From 03a4f937e46e10e3889bf24f5dd8e50fb9f0d7d8 Mon Sep 17 00:00:00 2001 From: Thierry Vignaud Date: Wed, 18 Sep 2002 06:22:29 +0000 Subject: "kill quart of draksec code" patch aka make it really working aka "happy fred" : - security::msec : o consolidate get_function_value() and get_value into get_value() o really apply changes, aka save them : * config_check() : use substInFile and setVarsInSh * config_function() : use substInFile and append_to_file * kill stupid and bogus config_option() o don't overwrite previous changes, aka reread them : * fix checks and functions current value loading * fix checks and functions default loading - security::main : o simplify ui creation, make it more readable o kill offuscating basic_secadmin_check(), basic_secadmin_entry(), network_generate_page(), system_generate_page() and checks_generate_page() o increase default height because of stupid "add_with_viewport" in ugtk::createScrolledWindow o consolidate network and system functions managment, they're all the same for msec, splitting is only a draksec "feature"; all go in %options_values - draksec : o let standalone module configure standalone mode o security::main already take care of initializing gtk o security::main already take care of exiting o don't play with embedded mode special variables it overall looks better but big cleanups're still possible for mdk9.1 --- perl-install/security/msec.pm | 93 +++++++++++++++++++------------------------ 1 file changed, 42 insertions(+), 51 deletions(-) (limited to 'perl-install/security/msec.pm') diff --git a/perl-install/security/msec.pm b/perl-install/security/msec.pm index 905705003..56364684f 100644 --- a/perl-install/security/msec.pm +++ b/perl-install/security/msec.pm @@ -23,7 +23,7 @@ msec - Perl functions to handle msec configuration files foreach @functions { %defaults{$_} = $msec->get_function_default($_) } foreach @functions { $msec->config_function($_, %options{$_}) } - @checks = $msec->get_checks; + @checks = $msec->get_default_checks; foreach @checks { %options{$_} = $msec->get_check_value($_) } foreach @checks { %defaults{$_} = $msec->get_check_default($_) } foreach @checks { $msec->config_check($_, %options{$_}) } @@ -81,14 +81,45 @@ sub get_default { open F, $default_file; while() { - if ($_ =~ /^$option/) { (undef, $default_value) = split(/$category eq "functions" ? ' ' : '=' /o, $_); } + if ($category eq 'functions') { + if ($_ =~ /^$option/) { (undef, $default_value) = split(/ /, $_) } + } elsif ($category eq 'checks') { + if ($_ =~ /^$option/) { (undef, $default_value) = split(/=/, $_) } + } } close F; chop $default_value; - $default_value; } +sub get_value { + my ($item, $category) = @_; + my $value = ''; + my $found = 0; + my $item_file; + $item_file = "$::prefix/etc/security/msec/level.local" if $category eq 'functions'; + $item_file = $check_file if $category eq 'checks'; + + if (-e $item_file) { + open F, $item_file; + while() { + if($_ =~ /^$item/) { + if ($category eq 'functions') { + (undef, $value) = split(/ /, $_); + } elsif ($category eq 'checks') { + (undef, $value) = split(/=/, $_); + } + chop $value; + $found = 1; + close F; + } + } + close F; + $value = "default" if $found == 0; + } + else { $value = "default" } + $value; +} # *********************************************** # SPECIFIC OPTIONS @@ -174,34 +205,15 @@ sub get_functions { # return the value of the function passed in argument. If no value is set, # return "default". sub get_function_value { - my ($function) = @_; - my $value = ''; - my $msec_options = "$::prefix/etc/security/msec/level.local"; - my $found = 0; - - if (-e $msec_options) { - open F, $msec_options; - while() { - if($_ =~ /^$function/) { - (undef, $value) = split(/\(/, $_); - chop $value; chop $value; - $found = 1; - } - } - close F; - if ($found == 0) { $value = "default" } - } - else { $value = "default" } - - $value; + shift; + get_value(@_, 'functions'); } # get_function_default(function) - # return the default value of the function according to the security level sub get_function_default { shift; - my ($function) = @_; - return get_default($function, "functions"); + return get_default(@_, "functions"); } # config_function(function, value) - @@ -223,9 +235,9 @@ sub config_function { # PERIODIC CHECKS (security.conf) RELATED # *********************************************** -# get_checks() - +# get_default_checks() - # return a list of periodic checks handled by security.conf -sub get_checks { +sub get_default_checks { my $check; my @checks = (); @@ -236,11 +248,10 @@ sub get_checks { open F, $check_file; while () { ($check, undef) = split(/=/, $_); - if(!(member($check, @ignore_list))) { push(@checks, $check) } + push @checks, $check if (!(member($check, @ignore_list))) } close F; } - @checks; } @@ -248,34 +259,14 @@ sub get_checks { # return the value of the check passed in argument sub get_check_value { shift; - my ($check) = @_; - my $check_file = $check_file; - my $value = ''; - my $found = 0; - - if (-e $check_file) { - open F, $check_file; - while() { - if($_ =~ /^$check/) { - (undef, $value) = split(/=/, $_); - chop $value; - $found = 1; - close F; - } - } - close F; - $value = "default" if ($found == 0); - } - else { $value = "default" } - - $value; + get_value(@_, 'checks'); } # get_check_default(check) # Get the default value according to the security level sub get_check_default { my ($check) = @_; - return get_default($check, "checks"); + return get_default($check, 'checks'); } # config_check(check, value) -- cgit v1.2.1