diff options
-rw-r--r-- | perl-install/any.pm | 7 | ||||
-rw-r--r-- | perl-install/install_steps.pm | 3 | ||||
-rw-r--r-- | perl-install/security/level.pm | 47 | ||||
-rw-r--r-- | perl-install/security/main.pm | 13 | ||||
-rw-r--r-- | perl-install/security/msec.pm | 38 |
5 files changed, 61 insertions, 47 deletions
diff --git a/perl-install/any.pm b/perl-install/any.pm index 96dd5b657..2b00d9534 100644 --- a/perl-install/any.pm +++ b/perl-install/any.pm @@ -1131,13 +1131,6 @@ sub ask_window_manager_to_logout { 1; } -sub get_secure_level { - cat_("$::prefix/etc/profile") =~ /export SECURE_LEVEL=(\d+)/ && $1 || #- 8.0 msec - cat_("$::prefix/etc/profile.d/msec.sh") =~ /export SECURE_LEVEL=(\d+)/ && $1 || #- 8.1 msec - ${{ getVarsFromSh("$::prefix/etc/sysconfig/msec") }}{SECURE_LEVEL} || #- 8.2 msec - $ENV{SECURE_LEVEL}; -} - sub alloc_raw_device { my ($prefix, $device) = @_; my $used = 0; diff --git a/perl-install/install_steps.pm b/perl-install/install_steps.pm index 738cb5290..6df6bd0d2 100644 --- a/perl-install/install_steps.pm +++ b/perl-install/install_steps.pm @@ -950,7 +950,8 @@ sub miscellaneousBefore { my %s = getVarsFromSh("$o->{prefix}/etc/sysconfig/system"); $o->{miscellaneous}{HDPARM} = $s{HDPARM} if exists $s{HDPARM}; - $o->{security} ||= any::get_secure_level() || ($o->{meta_class} =~ /server|firewall/ ? 3 : 2); + require security::level; + $o->{security} ||= security::level::get() || ($o->{meta_class} =~ /server|firewall/ ? 3 : 2); $o->{security_user} ||= any::config_security_user($o->{prefix}); $o->{libsafe} ||= any::config_libsafe($o->{prefix}); diff --git a/perl-install/security/level.pm b/perl-install/security/level.pm new file mode 100644 index 000000000..7ea08a52c --- /dev/null +++ b/perl-install/security/level.pm @@ -0,0 +1,47 @@ +package security::level; + +use strict; +use common; + +my %level_list = ( + 0 => N("Welcome To Crackers"), + 1 => N("Poor"), + 2 => N("Standard"), + 3 => N("High"), + 4 => N("Higher"), + 5 => N("Paranoid"), + ); + +my @sec_levels = map { $level_list{$_} } (0..5); # enforce order + + +sub get_common_list { + map { $level_list{$_} } (2, 3, 4); +} + +sub get_full_list { + +} + +sub get { + cat_("$::prefix/etc/profile") =~ /export SECURE_LEVEL=(\d+)/ && $1 || #- 8.0 msec + cat_("$::prefix/etc/profile.d/msec.sh") =~ /export SECURE_LEVEL=(\d+)/ && $1 || #- 8.1 msec + ${{ getVarsFromSh("$::prefix/etc/sysconfig/msec") }}{SECURE_LEVEL} || #- 8.2 msec + $ENV{SECURE_LEVEL}; +} + + +sub get_string { + return $sec_levels[get()] || 2 +} + +sub set { + my %sec_levels = reverse %level_list; + my $run_level = $sec_levels{$_[0]}; + print "set level: $_[0] -> $run_level\n"; + print $::prefix, "/usr/sbin/msec ", $run_level ? $run_level : 3, "\n"; + require run_program; + run_program::rooted($::prefix, "/usr/sbin/msec", $run_level ? $run_level : 3); +} + +1; diff --git a/perl-install/security/main.pm b/perl-install/security/main.pm index 7b3f5f0df..370295b7f 100644 --- a/perl-install/security/main.pm +++ b/perl-install/security/main.pm @@ -7,6 +7,7 @@ use common; use my_gtk qw(:helpers :wrappers :ask); use run_program; +use security::level; use security::msec; # factorize this with rpmdrake and harddrake2 @@ -51,10 +52,10 @@ Security Administrator: sub basic_seclevel_option { my ($seclevel_entry, $msec) = @_; - my @sec_levels = $msec->get_seclevel_list(); - my $current_level = $msec->get_secure_level(); + my @sec_levels = security::level::get_common_list(); + my $current_level = security::level::get_string(); - push(@sec_levels, $current_level) if $current_level eq "Dangerous" || $current_level eq "Poor"; + push(@sec_levels, $current_level) unless member($current_level, @sec_levels); $$seclevel_entry->entry->set_editable(0); $$seclevel_entry->set_popdown_strings(@sec_levels); @@ -182,10 +183,10 @@ sub draksec_main { standalone::explanations("Configuring msec"); - if ($seclevel_value ne $msec->get_secure_level()) { + if ($seclevel_value ne security::level::get_string()) { $w = wait_msg(N("Please wait, setting security level...")); standalone::explanations("Setting security level"); - $msec->set_secure_level($seclevel_value); + security::level::set($seclevel_value); remove_wait_msg($w); } @@ -213,7 +214,7 @@ sub draksec_main { } } standalone::explanations("Applying msec changes"); - run_program::run($::prefix, "/usr/sbin/msec"); + run_program::rooted($::prefix, "/usr/sbin/msec"); remove_wait_msg($w); diff --git a/perl-install/security/msec.pm b/perl-install/security/msec.pm index 347976406..1ede6a4b1 100644 --- a/perl-install/security/msec.pm +++ b/perl-install/security/msec.pm @@ -20,8 +20,6 @@ msec - Perl functions to handle msec configuration files my $msec = new security::msec; - my $secure_level = $msec->get_secure_level; - my (%options, %defaults); my @functions = $msec->get_functions(); @@ -65,14 +63,14 @@ use MDK::Common; my $check_file = "$::prefix/etc/security/msec/security.conf"; -my @sec_levels = ("Dangerous", "Poor", "Standard", "High", "Higher", "Paranoid"); -my %sec_levels = ("Dangerous" => 0, "Poor" => 1, "Standard" => 2, "High" => 3, "Higher" => 4, "Paranoid" => 5); # *********************************************** # PRIVATE FUNCTIONS # *********************************************** +my $num_level; + sub get_default { my ($option, $category) = @_; my $default_file = ""; @@ -80,8 +78,8 @@ sub get_default { my $num_level = 0; if ($category eq "functions") { - my $word_level = get_secure_level(); - $num_level = $sec_levels{$word_level}; + require security::level; + $num_level = security::level::get() unless $num_level; $default_file = "$::prefix/usr/share/msec/level.".$num_level; } elsif ($category eq "checks") { $default_file = "$::prefix/var/lib/msec/security.conf" } @@ -140,32 +138,6 @@ sub get_value { # SPECIFIC OPTIONS # *********************************************** -# get_secure_level() - Get the secure level - -# duplicated with some drakx code - -sub get_secure_level { - shift; - my $num_level = 2; - - $num_level = cat_("$::prefix/etc/profile") =~ /export SECURE_LEVEL=(\d+)/ && $1 || - cat_("$::prefix/etc/profile.d/msec.sh") =~ /export SECURE_LEVEL=(\d+)/ && $1 || - ${{ getVarsFromSh("$::prefix/etc/sysconfig/msec") }}{SECURE_LEVEL}; - # || $ENV{SECURE_LEVEL}; - - return $sec_levels[$num_level]; -} - -sub get_seclevel_list { - qw(Standard High Higher Paranoid); -} - -sub set_secure_level { - my $word_level = $_[1]; - - my $run_level = $sec_levels{$word_level}; - system "/usr/sbin/msec", $run_level ? $run_level : 3; -} # *********************************************** # FUNCTIONS (level.local) RELATED @@ -259,7 +231,7 @@ sub get_default_checks { local $_; while (<F>) { ($check, undef) = split(/=/, $_); - push @checks, $check if !(member($check, qw(MAIL_USER))) + push @checks, $check unless member($check, qw(MAIL_USER)) } close F; } |