocal_choices); + $$rsecurity_system_hash{$tmp}->entry->set_text($msec->get_check_value('', $tmp)); + } + push @items, [ new Gtk::Label(_($tmp." (default: ".$default.")")), $$rsecurity_system_hash{$tmp} ]; #, $hbutton ]; + } + + createScrolledWindow(gtkpack(new Gtk::VBox(0, 0), + new Gtk::Label(_("The following options can be set to customize your\nsystem security. If you need explanations, click on Help.\n")), + create_packtable({ col_spacings => 10, row_spacings => 5 }, @items))); +} + +# TODO: Format label & entry in a table to make it nice to see +sub checks_generate_page { + my ($rsecurity_checks_hash, $msec) = @_; + my @security_checks = $msec->get_checks(''); + my @choices = qw(yes no default); + my @ignore_list = qw(MAIL_WARN MAIL_USER); + + my @items; + foreach my $tmp (@security_checks) { + if (!member(@ignore_list, $tmp)) { +# my $hbutton = gtksignal_connect(new Gtk::Button(_('Help')), +# 'clicked' => sub { show_msec_help($tmp) } ); + $$rsecurity_checks_hash{$tmp} = new Gtk::Combo(); + $$rsecurity_checks_hash{$tmp}->entry->set_editable(0); + $$rsecurity_checks_hash{$tmp}->set_popdown_strings(@choices); + $$rsecurity_checks_hash{$tmp}->entry->set_text($msec->get_check_value('', $tmp)); + push @items, [ new Gtk::Label(_($tmp)), $$rsecurity_checks_hash{$tmp} ]; #, $hbutton ]; + } + } + + createScrolledWindow(gtkpack(new Gtk::VBox(0, 0), + new Gtk::Label(_("The following options can be set to customize your\nsystem security. If you need explanations, click on Help.\n")), + create_packtable({ col_spacings => 10, row_spacings => 5 }, @items))); +} + +sub draksec_main { + # Variable Declarations + my $msec = new security::msec; + my $w = my_gtk->new('draksec'); + my $window = $w->{window}; + + ############################ MAIN WINDOW ################################### + # Set different options to Gtk::Window + unless ($::isEmbedded) { + $w->{rwindow}->set_policy(1,1,1); + $w->{rwindow}->set_position(1); + $w->{rwindow}->set_title("DrakSec - Basic Options" ); + $window->set_usize( 598,490); + } + + # Connect the signals + $window->signal_connect("delete_event", sub { $window->destroy(); } ); + $window->signal_connect("destroy", sub { my_gtk->exit(); } ); + $window->realize(); + + $window->add(my $vbox = gtkshow(new Gtk::VBox(0, 0))); + + # Create the notebook (for bookmarks at the top) + my $notebook = create_notebook(); + $notebook->set_tab_pos('top'); + + ######################## BASIC OPTIONS PAGE ################################ + my $seclevel_entry = new Gtk::Combo(); + my $secadmin_check = new Gtk::CheckButton(); + my $secadmin_entry = new Gtk::Entry(); + + $notebook->append_page(gtkpack__(gtkshow(my $basic_page = new Gtk::VBox(0, 0)), + basic_seclevel_explanations($msec), + create_packtable ({ col_spacings => 10, row_spacings => 5 }, + [ basic_seclevel_option(\$seclevel_entry, $msec) ], + [ basic_secadmin_check(\$secadmin_check, $msec) ], + [ basic_secadmin_entry(\$secadmin_entry, $msec) ] )), + gtkshow(new Gtk::Label("Basic"))); + + ######################### NETWORK OPTIONS ################################## + my %network_options_value; + $notebook->append_page(gtkpack__(gtkshow(new Gtk::VBox(0, 0)), + network_generate_page(\%network_options_value, $msec)), + gtkshow(new Gtk::Label("Network Options"))); + + + ########################## SYSTEM OPTIONS ################################## + my %system_options_value; + + $notebook->append_page(gtkpack_( + gtkshow(new Gtk::VBox(0, 0)), + 1, system_generate_page(\%system_options_value, $msec)), + gtkshow(new Gtk::Label("System Options"))); + + ######################## PERIODIC CHECKS ################################### + my %security_checks_value; + + $notebook->append_page(gtkpack(gtkshow(new Gtk::VBox(0, 0)), + checks_generate_page(\%security_checks_value, $msec)), + gtkshow(new Gtk::Label("Periodic Checks"))); + + + ####################### OK CANCEL BUTTONS ################################## + my $bok = gtksignal_connect(new Gtk::Button(_("Ok")), + 'clicked' => sub { + my $seclevel_value = $seclevel_entry->entry->get_text(); + my $secadmin_check_value = $secadmin_check->get_active(); + my $secadmin_value = $secadmin_entry->get_text(); + my $w; + + standalone::explanations("Configuring