diff options
author | Eugeni Dodonov <eugeni@mandriva.org> | 2009-06-23 20:53:19 +0000 |
---|---|---|
committer | Eugeni Dodonov <eugeni@mandriva.org> | 2009-06-23 20:53:19 +0000 |
commit | c8ede8c05478d1f85a43d8029cb082c2a7d6e8cb (patch) | |
tree | 3b2f85cfd74928713a06ea1e78be04c0c9731bb7 | |
parent | 24a6a6bf9bf97657b649860d45a04a2f85a1dfb1 (diff) | |
download | msec-c8ede8c05478d1f85a43d8029cb082c2a7d6e8cb.tar msec-c8ede8c05478d1f85a43d8029cb082c2a7d6e8cb.tar.gz msec-c8ede8c05478d1f85a43d8029cb082c2a7d6e8cb.tar.bz2 msec-c8ede8c05478d1f85a43d8029cb082c2a7d6e8cb.tar.xz msec-c8ede8c05478d1f85a43d8029cb082c2a7d6e8cb.zip |
Check for open ports only when required.
-rwxr-xr-x | cron-sh/security.sh | 4 | ||||
-rw-r--r-- | src/msec/config.py | 7 | ||||
-rwxr-xr-x | src/msec/libmsec.py | 4 |
3 files changed, 11 insertions, 4 deletions
diff --git a/cron-sh/security.sh b/cron-sh/security.sh index 17ebb4a..9b4040e 100755 --- a/cron-sh/security.sh +++ b/cron-sh/security.sh @@ -133,7 +133,9 @@ if [[ -f ${CHKROOTKIT_TODAY} ]]; then mv -f ${CHKROOTKIT_TODAY} ${CHKROOTKIT_YESTERDAY} fi -netstat -pvlA inet,inet6 2> /dev/null > ${OPEN_PORT_TODAY}; +if [[ ${CHECK_OPEN_PORT} == yes ]]; then + netstat -pvlA inet,inet6 2> /dev/null > ${OPEN_PORT_TODAY}; +fi ionice -c3 -p $$ diff --git a/src/msec/config.py b/src/msec/config.py index 212b327..8342fa5 100644 --- a/src/msec/config.py +++ b/src/msec/config.py @@ -64,6 +64,7 @@ SETTINGS = {'BASE_LEVEL': ("libmsec.base_level", 'FIX_UNOWNED' : ("libmsec.fix_unowned", ['yes', 'no']), 'CHECK_PROMISC' : ("libmsec.check_promisc", ['yes', 'no']), 'CHECK_OPEN_PORT' : ("libmsec.check_open_port", ['yes', 'no']), + 'CHECK_FIREWALL' : ("libmsec.check_firewall", ['yes', 'no']), 'CHECK_PASSWD' : ("libmsec.check_passwd", ['yes', 'no']), 'CHECK_SHADOW' : ("libmsec.check_shadow", ['yes', 'no']), 'CHECK_CHKROOTKIT' : ("libmsec.check_chkrootkit", ['yes', 'no']), @@ -126,9 +127,9 @@ SETTINGS_NETWORK = ["ACCEPT_BOGUS_ERROR_RESPONSES", "ACCEPT_BROADCASTED_ICMP_ECH ] # periodic checks SETTINGS_PERIODIC = ["CHECK_PERMS", "CHECK_USER_FILES", "CHECK_SUID_ROOT", "CHECK_SUID_MD5", "CHECK_SGID", - "CHECK_WRITABLE", "CHECK_UNOWNED", "FIX_UNOWNED", "CHECK_PROMISC", "CHECK_OPEN_PORT", "CHECK_PASSWD", - "CHECK_SHADOW", "CHECK_CHKROOTKIT", "CHECK_RPM", "CHECK_SHOSTS", "TTY_WARN", "SYSLOG_WARN", - "MAIL_EMPTY_CONTENT", + "CHECK_WRITABLE", "CHECK_UNOWNED", "FIX_UNOWNED", "CHECK_PROMISC", "CHECK_OPEN_PORT", "CHECK_FIREWALL", + "CHECK_PASSWD", "CHECK_SHADOW", "CHECK_CHKROOTKIT", "CHECK_RPM", "CHECK_SHOSTS", + "TTY_WARN", "SYSLOG_WARN", "MAIL_EMPTY_CONTENT", ] # localized help diff --git a/src/msec/libmsec.py b/src/msec/libmsec.py index 5d5d232..d3f8d6e 100755 --- a/src/msec/libmsec.py +++ b/src/msec/libmsec.py @@ -1428,6 +1428,10 @@ class MSEC: """ Enable checking for open network ports.""" pass + def check_firewall(self, param): + """ Enable checking for firewall settings ports.""" + pass + def check_passwd(self, param): """ Enable password-related checks, such as empty passwords and strange super-user accounts.""" pass |