| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
security::msec is readable at last):
- put all file names & separators for regexps in the object
- (load_defaults, load_values) thus we can use indirect call to get right values
- (load_values) fix "returning 'undef' option" (this trival bug did not have
any side effect but fixing it is cleaner
- kill debugging statements
- generalize some comments
- (reload) introduce this method so that we can later reload default values
when the user change the security level
the only bug we left is that on each saving, we add a empty line to config
files...
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- fix "check states were not saved if their value did not change (thus
reverting it to default on disk)"
- fix emebedding (no transcience when embedded)
- fix "value get chop()-ed until it disapear and is reset to default"
- log which security level is set and not only the switch
killing latest remanent parts of christian "yeah baby, i'm piggy"
work:
- functions and checks listing :
o rename get_functions() as list_functions() and
get_default_checks() as list_checks(); this is both
more homogenous and enable one to separate them from the
get_(check|function)_(value|default) function group
o regroup them
o over simplify list_functions(): leave functions listing to msec
(aka /usr/share/msec/level.<LEVEL>, assuming share/msec.py is
always up to date, just don't care reparsing python code (this is
plain stupid); if we cannot rely on msec, on who could we :-) ?
o this allow to simplify msec gui so that we do not exclude stuff
already excluded
- remove config_check(), config_funtion(): replace them by:
o set_check() and set_function() to store new values in data
structure
o apply_checks() and apply_functions() to save these new values,
thus writing config files once and not twice the functions &
checks count
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- remove unused variables
- rename get_(default|value as load_(default|value)s and alter them so
that config file are read only one time instead of one per option;
data is stocked in package variable
- thus get_default_checks() is quite a lot faster
- alter get_(check|function)_(value|default) to use new data structure
- fix check default reading
- group default values reading and current values reading
what's left: do the same thing for writing tomorow
|
|
|
|
|
|
|
| |
- no need to maintain dummy documentation about something which is
called only in one place
- simplify
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
merge any::get_secure_level() with
secure::msec::get_secure_level()
- move security level functions from secure::msec
to secure::level
- uses secure::level in install_steps
- fix duplication of security level labels
- draksec: use same strings in drakx, got nice
translations
- get_default_checks(): make it more readable
|
|
|
|
|
| |
put one that really works
|
| |
|
|
|
|
|
|
| |
- clean code
- simplify config_function()
|
|
|
|
|
| |
- remove unneeded parentheses for things like ... if (...)
|
| |
|
|
|
|
|
| |
- use "for" instead of "foreach" when used a la C
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
get_seclevel_list()
- use them in get_default()
- get_value() : don't assume a space between "function_name" and
"(parameters)"
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- security::msec :
o consolidate get_function_value() and get_value into get_value()
o really apply changes, aka save them :
* config_check() : use substInFile and setVarsInSh
* config_function() : use substInFile and append_to_file
* kill stupid and bogus config_option()
o don't overwrite previous changes, aka reread them :
* fix checks and functions current value loading
* fix checks and functions default loading
- security::main :
o simplify ui creation, make it more readable
o kill offuscating basic_secadmin_check(), basic_secadmin_entry(),
network_generate_page(), system_generate_page() and checks_generate_page()
o increase default height because of stupid "add_with_viewport" in
ugtk::createScrolledWindow
o consolidate network and system functions managment, they're all the same for
msec, splitting is only a draksec "feature"; all go in %options_values
- draksec :
o let standalone module configure standalone mode
o security::main already take care of initializing gtk
o security::main already take care of exiting
o don't play with embedded mode special variables
it overall looks better but big cleanups're still possible for mdk9.1
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
o config_check: use MDK::Common to set option rather
than overwriting config file
o remove all stupid prefix that just ofuscate code
whereas it's always set to '',
$::prefix will be a lot better
o s/shift @_/shift/
o kill config_option()
o simplify get_default()
o get_secure_level() : replace if cascade by an array
o set_secure_level() :
* replace if cascade by an hash
* default to runlevel 3 if undefined
o get_functions() : simplify by merging code paths
- security::main :
o security::libsafe is unneeded
o don't pass useless prefix
o begin to read default values
|
|
|
|
|
|
|
|
| |
than overwriting config file
- remove all stupid prefix that just ofuscate code
whereas it's always set to '',
$::prefix will be a lot better
|
|
|
|
|
|
|
|
|
|
| |
- no ignore choice for periodic checks
- save functions in /etc/security/msec/level.local
and not security.conf
- "from mseclib import" is useless
- fix functions saving (an object method invocation
takes class name as argument)
|
| |
|
|
|
|
|
|
| |
advanced options too now
- mark some strings to be translated (mainly notebook pages titles)
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
- s/choose_options/choose_functions
- Added security checks page
|
|
|
|
|
| |
- move set_server_link in the ignore list temporary
|
| |
|
| |
|
|
|
|
|
|
| |
- remove useless expert_mode var
- add get_options(): will be used to get various options from msec
|
| |
|
| |
|
| |
|
|
|