aboutsummaryrefslogtreecommitdiffstats
path: root/ChangeLog
blob: 6e80250960a9c6bc42adc24f44225a0d0caae779 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
2000-04-19 Yoann Vandoorselaere <yoann@mandrakesoft.com>
- Support grub as well as lilo...
- bugfix.

2000-04-17 Yoann Vandoorselaere <yoann@mandrakesoft.com>
	* file_perm.sh : removed a check to see if file exist because it block *
	 entry.
	* updated perm.5
	* Updated the doc.
	* perm.[0-5] : /var/tmp : 1777
	* file_perm.sh : output to /dev/null
	* Included patch to msec_find from Thomas Poindessous.

2000-04-14 Yoann Vandoorselaere <yoann@mandrakesoft.com>
	* Modify zprofile.
	* use libsafe-1.3

2000-03-22 Yoann Vandoorselaere <yoann@mandrakesoft.com>
	* Added many of the proposed feature from Bryan Paxton.

2000-03-19 Yoann Vandoorselaere <yoann@mandrakesoft.com>
	* security.sh : added patch from Thomas Poindessous.
	* find.c : many modification :)

2000-03-16 Yoann Vandoorselaere <yoann@mandrakesoft.com>
	* security.sh : export *_TODAY variable to be used by msec_find.
	* find.c      : removed a debuging printf.

2000-03-09 Yoann Vandoorselaere <yoann@mandrakesoft.com>
	* custom.sh : added a patch from Havard Bell.

2000-03-08 Yoann Vandoorselaere <yoann@mandrakesoft.com>
	* Added msec_find utility, written by Thierry Vignaud
		which will avoid us to find / 5 times :)
	* Heavilly modified msec_find.
	* custom.sh : check if libsafe is installed before asking
	  if the user want to use it.

2000-03-07 Yoann Vandoorselaere <yoann@mandrakesoft.com>
	* Added support for libsafe stack overflow protection in level 4 / 5 /
	  custom
	* trap the sigint signal
	* use /etc/security/msec for config file only.
	* Renamed init.sh to msec, and install it in /usr/sbin.
	* The other shell scripts are located in /usr/share/msec

2000-03-07 Yoann Vandoorselaere <yoann@mandrakesoft.com>
	* Included patch from Stefan Siegel which fix these item :
		* Files that should not be owned by someone else or readable:
   			-> added ".gnupg/secring.gpg" as Mandrake uses GNUPG as default

		* Files that should not be owned by someone else or writeable:
   			-> replaced "-" by "." in awk-script beause ".ssh" is a directory

		* Check home directories. Directories should not be owned by=20
  			someone else or writeable:
   			-> replaced "-" by "d" in awk-script beause "~" is a directory
   			-> replaced username-check by uid-check (avoids false output=20
     			 by usernames > 8 char, e.g. "fetchmail" !=3D "fetchmai" )
   			-> removed "~lp" and "~mail" from group-check as their homedirs
	      		are group writeable

2000-02-17 Yoann Vandoorselaere <yoann@mandrakesoft.com>
	* level 4 - 5 /var/log in mode 711 for daemon spawned as non root user.
	* /etc/printcap is 644 in mode 4 & 5

2000-01-13 Yoann Vandoorselaere <yoann@mandrakesoft.com>
	* custom.sh : ( thanks to Thomas Poindessous ) for pointing out that :
	* 	s'/tmp\/msec.XXXXXX/\/tmp\/msec.XXXXXX/'
	* 	fix two typo

2000-01-06 Yoann Vandoorselaere <yoann@mandrakesoft.com>
	* security.sh : find are niced to (+19)
	* Camille updated the documentation.	
	* Removed the "spawn a shell on boot" feature of level0 cause of a tty
      problem 


2000-01-04 Yoann Vandoorselaere <yoann@mandrakesoft.com>
	* shutdown.allow is 600 in level 4/5; 644 else.
	* updated doc/security.txt
	* updated init-sh/custom.sh 

2000-01-03 Yoann Vandoorselaere <yoann@mandrakesoft.com>
	* level 0-3 -> ctrl-alt-del allowed.
	* level 4-5 -> ctrl-alt-del allowed for root.

1999-12-29 Yoann Vandoorselaere <yoann@mandrakesoft.com>
	* Removing grpuser manpage, because : 
		1 - grpuser is not to be used by user, ( and should not have a manpage ).
		2 - manpage is obsolete

1999-12-28  Chmouel Boudjnah  <chmouel@mandrakesoft.com>
	* doc/*8: add man-pages from camille.

