summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorChristian Belisle <cbelisle@mandriva.com>2002-06-17 18:12:36 +0000
committerChristian Belisle <cbelisle@mandriva.com>2002-06-17 18:12:36 +0000
commitf27efd3c19a8b43742f3e34dc4446ff29a9554a7 (patch)
tree3ab3c8b7135251e1e9f2eb22c18217065878c1ed
parentc8b4167e2c4fbda26bee20e4be16aeb2de01aed8 (diff)
downloaddrakx-f27efd3c19a8b43742f3e34dc4446ff29a9554a7.tar
drakx-f27efd3c19a8b43742f3e34dc4446ff29a9554a7.tar.gz
drakx-f27efd3c19a8b43742f3e34dc4446ff29a9554a7.tar.bz2
drakx-f27efd3c19a8b43742f3e34dc4446ff29a9554a7.tar.xz
drakx-f27efd3c19a8b43742f3e34dc4446ff29a9554a7.zip
- Customize entries for each options (checkboxes, text boxes and lists)
-rw-r--r--perl-install/security/msec.pm135
1 files changed, 89 insertions, 46 deletions
diff --git a/perl-install/security/msec.pm b/perl-install/security/msec.pm
index f8c95dd64..66800ef11 100644
--- a/perl-install/security/msec.pm
+++ b/perl-install/security/msec.pm
@@ -77,21 +77,21 @@ sub get_config {
my ($prefix, $security) = @_;
my (%net_options_defaults) = (
- accept_bogus_error_responses => [ "no", "no", "no", "no", "yes", "yes" ],
- accept_icmp_echo => [ "yes", "yes", "yes", "yes", "no", "no" ],
- enable_ip_spoofing_protection => [ "no", "no", "no", "yes", "yes", "yes" ],
- enable_log_strange_packets => [ "no", "no", "no", "yes", "yes", "yes" ] );
+ accept_bogus_error_responses => [ 0, 0, 0, 0, 1, 1 ],
+ accept_icmp_echo => [ 1, 1, 1, 1, 0, 0 ],
+ enable_ip_spoofing_protection => [ 0, 0, 0, 1, 1, 1 ],
+ enable_log_strange_packets => [ 0, 0, 0, 0, 1, 1 ] );
my (%user_options_defaults) = (
- allow_autologin => [ "yes", "yes", "yes", "no", "no", "no" ],
+ allow_autologin => [ 1, 1, 1, 0, 0, 0 ],
allow_issues => [ "ALL", "ALL", "ALL", "LOCAL", "LOCAL", "NONE" ],
- allow_reboot => [ "yes", "yes", "yes", "yes", "no", "no" ],
- allow_root_login => [ "yes", "yes", "yes", "yes", "no", "no" ],
- allow_user_list => [ "yes", "yes", "yes", "yes", "no", "no" ],
- enable_at_crontab => [ "yes", "yes", "yes", "yes", "no", "no" ],
- enable_pam_wheel_for_su => [ "no", "no", "no", "no", "no", "yes" ],
- enable_password => [ "no", "yes", "yes", "yes", "yes", "yes" ],
- enable_sulogin => [ "no", "no", "no", "no", "yes", "yes" ],
+ allow_reboot => [ 1, 1, 1, 1, 0, 0 ],
+ allow_root_login => [ 1, 1, 1, 1, 0, 0 ],
+ allow_user_list => [ 1, 1, 1, 1, 0, 0 ],
+ enable_at_crontab => [ 1, 1, 1, 1, 0, 0 ],
+ enable_pam_wheel_for_su => [ 0, 0, 0, 0, 0, 0 ],
+ enable_password => [ 0, 1, 1, 1, 1, 1 ],
+ enable_sulogin => [ 0, 0, 0, 0, 1, 1 ],
password_aging => [ "99999,-1", "99999,-1", "99999,-1", "99999,-1", "60,-1", "30,-1" ],
password_length => [ "0,0,0", "0,0,0", "0,0,0", "0,0,0", "0,0,0", "0,0,0" ],
set_root_umask => [ "002", "002", "022", "022", "022", "077" ],
@@ -100,65 +100,108 @@ sub get_config {
set_shell_timeout => [ "0", "0", "0", "0", "3600", "900" ] );
my (%server_options_defaults) = (
- allow_x_connections => [ "ALL,yes", "LOCAL,yes", "LOCAL,yes", "LOCAL,yes", "LOCAL,no", "NONE,no" ],
+ allow_x_connections => [ "ALL", "LOCAL", "LOCAL", "LOCAL", "LOCAL", "NONE" ],
authorize_services => [ "ALL", "ALL", "ALL", "ALL", "LOCAL", "NONE" ],
- enable_libsafe => [ "no", "no", "no", "no", "no", "no" ] );
+ enable_libsafe => [ 0, 0, 0, 0, 0, 0 ] );
+
+ my (%net_options) = (
+ accept_bogus_error_responses => $net_options_defaults{accept_bogus_error_responses}[$security],
+ accept_icmp_echo => $net_options_defaults{accept_icmp_echo}[$security],
+ enable_ip_spoofing_protection => $net_options_defaults{enable_ip_spoofing_protection}[$security],
+ enable_log_strange_packets => $net_options_defaults{enable_log_strange_packets}[$security]
+ );
my (%net_options_matrix) = (
accept_bogus_error_responses => { label => _("Accept/Refuse bogus IPV4 error messages"),
- val => $net_options_defaults{accept_bogus_error_responses}[$security],
