summaryrefslogtreecommitdiffstats
path: root/perl-install/security/msec.pm
diff options
context:
space:
mode:
Diffstat (limited to 'perl-install/security/msec.pm')
-rw-r--r--perl-install/security/msec.pm177
1 files changed, 67 insertions, 110 deletions
diff --git a/perl-install/security/msec.pm b/perl-install/security/msec.pm
index c8b206678..e15459126 100644
--- a/perl-install/security/msec.pm
+++ b/perl-install/security/msec.pm
@@ -2,6 +2,7 @@ package security::msec;
use strict;
use vars qw($VERSION);
+use MDK::Common::File;
$VERSION = "0.2";
@@ -15,17 +16,17 @@ msec - Perl functions to handle msec configuration files
my $msec = new msec;
- $secure_level = get_secure_level($prefix);
+ $secure_level = get_secure_level;
- @functions = $msec->get_functions($prefix);
- foreach @functions { %options{$_} = $msec->get_function_value($prefix, $_) }
- foreach @functions { %defaults{$_} = $msec->get_function_default($prefix, $_) }
- foreach @functions { $msec->config_function($prefix, $_, %options{$_}) }
+ @functions = $msec->get_functions;
+ foreach @functions { %options{$_} = $msec->get_function_value($_) }
+ foreach @functions { %defaults{$_} = $msec->get_function_default($_) }
+ foreach @functions { $msec->config_function($_, %options{$_}) }
- @checks = $msec->get_checks($prefix);
- foreach @checks { %options{$_} = $msec->get_check_value($prefix, $_) }
- foreach @checks { %defaults{$_} = $msec->get_check_default($prefix, $_) }
- foreach @checks { $msec->config_check($prefix, $_, %options{$_}) }
+ @checks = $msec->get_checks;
+ foreach @checks { %options{$_} = $msec->get_check_value($_) }
+ foreach @checks { %defaults{$_} = $msec->get_check_default($_) }
+ foreach @checks { $msec->config_check($_, %options{$_}) }
=head1 DESCRIPTION
@@ -54,75 +55,33 @@ Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
use MDK::Common;
+
+my $check_file = "$::prefix/etc/security/msec/security.conf";
# ***********************************************
# PRIVATE FUNCTIONS
# ***********************************************
-sub config_option {
- my ($prefix, $option, $value, $category) =@_;
- my %options_hash = ( );
- my $key = "";
- my $options_file = "";
-
- if($category eq "functions") { $options_file = "$prefix/etc/security/msec/level.local"; }
- elsif($category eq "checks") { $options_file ="$prefix/etc/security/msec/security.conf"; }
-
- if(-e $options_file) {
- open F, $options_file;
- if($category eq "functions") {
- while(<F>) {
- if (!($_ =~ /^from mseclib/) && $_ ne "\n") {
- my ($name, $value_set) = split (/\(/, $_);
- chop $value_set; chop $value_set;
- $options_hash{$name} = $value_set;
- }
- }
- }
- elsif($category eq "checks") {
- %options_hash = getVarsFromSh($options_file);
- }
- close F;
- }
-
- $options_hash{$option} = $value;
-
- open F, '>'.$options_file;
- foreach $key (keys %options_hash) {
- if ($options_hash{$key} ne "default") {
- if($category eq "functions") { print F "$key"."($options_hash{$key})\n"; }
- elsif($category eq "checks") { print F "$key=$options_hash{$key}\n"; }
- }
- }
- close F;
-}
sub get_default {
- my ($prefix, $option, $category) = @_;
+ my ($option, $category) = @_;
my $default_file = "";
