Added support for SECURE_TMP for temporary files.

author: Eugeni Dodonov <eugeni@mandriva.org> 2009-07-01 13:56:20 +0000
committer: Eugeni Dodonov <eugeni@mandriva.org> 2009-07-01 13:56:20 +0000
commit: ec37191ddee2a2213de60acb673fb5ae2255cb52 (patch)
tree: 66f8eabea20c2e704824255de8fd051b11c4d748
parent: aa04daf02e72f817e76f11724b643e486cd05bb4 (diff)
download: msec-ec37191ddee2a2213de60acb673fb5ae2255cb52.tar
msec-ec37191ddee2a2213de60acb673fb5ae2255cb52.tar.gz
msec-ec37191ddee2a2213de60acb673fb5ae2255cb52.tar.bz2
msec-ec37191ddee2a2213de60acb673fb5ae2255cb52.tar.xz
msec-ec37191ddee2a2213de60acb673fb5ae2255cb52.zip
4 files changed, 20 insertions, 3 deletions
diff --git a/conf/level.secure b/conf/level.secure
index 181917b..d56e463 100644
--- a/conf/level.secure
+++ b/conf/level.secure
@@ -44,6 +44,7 @@ ENABLE_LOG_STRANGE_PACKETS=yes
 USER_UMASK=077
 CHECK_RPM_PACKAGES=yes
 CHECK_RPM_INTEGRITY=yes
+SECURE_TMP=yes
 ENABLE_SULOGIN=yes
 ENABLE_PAM_ROOT_FROM_WHEEL=no
 MAIL_WARN=yes
diff --git a/conf/level.standard b/conf/level.standard
index 500075e..73d7b0e 100644
--- a/conf/level.standard
+++ b/conf/level.standard
@@ -44,6 +44,7 @@ ENABLE_LOG_STRANGE_PACKETS=yes
 USER_UMASK=022
 CHECK_RPM_PACKAGES=yes
 CHECK_RPM_INTEGRITY=no
+SECURE_TMP=no
 ENABLE_SULOGIN=no
 ENABLE_PAM_ROOT_FROM_WHEEL=no
 MAIL_WARN=yes
diff --git a/src/msec/config.py b/src/msec/config.py
index 9760100..3facc25 100644
--- a/src/msec/config.py
+++ b/src/msec/config.py
@@ -98,12 +98,13 @@ SETTINGS =    {'BASE_LEVEL':                    ("libmsec.base_level",
                'CREATE_SERVER_LINK':            ("libmsec.create_server_link",              ['no', 'remote', 'local']),
                'ENABLE_AT_CRONTAB':             ("libmsec.enable_at_crontab",               ['yes', 'no']),
                'ENABLE_CONSOLE_LOG':            ("libmsec.enable_console_log",              ['yes', 'no']),
-               'ENABLE_DNS_SPOOFING_PROTECTION':("libmsec.enable_dns_spoofing_protection",   ['yes', 'no']),
-               'ENABLE_IP_SPOOFING_PROTECTION': ("libmsec.enable_ip_spoofing_protection",  ['yes', 'no']),
+               'ENABLE_DNS_SPOOFING_PROTECTION':("libmsec.enable_dns_spoofing_protection",  ['yes', 'no']),
+               'ENABLE_IP_SPOOFING_PROTECTION': ("libmsec.enable_ip_spoofing_protection",   ['yes', 'no']),
                'ENABLE_LOG_STRANGE_PACKETS':    ("libmsec.enable_log_strange_packets",      ['yes', 'no']),
                'ENABLE_MSEC_CRON':              ("libmsec.enable_msec_cron",                ['yes', 'no']),
                'ENABLE_SUDO':                   ("libmsec.enable_sudo",                     ['yes', 'no', 'wheel']),
                'ENABLE_SULOGIN':                ("libmsec.enable_sulogin",                  ['yes', 'no']),
+               'SECURE_TMP':                    ("libmsec.secure_tmp",                      ['yes', 'no']),
                'SHELL_HISTORY_SIZE':            ("libmsec.set_shell_history_size",          ['*']),
                'SHELL_TIMEOUT':                 ("libmsec.set_shell_timeout",               ['*']),
                'ENABLE_STARTUP_MSEC':           ("libmsec.enable_startup_msec",             ['yes', 'no']),
@@ -119,7 +120,7 @@ SETTINGS_SYSTEM = ["ENABLE_STARTUP_MSEC", "ENABLE_STARTUP_PERMS", "ENABLE_MSEC_C
                     "ALLOW_ROOT_LOGIN", "ALLOW_USER_LIST", "ALLOW_AUTOLOGIN",
                     "ENABLE_CONSOLE_LOG", "CREATE_SERVER_LINK", "ALLOW_XAUTH_FROM_ROOT",
                     "ALLOW_REBOOT", "SHELL_HISTORY_SIZE", "SHELL_TIMEOUT", "USER_UMASK", "ROOT_UMASK",
-                    "WIN_PARTS_UMASK"
+                    "SECURE_TMP", "WIN_PARTS_UMASK"
                     ]
 # network security settings
 SETTINGS_NETWORK = ["ACCEPT_BOGUS_ERROR_RESPONSES", "ACCEPT_BROADCASTED_ICMP_ECHO", "ACCEPT_ICMP_ECHO",
diff --git a/src/msec/libmsec.py b/src/msec/libmsec.py
index 24fa0dd..071402c 100755
--- a/src/msec/libmsec.py
+++ b/src/msec/libmsec.py
@@ -1505,6 +1505,20 @@ class MSEC:
         pass
 
     # bogus functions
+    def secure_tmp(self, param):
+        """Use secure location for temporary files. If this parameter is set to 'yes', user home directory will be used for temporary files. Otherwise, /tmp will be used."""
+        shell = self.configfiles.get_config_file(SHELLCONF)
+
+        val = shell.get_shell_variable('SECURE_TMP')
+
+        if val != param:
+            if param == 'yes':
+                self.log.info(_('Using secure location for temporary files'))
+            else:
+                self.log.info(_('Not using secure location for temporary files'))
+            shell.set_shell_variable('SECURE_TMP', param)
+        pass
+
     def enable_startup_msec(self, param):
         """Enforce MSEC settings on system startup"""
         pass
author	Eugeni Dodonov <eugeni@mandriva.org>	2009-07-01 13:56:20 +0000
committer	Eugeni Dodonov <eugeni@mandriva.org>	2009-07-01 13:56:20 +0000
commit	ec37191ddee2a2213de60acb673fb5ae2255cb52 (patch)
tree	66f8eabea20c2e704824255de8fd051b11c4d748
parent	aa04daf02e72f817e76f11724b643e486cd05bb4 (diff)
download	msec-ec37191ddee2a2213de60acb673fb5ae2255cb52.tar msec-ec37191ddee2a2213de60acb673fb5ae2255cb52.tar.gz msec-ec37191ddee2a2213de60acb673fb5ae2255cb52.tar.bz2 msec-ec37191ddee2a2213de60acb673fb5ae2255cb52.tar.xz msec-ec37191ddee2a2213de60acb673fb5ae2255cb52.zip