summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPascal Rigaux <pixel@mandriva.com>2002-01-21 20:31:49 +0000
committerPascal Rigaux <pixel@mandriva.com>2002-01-21 20:31:49 +0000
commiteae0589a5d1a157f042fc734aa2189ee7105f385 (patch)
tree33b1b6ead0861bb00d4f8860098682a08232f3a6
parenta5665d34c0a14fc6d63c5d2698301902d8636c65 (diff)
downloaddrakx-backup-do-not-use-eae0589a5d1a157f042fc734aa2189ee7105f385.tar
drakx-backup-do-not-use-eae0589a5d1a157f042fc734aa2189ee7105f385.tar.gz
drakx-backup-do-not-use-eae0589a5d1a157f042fc734aa2189ee7105f385.tar.bz2
drakx-backup-do-not-use-eae0589a5d1a157f042fc734aa2189ee7105f385.tar.xz
drakx-backup-do-not-use-eae0589a5d1a157f042fc734aa2189ee7105f385.zip
cleanup, update, enhance security level choice
-rw-r--r--perl-install/any.pm51
-rw-r--r--perl-install/install_steps_interactive.pm15
-rwxr-xr-xperl-install/standalone/draksec66
3 files changed, 63 insertions, 69 deletions
diff --git a/perl-install/any.pm b/perl-install/any.pm
index 1b31a59b5..775aa8938 100644
--- a/perl-install/any.pm
+++ b/perl-install/any.pm
@@ -942,4 +942,55 @@ sub ddcxinfos {
@l;
}
+sub config_libsafe {
+ my ($prefix, $libsafe) = @_;
+ my %t = getVarsFromSh("$prefix/etc/sysconfig/system");
+ if (@_ > 1) {
+ $t{LIBSAFE} = bool2yesno($libsafe);
+ setVarsInSh("$prefix/etc/sysconfig/system", \%t);
+ }
+ text2bool($t{LIBSAFE});
+}
+
+sub choose_security_level {
+ my ($in, $security, $libsafe) = @_;
+
+ my %l = (
+ 0 => _("Welcome To Crackers"),
+ 1 => _("Poor"),
+ 2 => _("Low"),
+ 3 => _("Medium"),
+ 4 => _("High"),
+ 5 => _("Paranoid"),
+ );
+ my %help = (
+ 0 => _("This level is to be used with care. It makes your system more easy to use,
+but very sensitive: it must not be used for a machine connected to others
+or to the Internet. There is no password access."),
+ 1 => _("Password are now enabled, but use as a networked computer is still not recommended."),
+ 2 => _("Few improvements for this security level, the main one is that there are
+more security warnings and checks."),
+ 3 => _("This is the standard security recommended for a computer that will be used
+to connect to the Internet as a client. There are now security checks. "),
+ 4 => _("With this security level, the use of this system as a server becomes possible.
+The security is now high enough to use the system as a server which accept
+connections from many clients. "),
+ 5 => _("We take level 4 features, but now the system is entirely closed.
+Security features are at their maximum."),
+ );
+ delete @l{0,1};
+ delete @l{5} if !$::expert;
+
+ $in->ask_from('', _("Choose security level") . "\n\n" .
