1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
|
- do not check inside entries excluded by EXCLUDE_REGEXP
- allow setting the EXCLUDE_REGEXP value in msecgui
- correctly check for changes in groups
- save mail reports for each check period (daily, weekly, monthly and manual)
- implemented security summary screen
Version 0.80.4 - Feb 18 2010, Eugeni Dodonov
- simplified UI for msecgui
- added custom security levels: fileserver, webserver, netbook
- added support for custom levels in gui
- ignore 'vmblock' filesystem during periodic checks (#57669)
- properly separate logs for different type of checks (daily, weekly, monthly and manual)
- xguest user does not have a password, so silence report about it
- added plugin to define log file retention period.
Version 0.80.3 - Feb 08 2010, Eugeni Dodonov
- improved log message when unowned or world-writable files are found
- running file-related periodic checks weekly on standard security level
to easy disk I/O load
- improved error message when the wheel group is empty (#57463).
- added support for defining periodicity for individual security checks
- added support for sectool checks
- handle level-switching and saving in msec, using msecperms only for checking
and settings file permissions
- do not duplicate variables present in BASE_LEVEL in security.conf and
perms.conf files
- properly check if chkrootkit is present (#51309)
Version 0.80.2 - Jan 14 2010, Eugeni Dodonov
- save the entire log that is sent by email in /var/log/security to allow
consulting it without relying on email messages
- do not show toolbar, as it leads to confusion
Version 0.80.1 - Nov 30 2009, Eugeni Dodonov
- updated list of allowed services
- fix error which prevents 'msec save' from working correctly
- fix error message when checking non-local files (#55869,#56088)
Version 0.70.8 - Nov 05 2009, Eugeni Dodonov
- update translations
Version 0.70.7 - Oct 13 2009, Eugeni Dodonov
- fix issue which prevents msec from exiting correctly in some cases (#54470)
Version 0.70.6 - Oct 07 2009, Eugeni Dodonov
- use users' home directory for temporary files (SECURE_TMP) by default
- improved startup script
- added option to skip security checks when running on battery power (CHECK_ON_BATTERY)
Version 0.70.5 - September 23 2009, Eugeni Dodonov
- do not show error messages for non-existent audit files
- man page entries are now sorted according to plugin
- split libmsec functionality into different plugins: audit (for periodic checks),
msec (for local security settings) and network (for network-related settings)
- support excluding path from all checks
Version 0.70.4 - September 08 2009, Eugeni Dodonov
- implemented GUI for exception editing
- implemented exceptions for all msec checks (#51277)
- do not check for permission changes in block/character devices (#53424)
- create a summary for msec reports
- simplified permissions policy for standard level
- support enforcing file permissions in periodic msec runs
- allow configuring inclusion of current directory into path
- do not crash if config files have empty lines (#53031)
Version 0.70.3 - August 18 2009, Eugeni Dodonov
- give proper permissions to diff check files.
- Properly log promisc messages.
- msecgui: Added toolbar for msecgui.
- msecgui: Showing logo when running inside MCC.
Version 0.70.2 - July 15 2009, Eugeni Dodonov
- Correctly enforcing permissions on startup when required (#52268).
- Added new variable SECURE_TMP to configure location of temporary files.
- Improve description for changes in packages check.
- Properly handle promisc_check when running standalone (#51903)
Version 0.70.1 - June 26 2009, Eugeni Dodonov
- Improved rpm check, splitted into CHECK_RPM_PACKAGES and CHECK_RPM_INTEGRITY.
- Supporting check for changes in system users and groups.
- Reworked auditing code, improved logging format, added support for
custom auditing plugins, simplified checks.
- Added support for firewall configuration checks via CHECK_FIREWALL.
- Add support for FIX_UNOWNED to change unowned files to nobody/nogroup (#51791).
- Using WIN_PARTS_UMASK=-1 value instead of '0' when umask should not be set to
prevent users and diskdrake confusion.
- Correctly handling empty NOTIFY_WARN variables (#51364, #51464).
- Correctly handling unicode messages (#50869).
Version 0.60.22 - April 22 2009, Eugeni Dodonov
- Changed default WIN_PARTS_UMASK to be with sync with diskdrake.
Version 0.60.21 - April 22 2009, Eugeni Dodonov
- Properly handle WIN_PARTS_UMASK parameters.
- Fixed command inversion between DNS_SPOOFING_PROTECTION and
IP_SPOOFING_PROTECTION.
Version 0.60.20 - April 21 2009, Eugeni Dodonov
- Using correct locale when available (#44561).
