diff options
author | Thierry Vignaud <tvignaud@mandriva.org> | 2002-09-18 06:22:29 +0000 |
---|---|---|
committer | Thierry Vignaud <tvignaud@mandriva.org> | 2002-09-18 06:22:29 +0000 |
commit | 03a4f937e46e10e3889bf24f5dd8e50fb9f0d7d8 (patch) | |
tree | dcdf56222871dcf946466cf0d4cc5691bfdf4c2c /perl-install/security/msec.pm | |
parent | 0c7fb3de02f1c0fe9cf50d733553dedcb99110e4 (diff) | |
download | drakx-backup-do-not-use-03a4f937e46e10e3889bf24f5dd8e50fb9f0d7d8.tar drakx-backup-do-not-use-03a4f937e46e10e3889bf24f5dd8e50fb9f0d7d8.tar.gz drakx-backup-do-not-use-03a4f937e46e10e3889bf24f5dd8e50fb9f0d7d8.tar.bz2 drakx-backup-do-not-use-03a4f937e46e10e3889bf24f5dd8e50fb9f0d7d8.tar.xz drakx-backup-do-not-use-03a4f937e46e10e3889bf24f5dd8e50fb9f0d7d8.zip |
"kill quart of draksec code" patch aka make it really working aka "happy fred" :
- security::msec :
o consolidate get_function_value() and get_value into get_value()
o really apply changes, aka save them :
* config_check() : use substInFile and setVarsInSh
* config_function() : use substInFile and append_to_file
* kill stupid and bogus config_option()
o don't overwrite previous changes, aka reread them :
* fix checks and functions current value loading
* fix checks and functions default loading
- security::main :
o simplify ui creation, make it more readable
o kill offuscating basic_secadmin_check(), basic_secadmin_entry(),
network_generate_page(), system_generate_page() and checks_generate_page()
o increase default height because of stupid "add_with_viewport" in
ugtk::createScrolledWindow
o consolidate network and system functions managment, they're all the same for
msec, splitting is only a draksec "feature"; all go in %options_values
- draksec :
o let standalone module configure standalone mode
o security::main already take care of initializing gtk
o security::main already take care of exiting
o don't play with embedded mode special variables
it overall looks better but big cleanups're still possible for mdk9.1
Diffstat (limited to 'perl-install/security/msec.pm')
-rw-r--r-- | perl-install/security/msec.pm | 93 |
1 files changed, 42 insertions, 51 deletions
diff --git a/perl-install/security/msec.pm b/perl-install/security/msec.pm index 905705003..56364684f 100644 --- a/perl-install/security/msec.pm +++ b/perl-install/security/msec.pm @@ -23,7 +23,7 @@ msec - Perl functions to handle msec configuration files foreach @functions { %defaults{$_} = $msec->get_function_default($_) } foreach @functions { $msec->config_function($_, %options{$_}) } - @checks = $msec->get_checks; + @checks = $msec->get_default_checks; foreach @checks { %options{$_} = $msec->get_check_value($_) } foreach @checks { %defaults{$_} = $msec->get_check_default($_) } foreach @checks { $msec->config_check($_, %options{$_}) } @@ -81,14 +81,45 @@ sub get_default { open F, $default_file; while(<F>) { - if ($_ =~ /^$option/) { (undef, $default_value) = split(/$category eq "functions" ? ' ' : '=' /o, $_); } + if ($category eq 'functions') { + if ($_ =~ /^$option/) { (undef, $default_value) = split(/ /, $_) } + } elsif ($category eq 'checks') { + if ($_ =~ /^$option/) { (undef, $default_value) = split(/=/, $_) } + } } close F; chop $default_value; - $default_value; } +sub get_value { + my ($item, $category) = @_; + my $value = ''; + my $found = 0; + my $item_file; + $item_file = "$::prefix/etc/security/msec/level.local" if $category eq 'functions'; + $item_file = $check_file if $category eq 'checks'; + + if (-e $item_file) { + open F, $item_file; + while(<F>) { + if($_ =~ /^$item/) { + if ($category eq 'functions') { + (undef, $value) = split(/ /, $_); + } elsif ($category eq 'checks') { + (undef, $value) = split(/=/, $_); + } + chop $value; + $found = 1; + close F; + } + } + close F; + $value = "default" if $found == 0; + } + else { $value = "default" } + $value; +} # *********************************************** # SPECIFIC OPTIONS @@ -174,34 +205,15 @@ sub get_functions { # return the value of the function passed in argument. If no value is set, # return "default". sub get_function_value { - my ($function) = @_; - my $value = ''; - my $msec_options = "$::prefix/etc/security/msec/level.local"; - my $found = 0; - - if (-e $msec_options) { - open F, $msec_options; - while(<F>) { - if($_ =~ /^$function/) { - (undef, $value) = split(/\(/, $_); - chop $value; chop $value; - $found = 1; - } - } - close F; - if ($found == 0) { $value = "default" } - } - else { $value = "default" } - - $value; + shift; + get_value(@_, 'functions'); } # get_function_default(function) - # return the default value of the function according to the security level sub get_function_default { shift; - my ($function) = @_; - return get_default($function, "functions"); + return get_default(@_, "functions"); } # config_function(function, value) - @@ -223,9 +235,9 @@ sub config_function { # PERIODIC CHECKS (security.conf) RELATED # *********************************************** -# get_checks() - +# get_default_checks() - # return a list of periodic checks handled by security.conf -sub get_checks { +sub get_default_checks { my $check; my @checks = (); @@ -236,11 +248,10 @@ sub get_checks { open F, $check_file; while (<F>) { ($check, undef) = split(/=/, $_); - if(!(member($check, @ignore_list))) { push(@checks, $check) } + push @checks, $check if (!(member($check, @ignore_list))) } close F; } - @checks; } @@ -248,34 +259,14 @@ sub get_checks { # return the value of the check passed in argument sub get_check_value { shift; - my ($check) = @_; - my $check_file = $check_file; - my $value = ''; - my $found = 0; - - if (-e $check_file) { - open F, $check_file; - while(<F>) { - if($_ =~ /^$check/) { - (undef, $value) = split(/=/, $_); - chop $value; - $found = 1; - close F; - } - } - close F; - $value = "default" if ($found == 0); - } - else { $value = "default" } - - $value; + get_value(@_, 'checks'); } # get_check_default(check) # Get the default value according to the security level sub get_check_default { my ($check) = @_; - return get_default($check, "checks"); + return get_default($check, 'checks'); } # config_check(check, value) |