Version 0.70.14 - May 04 2010, Eugeni Dodonov - filter out trailing whitespace on open port checks (#59457) Version 0.70.13 - May 04 2010, Eugeni Dodonov - fix incorrect german localization (#51005) - add support for merging legacy perm.local file if exists - properly handle changes in password history when pam_unix is used (#58018). - added support for IGNORE_PID_CHANGES to filter pid changes in netstat check (#56744) - properly filter chkrootkit checks (#58076) Version 0.70.12 - Jan 28 2010, Eugeni Dodonov - properly check chkrootkit presence and rotate files (#51309) Version 0.70.11 - Jan 14 2010, Eugeni Dodonov - save the entire log that is sent by email in /var/log/security to allow consulting it later without relying on email system Version 0.70.10 - Dec 18 2009, Eugeni Dodonov - bugus report fix: do not report group writable files for gdm user (#56064) - properly use error logger (#56180) Version 0.70.9 - Nov 30 2009, Eugeni Dodonov - fix error which prevents 'msec save' from working correctly - fix error message when checking non-local files (#55869,#56088) Version 0.70.8 - Nov 05 2009, Eugeni Dodonov - update translations Version 0.70.7 - Oct 13 2009, Eugeni Dodonov - fix issue which prevents msec from exiting correctly in some cases (#54470) Version 0.70.6 - Oct 07 2009, Eugeni Dodonov - use users' home directory for temporary files (SECURE_TMP) by default - improved startup script - added option to skip security checks when running on battery power (CHECK_ON_BATTERY) Version 0.70.5 - September 23 2009, Eugeni Dodonov - do not show error messages for non-existent audit files - man page entries are now sorted according to plugin - split libmsec functionality into different plugins: audit (for periodic checks), msec (for local security settings) and network (for network-related settings) - support excluding path from all checks Version 0.70.4 - September 08 2009, Eugeni Dodonov - implemented GUI for exception editing - implemented exceptions for all msec checks (#51277) - do not check for permission changes in block/character devices (#53424) - create a summary for msec reports - simplified permissions policy for standard level - support enforcing file permissions in periodic msec runs - allow configuring inclusion of current directory into path - do not crash if config files have empty lines (#53031) Version 0.70.3 - August 18 2009, Eugeni Dodonov - give proper permissions to diff check files. - Properly log promisc messages. - msecgui: Added toolbar for msecgui. - msecgui: Showing logo when running inside MCC. Version 0.70.2 - July 15 2009, Eugeni Dodonov - Correctly enforcing permissions on startup when required (#52268). - Added new variable SECURE_TMP to configure location of temporary files. - Improve description for changes in packages check. - Properly handle promisc_check when running standalone (#51903) Version 0.70.1 - June 26 2009, Eugeni Dodonov - Improved rpm check, splitted into CHECK_RPM_PACKAGES and CHECK_RPM_INTEGRITY. - Supporting check for changes in system users and groups. - Reworked auditing code, improved logging format, added support for custom auditing plugins, simplified checks. - Added support for firewall configuration checks via CHECK_FIREWALL. - Add support for FIX_UNOWNED to change unowned files to nobody/nogroup (#51791). - Using WIN_PARTS_UMASK=-1 value instead of '0' when umask should not be set to prevent users and diskdrake confusion. - Correctly handling empty NOTIFY_WARN variables (#51364, #51464). - Correctly handling unicode messages (#50869). Version 0.60.22 - April 22 2009, Eugeni Dodonov - Changed default WIN_PARTS_UMASK to be with sync with diskdrake. Version 0.60.21 - April 22 2009, Eugeni Dodonov - Properly handle WIN_PARTS_UMASK parameters. - Fixed command inversion between DNS_SPOOFING_PROTECTION and IP_SPOOFING_PROTECTION. Version 0.60.20 - April 21 2009, Eugeni Dodonov - Using correct locale when available (#44561). Version 0.60.19 - April 20 2009, Eugeni Dodonov - Properly support NTFS-3G partitions permissions (#50125). Version 0.60.18 - April 15 2009, Thierry Vignaud - Updated translations