summaryrefslogtreecommitdiffstats
path: root/perl-install/security/help.pm
diff options
context:
space:
mode:
Diffstat (limited to 'perl-install/security/help.pm')
-rw-r--r--perl-install/security/help.pm187
1 files changed, 77 insertions, 110 deletions
diff --git a/perl-install/security/help.pm b/perl-install/security/help.pm
index 2e5d3d993..ec934e067 100644
--- a/perl-install/security/help.pm
+++ b/perl-install/security/help.pm
@@ -1,172 +1,139 @@
package security::help;
-# !! THIS FILE WAS AUTO-GENERATED BY draksec_help.py !!
-# !! DO NOT MODIFY HERE, MODIFY IN THE *MSEC* CVS !!
+# This help was forked from msec internal function descriptions
+# They were then reworked in order to be targeted for end users, not msec developpers
+
use strict;
use common;
our %help = (
-'accept_bogus_error_responses' => N("Arguments: (arg)
-
-Accept/Refuse bogus IPv4 error messages."),
-
-'accept_broadcasted_icmp_echo' => N("Arguments: (arg)
-
- Accept/Refuse broadcasted icmp echo."),
-
-'accept_icmp_echo' => N("Arguments: (arg)
-
- Accept/Refuse icmp echo."),
-
-'allow_autologin' => N("Arguments: (arg)
-
-Allow/Forbid autologin."),
-
-'allow_issues' => N("Arguments: (arg)
-
-If \fIarg\fP = ALL allow /etc/issue and /etc/issue.net to exist. If \fIarg\fP = NONE no issues are
-allowed else only /etc/issue is allowed."),
+'accept_bogus_error_responses' => N("Accept bogus IPv4 error messages."),
-'allow_reboot' => N("Arguments: (arg)
+'accept_broadcasted_icmp_echo' => N("Accept broadcasted icmp echo."),
-Allow/Forbid reboot by the console user."),
+'accept_icmp_echo' => N("Accept icmp echo."),
-'allow_remote_root_login' => N("Arguments: (arg)
+'allow_autologin' => N("Allow autologin."),
-Allow/Forbid remote root login."),
+'allow_issues' =>
+ #-PO: here "ALL" is a value in a pull-down menu; translate it the same as "ALL" is
+ N("If set to \"ALL\", /etc/issue and /etc/issue.net are allowed to exist.
-'allow_root_login' => N("Arguments: (arg)
+If set to \"None\", no issues are allowed.
-Allow/Forbid direct root login."),
+Else only /etc/issue is allowed."),
-'allow_user_list' => N("Arguments: (arg)
+'allow_reboot' => N("Allow reboot by the console user."),
-Allow/Forbid the list of users on the system on display managers (kdm and gdm)."),
+'allow_remote_root_login' => N("Allow remote root login."),
-'allow_x_connections' => N("Arguments: (arg, listen_tcp=None)
+'allow_root_login' => N("Allow direct root login."),
-Allow/Forbid X connections. First arg specifies what is done
-on the client side: ALL (all connections are allowed), LOCAL (only
-local connection) and NONE (no connection)."),
+'allow_user_list' => N("Allow the list of users on the system on display managers (kdm and gdm)."),
-'allow_xserver_to_listen' => N("Arguments: (arg)
+'allow_xauth_from_root' => N("Allow to export display when
+passing from the root account to the other users.