+ join('', map { "$l{$_}: $help{$_}\n\n" } keys %l),
+ [
+ { label => _("Security level"), val => $security, list => [ sort keys %l ], format => sub { $l{$_} } },
+ if_($in->do_pkgs->is_installed('libsafe') && arch() =~ /^i.86/,
+ { label => _("Use libsafe for servers"), val => $libsafe, type => 'bool', text =>
+ _("A library which defends against buffer overflow and format string attacks.") }
+ )
+ ]
+ );
+}
+
1;
diff --git a/perl-install/install_steps_interactive.pm b/perl-install/install_steps_interactive.pm
index b174ac857..f4f68f592 100644
--- a/perl-install/install_steps_interactive.pm
+++ b/perl-install/install_steps_interactive.pm
@@ -1236,16 +1236,11 @@ try to force installation even if that destroys the first partition?"));
sub miscellaneous {
my ($o, $clicked) = @_;
- my %l = (
- 2 => _("Low"),
- 3 => _("Medium"),
- 4 => _("High"),
- );
- if ($::expert || $clicked) {
- $ENV{SECURE_LEVEL} = $o->{security} =
- $o->ask_from_listf('', _("Choose security level"), sub { $l{$_[0]} }, [ ikeys %l ], $o->{security})
- or return;
- }
+
+ any::choose_security_level($o, \$o->{security}, \$o->{libsafe}) or return;
+
+ any::config_libsafe($o->{prefix}, $o->{libsafe});
+
install_steps::miscellaneous($o);
}
diff --git a/perl-install/standalone/draksec b/perl-install/standalone/draksec
index aef9cd80d..9cf75788f 100755
--- a/perl-install/standalone/draksec
+++ b/perl-install/standalone/draksec
@@ -18,75 +18,23 @@ $::isEmbedded = ($::XID, $::CCPID) = "@ARGV" =~ /--embedded (\w+) (\w+)/;
my $in = 'interactive'->vnew('su', 'security');
-my %m = reverse (my %l = (
- 0 => _("Welcome To Crackers"),
- 1 => _("Poor"),
- 2 => _("Low"),
- 3 => _("Medium"),
- 4 => _("High"),
- 5 => _("Paranoid"),
-));
-my %help = (
- 0 => _("This level is to be used with care. It makes your system more easy to use,
-but very sensitive: it must not be used for a machine connected to others
-or to the Internet. There is no password access."),
- 1 => _("Password are now enabled, but use as a networked computer is still not recommended."),
- 2 => _("Few improvements for this security level, the main one is that there are
-more security warnings and checks."),
- 3 => _("This is the standard security recommended for a computer that will be used
-to connect to the Internet as a client. There are now security checks. "),
- 4 => _("With this security level, the use of this system as a server becomes possible.
-The security is now high enough to use the system as a server which accept
-connections from many clients. "),
- 5 => _("We take level 4 features, but now the system is entirely closed.
-Security features are at their maximum."),
-);
-
-delete @l{0,1,5} unless $::expert;
-delete @help{0,1,5} unless $::expert;
-
begin:
$::isEmbedded and kill USR2, $::CCPID;
-#$in->ask_from('',
-# _("Choose security level") . "\n\n" . join('', map { "$l{$_}: $help{$_}\n\n" } keys %l),
-# { label => _($st->{$f}{text}), val => \$def_choice, list => [ 'replay', 'manual' ] },
-# { label => _($st->{$f}{text}), val => \$def_choice, list => [ 'replay', 'manual' ] }
-# )
+my $security =
+ cat_("/etc/profile.d/msec.sh") =~ /export SECURE_LEVEL=(\d+)/ ? $1 :
+ $ENV{SECURE_LEVEL} || 2;
+my $libsafe = any::config_libsafe('');
-my $libsafe;
-my $secure_level;
-if (-e "$prefix/etc/profile.d/msec.sh") {
- local $_ = cat_("$prefix/etc/profile.d/msec.sh");
- /export SECURE_LEVEL=(\d+)/ and $secure_level = $1;
-}
-$secure_level ||= $ENV{SECURE_LEVEL};
-$secure_level ||= 2;
-$secure_level = $l{$secure_level};
+if (any::choose_security_level($in, \$security, \$libsafe)) {
-my %h = getVarsFromSh("$prefix/etc/sysconfig/system");
-$libsafe = $h{LIBSAFE} =~ /yes/i;
+ any::config_libsafe('', $libsafe);
-if ($in->ask_from('', _("Choose security level") . "\n\n" .
- join('', map { "$l{$_}: $help{$_}\n\n" } keys %l),
- [
- { label => _("Security level"), val => \$secure_level, list => [ (values %l) ] },
- if_(pkgs_interactive::is_installed('libsafe') && arch() =~ /^i.86/,
- { label => _("Use libsafe for servers"), val => \$libsafe, type => 'bool', text =>
- _("A library which defends against buffer overflow and format string attacks.") }
- )
- ]
- )) {
my $w = $in->wait_message('', _("Setting security level"));
$in->suspend;
-
$ENV{LILO_PASSWORD} = ''; # make it non interactive
- system "/usr/sbin/msec", $m{$secure_level};
- my %t = getVarsFromSh("$prefix/etc/sysconfig/system");
-
- $t{LIBSAFE} = bool2yesno($libsafe);
- setVarsInSh("$prefix/etc/sysconfig/system", \%t);
+ system "/usr/sbin/msec", $security;
$in->resume;
}