diff options
Diffstat (limited to 'perl-install/security')
| -rw-r--r-- | perl-install/security/help.pm | 2 | ||||
| -rw-r--r-- | perl-install/security/level.pm | 56 | ||||
| -rw-r--r-- | perl-install/security/various.pm | 2 |
3 files changed, 34 insertions, 26 deletions
diff --git a/perl-install/security/help.pm b/perl-install/security/help.pm index 267dcd866..ec934e067 100644 --- a/perl-install/security/help.pm +++ b/perl-install/security/help.pm @@ -91,7 +91,7 @@ and crontab(1))."), 'enable_password' => N("Use password to authenticate users."), -'enable_promisc_check' => N("Activate ethernet cards promiscuity check."), +'enable_promisc_check' => N("Activate Ethernet cards promiscuity check."), 'enable_security_check' => N("Activate daily security check."), diff --git a/perl-install/security/level.pm b/perl-install/security/level.pm index 826617ad3..bb3d9ddf2 100644 --- a/perl-install/security/level.pm +++ b/perl-install/security/level.pm @@ -3,58 +3,66 @@ package security::level; use strict; use common; use run_program; - +# perl_checker: require interactive sub level_list() { ( - 0 => N("Welcome To Crackers"), - 1 => N("Poor"), - 2 => N("Standard"), - 3 => N("High"), - 4 => N("Higher"), - 5 => N("Paranoid"), + 0 => N("Disable msec"), + 1 => N("Standard"), + 2 => N("Secure"), ); } sub to_string { +{ level_list() }->{$_[0]} } sub from_string { +{ reverse level_list() }->{$_[0]} || 2 } +sub rawlevel_list() { + ( + 0 => 'none', + 1 => 'standard', + 2 => 'secure', + ); +} + +sub to_lowlevel_string { +{ rawlevel_list() }->{$_[0]} } +sub from_lowlevel_string { +{ reverse rawlevel_list() }->{$_[0]} || 2 } + sub get_string() { to_string(get() || 2) } sub get_common_list() { map { to_string($_) } (1, 2, 3, 4, 5) } sub get() { - cat_("$::prefix/etc/profile") =~ /export SECURE_LEVEL=(\d+)/ && $1 || #- 8.0 msec - cat_("$::prefix/etc/profile.d/msec.sh") =~ /export SECURE_LEVEL=(\d+)/ && $1 || #- 8.1 msec - ${{ getVarsFromSh("$::prefix/etc/sysconfig/msec") }}{SECURE_LEVEL} || #- 8.2 msec - $ENV{SECURE_LEVEL} || 3; + my $level = ${{ getVarsFromSh("$::prefix/etc/security/msec/security.conf") }}{BASE_LEVEL} || #- 2009.1 msec + "standard"; + from_lowlevel_string($level); } sub set { my ($security) = @_; - run_program::rooted($::prefix, 'msec', '-o', 'run_commands=0', '-o', 'log=stderr', $security || 3); + my @levelnames = ('none', 'standard', 'secure'); + # use Standard level if specified level is out of range + $security = 1 if $security > $#levelnames; + run_program::rooted($::prefix, 'msec', '-q', '-f', $levelnames[$security]); + run_program::rooted($::prefix, 'msecperms', '-q', '-e', $levelnames[$security]); } sub level_choose { - my ($in, $security, $email) = @_; + my ($in, $security, $email) = @_; # perl_checker: $in = interactive->new my %help = ( - 0 => N("This level is to be used with care. It makes your system more easy to use, -but very sensitive. It must not be used for a machine connected to others -or to the Internet. There is no password access."), - 1 => N("Passwords are now enabled, but use as a networked computer is still not recommended."), - 2 => N("This is the standard security recommended for a computer that will be used to connect to the Internet as a client."), - 3 => N("There are already some restrictions, and more automatic checks are run every night."), - 4 => N("With this security level, the use of this system as a server becomes possible. + 0 => N("This level is to be used with care, as it disables all additional security +provided by msec. Use it only when you want to take care of all aspects of system security +on your own."), + 1 => N("This is the standard security recommended for a computer that will be used to connect to the Internet as a client."), + 2 => N("With this security level, the use of this system as a server becomes possible. The security is now high enough to use the system as a server which can accept connections from many clients. Note: if your machine is only a client on the Internet, you should choose a lower level."), - 5 => N("This is similar to the previous level, but the system is entirely closed and security features are at their maximum."), ); - my @l = 2 .. 5; + my @l = 1 .. 2; $in->ask_from_({ title => $::isInstall ? N("Security") : N("DrakSec Basic Options"), - interactive_help_id => 'misc-params#draxid-miscellaneous', - }, [ + interactive_help_id => 'securityLevel', + }, [ { label => N("Please choose the desired security level"), title => 1 }, { val => $security, list => \@l, format => sub { diff --git a/perl-install/security/various.pm b/perl-install/security/various.pm index 140eed5c4..2e4abd397 100644 --- a/perl-install/security/various.pm +++ b/perl-install/security/various.pm @@ -1,4 +1,4 @@ -package security::various; # $Id$ +package security::various; use diagnostics; use strict; |