- list => [ "yes", "no" ] },
+ val => \$net_options{accept_bogus_error_responses},
+ type => "bool" },
accept_icmp_echo => { label => _("Accept/Refuse ICMP echo"),
- val => $net_options_defaults{accept_icmp_echo}[$security],
- list => [ "yes", "no" ] },
+ val => \$net_options{accept_icmp_echo},
+ type => "bool" },
enable_ip_spoofing_protection => { label => _("Enable/Disable IP spoofing protection. If alert is true, also reports to syslog"),
- val => $net_options_defaults{enable_ip_spoofing_protection}[$security],
- list => [ "yes", "no" ] },
+ val => \$net_options{enable_ip_spoofing_protection},
+ type=> "bool" },
enable_log_strange_packets => { label => _("Enable/Disable the logging of IPv4 strange packets"),
- val => $net_options_defaults{enable_log_strange_packets}[$security],
- list => [ "yes", "no" ] }
+ val => \$net_options{enable_log_strange_packets},
+ type => "bool" }
+ );
+
+ my (%user_options) = (
+ allow_autologin => $user_options_defaults{allow_autologin}[$security],
+ allow_issues => $user_options_defaults{allow_issues}[$security],
+ allow_reboot => $user_options_defaults{allow_reboot}[$security],
+ allow_root_login => $user_options_defaults{allow_root_login}[$security],
+ allow_user_list => $user_options_defaults{allow_user_list}[$security],
+ enable_at_crontab => $user_options_defaults{enable_at_crontab}[$security],
+ enable_pam_wheel_for_su => $user_options_defaults{enable_pam_wheel_for_su}[$security],
+ enable_password => $user_options_defaults{enable_password}[$security],
+ enable_sulogin => $user_options_defaults{enable_sulogin}[$security],
+ password_aging => $user_options_defaults{password_aging}[$security],
+ password_length => $user_options_defaults{password_length}[$security],
+ set_root_umask => $user_options_defaults{set_root_umask}[$security],
+ set_user_umask => $user_options_defaults{set_user_umask}[$security],
+ set_shell_history_size => $user_options_defaults{set_shell_history_size}[$security],
+ set_shell_timeout => $user_options_defaults{set_shell_timeout}[$security]
);
my (%user_options_matrix) = (
allow_autologin => { label => _("Allow/Forbid autologin"),
- val => $user_options_defaults{allow_autologin}[$security] },
- allow_issues => { label => _("Allow/Forbid pre-login message : If ALL, allow remote and local pre-login message (/etc/issue[.net]). If LOCAL, allow local pre-login message (/etc/issue). If NONE, disable pre-login message."),
- val => $user_options_defaults{allow_issues}[$security] },
+ val => \$user_options{allow_autologin},
+ type => "bool" },
+ allow_issues => { label => _("Allow/Forbid pre-login message : If ALL, allow remote and local pre-login message (/etc/issue[.net]).\n If LOCAL, allow local pre-login message (/etc/issue). If NONE, disable pre-login message."),
+ val => \$user_options{allow_issues},
+ list => ["ALL", "LOCAL", "NONE"] },
allow_reboot => { label => _("Allow/Forbid reboot by the console user"),
- val => $user_options_defaults{allow_reboot}[$security] },
+ val => \$user_options{allow_reboot},
+ type => "bool" },
allow_root_login => { label => _("Allow/Forbid direct root login"),
- val => $user_options_defaults{allow_root_login}[$security] },
+ val => \$user_options{allow_root_login},
+ type => "bool" },
allow_user_list => { label => _("Allow/Forbid the list of users on the system in the display managers (kdm and gdm)"),
- val => $user_options_defaults{allow_user_list}[$security] },
- enable_at_crontab => { label => _("Enable/Disable crontab and at for users. Put allowed users in /etc/cron.allow and /etc/at.allow (see at(1) and crontab(1))"),
- val => $user_options_defaults{enable_at_crontab}[$security] },
+ val => \$user_options{allow_user_list},
+ type => "bool" },
+ enable_at_crontab => { label => _("Enable/Disable crontab and at for users. Put allowed users in /etc/cron.allow\n and /etc/at.allow (see at(1) and crontab(1))"),