msec"); + + if($seclevel_value ne $msec->get_secure_level()) { + $w = wait_msg(_("Please wait, setting security level...")); + standalone::explanations("Setting security level"); + $msec->set_secure_level($seclevel_value); + remove_wait_msg($w); + } + + $w = wait_msg(_("Please wait, setting security options...")); + standalone::explanations("Setting security administrator option"); + if($secadmin_check_value == 1) { $msec->config_check('', 'MAIL_WARN', 'yes') } + else { $msec->config_check('', 'MAIL_WARN', 'no') } + + standalone::explanations("Setting security administrator contact"); + if($secadmin_value ne $msec->get_check_value('', 'MAIL_USER') && $secadmin_check_value) { + $msec->config_check('', 'MAIL_USER', $secadmin_value); + } + + standalone::explanations("Setting security periodic checks"); + foreach my $key (keys %security_checks_value) { + if ($security_checks_value{$key}->entry->get_text() ne $msec->get_check_value('', $key)) { + $msec->config_check('', $key, $security_checks_value{$key}->entry->get_text()); + } + } + + standalone::explanations("Setting msec functions related to networking"); + foreach my $key (keys %network_options_value) { + if($network_options_value{$key} =~ /Combo/) { $msec->config_function('', $key, $network_options_value{$key}->entry->get_text()) } + else { $msec->config_check('', $key, $network_options_value{$key}->get_text()) } + } + + standalone::explanations("Setting msec functions related to the system"); + foreach my $key (keys %system_options_value) { + if($system_options_value{$key} =~ /Combo/) { $msec->config_function('', $key, $system_options_value{$key}->entry->get_text()) } + else { $msec->config_check('', $key, $system_options_value{$key}->get_text()) } + } + remove_wait_msg($w); + + my_gtk->exit(0); + } ); + + my $bcancel = gtksignal_connect(new Gtk::Button(_("Cancel")), + 'clicked' => sub { my_gtk->exit(0) } ); + gtkpack_($vbox, + 1, gtkshow($notebook), + 0, gtkadd(gtkadd(gtkshow(new Gtk::HBox(0, 0)), + gtkshow($bok)), + gtkshow($bcancel))); + $bcancel->can_default(1); + $bcancel->grab_default(); + + $w->main; + my_gtk->exit(0); + +} + +1; diff --git a/perl-install/security/msec.pm b/perl-install/security/msec.pm new file mode 100644 index 000000000..4e105f264 --- /dev/null +++ b/perl-install/security/msec.pm @@ -0,0 +1,356 @@ +package security::msec; + +use strict; +use vars qw($VERSION); + +$VERSION = "0.2"; + +=head1 NAME + +msec - Perl functions to handle msec configuration files + +=head1 SYNOPSYS + + require security::msec; + + my $msec = new msec; + + $secure_level = get_secure_level($prefix); + + @functions = $msec->get_functions($prefix); + foreach @functions { %options{$_} = $msec->get_function_value($prefix, $_) } + foreach @functions { %defaults{$_} = $msec->get_function_default($prefix, $_) } + foreach @functions { $msec->config_function($prefix, $_, %options{$_}) } + + @checks = $msec->get_checks($prefix); + foreach @checks { %options{$_} = $msec->get_check_value($prefix, $_) } + foreach @checks { %defaults{$_} = $msec->get_check_default($prefix, $_) } + foreach @checks { $msec->config_check($prefix, $_, %options{$_}) } + +=head1 DESCRIPTION + +C<msec> is a perl module used by draksec to customize the different options +that can be set in msec's configuration files. + +=head1 COPYRIGHT + +Copyright (C) 2000,2001,2002 MandrakeSoft <cbelisle@mandrakesoft.com> + +This program is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program; if not, write to the Free Software +Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + +=cut + +use MDK::Common; + +# *********************************************** +# PRIVATE FUNCTIONS +# *********************************************** +sub config_option { + my ($prefix, $option, $value, $category) =@_; + my %options_hash = ( ); + my $key = ""; + my $options_file = ""; + + if($category eq "functions") { $options_file = "$prefix/etc/security/msec/level.local"; } + elsif($category eq "checks") { $options_file ="$prefix/etc/security/msec/security.conf"; } + + if(-e $options_file) { + open F, $options_file; + if($category eq "functions") { + while(<F>) { + if (!