From c54ba9d4b423357d8df2e4713d6939e270c74a80 Mon Sep 17 00:00:00 2001 From: Thierry Vignaud Date: Thu, 24 Jul 2003 17:07:50 +0000 Subject: - filter dumb characters - strip help from internal msec doc so that it better fit end user --- perl-install/security/help.pm | 148 +++++++++++++----------------------------- 1 file changed, 45 insertions(+), 103 deletions(-) (limited to 'perl-install/security/help.pm') diff --git a/perl-install/security/help.pm b/perl-install/security/help.pm index 9300126e0..a3b7f940e 100644 --- a/perl-install/security/help.pm +++ b/perl-install/security/help.pm @@ -1,145 +1,93 @@ package security::help; -# !! THIS FILE WAS AUTO-GENERATED BY draksec_help.py !! -# !! DO NOT MODIFY HERE, MODIFY IN THE *MSEC* CVS !! +# This help was forked from msec internal function descriptions +# They were then reworked in order to be targeted for end users, not msec developpers + use strict; use common; our %help = ( -'accept_bogus_error_responses' => N("Arguments: (arg) - -Accept/Refuse bogus IPv4 error messages."), - -'accept_broadcasted_icmp_echo' => N("Arguments: (arg) - - Accept/Refuse broadcasted icmp echo."), - -'accept_icmp_echo' => N("Arguments: (arg) - - Accept/Refuse icmp echo."), - -'allow_autologin' => N("Arguments: (arg) - -Allow/Forbid autologin."), - -'allow_issues' => N("Arguments: (arg) +'accept_bogus_error_responses' => N("Accept/Refuse bogus IPv4 error messages."), -If \fIarg\fP = ALL allow /etc/issue and /etc/issue.net to exist. If \fIarg\fP = NONE no issues are -allowed else only /etc/issue is allowed."), +'accept_broadcasted_icmp_echo' => N(" Accept/Refuse broadcasted icmp echo."), -'allow_reboot' => N("Arguments: (arg) +'accept_icmp_echo' => N(" Accept/Refuse icmp echo."), -Allow/Forbid reboot by the console user."), +'allow_autologin' => N("Allow/Forbid autologin."), -'allow_remote_root_login' => N("Arguments: (arg) +'allow_issues' => N("If set to \"ALL\", /etc/issue and /etc/issue.net are allowed to exist. +If set to NONE, no issues are allowed. +Else only /etc/issue is allowed."), -Allow/Forbid remote root login."), +'allow_reboot' => N("Allow/Forbid reboot by the console user."), -'allow_root_login' => N("Arguments: (arg) +'allow_remote_root_login' => N("Allow/Forbid remote root login."), -Allow/Forbid direct root login."), +'allow_root_login' => N("Allow/Forbid direct root login."), -'allow_user_list' => N("Arguments: (arg) +'allow_user_list' => N("Allow/Forbid the list of users on the system on display managers (kdm and gdm)."), -Allow/Forbid the list of users on the system on display managers (kdm and gdm)."), - -'allow_x_connections' => N("Arguments: (arg, listen_tcp=None) - -Allow/Forbid X connections. First arg specifies what is done +'allow_x_connections' => N("Allow/Forbid X connections. First arg specifies what is done on the client side: ALL (all connections are allowed), LOCAL (only local connection) and NONE (no connection)."), -'allow_xserver_to_listen' => N("Arguments: (arg) - -The argument specifies if clients are authorized to connect +'allow_xserver_to_listen' => N("The argument specifies if clients are authorized to connect to the X server on the tcp port 6000 or not."), -'authorize_services' => N("Arguments: (arg) +'authorize_services' => N("Authorize: + +- all services controlled by tcp_wrappers (see hosts.deny(5) man page) if set to \"ALL\", -Authorize all services controlled by tcp_wrappers (see hosts.deny(5)) if \fIarg\fP = ALL. Only local ones -if \fIarg\fP = LOCAL and none if \fIarg\fP = NONE. To authorize the services you need, use /etc/hosts.allow -(see hosts.allow(5))."), +- only local ones if set to \"LOCAL\" -'create_server_link' => N("Arguments: () +- none if set to \"NONE\". -If SERVER_LEVEL (or SECURE_LEVEL if absent) is greater than 3 +To authorize the services you need, use /etc/hosts.allow (see hosts.allow(5))."), + +'create_server_link' => N("If SERVER_LEVEL (or SECURE_LEVEL if absent) is greater than 3 in /etc/security/msec/security.conf, creates the symlink /etc/security/msec/server to point to /etc/security/msec/server.. The /etc/security/msec/server is used by chkconfig --add to decide to add a service if it is present in the file during the installation of packages."), -'enable_at_crontab' => N("Arguments: (arg) - -Enable/Disable crontab and at for users. Put allowed users in /etc/cron.allow and /etc/at.allow +'enable_at_crontab' => N("Enable/Disable crontab and at for users. Put allowed users in /etc/cron.allow and /etc/at.allow (see man at(1) and crontab(1))."), -'enable_console_log' => N("Arguments: (arg, expr='*.