diff options
| author | Pascal Rigaux <pixel@mandriva.com> | 2002-01-21 20:31:49 +0000 |
|---|---|---|
| committer | Pascal Rigaux <pixel@mandriva.com> | 2002-01-21 20:31:49 +0000 |
| commit | eae0589a5d1a157f042fc734aa2189ee7105f385 (patch) | |
| tree | 33b1b6ead0861bb00d4f8860098682a08232f3a6 | |
| parent | a5665d34c0a14fc6d63c5d2698301902d8636c65 (diff) | |
| download | drakx-backup-do-not-use-eae0589a5d1a157f042fc734aa2189ee7105f385.tar drakx-backup-do-not-use-eae0589a5d1a157f042fc734aa2189ee7105f385.tar.gz drakx-backup-do-not-use-eae0589a5d1a157f042fc734aa2189ee7105f385.tar.bz2 drakx-backup-do-not-use-eae0589a5d1a157f042fc734aa2189ee7105f385.tar.xz drakx-backup-do-not-use-eae0589a5d1a157f042fc734aa2189ee7105f385.zip | |
cleanup, update, enhance security level choice
| -rw-r--r-- | perl-install/any.pm | 51 | ||||
| -rw-r--r-- | perl-install/install_steps_interactive.pm | 15 | ||||
| -rwxr-xr-x | perl-install/standalone/draksec | 66 |
3 files changed, 63 insertions, 69 deletions
diff --git a/perl-install/any.pm b/perl-install/any.pm index 1b31a59b5..775aa8938 100644 --- a/perl-install/any.pm +++ b/perl-install/any.pm @@ -942,4 +942,55 @@ sub ddcxinfos { @l; } +sub config_libsafe { + my ($prefix, $libsafe) = @_; + my %t = getVarsFromSh("$prefix/etc/sysconfig/system"); + if (@_ > 1) { + $t{LIBSAFE} = bool2yesno($libsafe); + setVarsInSh("$prefix/etc/sysconfig/system", \%t); + } + text2bool($t{LIBSAFE}); +} + +sub choose_security_level { + my ($in, $security, $libsafe) = @_; + + my %l = ( + 0 => _("Welcome To Crackers"), + 1 => _("Poor"), + 2 => _("Low"), + 3 => _("Medium"), + 4 => _("High"), + 5 => _("Paranoid"), + ); + my %help = ( + 0 => _("This level is to be used with care. It makes your system more easy to use, +but very sensitive: it must not be used for a machine connected to others +or to the Internet. There is no password access."), + 1 => _("Password are now enabled, but use as a networked computer is still not recommended."), + 2 => _("Few improvements for this security level, the main one is that there are +more security warnings and checks."), + 3 => _("This is the standard security recommended for a computer that will be used +to connect to the Internet as a client. There are now security checks. "), + 4 => _("With this security level, the use of this system as a server becomes possible. +The security is now high enough to use the system as a server which accept +connections from many clients. "), + 5 => _("We take level 4 features, but now the system is entirely closed. +Security features are at their maximum."), + ); + delete @l{0,1}; + delete @l{5} if !$::expert; + + $in->ask_from('', _("Choose security level") . "\n\n" . + join('', map { "$l{$_}: $help{$_}\n\n" } keys %l), + [ + { label => _("Security level"), val => $security, list => [ sort keys %l ], format => sub { $l{$_} } }, + if_($in->do_pkgs->is_installed('libsafe') && arch() =~ /^i.86/, + { label => _("Use libsafe for servers"), val => $libsafe, type => 'bool', text => + _("A library which defends against buffer overflow and format string attacks.") } + ) + ] + ); +} + 1; diff --git a/perl-install/install_steps_interactive.pm b/perl-install/install_steps_interactive.pm index b174ac857..f4f68f592 100644 --- a/perl-install/install_steps_interactive.pm +++ b/perl-install/install_steps_interactive.pm @@ -1236,16 +1236,11 @@ try to force installation even if that destroys the first partition?")); sub miscellaneous { my ($o, $clicked) = @_; - my %l = ( - 2 => _("Low"), - 3 => _("Medium"), - 4 => _("High"), - ); - if ($::expert || $clicked) { - $ENV{SECURE_LEVEL} = $o->{security} = - $o->ask_from_listf('', _("Choose security level"), sub { $l{$_[0]} }, [ ikeys %l ], $o->{security}) - or return; - } + + any::choose_security_level($o, \$o->{security}, \$o->{libsafe}) or return; + + any::config_libsafe($o->{prefix}, $o->{libsafe}); + install_steps::miscellaneous($o); } diff --git a/perl-install/standalone/draksec b/perl-install/standalone/draksec index aef9cd80d..9cf75788f 100755 --- a/perl-install/standalone/draksec +++ b/perl-install/standalone/draksec @@ -18,75 +18,23 @@ $::isEmbedded = ($::XID, $::CCPID) = "@ARGV" =~ /--embedded (\w+) (\w+)/; my $in = 'interactive'->vnew('su', 'security'); -my %m = reverse (my %l = ( - 0 => _("Welcome To Crackers"), - 1 => _("Poor"), - 2 => _("Low"), - 3 => _("Medium"), - 4 => _("High"), - 5 => _("Paranoid"), -)); -my %help = ( - 0 => _("This level is to be used with care. It makes your system more easy to use, -but very sensitive: it must not be used for a machine connected to others -or to the Internet. There is no password access."), - 1 => _("Password are now enabled, but use as a networked computer is still not recommended."), - 2 => _("Few improvements for this security level, the main one is that there are -more security warnings and checks."), - 3 => _("This is the standard security recommended for a computer that will be used -to connect to the Internet as a client. There are now security checks. "), - 4 => _("With this security level, the use of this system as a server becomes possible. -The security is now high enough to use the system as a server which accept -connections from many clients. "), - 5 => _("We take level 4 features, but now the system is entirely closed. -Security features are at their maximum."), -); - -delete @l{0,1,5} unless $::expert; -delete @help{0,1,5} unless $::expert; - begin: $::isEmbedded and kill USR2, $::CCPID; -#$in->ask_from('', -# _("Choose security level") . "\n\n" . join('', map { "$l{$_}: $help{$_}\n\n" } keys %l), -# { label => _($st->{$f}{text}), val => \$def_choice, list => [ 'replay', 'manual' ] }, -# { label => _($st->{$f}{text}), val => \$def_choice, list => [ 'replay', 'manual' ] } -# ) +my $security = + cat_("/etc/profile.d/msec.sh") =~ /export SECURE_LEVEL=(\d+)/ ? $1 : + $ENV{SECURE_LEVEL} || 2; +my $libsafe = any::config_libsafe(''); -my $libsafe; -my $secure_level; -if (-e "$prefix/etc/profile.d/msec.sh") { - local $_ = cat_("$prefix/etc/profile.d/msec.sh"); - /export SECURE_LEVEL=(\d+)/ and $secure_level = $1; -} -$secure_level ||= $ENV{SECURE_LEVEL}; -$secure_level ||= 2; -$secure_level = $l{$secure_level}; +if (any::choose_security_level($in, \$security, \$libsafe)) { -my %h = getVarsFromSh("$prefix/etc/sysconfig/system"); -$libsafe = $h{LIBSAFE} =~ /yes/i; + any::config_libsafe('', $libsafe); -if ($in->ask_from('', _("Choose security level") . "\n\n" . - join('', map { "$l{$_}: $help{$_}\n\n" } keys %l), - [ - { label => _("Security level"), val => \$secure_level, list => [ (values %l) ] }, - if_(pkgs_interactive::is_installed('libsafe') && arch() =~ /^i.86/, - { label => _("Use libsafe for servers"), val => \$libsafe, type => 'bool', text => - _("A library which defends against buffer overflow and format string attacks.") } - ) - ] - )) { my $w = $in->wait_message('', _("Setting security level")); $in->suspend; - $ENV{LILO_PASSWORD} = ''; # make it non interactive - system "/usr/sbin/msec", $m{$secure_level}; - my %t = getVarsFromSh("$prefix/etc/sysconfig/system"); - - $t{LIBSAFE} = bool2yesno($libsafe); - setVarsInSh("$prefix/etc/sysconfig/system", \%t); + system "/usr/sbin/msec", $security; $in->resume; } |