($_ =~ /^from mseclib/) && $_ ne "\n") { + my ($name, $value_set) = split (/\(/, $_); + chop $value_set; chop $value_set; + $options_hash{$name} = $value_set; + } + } + } + elsif($category eq "checks") { + %options_hash = getVarsFromSh($options_file); + } + close F; + } + + $options_hash{$option} = $value; + + open F, '>'.$options_file; + if ($category eq "functions") { print F "from mseclib import *\n\n"; } + foreach $key (keys %options_hash) { + if ($options_hash{$key} ne "default") { + if($category eq "functions") { print F "$key"."($options_hash{$key})\n"; } + elsif($category eq "checks") { print F "$key=$options_hash{$key}\n"; } + } + } + close F; +} + +sub get_default { + my ($prefix, $option, $category) = @_; + my $default_file = ""; + my $default_value = ""; + my $num_level = 0; + + if ($category eq "functions") { + my $word_level = get_secure_level($prefix); + if ($word_level eq "Dangerous") { $num_level = 0 } + elsif ($word_level eq "Poor") { $num_level = 1 } + elsif ($word_level eq "Standard") { $num_level = 2 } + elsif ($word_level eq "High") { $num_level = 3 } + elsif ($word_level eq "Higher") { $num_level = 4 } + elsif ($word_level eq "Paranoid") { $num_level = 5 } + $default_file = "$prefix/usr/share/msec/level.".$num_level; + } + elsif ($category eq "checks") { $default_file = "$prefix/var/lib/msec/security.conf"; } + + open F, $default_file; + if($category eq "functions") { + while(<F>) { + if ($_ =~ /^$option/) { (undef, $default_value) = split(/ /, $_); } + } + } + elsif ($category eq "checks") { + while(<F>) { + if ($_ =~ /^$option/) { (undef, $default_value) = split(/=/, $_); } + } + } + close F; + chop $default_value; + + $default_value; +} + +# *********************************************** +# EXPLANATIONS +# *********************************************** +sub seclevel_explain { +"Standard: This is the standard security recommended for a computer that will be used to connect + to the Internet as a client. + +High: There are already some restrictions, and more automatic checks are run every night. + +Higher: The security is now high enough to use the system as a server which can accept + connections from many clients. If your machine is only a client on the Internet, you + should choose a lower level. + +Paranoid: This is similar to the previous level, but the system is entirely closed and security + features are at their maximum + +Security Administrator: + If the 'Security Alerts' option is set, security alerts will be sent to this user (username or + email)"; +} + +# *********************************************** +# SPECIFIC OPTIONS +# *********************************************** + +# get_secure_level(prefix) - Get the secure level +sub get_secure_level { + shift @_; + my $prefix = $_; + my $num_level = 2; + + $num_level = cat_("$prefix/etc/profile") =~ /export SECURE_LEVEL=(\d+)/ && $1 || + cat_("$prefix/etc/profile.d/msec.sh") =~ /export SECURE_LEVEL=(\d+)/ && $1 || + ${{ getVarsFromSh("$prefix/etc/sysconfig/msec") }}{SECURE_LEVEL}; + # || $ENV{SECURE_LEVEL}; + + if ($num_level == 0) { return "Dangerous" } + elsif ($num_level == 1) { return "Poor" } + elsif ($num_level == 2) { return "Standard" } + elsif ($num_level == 3) { return "High" } + elsif ($num_level == 4) { return "Higher" } + elsif ($num_level == 5) { return "Paranoid" } +} + +sub get_seclevel_list { + qw(Standard High Higher Paranoid); +} + +sub set_secure_level { + my $word_level = $_[1]; + my $num_level = 0; + + if ($word_level eq "Dangerous") { $num_level = 0 } + elsif ($word_level eq "Poor") { $num_level = 1 } + elsif ($word_level eq "Standard") { $num_level = 2 } + elsif ($word_level eq "High") { $num_level = 3 } + elsif ($word_level eq "Higher") { $num_level = 4 } + elsif ($word_level eq "Paranoid") { $num_level = 5 } + + system "/usr/sbin/msec", $num_level; +} + +# *********************************************** +# FUNCTIONS (level.local) RELATED +# *********************************************** + +# get_functions(prefix) - +# return a list of functions handled by level.local (see +# man mseclib for more info). +sub get_functions { + shift; + my ($prefix, $category) = @_; + my @functions = (); + my (@tmp_network_list, @tmp_system_list); + + ## TODO handle 3 last functions