aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEugeni Dodonov <eugeni@mandriva.org>2009-06-23 20:53:19 +0000
committerEugeni Dodonov <eugeni@mandriva.org>2009-06-23 20:53:19 +0000
commitc8ede8c05478d1f85a43d8029cb082c2a7d6e8cb (patch)
tree3b2f85cfd74928713a06ea1e78be04c0c9731bb7
parent24a6a6bf9bf97657b649860d45a04a2f85a1dfb1 (diff)
downloadmsec-c8ede8c05478d1f85a43d8029cb082c2a7d6e8cb.tar
msec-c8ede8c05478d1f85a43d8029cb082c2a7d6e8cb.tar.gz
msec-c8ede8c05478d1f85a43d8029cb082c2a7d6e8cb.tar.bz2
msec-c8ede8c05478d1f85a43d8029cb082c2a7d6e8cb.tar.xz
msec-c8ede8c05478d1f85a43d8029cb082c2a7d6e8cb.zip
Check for open ports only when required.
-rwxr-xr-xcron-sh/security.sh4
-rw-r--r--src/msec/config.py7
-rwxr-xr-xsrc/msec/libmsec.py4
3 files changed, 11 insertions, 4 deletions
diff --git a/cron-sh/security.sh b/cron-sh/security.sh
index 17ebb4a..9b4040e 100755
--- a/cron-sh/security.sh
+++ b/cron-sh/security.sh
@@ -133,7 +133,9 @@ if [[ -f ${CHKROOTKIT_TODAY} ]]; then
mv -f ${CHKROOTKIT_TODAY} ${CHKROOTKIT_YESTERDAY}
fi
-netstat -pvlA inet,inet6 2> /dev/null > ${OPEN_PORT_TODAY};
+if [[ ${CHECK_OPEN_PORT} == yes ]]; then
+ netstat -pvlA inet,inet6 2> /dev/null > ${OPEN_PORT_TODAY};
+fi
ionice -c3 -p $$
diff --git a/src/msec/config.py b/src/msec/config.py
index 212b327..8342fa5 100644
--- a/src/msec/config.py
+++ b/src/msec/config.py
@@ -64,6 +64,7 @@ SETTINGS = {'BASE_LEVEL': ("libmsec.base_level",
'FIX_UNOWNED' : ("libmsec.fix_unowned", ['yes', 'no']),
'CHECK_PROMISC' : ("libmsec.check_promisc", ['yes', 'no']),
'CHECK_OPEN_PORT' : ("libmsec.check_open_port", ['yes', 'no']),
+ 'CHECK_FIREWALL' : ("libmsec.check_firewall", ['yes', 'no']),
'CHECK_PASSWD' : ("libmsec.check_passwd", ['yes', 'no']),
'CHECK_SHADOW' : ("libmsec.check_shadow", ['yes', 'no']),
'CHECK_CHKROOTKIT' : ("libmsec.check_chkrootkit", ['yes', 'no']),
@@ -126,9 +127,9 @@ SETTINGS_NETWORK = ["ACCEPT_BOGUS_ERROR_RESPONSES", "ACCEPT_BROADCASTED_ICMP_ECH
]
# periodic checks
SETTINGS_PERIODIC = ["CHECK_PERMS", "CHECK_USER_FILES", "CHECK_SUID_ROOT", "CHECK_SUID_MD5", "CHECK_SGID",
- "CHECK_WRITABLE", "CHECK_UNOWNED", "FIX_UNOWNED", "CHECK_PROMISC", "CHECK_OPEN_PORT", "CHECK_PASSWD",
- "CHECK_SHADOW", "CHECK_CHKROOTKIT", "CHECK_RPM", "CHECK_SHOSTS", "TTY_WARN", "SYSLOG_WARN",
- "MAIL_EMPTY_CONTENT",
+ "CHECK_WRITABLE", "CHECK_UNOWNED", "FIX_UNOWNED", "CHECK_PROMISC", "CHECK_OPEN_PORT", "CHECK_FIREWALL",
+ "CHECK_PASSWD", "CHECK_SHADOW", "CHECK_CHKROOTKIT", "CHECK_RPM", "CHECK_SHOSTS",
+ "TTY_WARN", "SYSLOG_WARN", "MAIL_EMPTY_CONTENT",
]
# localized help
diff --git a/src/msec/libmsec.py b/src/msec/libmsec.py
index 5d5d232..d3f8d6e 100755
--- a/src/msec/libmsec.py
+++ b/src/msec/libmsec.py
@@ -1428,6 +1428,10 @@ class MSEC:
""" Enable checking for open network ports."""
pass
+ def check_firewall(self, param):
+ """ Enable checking for firewall settings ports."""
+ pass
+
def check_passwd(self, param):
""" Enable password-related checks, such as empty passwords and strange super-user accounts."""
pass