path: root/ChangeLog

2000-04-19 Yoann Vandoorselaere <yoann@mandrakesoft.com>
- Support grub as well as lilo...
- bugfix.
- Loaders bugfix

2000-04-17 Yoann Vandoorselaere <yoann@mandrakesoft.com>
	* file_perm.sh : removed a check to see if file exist because it block *
	 entry.
	* updated perm.5
	* Updated the doc.
	* perm.[0-5] : /var/tmp : 1777
	* file_perm.sh : output to /dev/null
	* Included patch to msec_find from Thomas Poindessous.

2000-04-14 Yoann Vandoorselaere <yoann@mandrakesoft.com>
	* Modify zprofile.
	* use libsafe-1.3

2000-03-22 Yoann Vandoorselaere <yoann@mandrakesoft.com>
	* Added many of the proposed feature from Bryan Paxton.

2000-03-19 Yoann Vandoorselaere <yoann@mandrakesoft.com>
	* security.sh : added patch from Thomas Poindessous.
	* find.c : many modification :)

2000-03-16 Yoann Vandoorselaere <yoann@mandrakesoft.com>
	* security.sh : export *_TODAY variable to be used by msec_find.
	* find.c      : removed a debuging printf.

2000-03-09 Yoann Vandoorselaere <yoann@mandrakesoft.com>
	* custom.sh : added a patch from Havard Bell.

2000-03-08 Yoann Vandoorselaere <yoann@mandrakesoft.com>
	* Added msec_find utility, written by Thierry Vignaud
		which will avoid us to find / 5 times :)
	* Heavilly modified msec_find.
	* custom.sh : check if libsafe is installed before asking
	  if the user want to use it.

2000-03-07 Yoann Vandoorselaere <yoann@mandrakesoft.com>
	* Added support for libsafe stack overflow protection in level 4 / 5 /
	  custom
	* trap the sigint signal
	* use /etc/security/msec for config file only.
	* Renamed init.sh to msec, and install it in /usr/sbin.
	* The other shell scripts are located in /usr/share/msec

2000-03-07 Yoann Vandoorselaere <yoann@mandrakesoft.com>
	* Included patch from Stefan Siegel which fix these item :
		* Files that should not be owned by someone else or readable:
   			-> added ".gnupg/secring.gpg" as Mandrake uses GNUPG as default

		* Files that should not be owned by someone else or writeable:
   			-> replaced "-" by "." in awk-script beause ".ssh" is a directory

		* Check home directories. Directories should not be owned by=20
  			someone else or writeable:
   			-> replaced "-" by "d" in awk-script beause "~" is a directory
   			-> replaced username-check by uid-check (avoids false output=20
     			 by usernames > 8 char, e.g. "fetchmail" !=3D "fetchmai" )
   			-> removed "~lp" and "~mail" from group-check as their homedirs
	      		are group writeable

2000-02-17 Yoann Vandoorselaere <yoann@mandrakesoft.com>
	* level 4 - 5 /var/log in mode 711 for daemon spawned as non root user.
	* /etc/printcap is 644 in mode 4 & 5

2000-01-13 Yoann Vandoorselaere <yoann@mandrakesoft.com>
	* custom.sh : ( thanks to Thomas Poindessous ) for pointing out that :
	* 	s'/tmp\/msec.XXXXXX/\/tmp\/msec.XXXXXX/'
	* 	fix two typo

2000-01-06 Yoann Vandoorselaere <yoann@mandrakesoft.com>
	* security.sh : find are niced to (+19)
	* Camille updated the documentation.	
	* Removed the "spawn a shell on boot" feature of level0 cause of a tty
      problem 


2000-01-04 Yoann Vandoorselaere <yoann@mandrakesoft.com>
	* shutdown.allow is 600 in level 4/5; 644 else.
	* updated doc/security.txt
	* updated init-sh/custom.sh 

2000-01-03 Yoann Vandoorselaere <yoann@mandrakesoft.com>
	* level 0-3 -> ctrl-alt-del allowed.
	* level 4-5 -> ctrl-alt-del allowed for root.

1999-12-29 Yoann Vandoorselaere <yoann@mandrakesoft.com>
	* Removing grpuser manpage, because : 
		1 - grpuser is not to be used by user, ( and should not have a manpage ).
		2 - manpage is obsolete

1999-12-28  Chmouel Boudjnah  <chmouel@mandrakesoft.com>
	* doc/*8: add man-pages from camille.

