diff options
Diffstat (limited to 'perl-install/security')
| -rw-r--r-- | perl-install/security/help.pm | 17 | ||||
| -rw-r--r-- | perl-install/security/l10n.pm | 1 | ||||
| -rw-r--r-- | perl-install/security/msec.pm | 15 |
3 files changed, 21 insertions, 12 deletions
diff --git a/perl-install/security/help.pm b/perl-install/security/help.pm index 3176c5749..6f24b4bbb 100644 --- a/perl-install/security/help.pm +++ b/perl-install/security/help.pm @@ -16,7 +16,9 @@ our %help = ( 'allow_autologin' => N("Allow/Forbid autologin."), -'allow_issues' => N("If set to \"ALL\", /etc/issue and /etc/issue.net are allowed to exist. +'allow_issues' => + #-PO: here "ALL" is a value in a pull-down menu; translate it the same as "ALL" is + N("If set to \"ALL\", /etc/issue and /etc/issue.net are allowed to exist. If set to NONE, no issues are allowed. @@ -30,6 +32,11 @@ Else only /etc/issue is allowed."), 'allow_user_list' => N("Allow/Forbid the list of users on the system on display managers (kdm and gdm)."), +'allow_xauth_from_root' => N("Allow/forbid to export display when +passing from the root account to the other users. + +See pam_xauth(8) for more details.'"), + 'allow_x_connections' => N("Allow/Forbid X connections: - ALL (all connections are allowed), @@ -41,7 +48,9 @@ Else only /etc/issue is allowed."), 'allow_xserver_to_listen' => N("The argument specifies if clients are authorized to connect to the X server from the network on the tcp port 6000 or not."), -'authorize_services' => N("Authorize: +'authorize_services' => + #-PO: here "ALL", "LOCAL" and "NONE" are values in a pull-down menu; translate them the same as they're + N("Authorize: - all services controlled by tcp_wrappers (see hosts.deny(5) man page) if set to \"ALL\", @@ -68,7 +77,7 @@ and crontab(1))."), 'enable_console_log' => N("Enable/Disable syslog reports to console 12"), 'enable_dns_spoofing_protection' => N("Enable/Disable name resolution spoofing protection. If -\"alert\" is true, also reports to syslog."), +\"%s\" is true, also reports to syslog.", N("Security Alerts:")), 'enable_ip_spoofing_protection' => N("Enable/Disable IP spoofing protection."), @@ -98,7 +107,7 @@ and crontab(1))."), 'set_root_umask' => N("Set the root umask."), CHECK_OPEN_PORT => N("if set to yes, check open ports."), -CHECK_PASSWD => N("if set to yes, check for : +CHECK_PASSWD => N("if set to yes, check for: - empty passwords, diff --git a/perl-install/security/l10n.pm b/perl-install/security/l10n.pm index 17e9bb017..de39c3d41 100644 --- a/perl-install/security/l10n.pm +++ b/perl-install/security/l10n.pm @@ -17,6 +17,7 @@ sub fields() { 'allow_remote_root_login' => N("Allow remote root login"), 'allow_root_login' => N("Direct root login"), 'allow_user_list' => N("List users on display managers (kdm and gdm)"), + 'allow_xauth_from_root' => N("Export display when passing from root to the other users"), 'allow_x_connections' => N("Allow X Window connections"), 'allow_xserver_to_listen' => N("Authorize TCP connections to X Window"), 'authorize_services' => N("Authorize all services controlled by tcp_wrappers"), diff --git a/perl-install/security/msec.pm b/perl-install/security/msec.pm index b06078aed..e4b9da561 100644 --- a/perl-install/security/msec.pm +++ b/perl-install/security/msec.pm @@ -49,7 +49,7 @@ sub load_values { chop $val; $val =~ s/[()]//g; chop $opt if $separator eq '\('; # $opt =~ s/ //g if $separator eq '\('; - if_($val, $opt => $val); + if_(defined($val), $opt => $val); } cat_($msec->{$category}{values_file}); } @@ -60,7 +60,7 @@ sub load_values { sub get_function_value { my ($msec, $function) = @_; - $msec->{functions}{value}{$function} || "default"; + exists $msec->{functions}{value}{$function} ? $msec->{functions}{value}{$function} : "default"; } sub get_check_value { @@ -83,7 +83,7 @@ sub raw_checks_list { sub list_checks { my ($msec) = @_; - grep { !member($_, qw(MAIL_WARN MAIL_USER)) } $msec->raw_checks_list; + difference2([ $msec->raw_checks_list ], [ qw(MAIL_WARN MAIL_USER) ]); } sub list_functions { @@ -98,7 +98,7 @@ sub list_functions { enable_dns_spoofing_protection enable_ip_spoofing_protection enable_log_strange_packets enable_promisc_check no_password_aging_for)], 'system' => [qw(allow_autologin allow_issues allow_reboot allow_remote_root_login - allow_root_login allow_user_list allow_x_connections allow_xserver_to_listen + allow_root_login allow_user_list allow_xauth_from_root allow_x_connections allow_xserver_to_listen authorize_services enable_at_crontab enable_console_log enable_msec_cron enable_pam_wheel_for_su enable_password enable_security_check enable_sulogin password_aging password_history password_length set_root_umask @@ -160,15 +160,14 @@ sub apply_checks { sub reload { my ($msec) = @_; - my $num_level = 0; require security::level; - $num_level ||= security::level::get(); - $msec->{functions}{defaults_file} = "$::prefix/usr/share/msec/level.".$num_level; + my $num_level = security::level::get(); + $msec->{functions}{defaults_file} = "$::prefix/usr/share/msec/level.$num_level"; $msec->{functions}{default} = { $msec->load_defaults('functions') }; } sub new { - my $type = shift; + my ($type) = @_; my $msec = bless {}, $type; $msec->{functions}{values_file} = "$::prefix/etc/security/msec/level.local"; |