summaryrefslogtreecommitdiffstats
path: root/perl-install/any.pm
diff options
context:
space:
mode:
Diffstat (limited to 'perl-install/any.pm')
-rw-r--r--perl-install/any.pm70
1 files changed, 70 insertions, 0 deletions
diff --git a/perl-install/any.pm b/perl-install/any.pm
index 1c4b34b1e..69519938d 100644
--- a/perl-install/any.pm
+++ b/perl-install/any.pm
@@ -1024,6 +1024,67 @@ sub ddcxinfos {
@l;
}
+sub config_libsafe {
+ my ($prefix, $libsafe) = @_;
+ my %t = getVarsFromSh("$prefix/etc/sysconfig/system");
+ if (@_ > 1) {
+ $t{LIBSAFE} = bool2yesno($libsafe);
+ setVarsInSh("$prefix/etc/sysconfig/system", \%t);
+ }
+ text2bool($t{LIBSAFE});
+}
+
+sub config_security_user {
+ my ($prefix, $sec_user) = @_;
+ my %t = getVarsFromSh("$prefix/etc/security/msec/security.conf");
+ if (@_ > 1) {
+ $t{MAIL_USER} = $sec_user;
+ setVarsInSh("$prefix/etc/security/msec/security.conf", \%t);
+ }
+ $t{MAIL_USER};
+}
+
+sub choose_security_level {
+ my ($in, $security, $libsafe, $email) = @_;
+ my $expert_file = "/etc/security/msec/expert_mode";
+
+ my %l = (
+ 0 => _("Welcome To Crackers"),
+ 1 => _("Poor"),
+ 2 => _("Standard"),
+ 3 => _("High"),
+ 4 => _("Higher"),
+ 5 => _("Paranoid"),
+ );
+ my %help = (
+ 0 => _("This level is to be used with care. It makes your system more easy to use,
+but very sensitive: it must not be used for a machine connected to others
+or to the Internet. There is no password access."),
+ 1 => _("Password are now enabled, but use as a networked computer is still not recommended."),
+ 2 => _("This is the standard security recommended for a computer that will be used to connect to the Internet as a client."),
+ 3 => _("There are already some restrictions, and more automatic checks are run every night."),
+ 4 => _("With this security level, the use of this system as a server becomes possible.
+The security is now high enough to use the system as a server which can accept
+connections from many clients. Note: if your machine is only a client on the Internet, you should choose a lower level."),
+ 5 => _("This is similar to the previous level, but the system is entirely closed and security features are at their maximum."),
+ );
+ delete @l{0,1};
+ delete $l{5} if !$::expert;
+
+ $in->ask_from(
+ ("DrakSec Basic Options"),
+ ("Please choose the desired security level") . "\n\n" .
+ join('', map { "$l{$_}: " . formatAlaTeX($help{$_}) . "\n\n" } keys %l),
+ [
+ { label => _("Security level"), val => $security, list => [ sort keys %l ], format => sub { $l{$_} } },
+ if_($in->do_pkgs->is_installed('libsafe') && arch() =~ /^i.86/,
+ { label => _("Use libsafe for servers"), val => $libsafe, type => 'bool', text =>
+ _("A library which defends against buffer overflow and format string attacks.") } ),
+ { label => _("Security Administrator (login or email)"), val => $email, },
+ ],
+ );
+ }
+
sub running_window_manager {
my @window_managers = (
'kdeinit: kwin',
@@ -1048,6 +1109,15 @@ sub ask_window_manager_to_logout {
1;
}
+sub get_secure_level {
+ my ($prefix) = @_;
+
+ cat_("/etc/profile") =~ /export SECURE_LEVEL=(\d+)/ && $1 || #- 8.0 msec
+ cat_("/etc/profile.d/msec.sh") =~ /export SECURE_LEVEL=(\d+)/ && $1 || #- 8.1 msec
+ ${{ getVarsFromSh("$prefix/etc/sysconfig/msec") }}{SECURE_LEVEL} || #- 8.2 msec
+ $ENV{SECURE_LEVEL};
+}
+
sub alloc_raw_device {
my ($prefix, $device) = @_;
my $used = 0;