From caf393f0e63f1386816452e60ad029b02e1ecde4 Mon Sep 17 00:00:00 2001
From: Frederic Lepied <flepied@mandriva.com>
Date: Tue, 29 Jan 2002 02:19:18 +0000
Subject: handle /etc/security/msec/server symlink through
 create_server_link().

enable_security_check: register daily cron in /etc/cron.daily instead of /etc/cron.d.
---
 share/libmsec.py | 35 ++++++++++++++++++++++++++++++++---
 1 file changed, 32 insertions(+), 3 deletions(-)

(limited to 'share/libmsec.py')

diff --git a/share/libmsec.py b/share/libmsec.py
index e81d5b7..5c939e9 100644
--- a/share/libmsec.py
+++ b/share/libmsec.py
@@ -60,6 +60,9 @@ POWEROFF = '/etc/security/console.apps/poweroff'
 REBOOT = '/etc/security/console.apps/reboot'
 SECURETTY = '/etc/securetty'
 SECURITYCONF = '/etc/security/msec/security.conf'
+SECURITYCRON = '/etc/cron.daily/msec'
+SECURITYSH = '/usr/share/msec/security.sh'
+SERVER = '/etc/security/msec/server'
 SHADOW = '/etc/shadow'
 SHUTDOWN = '/etc/security/console.apps/shutdown'
 SHUTDOWNALLOW = '/etc/shutdown.allow'
@@ -96,6 +99,29 @@ def get_secure_level():
     msec = ConfigFile.get_config_file(MSEC)
     return msec.get_shell_variable('SECURE_LEVEL')
 
+def set_server_level(level):
+    _interactive and log(_('Setting server level to %s') % level)
+    securityconf = ConfigFile.get_config_file(SECURITYCONF)
+    securityconf.set_shell_variable('SERVER_LEVEL', level)
+
+def get_server_level():
+    "D"
+    securityconf = ConfigFile.get_config_file(SECURITYCONF)
+    level = securityconf.get_shell_variable('SERVER_LEVEL')
+    if level: return level
+    msec = ConfigFile.get_config_file(MSEC)
+    return msec.get_shell_variable('SECURE_LEVEL')
+
+def create_server_link():
+    level = get_server_level()
+    server = ConfigFile.get_config_file(SERVER)
+    if level in ('0', '1', '2', '3'):
+        _interactive and log(_('Allowing chkconfig --add from rpm'))
+        server.exists() and server.unlink()
+    else:
+        _interactive and log(_('Restricting chkconfig --add from rpm'))
+        server.symlink(SERVER + '.' + str(level))
+
 def set_root_umask(umask):
     _interactive and log(_('Setting root umask to %s') % umask)
     msec = ConfigFile.get_config_file(MSEC)
@@ -308,14 +334,17 @@ def enable_promisc_check(arg):
 
 def enable_security_check(arg):
     cron = ConfigFile.get_config_file(CRON)
+    cron.remove_line_matching('[^#]+/usr/share/msec/security.sh')
 
+    securitycron = ConfigFile.get_config_file(SECURITYCRON)
+    
     if arg:
         _interactive and log(_('Activating daily security check'))
-        cron.replace_line_matching('[^#]+/usr/share/msec/security.sh', '0 4 * * *    root    /usr/share/msec/security.sh', 1)
+        securitycron.symlink(SECURITYSH)
     else:
         _interactive and log(_('Disabling daily security check'))
-        cron.remove_line_matching('[^#]+/usr/share/msec/security.sh')
-
+        securitycron.unlink()
+        
 def authorize_services(arg):
     hostsdeny = ConfigFile.get_config_file(HOSTSDENY)
 
-- 
cgit v1.2.1