summaryrefslogtreecommitdiffstats
path: root/perl-install/security
diff options
context:
space:
mode:
authorThierry Vignaud <tvignaud@mandriva.org>2003-02-04 07:33:45 +0000
committerThierry Vignaud <tvignaud@mandriva.org>2003-02-04 07:33:45 +0000
commit111ce9f21f987c315c4fee080605bb07febb0224 (patch)
treecfa42c430e6e4c130f8c8a7902a6d177f22b5afe /perl-install/security
parent7acd01380008db037f4dc67616d09855d82e55b8 (diff)
downloaddrakx-backup-do-not-use-111ce9f21f987c315c4fee080605bb07febb0224.tar
drakx-backup-do-not-use-111ce9f21f987c315c4fee080605bb07febb0224.tar.gz
drakx-backup-do-not-use-111ce9f21f987c315c4fee080605bb07febb0224.tar.bz2
drakx-backup-do-not-use-111ce9f21f987c315c4fee080605bb07febb0224.tar.xz
drakx-backup-do-not-use-111ce9f21f987c315c4fee080605bb07febb0224.zip
- fix get_check_default() and get_function_default() description
- fix "check states were not saved if their value did not change (thus reverting it to default on disk)" - fix emebedding (no transcience when embedded) - fix "value get chop()-ed until it disapear and is reset to default" - log which security level is set and not only the switch killing latest remanent parts of christian "yeah baby, i'm piggy" work: - functions and checks listing : o rename get_functions() as list_functions() and get_default_checks() as list_checks(); this is both more homogenous and enable one to separate them from the get_(check|function)_(value|default) function group o regroup them o over simplify list_functions(): leave functions listing to msec (aka /usr/share/msec/level.<LEVEL>, assuming share/msec.py is always up to date, just don't care reparsing python code (this is plain stupid); if we cannot rely on msec, on who could we :-) ? o this allow to simplify msec gui so that we do not exclude stuff already excluded - remove config_check(), config_funtion(): replace them by: o set_check() and set_function() to store new values in data structure o apply_checks() and apply_functions() to save these new values, thus writing config files once and not twice the functions & checks count
Diffstat (limited to 'perl-install/security')
-rw-r--r--perl-install/security/msec.pm115
1 files changed, 59 insertions, 56 deletions
diff --git a/perl-install/security/msec.pm b/perl-install/security/msec.pm
index d02e16610..7991b913f 100644
--- a/perl-install/security/msec.pm
+++ b/perl-install/security/msec.pm
@@ -12,9 +12,6 @@ my $check_file = "$::prefix/etc/security/msec/security.conf";
my $curr_sec_file = "$::prefix/var/lib/msec/security.conf";
my $options_file = "$::prefix/etc/security/msec/level.local";
-# ***********************************************
-# PRIVATE FUNCTIONS
-# ***********************************************
my $num_level;
@@ -50,7 +47,6 @@ sub load_defaults {
# get_XXX_default(function) -
# return the default of the function|check passed in argument.
-# If no default is set, return "default".
sub get_check_default {
my ($msec, $check) = @_;
@@ -77,9 +73,9 @@ sub load_values {
do { print "BACKTRACE:\n", backtrace(), "\n"; die 'wrong category' } unless $separator;
map {
my ($opt, $val) = split /$separator/;
- $val =~ s/[()]//g;
- chop $opt if $separator eq '\('; # $opt =~ s/ //g if $separator eq '\(';
chop $val;
+ $val =~ s/[()]//g;
+ chop $opt if $separator eq '\('; # $opt =~ s/ //g if $separator eq '\(';
$opt => $val;
} cat_($item_file);
}
@@ -103,15 +99,19 @@ sub get_check_value {
-# ***********************************************
-# FUNCTIONS (level.local) RELATED
-# ***********************************************
+#-------------------------------------------------------------
+# get list of functions
+
+# list_(functions|checks) -
+# return a list of functions|checks handled by level.local|security.conf
+
+sub list_checks {
+ my ($msec) = @_;
+ map { if_(!member($_, qw(MAIL_WARN MAIL_USER)), $_) } keys %{$msec->{checks}{default}};
+}
-# get_functions() -
-# return a list of functions handled by level.local (see
-# man mseclib for more info).
