diff options
-rw-r--r-- | perl-install/any.pm | 70 |
1 files changed, 70 insertions, 0 deletions
diff --git a/perl-install/any.pm b/perl-install/any.pm index 1c4b34b1e..69519938d 100644 --- a/perl-install/any.pm +++ b/perl-install/any.pm @@ -1024,6 +1024,67 @@ sub ddcxinfos { @l; } +sub config_libsafe { + my ($prefix, $libsafe) = @_; + my %t = getVarsFromSh("$prefix/etc/sysconfig/system"); + if (@_ > 1) { + $t{LIBSAFE} = bool2yesno($libsafe); + setVarsInSh("$prefix/etc/sysconfig/system", \%t); + } + text2bool($t{LIBSAFE}); +} + +sub config_security_user { + my ($prefix, $sec_user) = @_; + my %t = getVarsFromSh("$prefix/etc/security/msec/security.conf"); + if (@_ > 1) { + $t{MAIL_USER} = $sec_user; + setVarsInSh("$prefix/etc/security/msec/security.conf", \%t); + } + $t{MAIL_USER}; +} + +sub choose_security_level { + my ($in, $security, $libsafe, $email) = @_; + my $expert_file = "/etc/security/msec/expert_mode"; + + my %l = ( + 0 => _("Welcome To Crackers"), + 1 => _("Poor"), + 2 => _("Standard"), + 3 => _("High"), + 4 => _("Higher"), + 5 => _("Paranoid"), + ); + my %help = ( + 0 => _("This level is to be used with care. It makes your system more easy to use, +but very sensitive: it must not be used for a machine connected to others +or to the Internet. There is no password access."), + 1 => _("Password are now enabled, but use as a networked computer is still not recommended."), + 2 => _("This is the standard security recommended for a computer that will be used to connect to the Internet as a client."), + 3 => _("There are already some restrictions, and more automatic checks are run every night."), + 4 => _("With this security level, the use of this system as a server becomes possible. +The security is now high enough to use the system as a server which can accept +connections from many clients. Note: if your machine is only a client on the Internet, you should choose a lower level."), + 5 => _("This is similar to the previous level, but the system is entirely closed and security features are at their maximum."), + ); + delete @l{0,1}; + delete $l{5} if !$::expert; + + $in->ask_from( + ("DrakSec Basic Options"), + ("Please choose the desired security level") . "\n\n" . + join('', map { "$l{$_}: " . formatAlaTeX($help{$_}) . "\n\n" } keys %l), + [ + { label => _("Security level"), val => $security, list => [ sort keys %l ], format => sub { $l{$_} } }, + if_($in->do_pkgs->is_installed('libsafe') && arch() =~ /^i.86/, + { label => _("Use libsafe for servers"), val => $libsafe, type => 'bool', text => + _("A library which defends against buffer overflow and format string attacks.") } ), + { label => _("Security Administrator (login or email)"), val => $email, }, + ], + ); + } + sub running_window_manager { my @window_managers = ( 'kdeinit: kwin', @@ -1048,6 +1109,15 @@ sub ask_window_manager_to_logout { 1; } +sub get_secure_level { + my ($prefix) = @_; + + cat_("/etc/profile") =~ /export SECURE_LEVEL=(\d+)/ && $1 || #- 8.0 msec + cat_("/etc/profile.d/msec.sh") =~ /export SECURE_LEVEL=(\d+)/ && $1 || #- 8.1 msec + ${{ getVarsFromSh("$prefix/etc/sysconfig/msec") }}{SECURE_LEVEL} || #- 8.2 msec + $ENV{SECURE_LEVEL}; +} + sub alloc_raw_device { my ($prefix, $device) = @_; my $used = 0; |