-The argument specifies if clients are authorized to connect
-to the X server on the tcp port 6000 or not."),
+See pam_xauth(8) for more details.'"),
-'authorize_services' => N("Arguments: (arg)
+'allow_x_connections' => N("Allow X connections:
-Authorize all services controlled by tcp_wrappers (see hosts.deny(5)) if \fIarg\fP = ALL. Only local ones
-if \fIarg\fP = LOCAL and none if \fIarg\fP = NONE. To authorize the services you need, use /etc/hosts.allow
-(see hosts.allow(5))."),
+- \"All\" (all connections are allowed),
-'create_server_link' => N("Arguments: ()
+- \"Local\" (only connection from local machine),
-If SERVER_LEVEL (or SECURE_LEVEL if absent) is greater than 3
-in /etc/security/msec/security.conf, creates the symlink /etc/security/msec/server
-to point to /etc/security/msec/server.<SERVER_LEVEL>. The /etc/security/msec/server
-is used by chkconfig --add to decide to add a service if it is present in the file
-during the installation of packages."),
+- \"None\" (no connection)."),
-'enable_at_crontab' => N("Arguments: (arg)
+'allow_xserver_to_listen' => N("The argument specifies if clients are authorized to connect
+to the X server from the network on the tcp port 6000 or not."),
-Enable/Disable crontab and at for users. Put allowed users in /etc/cron.allow and /etc/at.allow
-(see man at(1) and crontab(1))."),
+'authorize_services' =>
+ #-PO: here "ALL", "Local" and "None" are values in a pull-down menu; translate them the same as they're
+ N("Authorize:
-'enable_console_log' => N("Arguments: (arg, expr='*.*', dev='tty12')
+- all services controlled by tcp_wrappers (see hosts.deny(5) man page) if set to \"ALL\",
-Enable/Disable syslog reports to console 12. \fIexpr\fP is the
-expression describing what to log (see syslog.conf(5) for more details) and
-dev the device to report the log."),
+- only local ones if set to \"Local\"
-'enable_dns_spoofing_protection' => N("Arguments: (arg, alert=1)
+- none if set to \"None\".
-Enable/Disable name resolution spoofing protection. If
-\fIalert\fP is true, also reports to syslog."),
+To authorize the services you need, use /etc/hosts.allow (see hosts.allow(5))."),
-'enable_ip_spoofing_protection' => N("Arguments: (arg, alert=1)
+'create_server_link' => N("If SERVER_LEVEL (or SECURE_LEVEL if absent)
+is greater than 3 in /etc/security/msec/security.conf, creates the
+symlink /etc/security/msec/server to point to
+/etc/security/msec/server.<SERVER_LEVEL>.
-Enable/Disable IP spoofing protection."),
+The /etc/security/msec/server is used by chkconfig --add to decide to
+add a service if it is present in the file during the installation of
+packages."),
-'enable_libsafe' => N("Arguments: (arg)
+'enable_at_crontab' => N("Enable crontab and at for users.
-Enable/Disable libsafe if libsafe is found on the system."),
+Put allowed users in /etc/cron.allow and /etc/at.allow (see man at(1)
+and crontab(1))."),
-'enable_log_strange_packets' => N("Arguments: (arg)
+'enable_console_log' => N("Enable syslog reports to console 12"),
-Enable/Disable the logging of IPv4 strange packets."),
+'enable_dns_spoofing_protection' => N("Enable name resolution spoofing protection. If
+\"%s\" is true, also reports to syslog.", N("Security Alerts:")),
-'enable_msec_cron' => N("Arguments: (arg)
+'enable_ip_spoofing_protection' => N("Enable IP spoofing protection."),
-Enable/Disable msec hourly security check."),
+'enable_libsafe' => N("Enable libsafe if libsafe is found on the system."),
-'enable_pam_wheel_for_su' => N("Arguments: (arg)
+'enable_log_strange_packets' => N("Enable the logging of IPv4 strange packets."),
- Enabling su only from members of the wheel group or allow su from any user."),
+'enable_msec_cron' => N("Enable msec hourly security check."),
-'enable_password' => N("Arguments: (arg)
+'enable_pam_wheel_for_su' => N("Enable su only from members of the wheel group. If set to no, allows su from any user."),
-Use password to authenticate users."),
+'enable_password' => N("Use password to authenticate users."),
-'enable_promisc_check' => N("Arguments: (arg)
+'enable_promisc_check' => N("Activate Ethernet cards promiscuity check."),
-Activate/Disable ethernet cards promiscuity check."),
+'enable_security_check' => N("Activate daily security check."),
-'enable_security_check' => N("Arguments: (arg)