+ val => \$user_options{enable_at_crontab},
+ type => "bool" },
enable_pam_wheel_for_su => { label => _("Enable su only for members of the wheel group or allow su from any user"),
- val => $user_options_defaults{enable_pam_wheel_for_su}[$security] },
+ val => \$user_options{enable_pam_wheel_for_su},
+ type => "bool" },
enable_password => { label => _("Use password to authenticate users"),
- val => $user_options_defaults{enable_password}[$security] },
+ val => \$user_options{enable_password},
+ type => "bool" },
enable_sulogin => { label => _("Enable/Disable sulogin in single user level (see sulogin(8))"),
- val => $user_options_defaults{enable_sulogin}[$security] },
- password_aging => { label => _("Set password aging to max days (99999 to disable password aging"),
- val => $user_options_defaults{password_aging}[$security] },
+ val => \$user_options{enable_sulogin},
+ type => "bool" },
+ password_aging => { label => _("Set password aging to max days, Set delay before inactive\n (99999 to disable password aging, -1 to disable de-activation"),
+ val => \$user_options{password_aging} },
password_length => { label => _("Set the password minimum length, the minimum number of digits and the minimum number of capitalized letters"),
- val => $user_options_defaults{password_length}[$security] },
+ val => \$user_options{password_length} },
set_root_umask => { label => _("Set the root umask"),
- val => $user_options_defaults{set_root_umask}[$security] },
+ val => \$user_options{set_root_umask} },
set_user_umask => { label => _("Set the user umask"),
- val => $user_options_defaults{set_user_umask}[$security] },
+ val => \$user_options{set_user_umask} },
set_shell_history_size => { label => _("Set shell commands history size (-1 for unlimited)"),
- val => $user_options_defaults{set_shell_history_size}[$security] },
+ val => \$user_options{set_shell_history_size} },
set_shell_timeout => { label => _("Set the shell timeout in seconds (0 for unlimited)"),
- val => $user_options_defaults{set_shell_timeout}[$security] }
+ val => \$user_options{set_shell_timeout} }
);
-
+
+ my (%server_options) = (
+ allow_x_connections => $server_options_defaults{allow_x_connections}[$security],
+ authorize_services => $server_options_defaults{authorize_services}[$security],
+ enable_libsafe => $server_options_defaults{enable_libsafe}[$security]
+ );
+
my (%server_options_matrix) = (
- allow_x_connections => { label => ("Allow/Forbid X connections : If ALL, all connections allowed. If LOCAL, local connections allowed. If NONE, only console connections allowed"),
- val => $server_options_defaults{allow_x_connections}[$security] },
- authorize_services => { label => _("Allow/Forbid services : If ALL, authorize all services. If LOCAL, authorize only local services. If NONE, disable all services. (see hosts.deny(5)). To authorize a service, see hosts.allow(5)."),
- val => $server_options_defaults{authorize_services}[$security] },
+ allow_x_connections => { label => ("Allow/Forbid X connections : If ALL, all connections allowed. If LOCAL, local connections allowed.\n If NONE, only console connections allowed"),
+ val => \$server_options{allow_x_connections},
+ list => [ "ALL", "LOCAL", "NONE" ] },
+ authorize_services => { label => _("Allow/Forbid services : If ALL, authorize all services. If LOCAL, authorize only local services.\n If NONE, disable all services. (see hosts.deny(5)). To authorize a service, see hosts.allow(5)."),
+ val => \$server_options{authorize_services},
+ list => [ "ALL", "LOCAL", "NONE" ] },
enable_libsafe => { label => _("Enable/Disable libsafe if it's installed on the system."),
- val => $server_options_defaults{enable_libsafe}[$security] },
+ val => \$server_options{enable_libsafe},
+ type => "bool" },
);
my $config_file = "$prefix/etc/security/msec/level.local";