1999-12-24 Yoann Vandoorselaere <yoann@mandrakesoft.com>
	* level[35]: also do a mail report.
	* moved Syslog(), Ttylog(), Maillog() to security.sh
	* security_check.sh & diff_check.sh now sourced from security.sh

1999-12-22 Yoann Vandoorselaere <yoann@mandrakesoft.com>
	* init-sh/perm[15]: files should be constant in their content.
	  all entry should be in each perm file

1999-12-21  Pixel  <pixel@mandrakesoft.com>
	* init-sh/perm.4: changed /etc/lilo.conf to 600 to make lilo quiet
	* init-sh/lib.sh (LiloUpdate): replace the -z ${LILO_PASSWORD} by
	${LILO_PASSWORD+set} != set 
	* init-sh/lib.sh (LiloUpdate): replace the call to AddRules to
	AddBegRules (password= must in the beginning of lilo.conf)
	* init-sh/lib.sh (AddBegRules): 1 \n instead of 2

1999-12-20 Yoann Vandoorselaere <yoann@mandrakesoft.com>
    * We are ok.

1999-12-20 Yoann Vandoorselaere <yoann@mandrakesoft.com>
	* init-sh/perm.[05]: Oops, /var/spool/mail is 771 not 755.

1999-12-20 Yoann Vandoorselaere <yoann@mandrakesoft.com>
	* init-sh/perm.[15]: /var/spool/mail is 755

1999-12-19  Pixel  <pixel@mandrakesoft.com>
	* init-sh/lib.sh: removed the failsafe for not a tty stdin (not
	efficient)
	* init-sh/lib.sh: rewrote the perl script (now a one-liner :)

1999-12-19 Yoann Vandoorselaere <yoann@mandrakesoft.com>
        * Big cleanup.
        * All work properly now.

1999-12-19  Pixel  <pixel@mandrakesoft.com>
	* msec.spec: modify to take into account the Makefile modifying
	the .spec
	* Makefile (VERSION): make it the same as the .spec

1999-12-18  Pixel  <pixel@mandrakesoft.com>
	* init-sh/lib.sh: added failsafe for not a tty stdin

1999-12-17 Yoann Vandoorselaere <yoann@mandrakesoft.com>
	* security_check.sh: Bugfix
	* diff_check.sh: dito
	* Added security.conf

1999-12-16 Yoann Vandoorselaere <yoann@mandrakesoft.com>
	* Don't use msec parsing routine to hack inittab.
	* Indentation problem should be corrected
	* All debug finished, changing secure.tmp to a mktemp
      allocated tmpfile for symlink security.

1999-12-16 Chmouel Boudjnah <chmouel@mandrakesoft.com>

	* msec.lyx: add new file from camille.

1999-12-15  Yoann Vandoorselaere <yoann@mandrakesoft.com>
	* grpuser.sh take only one opt ( --refresh ),
	  take group name from /etc/security/msec/group.conf
	  and add user from /etc/security/msec/user.conf if secure level > 2
	* level0.sh fixed inittab entry
	* fix a typo
	* As requested, direct shell access for level 0
	* Fixed a little problem with the DRAKX_USERS variable
	* removed chattr +a because of the problem it can cause to
	  other system automated system task

1999-12-13  Yoann Vandoorselaere <yoann@mandrakesoft.com>
	* Documentation
	* diff_check.sh : Fix a typo.

1999-12-10	Yoann Vandoorselaere <yoann@mandrakesoft.com>
	* custom.sh : Fix a typo & forgot to export path & secure level 

1999-12-09  Yoann Vandoorselaere <yoann@mandrakesoft.com>
	* More bug fix.
	* xhost + localhost for lower level, xhost + for level0.
	* Many bugfix, just trying to get a bugfree release
    * Renamed some variable, added consistencie. 
	* security_check.sh: print header at begining of the log.
	* diff_check.sh: typo.

1999-12-08  Yoann Vandoorselaere <yoann@mandrakesoft.com>
	* security_check.sh: remove /tmp stuff.
	* security_check.sh: typo
	* level[1-3].sh: Changed crontab call to file_check.sh 
	from every hour to every midnight ( bug reported by axalon ).
    * file_check.sh: clean up.
	* moved file_check.sh to diff_check.sh and changed 
	  what is related to cron call in level[15].sh
	* Added missing configurations question in level custom.
	* bug fix.

1999-12-08  Chmouel Boudjnah  <chmouel@mandrakesoft.com>

	* Makefile (rpm): target for rpm.
	(dis): Add a make dis to easy switch from cvs to dis.

	* msec.spec: use bzip2 sources, clean up %install to use Makefile.
	move msec.spec on the top to allow rpm -ta (in fact rpm -ta don't
	support currently bzip2 sources)

	* cron-sh/promisc_check.sh (LogPromisc): add a missing quote.

	* ChangeLog: first entry.

1999-12-07  Axalon Bloodstone  <axalon@linux-mandrake.com>

	* Fix call to security_check.sh

	* Handle usernames longer than 8 chars in file_check