diff options
Diffstat (limited to 'perl-install/security')
-rw-r--r-- | perl-install/security/main.pm | 6 | ||||
-rw-r--r-- | perl-install/security/msec.pm | 129 |
2 files changed, 106 insertions, 29 deletions
diff --git a/perl-install/security/main.pm b/perl-install/security/main.pm index 65e346b7b..3702b9636 100644 --- a/perl-install/security/main.pm +++ b/perl-install/security/main.pm @@ -27,12 +27,12 @@ sub show_page { if ($page == 2) { if(security::msec::choose_checks($in, \%options, \$signal, $security)) { foreach $key (keys %options) { - security::msec::set_check('', $key, $options{$key}); + security::msec::config_option('', $key, $options{$key}, "checks"); } } } elsif ($page == 1) { - if(security::msec::choose_options($in, \%options, \$signal, $security)) { + if(security::msec::choose_functions($in, \%options, \$signal, $security)) { foreach $key (keys %options) { - security::msec::config_option('', $key, $options{$key}); + security::msec::config_option('', $key, $options{$key}, "functions"); } } } elsif ($page == 0) { if(security::msec::choose_security_level($in, \$security, \$libsafe, \$sec_user, \$signal)) { diff --git a/perl-install/security/msec.pm b/perl-install/security/msec.pm index 3c68103d6..3952552a3 100644 --- a/perl-install/security/msec.pm +++ b/perl-install/security/msec.pm @@ -28,9 +28,10 @@ sub config_security_user { sub get_functions { my $prefix = $_; my @functions = (); - my @ignore_list = qw(indirect commit_changes closelog error initlog log set_secure_level + ## TODO handle 3 last functions here so they can be removed from this list + my @ignore_list = qw(indirect commit_changes closelog error initlog log set_secure_level set_security_conf set_server_level print_changes get_translation - password_aging password_length enable_libsafe create_server_link); + enable_libsafe password_aging password_length create_server_link); my $file = "$prefix/usr/share/msec/mseclib.py"; my $function = ''; @@ -70,45 +71,90 @@ sub get_value { $value; } -sub set_option { - my ($prefix, $option, $value) =@_; - my %functions_hash = ( ); - my $key = ""; +sub get_checks { + my ($prefix) = $_; + my %checks = (); + my $check_file = "$prefix/etc/security/msec/security.conf"; + my $def_check = "$prefix/var/lib/msec/security.conf"; + my @ignore_list = qw(MAIL_USER); + my $key = ''; - my $msec_options = "$prefix/etc/security/msec/level.local"; + open F, $def_check; + while (<F>) { + ($key, undef) = split(/=/, $_); + if(!(member($key, @ignore_list))) { $checks{$key} = "default"; } + } + close F; - if(-e $msec_options) { - open F, $msec_options; - while(<F>) { - if (!($_ =~ /^from mseclib/) && $_ ne "\n") { - my ($name, $value_set) = split (/\(/, $_); - chop $value_set; chop $value_set; - $functions_hash{$name} = $value_set; + if (-e $check_file) { + open F, $check_file; + while (<F>) { + ($key, undef) = split(/=/, $_); + if(!(member($key, @ignore_list))) { + (undef, $checks{$key}) = split(/=/, $_); + chop $checks{$key}; } } close F; } - $functions_hash{$option} = $value; + %checks; +} - open F, '>'.$msec_options; - print F "from mseclib import *\n\n"; - foreach $key (keys %functions_hash) { - if ($functions_hash{$key} ne "default") { - print F "$key"."($functions_hash{$key})\n"; +sub config_option { + my ($prefix, $option, $value, $category) =@_; + my %options_hash = ( ); + my $key = ""; + my $options_file = ""; + + if($category eq "functions") { $options_file = "$prefix/etc/security/msec/level.local"; } + elsif($category eq "checks") { $options_file ="$prefix/etc/security/msec/security.conf"; } + + if(-e $options_file) { + open F, $options_file; + if($category eq "functions") { + while(<F>) { + if (!($_ =~ /^from mseclib/) && $_ ne "\n") { + my ($name, $value_set) = split (/\(/, $_); + chop $value_set; chop $value_set; + $options_hash{$name} = $value_set; + } + } + } + elsif($category eq "checks") { + %options_hash = getVarsFromSh($options_file); + } + close F; + } + + $options_hash{$option} = $value; + + open F, '>'.$options_file; + if ($category eq "functions") { print F "from mseclib import *\n\n"; } + foreach $key (keys %options_hash) { + if ($options_hash{$key} ne "default") { + if($category eq "functions") { print F "$key"."($options_hash{$key})\n"; } + elsif($category eq "checks") { print F "$key=$options_hash{$key}\n"; } } } close F; } sub get_options { - my ($prefix, $security) = @_; + my ($prefix, $category) = @_; my %options = (); - my @functions = get_functions($prefix); + my @functions = (); + my @checks = (); my $key = ""; - foreach $key (@functions) { - $options{$key} = get_value($prefix, $key); + if ($category eq "functions") { + @functions = get_functions($prefix); + foreach $key (@functions) { + $options{$key} = get_value($prefix, $key); + } + } + elsif ($category eq "checks") { + %options = get_checks($prefix); } %options; @@ -171,7 +217,7 @@ sub choose_security_level { ); } -sub choose_options { +sub choose_functions { my ($in, $rfunctions, $signal, $security) = @_; my $i = 0; my @display = (); @@ -192,14 +238,45 @@ sub choose_options { $i++; } + # TODO find a way to add the button outside of the scrolling zone $in->ask_from( ("DrakSec - Advanced Options"), ("You can customize the following options. For more information, see the mseclib manual page."), [ - { val =>_("Basic Options"), type => 'button', clicked_may_quit => sub { $$signal = 0; print "";} }, + { val => _("Basic Options"), type => 'button', clicked_may_quit => sub { $$signal = 0; print ""; } }, + { val => _("Security Checks"), type => 'button', clicked_may_quit => sub {$$signal = 2; print ""; } }, @display ], ); } +sub choose_checks { + my ($in, $roptions, $signal, $security) = @_; + my $i = 0; + my @display = (); + my $key = ''; + my $def_checks = "/var/lib/msec/security.conf"; + + my %defaults = getVarsFromSh($def_checks); + + foreach $key (keys %$roptions) { + if ($defaults{$key} eq "yes" || $defaults{$key} eq "no") { + $display[$i] = { label => $key." (default=$defaults{$key})", val => \$$roptions{$key}, list => ["yes", "no", "default"] }; + } + else { $display[$i] = { label => $key." (default=$defaults{$key})", val => \$$roptions{$key} }; + } + $i++; + } + + $in->ask_from( + ("DrakSec - Security Checks"), + ("You can customize the following security checks. For more information, see the mseclib manual page."), + [ + { val => _("Basic Options"), type => 'button', clicked_may_quit => sub { $$signal = 0; print ""; } }, + { val => _("Security Checks"), type => 'button', clicked_may_quit => sub {$$signal = 2; print ""; } }, + @display + ], + ); +} + 1; |