summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--perl-install/any.pm7
-rw-r--r--perl-install/install_steps.pm3
-rw-r--r--perl-install/security/level.pm47
-rw-r--r--perl-install/security/main.pm13
-rw-r--r--perl-install/security/msec.pm38
5 files changed, 61 insertions, 47 deletions
diff --git a/perl-install/any.pm b/perl-install/any.pm
index 96dd5b657..2b00d9534 100644
--- a/perl-install/any.pm
+++ b/perl-install/any.pm
@@ -1131,13 +1131,6 @@ sub ask_window_manager_to_logout {
1;
}
-sub get_secure_level {
- cat_("$::prefix/etc/profile") =~ /export SECURE_LEVEL=(\d+)/ && $1 || #- 8.0 msec
- cat_("$::prefix/etc/profile.d/msec.sh") =~ /export SECURE_LEVEL=(\d+)/ && $1 || #- 8.1 msec
- ${{ getVarsFromSh("$::prefix/etc/sysconfig/msec") }}{SECURE_LEVEL} || #- 8.2 msec
- $ENV{SECURE_LEVEL};
-}
-
sub alloc_raw_device {
my ($prefix, $device) = @_;
my $used = 0;
diff --git a/perl-install/install_steps.pm b/perl-install/install_steps.pm
index 738cb5290..6df6bd0d2 100644
--- a/perl-install/install_steps.pm
+++ b/perl-install/install_steps.pm
@@ -950,7 +950,8 @@ sub miscellaneousBefore {
my %s = getVarsFromSh("$o->{prefix}/etc/sysconfig/system");
$o->{miscellaneous}{HDPARM} = $s{HDPARM} if exists $s{HDPARM};
- $o->{security} ||= any::get_secure_level() || ($o->{meta_class} =~ /server|firewall/ ? 3 : 2);
+ require security::level;
+ $o->{security} ||= security::level::get() || ($o->{meta_class} =~ /server|firewall/ ? 3 : 2);
$o->{security_user} ||= any::config_security_user($o->{prefix});
$o->{libsafe} ||= any::config_libsafe($o->{prefix});
diff --git a/perl-install/security/level.pm b/perl-install/security/level.pm
new file mode 100644
index 000000000..7ea08a52c
--- /dev/null
+++ b/perl-install/security/level.pm
@@ -0,0 +1,47 @@
+package security::level;
+
+use strict;
+use common;
+
+my %level_list = (
+ 0 => N("Welcome To Crackers"),
+ 1 => N("Poor"),
+ 2 => N("Standard"),
+ 3 => N("High"),
+ 4 => N("Higher"),
+ 5 => N("Paranoid"),
+ );
+
+my @sec_levels = map { $level_list{$_} } (0..5); # enforce order
+
+
+sub get_common_list {
+ map { $level_list{$_} } (2, 3, 4);
+}
+
+sub get_full_list {
+
+}
+
+sub get {
+ cat_("$::prefix/etc/profile") =~ /export SECURE_LEVEL=(\d+)/ && $1 || #- 8.0 msec
+ cat_("$::prefix/etc/profile.d/msec.sh") =~ /export SECURE_LEVEL=(\d+)/ && $1 || #- 8.1 msec
+ ${{ getVarsFromSh("$::prefix/etc/sysconfig/msec") }}{SECURE_LEVEL} || #- 8.2 msec
+ $ENV{SECURE_LEVEL};
+}
+
+
+sub get_string {
+ return $sec_levels[get()] || 2
+}
+
+sub set {
+ my %sec_levels = reverse %level_list;
+ my $run_level = $sec_levels{$_[0]};
+ print "set level: $_[0] -> $run_level\n";
+ print $::prefix, "/usr/sbin/msec ", $run_level ? $run_level : 3, "\n";
+ require run_program;
+ run_program::rooted($::prefix, "/usr/sbin/msec", $run_level ? $run_level : 3);
+}
+
+1;
diff --git a/perl-install/security/main.pm b/perl-install/security/main.pm
index 7b3f5f0df..370295b7f 100644
--- a/perl-install/security/main.pm
+++ b/perl-install/security/main.pm
@@ -7,6 +7,7 @@ use common;
use my_gtk qw(:helpers :wrappers :ask);
use run_program;
+use security::level;
use security::msec;
# factorize this with rpmdrake and harddrake2
@@ -51,10 +52,10 @@ Security Administrator:
sub basic_seclevel_option {
my ($seclevel_entry, $msec) = @_;
- my @sec_levels = $msec->get_seclevel_list();
- my $current_level = $msec->get_secure_level();
