summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--perl-install/security/help.pm33
-rwxr-xr-xperl-install/standalone/draksec2
2 files changed, 34 insertions, 1 deletions
diff --git a/perl-install/security/help.pm b/perl-install/security/help.pm
index 2ed7a28bd..2e5d3d993 100644
--- a/perl-install/security/help.pm
+++ b/perl-install/security/help.pm
@@ -8,48 +8,61 @@ use common;
our %help = (
'accept_bogus_error_responses' => N("Arguments: (arg)
+
Accept/Refuse bogus IPv4 error messages."),
'accept_broadcasted_icmp_echo' => N("Arguments: (arg)
+
Accept/Refuse broadcasted icmp echo."),
'accept_icmp_echo' => N("Arguments: (arg)
+
Accept/Refuse icmp echo."),
'allow_autologin' => N("Arguments: (arg)
+
Allow/Forbid autologin."),
'allow_issues' => N("Arguments: (arg)
+
If \fIarg\fP = ALL allow /etc/issue and /etc/issue.net to exist. If \fIarg\fP = NONE no issues are
allowed else only /etc/issue is allowed."),
'allow_reboot' => N("Arguments: (arg)
+
Allow/Forbid reboot by the console user."),
'allow_remote_root_login' => N("Arguments: (arg)
+
Allow/Forbid remote root login."),
'allow_root_login' => N("Arguments: (arg)
+
Allow/Forbid direct root login."),
'allow_user_list' => N("Arguments: (arg)
+
Allow/Forbid the list of users on the system on display managers (kdm and gdm)."),
'allow_x_connections' => N("Arguments: (arg, listen_tcp=None)
+
Allow/Forbid X connections. First arg specifies what is done
on the client side: ALL (all connections are allowed), LOCAL (only
local connection) and NONE (no connection)."),
'allow_xserver_to_listen' => N("Arguments: (arg)
+
The argument specifies if clients are authorized to connect
to the X server on the tcp port 6000 or not."),
'authorize_services' => N("Arguments: (arg)
+
Authorize all services controlled by tcp_wrappers (see hosts.deny(5)) if \fIarg\fP = ALL. Only local ones
if \fIarg\fP = LOCAL and none if \fIarg\fP = NONE. To authorize the services you need, use /etc/hosts.allow
(see hosts.allow(5))."),
'create_server_link' => N("Arguments: ()
+
If SERVER_LEVEL (or SECURE_LEVEL if absent) is greater than 3
in /etc/security/msec/security.conf, creates the symlink /etc/security/msec/server
to point to /etc/security/msec/server.<SERVER_LEVEL>. The /etc/security/msec/server
@@ -57,58 +70,75 @@ is used by chkconfig --add to decide to add a service if it is present in the fi
during the installation of packages."),
'enable_at_crontab' => N("Arguments: (arg)
+
Enable/Disable crontab and at for users. Put allowed users in /etc/cron.allow and /etc/at.allow
(see man at(1) and crontab(1))."),
'enable_console_log' => N("Arguments: (arg, expr='*.*', dev='tty12')
+
Enable/Disable syslog reports to console 12. \fIexpr\fP is the
expression describing what to log (see syslog.conf(5) for more details) and
dev the device to report the log."),
'enable_dns_spoofing_protection' => N("Arguments: (arg, alert=1)
+
Enable/Disable name resolution spoofing protection. If
\fIalert\fP is true, also reports to syslog."),
'enable_ip_spoofing_protection' => N("Arguments: (arg, alert=1)
+
Enable/Disable IP spoofing protection."),
'enable_libsafe' => N("Arguments: (arg)
+
Enable/Disable libsafe if libsafe is found on the system."),
'enable_log_strange_packets' => N("Arguments: (arg)
+
Enable/Disable the logging of IPv4 strange packets."),
'enable_msec_cron' => N("Arguments: (arg)
+
Enable/Disable msec hourly security check."),
'enable_pam_wheel_for_su' => N("Arguments: (arg)
+
Enabling su only from members of the wheel group or allow su from any user."),
'enable_password' => N("Arguments: (arg)
+
Use password to authenticate users."),
'enable_promisc_check' => N("Arguments: (arg)
+
Activate/Disable ethernet cards promiscuity check."),
'enable_security_check' => N("Arguments: (arg)
+
Activate/Disable daily security check."),
'enable_sulogin' => N("Arguments: (arg)
+
Enable/Disable sulogin(8) in single user level."),
'no_password_aging_for' => N("Arguments: (name)
+
Add the name as an exception to the handling of password aging by msec."),
'password_aging' => N("Arguments: (max, inactive=-1)
+
Set password aging to \fImax\fP days and delay to change to \fIinactive\fP."),
'password_history' => N("Arguments: (arg)
+
Set the password history length to prevent password reuse."),
'password_length' => N("Arguments: (length, ndigits=0, nupper=0)
+
Set the password minimum length and minimum number of digit and minimum number of capitalized letters."),
'set_root_umask' => N("Arguments: (umask)
+
Set the root umask."),
CHECK_UNOWNED => N("if set to yes, report unowned files."),
CHECK_SHADOW => N("if set to yes, check empty password in /etc/shadow."),
@@ -129,11 +159,14 @@ CHECK_OPEN_PORT => N("if set to yes, check open ports."),
CHECK_SGID => N("if set to yes, check additions/removals of sgid files."),
'set_shell_history_size' => N("Arguments: (size)
+
Set shell commands history size. A value of -1 means unlimited."),
'set_shell_timeout' => N("Arguments: (val)
+
Set the shell timeout. A value of zero means no timeout."),
'set_user_umask' => N("Arguments: (umask)
+
Set the user umask."),
);
diff --git a/perl-install/standalone/draksec b/perl-install/standalone/draksec
index 162f76000..d9732ea0e 100755
--- a/perl-install/standalone/draksec
+++ b/perl-install/standalone/draksec
@@ -101,7 +101,7 @@ sub new_editable_combo {
sub set_default_tip {
my ($entry, $default, $opt) = @_;
my $help = $security::help::help{$opt};
- gtkset_tip(new Gtk2::Tooltips, $entry, join("\n", if_($help, $help), if_($default, N("(default value: %s)", $default))));
+ gtkset_tip(new Gtk2::Tooltips, $entry, join("\n", if_($help, formatAlaTeX($help)), if_($default, N("(default value: %s)", $default))));
}
my $msec = new security::msec;