+'enable_sulogin' => N("Enable sulogin(8) in single user level."),
- Activate/Disable daily security check."),
+'no_password_aging_for' => N("Add the name as an exception to the handling of password aging by msec."),
-'enable_sulogin' => N("Arguments: (arg)
+'password_aging' => N("Set password aging to \"max\" days and delay to change to \"inactive\"."),
- Enable/Disable sulogin(8) in single user level."),
+'password_history' => N("Set the password history length to prevent password reuse."),
-'no_password_aging_for' => N("Arguments: (name)
+'password_length' => N("Set the password minimum length and minimum number of digit and minimum number of capitalized letters."),
-Add the name as an exception to the handling of password aging by msec."),
-
-'password_aging' => N("Arguments: (max, inactive=-1)
-
-Set password aging to \fImax\fP days and delay to change to \fIinactive\fP."),
-
-'password_history' => N("Arguments: (arg)
-
-Set the password history length to prevent password reuse."),
-
-'password_length' => N("Arguments: (length, ndigits=0, nupper=0)
+'set_root_umask' => N("Set the root's file mode creation mask."),
+CHECK_OPEN_PORT => N("if set to yes, check open ports."),
+CHECK_PASSWD => N("if set to yes, check for:
-Set the password minimum length and minimum number of digit and minimum number of capitalized letters."),
+- empty passwords,
-'set_root_umask' => N("Arguments: (umask)
+- no password in /etc/shadow
-Set the root umask."),
-CHECK_UNOWNED => N("if set to yes, report unowned files."),
+- for users with the 0 id other than root."),
+CHECK_PERMS => N("if set to yes, check permissions of files in the users' home."),
+CHECK_PROMISC => N("if set to yes, check if the network devices are in promiscuous mode."),
+CHECK_SECURITY => N("if set to yes, run the daily security checks."),
+CHECK_SGID => N("if set to yes, check additions/removals of sgid files."),
CHECK_SHADOW => N("if set to yes, check empty password in /etc/shadow."),
CHECK_SUID_MD5 => N("if set to yes, verify checksum of the suid/sgid files."),
-CHECK_SECURITY => N("if set to yes, run the daily security checks."),
-CHECK_PASSWD => N("if set to yes, check for empty password, or a password while it should be in /etc/shadow or other users with id 0."),
-SYSLOG_WARN => N("if set to yes, report check result to syslog."),
CHECK_SUID_ROOT => N("if set to yes, check additions/removals of suid root files."),
-CHECK_PERMS => N("if set to yes, check permissions of files in the users' home."),
+CHECK_UNOWNED => N("if set to yes, report unowned files."),
+CHECK_WRITABLE => N("if set to yes, check files/directories writable by everybody."),
CHKROOTKIT_CHECK => N("if set to yes, run chkrootkit checks."),
-CHECK_PROMISC => N("if set to yes, check if the network devices are in promiscuous mode."),
+MAIL_USER => N("if set, send the mail report to this email address else send it to root."),
+MAIL_WARN => N("if set to yes, report check result by mail."),
+MAIL_EMPTY_CONTENT => N("Do not send mails if there's nothing to warn about"),
RPM_CHECK => N("if set to yes, run some checks against the rpm database."),
+SYSLOG_WARN => N("if set to yes, report check result to syslog."),
TTY_WARN => N("if set to yes, reports check result to tty."),
-CHECK_WRITABLE => N("if set to yes, check files/directories writable by everybody."),
-MAIL_WARN => N("if set to yes, report check result by mail."),
-MAIL_USER => N("if set, send the mail report to this email address else send it to root."),
-CHECK_OPEN_PORT => N("if set to yes, check open ports."),
-CHECK_SGID => N("if set to yes, check additions/removals of sgid files."),
-
-'set_shell_history_size' => N("Arguments: (size)
-
-Set shell commands history size. A value of -1 means unlimited."),
-
-'set_shell_timeout' => N("Arguments: (val)
-Set the shell timeout. A value of zero means no timeout."),
+'set_shell_history_size' => N("Set shell commands history size. A value of -1 means unlimited."),
-'set_user_umask' => N("Arguments: (umask)
+'set_shell_timeout' => N("Set the shell timeout. A value of zero means no timeout.") . "\n\n" . N("Timeout unit is second"),
-Set the user umask."),
+'set_user_umask' => N("Set the user's file mode creation mask."),
);
generated by cgit v1.2.1 (git 2.21.0) at 2025-10-25 14:39:27 +0000