my $default_value = "";
my $num_level = 0;
if ($category eq "functions") {
- my $word_level = get_secure_level($prefix);
+ my $word_level = get_secure_level();
if ($word_level eq "Dangerous") { $num_level = 0 }
elsif ($word_level eq "Poor") { $num_level = 1 }
elsif ($word_level eq "Standard") { $num_level = 2 }
elsif ($word_level eq "High") { $num_level = 3 }
elsif ($word_level eq "Higher") { $num_level = 4 }
elsif ($word_level eq "Paranoid") { $num_level = 5 }
- $default_file = "$prefix/usr/share/msec/level.".$num_level;
+ $default_file = "$::prefix/usr/share/msec/level.".$num_level;
}
- elsif ($category eq "checks") { $default_file = "$prefix/var/lib/msec/security.conf"; }
+ elsif ($category eq "checks") { $default_file = "$::prefix/var/lib/msec/security.conf"; }
open F, $default_file;
- if($category eq "functions") {
- while(<F>) {
- if ($_ =~ /^$option/) { (undef, $default_value) = split(/ /, $_); }
- }
- }
- elsif ($category eq "checks") {
- while(<F>) {
- if ($_ =~ /^$option/) { (undef, $default_value) = split(/=/, $_); }
- }
+ while(<F>) {
+ if ($_ =~ /^$option/) { (undef, $default_value) = split(/$category eq "functions" ? ' ' : '=' /o, $_); }
}
close F;
chop $default_value;
@@ -135,27 +94,21 @@ sub get_default {
# SPECIFIC OPTIONS
# ***********************************************
-# get_secure_level(prefix) - Get the secure level
+# get_secure_level() - Get the secure level
# duplicated with some drakx code
sub get_secure_level {
- shift @_;
- my $prefix = $_;
+ shift;
my $num_level = 2;
- $num_level = cat_("$prefix/etc/profile") =~ /export SECURE_LEVEL=(\d+)/ && $1 ||
- cat_("$prefix/etc/profile.d/msec.sh") =~ /export SECURE_LEVEL=(\d+)/ && $1 ||
- ${{ getVarsFromSh("$prefix/etc/sysconfig/msec") }}{SECURE_LEVEL};
+ $num_level = cat_("$::prefix/etc/profile") =~ /export SECURE_LEVEL=(\d+)/ && $1 ||
+ cat_("$::prefix/etc/profile.d/msec.sh") =~ /export SECURE_LEVEL=(\d+)/ && $1 ||
+ ${{ getVarsFromSh("$::prefix/etc/sysconfig/msec") }}{SECURE_LEVEL};
# || $ENV{SECURE_LEVEL};
- if ($num_level == 0) { return "Dangerous" }
- elsif ($num_level == 1) { return "Poor" }
- elsif ($num_level == 2) { return "Standard" }
- elsif ($num_level == 3) { return "High" }
- elsif ($num_level == 4) { return "Higher" }
- elsif ($num_level == 5) { return "Paranoid" }
-}
+ my @sec_levels = ("Dangerous", "Poor", "Standard", "High", "Higher", "Paranoid");
+ return $sec_levels[$num_level];}
sub get_seclevel_list {
qw(Standard High Higher Paranoid);
@@ -163,28 +116,22 @@ sub get_seclevel_list {
sub set_secure_level {
my $word_level = $_[1];
- my $num_level = 0;
- if ($word_level eq "Dangerous") { $num_level = 0 }
- elsif ($word_level eq "Poor") { $num_level = 1 }
- elsif ($word_level eq "Standard") { $num_level = 2 }
- elsif ($word_level eq "High") { $num_level = 3 }
- elsif ($word_level eq "Higher") { $num_level = 4 }
- elsif ($word_level eq "Paranoid") { $num_level = 5 }
-
- system "/usr/sbin/msec", $num_level;
+ my %sec_levels = ("Dangerous" => 0, "Poor" => 1, "Standard" => 2, "High" => 3, "Higher" => 4, "Paranoid" => 5);
+ my $num_level = $sec_levels{$word_level};
+ system "/usr/sbin/msec", $num_level ? $run_level : 3;