here so they can be removed from this list + my @ignore_list = qw(indirect commit_changes closelog error initlog log set_secure_level + set_security_conf set_server_level print_changes get_translation + create_server_link); + + my @network_list = qw(accept_bogus_error_responses accept_broadcasted_icmp_echo accept_icmp_echo + enable_dns_spoofing_protection enable_ip_spoofing_protection + enable_log_strange_packets enable_promisc_check no_password_aging_for); + + my @system_list = qw(allow_autologin allow_issues allow_reboot allow_remote_root_login + allow_root_login allow_user_list allow_x_connections allow_xserver_to_listen + authorize_services enable_at_crontab enable_console_log enable_libsafe + enable_msec_cron enable_pam_wheel_for_su enable_password enable_security_check + enable_sulogin password_aging password_history password_length set_root_umask + set_shell_history_size set_shell_timeout set_user_umask); + + my $file = "$prefix/usr/share/msec/mseclib.py"; + my $function = ''; + + print "$prefix\n"; + # read mseclib.py to get each function's name and if it's + # not in the ignore list, add it to the returned list. + open F, $file; + while (<F>) { + if ($_ =~ /^def/) { + (undef, $function) = split(/ /, $_); + ($function, undef) = split(/\(/, $function); + if (!(member($function, @ignore_list))) { + if($category eq "network" && member($function, @network_list)) { push(@functions, $function) } + elsif($category eq "system" && member($function, @system_list)) { push(@functions, $function) } + } + } + } + close F; + + @functions; +} + +# get_function_value(prefix, function) - +# return the value of the function passed in argument. If no value is set, +# return "default". +sub get_function_value { + my ($prefix, $function) = @_; + my $value = ''; + my $msec_options = "$prefix/etc/security/msec/level.local"; + my $found = 0; + + if (-e $msec_options) { + open F, $msec_options; + while(<F>) { + if($_ =~ /^$function/) { + (undef, $value) = split(/\(/, $_); + chop $value; chop $value; + $found = 1; + } + } + close F; + if ($found == 0) { $value = "default" } + } + else { $value = "default" } + + $value; +} + +# get_function_default(prefix, function) - +# return the default value of the function according to the security level +sub get_function_default { + shift; + my ($prefix, $function) = @_; + return get_default($prefix, $function, "functions"); +} + +# config_function(prefix, function, value) - +# Apply the configuration to 'prefix'/etc/security/msec/level.local +sub config_function { + my ($prefix, $function, $value) = @_; + config_option($prefix, $function, $value, "functions"); +} + +# *********************************************** +# PERIODIC CHECKS (security.conf) RELATED +# *********************************************** + +# get_checks(prefix) - +# return a list of periodic checks handled by security.conf +sub get_checks { + my $prefix = $_; + my $check; + my @checks = (); + + my $check_file = "$prefix/var/lib/msec/security.conf"; + my @ignore_list = qw(MAIL_USER); + + if (-e $check_file) { + open F, $check_file; + while (<F>) { + ($check, undef) = split(/=/, $_); + if(!(member($check, @ignore_list))) { push(@checks, $check) } + } + close F; + } + + @checks; +} + +# get_check_value(prefix, check) +# return the value of the check passed in argument +sub get_check_value { + shift @_; + my ($prefix, $check) = @_; + my $check_file = "$prefix/etc/security/msec/security.conf"; + my $value = ''; + my $found = 0; + + if (-e $check_file) { + open F, $check_file; + while(<F>) { + if($_ =~ /^$check/) { + (undef, $value) = split(/=/, $_); + chop $value; + $found = 1; + } + } + close F; + if ($found == 0) { $value = "default" } + } + else { $value = "default" } + + $value; +} + +# get_check_default(prefix, check) +# Get the default value according to the security level +sub get_check_default { + my ($prefix, $check) = @_; + return get_default($prefix, $check, "checks"); +} + +# config_check(prefix, check, value) +# Apply the configuration to "prefix"/etc/security/msec/security.conf +sub config_check { + shift @_; + my ($prefix, $check, $value) = @_; + config_option($prefix, $check, $value, "checks"); +} + +sub new { shift } +1; |