+ my @sec_levels = security::level::get_common_list();
+ my $current_level = security::level::get_string();
- push(@sec_levels, $current_level) if $current_level eq "Dangerous" || $current_level eq "Poor";
+ push(@sec_levels, $current_level) unless member($current_level, @sec_levels);
$$seclevel_entry->entry->set_editable(0);
$$seclevel_entry->set_popdown_strings(@sec_levels);
@@ -182,10 +183,10 @@ sub draksec_main {
standalone::explanations("Configuring msec");
- if ($seclevel_value ne $msec->get_secure_level()) {
+ if ($seclevel_value ne security::level::get_string()) {
$w = wait_msg(N("Please wait, setting security level..."));
standalone::explanations("Setting security level");
- $msec->set_secure_level($seclevel_value);
+ security::level::set($seclevel_value);
remove_wait_msg($w);
}
@@ -213,7 +214,7 @@ sub draksec_main {
}
}
standalone::explanations("Applying msec changes");
- run_program::run($::prefix, "/usr/sbin/msec");
+ run_program::rooted($::prefix, "/usr/sbin/msec");
remove_wait_msg($w);
diff --git a/perl-install/security/msec.pm b/perl-install/security/msec.pm
index 347976406..1ede6a4b1 100644
--- a/perl-install/security/msec.pm
+++ b/perl-install/security/msec.pm
@@ -20,8 +20,6 @@ msec - Perl functions to handle msec configuration files
my $msec = new security::msec;
- my $secure_level = $msec->get_secure_level;
-
my (%options, %defaults);
my @functions = $msec->get_functions();
@@ -65,14 +63,14 @@ use MDK::Common;
my $check_file = "$::prefix/etc/security/msec/security.conf";
-my @sec_levels = ("Dangerous", "Poor", "Standard", "High", "Higher", "Paranoid");
-my %sec_levels = ("Dangerous" => 0, "Poor" => 1, "Standard" => 2, "High" => 3, "Higher" => 4, "Paranoid" => 5);
# ***********************************************
# PRIVATE FUNCTIONS
# ***********************************************
+my $num_level;
+
sub get_default {
my ($option, $category) = @_;
my $default_file = "";
@@ -80,8 +78,8 @@ sub get_default {
my $num_level = 0;
if ($category eq "functions") {
- my $word_level = get_secure_level();
- $num_level = $sec_levels{$word_level};
+ require security::level;
+ $num_level = security::level::get() unless $num_level;
$default_file = "$::prefix/usr/share/msec/level.".$num_level;
}
elsif ($category eq "checks") { $default_file = "$::prefix/var/lib/msec/security.conf" }
@@ -140,32 +138,6 @@ sub get_value {
# SPECIFIC OPTIONS
# ***********************************************
-# get_secure_level() - Get the secure level
-
-# duplicated with some drakx code
-
-sub get_secure_level {
- shift;
- my $num_level = 2;
-
- $num_level = cat_("$::prefix/etc/profile") =~ /export SECURE_LEVEL=(\d+)/ && $1 ||
- cat_("$::prefix/etc/profile.d/msec.sh") =~ /export SECURE_LEVEL=(\d+)/ && $1 ||
- ${{ getVarsFromSh("$::prefix/etc/sysconfig/msec") }}{SECURE_LEVEL};
- # || $ENV{SECURE_LEVEL};
-
- return $sec_levels[$num_level];
-}
-
-sub get_seclevel_list {
- qw(Standard High Higher Paranoid);
-}
-
-sub set_secure_level {
- my $word_level = $_[1];
-
- my $run_level = $sec_levels{$word_level};
- system "/usr/sbin/msec", $run_level ? $run_level : 3;
-}
# ***********************************************
# FUNCTIONS (level.local) RELATED
@@ -259,7 +231,7 @@ sub get_default_checks {
local $_;
while (<F>) {
($check, undef) = split(/=/, $_);
- push @checks, $check if !(member($check, qw(MAIL_USER)))
+ push @checks, $check unless member($check, qw(MAIL_USER))
}
close F;
}