2000-01-06 Yoann Vandoorselaere * security.sh : find are niced to (+19) * Camille updated the documentation. * Removed the "spawn a shell on boot" feature of level0 cause of a tty problem 2000-01-04 Yoann Vandoorselaere * shutdown.allow is 600 in level 4/5; 644 else. * updated doc/security.txt * updated init-sh/custom.sh 2000-01-03 Yoann Vandoorselaere * level 0-3 -> ctrl-alt-del allowed. * level 4-5 -> ctrl-alt-del allowed for root. 1999-12-29 Yoann Vandoorselaere * Removing grpuser manpage, because : 1 - grpuser is not to be used by user, ( and should not have a manpage ). 2 - manpage is obsolete 1999-12-28 Chmouel Boudjnah * doc/*8: add man-pages from camille. 1999-12-24 Yoann Vandoorselaere * level[35]: also do a mail report. * moved Syslog(), Ttylog(), Maillog() to security.sh * security_check.sh & diff_check.sh now sourced from security.sh 1999-12-22 Yoann Vandoorselaere * init-sh/perm[15]: files should be constant in their content. all entry should be in each perm file 1999-12-21 Pixel * init-sh/perm.4: changed /etc/lilo.conf to 600 to make lilo quiet * init-sh/lib.sh (LiloUpdate): replace the -z ${LILO_PASSWORD} by ${LILO_PASSWORD+set} != set * init-sh/lib.sh (LiloUpdate): replace the call to AddRules to AddBegRules (password= must in the beginning of lilo.conf) * init-sh/lib.sh (AddBegRules): 1 \n instead of 2 1999-12-20 Yoann Vandoorselaere * We are ok. 1999-12-20 Yoann Vandoorselaere * init-sh/perm.[05]: Oops, /var/spool/mail is 771 not 755. 1999-12-20 Yoann Vandoorselaere * init-sh/perm.[15]: /var/spool/mail is 755 1999-12-19 Pixel * init-sh/lib.sh: removed the failsafe for not a tty stdin (not efficient) * init-sh/lib.sh: rewrote the perl script (now a one-liner :) 1999-12-19 Yoann Vandoorselaere * Big cleanup. * All work properly now. 1999-12-19 Pixel * msec.spec: modify to take into account the Makefile modifying the .spec * Makefile (VERSION): make it the same as the .spec 1999-12-18 Pixel * init-sh/lib.sh: added failsafe for not a tty stdin 1999-12-17 Yoann Vandoorselaere * security_check.sh: Bugfix * diff_check.sh: dito * Added security.conf 1999-12-16 Yoann Vandoorselaere * Don't use msec parsing routine to hack inittab. * Indentation problem should be corrected * All debug finished, changing secure.tmp to a mktemp allocated tmpfile for symlink security. 1999-12-16 Chmouel Boudjnah * msec.lyx: add new file from camille. 1999-12-15 Yoann Vandoorselaere * grpuser.sh take only one opt ( --refresh ), take group name from /etc/security/msec/group.conf and add user from /etc/security/msec/user.conf if secure level > 2 * level0.sh fixed inittab entry * fix a typo * As requested, direct shell access for level 0 * Fixed a little problem with the DRAKX_USERS variable * removed chattr +a because of the problem it can cause to other system automated system task 1999-12-13 Yoann Vandoorselaere * Documentation * diff_check.sh : Fix a typo. 1999-12-10 Yoann Vandoorselaere * custom.sh : Fix a typo & forgot to export path & secure level 1999-12-09 Yoann Vandoorselaere * More bug fix. * xhost + localhost for lower level, xhost + for level0. * Many bugfix, just trying to get a bugfree release * Renamed some variable, added consistencie. * security_check.sh: print header at begining of the log. * diff_check.sh: typo. 1999-12-08 Yoann Vandoorselaere * security_check.sh: remove /tmp stuff. * security_check.sh: typo * level[1-3].sh: Changed crontab call to file_check.sh from every hour to every midnight ( bug reported by axalon ). * file_check.sh: clean up. * moved file_check.sh to diff_check.sh and changed what is related to cron call in level[15].sh * Added missing configurations question in level custom. * bug fix. 1999-12-08 Chmouel Boudjnah * Makefile (rpm): target for rpm. (dis): Add a make dis to easy switch from cvs to dis. * msec.spec: use bzip2 sources, clean up %install to use Makefile. move msec.spec on the top to allow rpm -ta (in fact rpm -ta don't support currently bzip2 sources) * cron-sh/promisc_check.sh (LogPromisc): add a missing quote. * ChangeLog: first entry. 1999-12-07 Axalon Bloodstone * Fix call to security_check.sh * Handle usernames longer than 8 chars in file_check