-sub get_functions {
- my (undef, $category) = @_;
+sub list_functions {
+ my ($msec, $category) = @_;
my @functions;
## TODO handle 3 last functions here so they can be removed from this list
@@ -129,55 +129,58 @@ sub get_functions {
enable_sulogin password_aging password_history password_length set_root_umask
set_shell_history_size set_shell_timeout set_user_umask)]);
- my $file = "$::prefix/usr/share/msec/mseclib.py";
- my $function;
-
- # read mseclib.py to get each function's name and if it's
- # not in the ignore list, add it to the returned list.
- foreach (cat_($file)) {
- if (/^def/) {
- (undef, $function) = split / /;
- ($function, undef) = split(/\(/, $function);
- if (!member($function, @ignore_list) && member($function, @{$options{$category}})) {
- push(@functions, $function)
- }
- }
- }
-
- @functions;
+ # get all function names; filter out those which are in the ignore
+ # list, return what lefts.
+ map { if_(!member($_, @ignore_list) && member($_, @{$options{$category}}), $_) } keys %{$msec->{functions}{default}};
}
-# config_function(function, value) -
-# Apply the configuration to 'prefix'/etc/security/msec/level.local
-sub config_function {
- my (undef, $function, $value) = @_;
- substInFile { s/^$function.*\n// } $options_file;
- append_to_file($options_file, "$function ($value)") if $value ne 'default';
-}
+#-------------------------------------------------------------
+# set back checks|functions values
-# ***********************************************
-# PERIODIC CHECKS (security.conf) RELATED
-# ***********************************************
+sub set_function {
+ my ($msec, $function, $value) = @_;
+ $msec->{functions}{value}{$function} = $value;
+}
-# get_default_checks() -
-# return a list of periodic checks handled by security.conf
-sub get_default_checks {
- my ($msec) = @_;
- keys %{$msec->{checks}{default}};
+sub set_check {
+ my ($msec, $check, $value) = @_;
+ $msec->{checks}{value}{$check} = $value;
}
+#-------------------------------------------------------------
+# apply configuration
+
+# config_(check|function)(check|function, value) -
+# Apply the configuration to 'prefix'/etc/security/msec/security.conf||/etc/security/msec/level.local
-# config_check(check, value)
-# Apply the configuration to "$::prefix"/etc/security/msec/security.conf
-sub config_check {
- my (undef, $check, $value) = @_;
- if ($value eq 'default') {
- substInFile { s/^$check.*\n// } $check_file;
- } else {
- setVarsInSh($check_file, { $check => $value });
- }
+sub apply_functions {
+ my ($msec) = @_;
+ my @list = ($msec->list_functions('system'), $msec->list_functions('network'));
+ substInFile {
+ foreach my $function (@list) { s/^$function.*\n// }
+ if (eof) {
+ print "\n", join("\n", map {
+ my $value = $msec->get_function_value($_);
+ if_($value ne 'default', "$_ ($value)");
+ } @list);
+ }
+ } $options_file;
+}
+
+sub apply_checks {
+ my ($msec) = @_;
+ my @list = $msec->list_checks;
+ substInFile {
+ foreach my $check (@list) { s/^$check.*\n// }
+ if (eof) {
+ print "\n", join("\n", map {
+ my $value = $msec->get_check_value($_);
+ if_($value ne 'default', $_ . '=' . $value);
+ } @list), "\n";
+ }
+ } $check_file;
}
sub new {
@@ -185,8 +188,8 @@ sub new {
my $thing = {};
$thing->{checks}{default} = { load_defaults('checks') };
$thing->{functions}{default} = { load_defaults('functions') };
- $thing->{functions}{value} = { load_values('functions') };
- $thing->{checks}{value} = { load_values('checks') };
+ $thing->{functions}{value} = { load_values('functions') };
+ $thing->{checks}{value} = { load_values('checks') };
bless $thing, $type;
}