1999-12-24 Yoann Vandoorselaere <yoann@mandrakesoft.com>
	* level[35]: also do a mail report.
	* moved Syslog(), Ttylog(), Maillog() to security.sh
	* security_check.sh & diff_check.sh now sourced from security.sh

1999-12-22 Yoann Vandoorselaere <yoann@mandrakesoft.com>
	* init-sh/perm[15]: files should be constant in their content.
	  all entry should be in each perm file

1999-12-21  Pixel  <pixel@mandrakesoft.com>
	* init-sh/perm.4: changed /etc/lilo.conf to 600 to make lilo quiet
	* init-sh/lib.sh (LiloUpdate): replace the -z ${LILO_PASSWORD} by
	${LILO_PASSWORD+set} != set 
	* init-sh/lib.sh (LiloUpdate): replace the call to AddRules to
	AddBegRules (password= must in the beginning of lilo.conf)
	* init-sh/lib.sh (AddBegRules): 1 \n instead of 2

1999-12-20 Yoann Vandoorselaere <yoann@mandrakesoft.com>
    * We are ok.

1999-12-20 Yoann Vandoorselaere <yoann@mandrakesoft.com>
	* init-sh/perm.[05]: Oops, /var/spool/mail is 771 not 755.

1999-12-20 Yoann Vandoorselaere <yoann@mandrakesoft.com>
	* init-sh/perm.[15]: /var/spool/mail is 755

1999-12-19  Pixel  <pixel@mandrakesoft.com>
	* init-sh/lib.sh: removed the failsafe for not a tty stdin (not
	efficient)
	* init-sh/lib.sh: rewrote the perl script (now a one-liner :)

1999-12-19 Yoann Vandoorselaere <yoann@mandrakesoft.com>
        * Big cleanup.
        * All work properly now.

1999-12-19  Pixel  <pixel@mandrakesoft.com>
	* msec.spec: modify to take into account the Makefile modifying
	the .spec
	* Makefile (VERSION): make it the same as the .spec

1999-12-18  Pixel  <pixel@mandrakesoft.com>
	* init-sh/lib.sh: added failsafe for not a tty stdin

1999-12-17 Yoann Vandoorselaere <yoann@mandrakesoft.com>
	* security_check.sh: Bugfix
	* diff_check.sh: dito
	* Added security.conf

1999-12-16 Yoann Vandoorselaere <yoann@mandrakesoft.com>
	* Don't use msec parsing routine to hack inittab.
	* Indentation problem should be corrected
	* All debug finished, changing secure.tmp to a mktemp
      allocated tmpfile for symlink security.

1999-12-16 Chmouel Boudjnah <chmouel@mandrakesoft.com>

	* msec.lyx: add new file from camille.

1999-12-15  Yoann Vandoorselaere <yoann@mandrakesoft.com>
	* grpuser.sh take only one opt ( --refresh ),
	  take group name from /etc/security/msec/group.conf
	  and add user from /etc/security/msec/user.conf if secure level > 2
	* level0.sh fixed inittab entry
	* fix a typo
	* As requested, direct shell access for level 0
	* Fixed a little problem with the DRAKX_USERS variable
	* removed chattr +a because of the problem it can cause to
	  other system automated system task

1999-12-13  Yoann Vandoorselaere <yoann@mandrakesoft.com>
	* Documentation
	* diff_check.sh : Fix a typo.

1999-12-10	Yoann Vandoorselaere <yoann@mandrakesoft.com>
	* custom.sh : Fix a typo & forgot to export path & secure level 

1999-12-09  Yoann Vandoorselaere <yoann@mandrakesoft.com>
	* More bug fix.
	* xhost + localhost for lower level, xhost + for level0.
	* Many bugfix, just trying to get a bugfree release
    * Renamed some variable, added consistencie. 
	* security_check.sh: print header at begining of the log.
	* diff_check.sh: typo.

1999-12-08  Yoann Vandoorselaere <yoann@mandrakesoft.com>
	* security_check.sh: remove /tmp stuff.
	* security_check.sh: typo
	* level[1-3].sh: Changed crontab call to file_check.sh 
	from every hour to every midnight ( bug reported by axalon ).
    * file_check.sh: clean up.
	* moved file_check.sh to diff_check.sh and changed 
	  what is related to cron call in level[15].sh
	* Added missing configurations question in level custom.
	* bug fix.

1999-12-08  Chmouel Boudjnah  <chmouel@mandrakesoft.com>

	* Makefile (rpm): target for rpm.
	(dis): Add a make dis to easy switch from cvs to dis.

	* msec.spec: use bzip2 sources, clean up %install to use Makefile.
	move msec.spec on the top to allow rpm -ta (in fact rpm -ta don't
	support currently bzip2 sources)

	* cron-sh/promisc_check.sh (LogPromisc): add a missing quote.

	* ChangeLog: first entry.

1999-12-07  Axalon Bloodstone  <axalon@linux-mandrake.com>

	* Fix call to security_check.sh

	* Handle usernames longer than 8 chars in file_check