}
# ***********************************************
# FUNCTIONS (level.local) RELATED
# ***********************************************
-# get_functions(prefix) -
+# get_functions() -
# return a list of functions handled by level.local (see
# man mseclib for more info).
sub get_functions {
shift;
- my ($prefix, $category) = @_;
+ my ($category) = @_;
my @functions = ();
my (@tmp_network_list, @tmp_system_list);
@@ -204,10 +151,10 @@ sub get_functions {
enable_sulogin password_aging password_history password_length set_root_umask
set_shell_history_size set_shell_timeout set_user_umask);
- my $file = "$prefix/usr/share/msec/mseclib.py";
+ my $file = "$::prefix/usr/share/msec/mseclib.py";
my $function = '';
- print "$prefix\n";
+ print "$::prefix\n";
# read mseclib.py to get each function's name and if it's
# not in the ignore list, add it to the returned list.
open F, $file;
@@ -226,13 +173,13 @@ sub get_functions {
@functions;
}
-# get_function_value(prefix, function) -
+# get_function_value(function) -
# return the value of the function passed in argument. If no value is set,
# return "default".
sub get_function_value {
- my ($prefix, $function) = @_;
+ my ($function) = @_;
my $value = '';
- my $msec_options = "$prefix/etc/security/msec/level.local";
+ my $msec_options = "$::prefix/etc/security/msec/level.local";
my $found = 0;
if (-e $msec_options) {
@@ -252,34 +199,40 @@ sub get_function_value {
$value;
}
-# get_function_default(prefix, function) -
+# get_function_default(function) -
# return the default value of the function according to the security level
sub get_function_default {
shift;
- my ($prefix, $function) = @_;
- return get_default($prefix, $function, "functions");
+ my ($function) = @_;
+ return get_default($function, "functions");
}
-# config_function(prefix, function, value) -
+# config_function(function, value) -
# Apply the configuration to 'prefix'/etc/security/msec/level.local
sub config_function {
- shift @_;
- my ($prefix, $function, $value) = @_;
- config_option($prefix, $function, $value, "functions");
+ shift;
+ my ($function, $value) = @_;
+ my $options_file = "$::prefix/etc/security/msec/level.local";
+
+ if ($value eq 'default') {
+ substInFile { s/^$function.*// } $options_file;
+ } else {
+ substInFile { s/^$function.*// } $options_file;
+ append_to_file($options_file, "$function $value")
+ }
}
# ***********************************************
# PERIODIC CHECKS (security.conf) RELATED
# ***********************************************
-# get_checks(prefix) -
+# get_checks() -
# return a list of periodic checks handled by security.conf
sub get_checks {
- my $prefix = $_;
my $check;
my @checks = ();
- my $check_file = "$prefix/var/lib/msec/security.conf";
+ my $check_file = "$::prefix/var/lib/msec/security.conf";
my @ignore_list = qw(MAIL_USER);
if (-e $check_file) {
@@ -294,12 +247,12 @@ sub get_checks {
@checks;
}
-# get_check_value(prefix, check)
+# get_check_value(check)
# return the value of the check passed in argument
sub get_check_value {
- shift @_;
- my ($prefix, $check) = @_;
- my $check_file = "$prefix/etc/security/msec/security.conf";
+ shift;
+ my ($check) = @_;
+ my $check_file = $check_file;
my $value = '';
my $found = 0;
@@ -320,19 +273,23 @@ sub get_check_value {
$value;
}
-# get_check_default(prefix, check)
+# get_check_default(check)
# Get the default value according to the security level
sub get_check_default {
- my ($prefix, $check) = @_;
- return get_default($prefix, $check, "checks");
+ my ($check) = @_;
+ return get_default($check, "checks");
}
-# config_check(prefix, check, value)
-# Apply the configuration to "prefix"/etc/security/msec/security.conf
+# config_check(check, value)
+# Apply the configuration to "$::prefix"/etc/security/msec/security.conf
sub config_check {
- shift @_;
- my ($prefix, $check, $value) = @_;
- config_option($prefix, $check, $value, "checks");
+ shift;
+ my ($check, $value) = @_;
+ if ($value eq 'default') {
+ substInFile { s/^$check.*// } $check_file;
+ } else {
+ setVarsInSh($check_file, { $check => $value });
+ }
}
sub new { shift }