Version 0.60.17 - March 30 2009, Thierry Vignaud - Updated translations Version 0.60.16 - March 24 2009, Eugeni Dodonov - Added support for desktop notifications on msec periodic checks. - Using correct logger for syslog messages. - Updated gui layout to better support small displays (or netbooks). Version 0.60.15 - March 12 2009, Eugeni Dodonov - Added specific permission for /var/log/btmp and wtmp (#48604) - Do not run chkrootkit on NFS partitions (#37753). - Changed CREATE_SERVER_LINK functionality to allow/deny local and remote services, enabling it on secure level only. - Updated list of files that should not be world-writable or not user-owned. - Running rpm database check with "--noscripts" (#42849). Version 0.60.14 - March 05 2009, Eugeni Dodonov - Modularization: moved pam-related functionality to pam plugin. - Updated list of safe services. Version 0.60.13 - March 02 2009, Eugeni Dodonov - Added banner for msecgui. - Moved PolicyKit code to plugin. - Changed default ENABLE_STARTUP parameters to be in sync with crontab settings. Version 0.60.12 - February 25 2009, Eugeni Dodonov - Correctly handle wheel group authentication (#19091) - Correctly handling CHECK_RPM and CHECK_CHKROOTKIT parameters. - Updating permissions on logs changed by logrotate (#47997). - Added support for plugins. - Added sample plugin. - Added MSEC init script (#21270), controlled by ENABLE_STARTUP_MSEC and ENABLE_STARTUP_PERMS variables. Version 0.60.11 - February 05 2009, Eugeni Dodonov - Added quiet mode. Version 0.60.10 - February 05 2009, Eugeni Dodonov - Level name change: 'default' to 'standard'. - Added support for running in chroot. - Added initial support for plugins. Version 0.60.9 - January 29 2009, Eugeni Dodonov - Reviewed description text for options (#47240) - Added localization. Version 0.60.8 - January 26 2009, Eugeni Dodonov - Changed without_password to without-password to prevent bogus errors. - Running expensive msec_find only when required. - Fixing permissions on msec-created files (#27820 #47059) - Handling network settings as in previous msec versions (#47240). - Added default response to msecgui Save dialog. - Implemented support for custom paths checks in msecperms. Version 0.60.7 - January 21 2009, Eugeni Dodonov - Now correctly integrating with MCC. Version 0.60.6 - January 20 2009, Eugeni Dodonov - Removed Authentication tab (now handled by a separate application) - Now it is possible to save settings without quitting. - Better detection for file modifications (such as symlinks, moves, etc) - Now asking to save changes before quitting when necessary. - Highlighting default option value according to current level. - Level selection improvements. - Checking for $DISPLAY variable. - Added HAL to list of save services. - Now highlighting options which are different from default values for level. - Improved GUI spacing between options. - Removed Notifications tab (merged with initial screen and periodic checks screen). - Better handling of non-existent files (inittab and sysctl). Version 0.60.5 - January 14 2009, Eugeni Dodonov - Fixed msecperms -e (setting default permissions to files). Version 0.60.4 - January 13 2009, Eugeni Dodonov - Updated gui to allow immediate preview of options on level change. - New permissions control GUI. - Added support for custom security levels. Version 0.60.3 - January 07 2009, Eugeni Dodonov - Bugfixes for gdm config handling. - Implemented authentication gui. - Added support for --embedded. - Now using /etc/security/shell instead of /etc/sysconfig/msec. Version 0.60.2 - January 07 2009, Eugeni Dodonov - Bugfixes for kdmrc handling. Version 0.60.1 - January 07 2009, Eugeni Dodonov - Complete msec redesign for Mandriva 2009.1. Version 0.50.11 - 16 December 2008, Eugeni Dodonov - Correctly handle permit_root_login in sshd_config on level change (#19726). - Handle multibyte characters in msec reports (#26773). Version 0.50.10 - 01 October 2008, Thierry Vignaud - cron entry: o blacklist cifs instead of only smbfs for samba o exclude /media from searching like /mnt is o run with idle IOnice priority (#42795)