*', dev='tty12') - -Enable/Disable syslog reports to console 12. \fIexpr\fP is the +'enable_console_log' => N("Enable/Disable syslog reports to console 12. \"expr\" is the expression describing what to log (see syslog.conf(5) for more details) and dev the device to report the log."), -'enable_dns_spoofing_protection' => N("Arguments: (arg, alert=1) - -Enable/Disable name resolution spoofing protection. If -\fIalert\fP is true, also reports to syslog."), +'enable_dns_spoofing_protection' => N("Enable/Disable name resolution spoofing protection. If +\"alert\" is true, also reports to syslog."), -'enable_ip_spoofing_protection' => N("Arguments: (arg, alert=1) +'enable_ip_spoofing_protection' => N("Enable/Disable IP spoofing protection."), -Enable/Disable IP spoofing protection."), +'enable_libsafe' => N("Enable/Disable libsafe if libsafe is found on the system."), -'enable_libsafe' => N("Arguments: (arg) +'enable_log_strange_packets' => N("Enable/Disable the logging of IPv4 strange packets."), -Enable/Disable libsafe if libsafe is found on the system."), +'enable_msec_cron' => N("Enable/Disable msec hourly security check."), -'enable_log_strange_packets' => N("Arguments: (arg) +'enable_pam_wheel_for_su' => N(" Enabling su only from members of the wheel group or allow su from any user."), -Enable/Disable the logging of IPv4 strange packets."), +'enable_password' => N("Use password to authenticate users."), -'enable_msec_cron' => N("Arguments: (arg) +'enable_promisc_check' => N("Activate/Disable ethernet cards promiscuity check."), -Enable/Disable msec hourly security check."), +'enable_security_check' => N(" Activate/Disable daily security check."), -'enable_pam_wheel_for_su' => N("Arguments: (arg) +'enable_sulogin' => N(" Enable/Disable sulogin(8) in single user level."), - Enabling su only from members of the wheel group or allow su from any user."), +'no_password_aging_for' => N("Add the name as an exception to the handling of password aging by msec."), -'enable_password' => N("Arguments: (arg) +'password_aging' => N("Set password aging to \"max\" days and delay to change to \"inactive\"."), -Use password to authenticate users."), +'password_history' => N("Set the password history length to prevent password reuse."), -'enable_promisc_check' => N("Arguments: (arg) +'password_length' => N("Set the password minimum length and minimum number of digit and minimum number of capitalized letters."), -Activate/Disable ethernet cards promiscuity check."), - -'enable_security_check' => N("Arguments: (arg) - - Activate/Disable daily security check."), - -'enable_sulogin' => N("Arguments: (arg) - - Enable/Disable sulogin(8) in single user level."), - -'no_password_aging_for' => N("Arguments: (name) - -Add the name as an exception to the handling of password aging by msec."), - -'password_aging' => N("Arguments: (max, inactive=-1) - -Set password aging to \fImax\fP days and delay to change to \fIinactive\fP."), - -'password_history' => N("Arguments: (arg) - -Set the password history length to prevent password reuse."), - -'password_length' => N("Arguments: (length, ndigits=0, nupper=0) - -Set the password minimum length and minimum number of digit and minimum number of capitalized letters."), - -'set_root_umask' => N("Arguments: (umask) - -Set the root umask."), +'set_root_umask' => N("Set the root umask."), CHECK_UNOWNED => N("if set to yes, report unowned files."), CHECK_SHADOW => N("if set to yes, check empty password in /etc/shadow."), CHECK_SUID_MD5 => N("if set to yes, verify checksum of the suid/sgid files."), @@ -158,15 +106,9 @@ MAIL_USER => N("if set, send the mail report to this email address else send it CHECK_OPEN_PORT => N("if set to yes, check open ports."), CHECK_SGID => N("if set to yes, check additions/removals of sgid files."), -'set_shell_history_size' => N("Arguments: (size) - -Set shell commands history size. A value of -1 means unlimited."), - -'set_shell_timeout' => N("Arguments: (val) - -Set the shell timeout. A value of zero means no timeout."), +'set_shell_history_size' => N("Set shell commands history size. A value of -1 means unlimited."), -'set_user_umask' => N("Arguments: (umask) +'set_shell_timeout' => N("Set the shell timeout. A value of zero means no timeout."), -Set the user umask."), +'set_user_umask' => N("Set the user umask."), ); -- cgit v1.2.1