Version 0.60.19 - April 20 2009, Eugeni Dodonov
- Properly support NTFS-3G partitions permissions (#50125).
Version 0.60.18 - April 15 2009, Thierry Vignaud
- Updated translations
Version 0.60.17 - March 30 2009, Thierry Vignaud
- Updated translations
Version 0.60.16 - March 24 2009, Eugeni Dodonov
- Added support for desktop notifications on msec periodic checks.
- Using correct logger for syslog messages.
- Updated gui layout to better support small displays (or netbooks).
Version 0.60.15 - March 12 2009, Eugeni Dodonov
- Added specific permission for /var/log/btmp and wtmp (#48604)
- Do not run chkrootkit on NFS partitions (#37753).
- Changed CREATE_SERVER_LINK functionality to allow/deny local and remote
services, enabling it on secure level only.
- Updated list of files that should not be world-writable or not user-owned.
- Running rpm database check with "--noscripts" (#42849).
Version 0.60.14 - March 05 2009, Eugeni Dodonov
- Modularization: moved pam-related functionality to pam plugin.
- Updated list of safe services.
Version 0.60.13 - March 02 2009, Eugeni Dodonov
- Added banner for msecgui.
- Moved PolicyKit code to plugin.
- Changed default ENABLE_STARTUP parameters to be in sync with
crontab settings.
Version 0.60.12 - February 25 2009, Eugeni Dodonov
- Correctly handle wheel group authentication (#19091)
- Correctly handling CHECK_RPM and CHECK_CHKROOTKIT parameters.
- Updating permissions on logs changed by logrotate (#47997).
- Added support for plugins.
- Added sample plugin.
- Added MSEC init script (#21270), controlled by ENABLE_STARTUP_MSEC and
ENABLE_STARTUP_PERMS variables.
Version 0.60.11 - February 05 2009, Eugeni Dodonov
- Added quiet mode.
Version 0.60.10 - February 05 2009, Eugeni Dodonov
- Level name change: 'default' to 'standard'.
- Added support for running in chroot.
- Added initial support for plugins.
Version 0.60.9 - January 29 2009, Eugeni Dodonov
- Reviewed description text for options (#47240)
- Added localization.
Version 0.60.8 - January 26 2009, Eugeni Dodonov
- Changed without_password to without-password to prevent bogus errors.
- Running expensive msec_find only when required.
- Fixing permissions on msec-created files (#27820 #47059)
- Handling network settings as in previous msec versions (#47240).
- Added default response to msecgui Save dialog.
- Implemented support for custom paths checks in msecperms.
Version 0.60.7 - January 21 2009, Eugeni Dodonov
- Now correctly integrating with MCC.
Version 0.60.6 - January 20 2009, Eugeni Dodonov
- Removed Authentication tab (now handled by a separate application)
- Now it is possible to save settings without quitting.
- Better detection for file modifications (such as symlinks, moves, etc)
- Now asking to save changes before quitting when necessary.
- Highlighting default option value according to current level.
- Level selection improvements.
- Checking for $DISPLAY variable.
- Added HAL to list of save services.
- Now highlighting options which are different from default values for level.
- Improved GUI spacing between options.
- Removed Notifications tab (merged with initial screen and periodic
checks screen).
- Better handling of non-existent files (inittab and sysctl).
Version 0.60.5 - January 14 2009, Eugeni Dodonov
- Fixed msecperms -e (setting default permissions to files).
Version 0.60.4 - January 13 2009, Eugeni Dodonov
- Updated gui to allow immediate preview of options on level change.
- New permissions control GUI.
- Added support for custom security levels.
Version 0.60.3 - January 07 2009, Eugeni Dodonov
- Bugfixes for gdm config handling.
- Implemented authentication gui.
- Added support for --embedded.
- Now using /etc/security/shell instead of /etc/sysconfig/msec.
Version 0.60.2 - January 07 2009, Eugeni Dodonov
- Bugfixes for kdmrc handling.
Version 0.60.1 - January 07 2009, Eugeni Dodonov
- Complete msec redesign for Mandriva 2009.1.
Version 0.50.11 - 16 December 2008, Eugeni Dodonov
- Correctly handle permit_root_login in sshd_config on level change
(#19726).
- Handle multibyte characters in msec reports (#26773).
Version 0.50.10 - 01 October 2008, Thierry Vignaud
- cron entry:
o blacklist cifs instead of only smbfs for samba
o exclude /media from searching like /mnt is
o run with idle IOnice priority (#42795)
|