summaryrefslogtreecommitdiffstats
path: root/perl-install/security/msec.pm
diff options
context:
space:
mode:
authorThierry Vignaud <tvignaud@mandriva.org>2002-09-18 06:22:29 +0000
committerThierry Vignaud <tvignaud@mandriva.org>2002-09-18 06:22:29 +0000
commit03a4f937e46e10e3889bf24f5dd8e50fb9f0d7d8 (patch)
treedcdf56222871dcf946466cf0d4cc5691bfdf4c2c /perl-install/security/msec.pm
parent0c7fb3de02f1c0fe9cf50d733553dedcb99110e4 (diff)
downloaddrakx-backup-do-not-use-03a4f937e46e10e3889bf24f5dd8e50fb9f0d7d8.tar
drakx-backup-do-not-use-03a4f937e46e10e3889bf24f5dd8e50fb9f0d7d8.tar.gz
drakx-backup-do-not-use-03a4f937e46e10e3889bf24f5dd8e50fb9f0d7d8.tar.bz2
drakx-backup-do-not-use-03a4f937e46e10e3889bf24f5dd8e50fb9f0d7d8.tar.xz
drakx-backup-do-not-use-03a4f937e46e10e3889bf24f5dd8e50fb9f0d7d8.zip
"kill quart of draksec code" patch aka make it really working aka "happy fred" :
- security::msec : o consolidate get_function_value() and get_value into get_value() o really apply changes, aka save them : * config_check() : use substInFile and setVarsInSh * config_function() : use substInFile and append_to_file * kill stupid and bogus config_option() o don't overwrite previous changes, aka reread them : * fix checks and functions current value loading * fix checks and functions default loading - security::main : o simplify ui creation, make it more readable o kill offuscating basic_secadmin_check(), basic_secadmin_entry(), network_generate_page(), system_generate_page() and checks_generate_page() o increase default height because of stupid "add_with_viewport" in ugtk::createScrolledWindow o consolidate network and system functions managment, they're all the same for msec, splitting is only a draksec "feature"; all go in %options_values - draksec : o let standalone module configure standalone mode o security::main already take care of initializing gtk o security::main already take care of exiting o don't play with embedded mode special variables it overall looks better but big cleanups're still possible for mdk9.1
Diffstat (limited to 'perl-install/security/msec.pm')
-rw-r--r--perl-install/security/msec.pm93
1 files changed, 42 insertions, 51 deletions
diff --git a/perl-install/security/msec.pm b/perl-install/security/msec.pm
index 905705003..56364684f 100644
--- a/perl-install/security/msec.pm
+++ b/perl-install/security/msec.pm
@@ -23,7 +23,7 @@ msec - Perl functions to handle msec configuration files
foreach @functions { %defaults{$_} = $msec->get_function_default($_) }
foreach @functions { $msec->config_function($_, %options{$_}) }
- @checks = $msec->get_checks;
+ @checks = $msec->get_default_checks;
foreach @checks { %options{$_} = $msec->get_check_value($_) }
foreach @checks { %defaults{$_} = $msec->get_check_default($_) }
foreach @checks { $msec->config_check($_, %options{$_}) }
@@ -81,14 +81,45 @@ sub get_default {
open F, $default_file;
while(<F>) {
- if ($_ =~ /^$option/) { (undef, $default_value) = split(/$category eq "functions" ? ' ' : '=' /o, $_); }
+ if ($category eq 'functions') {
+ if ($_ =~ /^$option/) { (undef, $default_value) = split(/ /, $_) }
+ } elsif ($category eq 'checks') {
+ if ($_ =~ /^$option/) { (undef, $default_value) = split(/=/, $_) }
+ }
}
close F;
chop $default_value;
-
$default_value;
}
+sub get_value {
+ my ($item, $category) = @_;
+ my $value = '';
+ my $found = 0;
+ my $item_file;
+ $item_file = "$::prefix/etc/security/msec/level.local" if $category eq 'functions';
+ $item_file = $check_file if $category eq 'checks';
+
+ if (-e $item_file) {
+ open F, $item_file;
+ while(<F>) {
+ if($_ =~ /^$item/) {
+ if ($category eq 'functions') {
+ (undef, $value) = split(/ /, $_);
+ } elsif ($category eq 'checks') {
+ (undef, $value) = split(/=/, $_);
+ }
+ chop $value;
+ $found = 1;
+ close F;
+ }
+ }
+ close F;
+ $value = "default" if $found == 0;
+ }
+ else { $value = "default" }
+ $value;
+}
# ***********************************************
# SPECIFIC OPTIONS
@@ -174,34 +205,15 @@ sub get_functions {
# return the value of the function passed in argument. If no value is set,
# return "default".
sub get_function_value {
- my ($function) = @_;
- my $value = '';
- my $msec_options = "$::prefix/etc/security/msec/level.local";
- my $found = 0;
-
- if (-e $msec_options) {
- open F, $msec_options;
- while(<F>) {
- if($_ =~ /^$function/) {
- (undef, $value) = split(/\(/, $_);
- chop $value; chop $value;
- $found = 1;
- }
- }
- close F;
- if ($found == 0) { $value = "default" }
- }
- else { $value = "default" }
-
- $value;
+ shift;
+ get_value(@_, 'functions');
}
# get_function_default(function) -
# return the default value of the function according to the security level
sub get_function_default {
shift;
- my ($function) = @_;
- return get_default($function, "functions");
+ return get_default(@_, "functions");
}
# config_function(function, value) -
@@ -223,9 +235,9 @@ sub config_function {
# PERIODIC CHECKS (security.conf) RELATED
# ***********************************************
-# get_checks() -
+# get_default_checks() -
# return a list of periodic checks handled by security.conf
-sub get_checks {
+sub get_default_checks {
my $check;
my @checks = ();
@@ -236,11 +248,10 @@ sub get_checks {
open F, $check_file;
while (<F>) {
($check, undef) = split(/=/, $_);
- if(!(member($check, @ignore_list))) { push(@checks, $check) }
+ push @checks, $check if (!(member($check, @ignore_list)))
}
close F;
}
-
@checks;
}
@@ -248,34 +259,14 @@ sub get_checks {
# return the value of the check passed in argument
sub get_check_value {
shift;
- my ($check) = @_;
- my $check_file = $check_file;
- my $value = '';
- my $found = 0;
-
- if (-e $check_file) {
- open F, $check_file;
- while(<F>) {
- if($_ =~ /^$check/) {
- (undef, $value) = split(/=/, $_);
- chop $value;
- $found = 1;
- close F;
- }
- }
- close F;
- $value = "default" if ($found == 0);
- }
- else { $value = "default" }
-
- $value;
+ get_value(@_, 'checks');
}
# get_check_default(check)
# Get the default value according to the security level
sub get_check_default {
my ($check) = @_;
- return get_default($check, "checks");
+ return get_default($check, 'checks');
}
# config_check(check, value)