aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEugeni Dodonov <eugeni@mandriva.org>2010-02-24 11:59:07 +0000
committerEugeni Dodonov <eugeni@mandriva.org>2010-02-24 11:59:07 +0000
commite291d07638bc0756c8bd91d42c336abd6a034d7e (patch)
tree904aec2f11f33207ff2fafe8d6313820463c4eec
parent2b914a6e92a96a69483f6381fbbf594a40494c59 (diff)
downloadmsec-e291d07638bc0756c8bd91d42c336abd6a034d7e.tar
msec-e291d07638bc0756c8bd91d42c336abd6a034d7e.tar.gz
msec-e291d07638bc0756c8bd91d42c336abd6a034d7e.tar.bz2
msec-e291d07638bc0756c8bd91d42c336abd6a034d7e.tar.xz
msec-e291d07638bc0756c8bd91d42c336abd6a034d7e.zip
Added support for audit_daily and audit_weekly profiles.
-rw-r--r--conf/level.audit_daily105
-rw-r--r--conf/level.audit_weekly105
-rw-r--r--conf/perm.audit_daily3
-rw-r--r--conf/perm.audit_weekly3
-rwxr-xr-xsrc/msec/msecgui.py2
5 files changed, 218 insertions, 0 deletions
diff --git a/conf/level.audit_daily b/conf/level.audit_daily
new file mode 100644
index 0000000..330ef3a
--- /dev/null
+++ b/conf/level.audit_daily
@@ -0,0 +1,105 @@
+BASE_LEVEL=audit_daily
+CHECK_WRITABLE=daily
+MAIL_EMPTY_CONTENT=no
+CHECK_PERMS=no
+CHECK_PERMS_ENFORCE=no
+CHECK_SECTOOL=daily
+CHECK_SECTOOL_LEVEL=3
+CHECK_USER_FILES=daily
+CHECK_CHKROOTKIT=daily
+CHECK_SUID_ROOT=daily
+SYSLOG_WARN=yes
+ENABLE_AT_CRONTAB=
+CHECK_PASSWD=daily
+CHECK_SUID_MD5=daily
+CHECK_SHOSTS=daily
+MAIL_USER=root
+CHECK_SHADOW=daily
+CHECK_UNOWNED=daily
+CHECK_USERS=daily
+CHECK_GROUPS=daily
+NOTIFY_WARN=yes
+CHECK_OPEN_PORT=daily
+CHECK_FIREWALL=daily
+CHECK_RPM_PACKAGES=daily
+CHECK_RPM_INTEGRITY=daily
+MAIL_WARN=yes
+CHECK_SECURITY=yes
+TTY_WARN=yes
+CHECK_SGID=daily
+CHECK_PROMISC=daily
+CHECK_ON_BATTERY=yes
+ACCEPT_BOGUS_ERROR_RESPONSES=
+ACCEPT_BROADCASTED_ICMP_ECHO=
+ACCEPT_ICMP_ECHO=
+ALLOW_AUTOLOGIN=
+ALLOW_CURDIR_IN_PATH=
+ALLOW_REBOOT=
+ALLOW_REMOTE_ROOT_LOGIN=
+ALLOW_ROOT_LOGIN=
+ALLOW_SUDO_TO_WHEEL=
+ALLOW_USER_LIST=
+ALLOW_XAUTH_FROM_ROOT=
+ALLOW_XSERVER_TO_LISTEN=
+ALLOW_X_CONNECTIONS=
+AUTHORIZE_SERVICES=
+CREATE_SERVER_LINK=
+ENABLE_CONSOLE_LOG=
+ENABLE_DNS_SPOOFING_PROTECTION=
+ENABLE_IP_SPOOFING_PROTECTION=
+ENABLE_LOG_STRANGE_PACKETS=
+ENABLE_MSEC_CRON=
+ENABLE_PAM_ROOT_FROM_WHEEL=
+ENABLE_PAM_WHEEL_FOR_SU=
+ENABLE_PASSWORD=
+ENABLE_STARTUP_MSEC=
+ENABLE_STARTUP_PERMS=
+ENABLE_SULOGIN=
+EXCLUDE_REGEXP=
+FIX_UNOWNED=
+LOG_RETENTION=
+PASSWORD_HISTORY=
+PASSWORD_LENGTH=
+ROOT_UMASK=
+SECURE_TMP=
+SHELL_HISTORY_SIZE=
+SHELL_TIMEOUT=
+USER_UMASK=
+WIN_PARTS_UMASK=
+ACCEPT_BOGUS_ERROR_RESPONSES=
+ACCEPT_BROADCASTED_ICMP_ECHO=
+ACCEPT_ICMP_ECHO=
+ALLOW_AUTOLOGIN=
+ALLOW_CURDIR_IN_PATH=
+ALLOW_REBOOT=
+ALLOW_REMOTE_ROOT_LOGIN=
+ALLOW_ROOT_LOGIN=
+ALLOW_SUDO_TO_WHEEL=
+ALLOW_USER_LIST=
+ALLOW_XAUTH_FROM_ROOT=
+ALLOW_XSERVER_TO_LISTEN=
+ALLOW_X_CONNECTIONS=
+AUTHORIZE_SERVICES=
+CREATE_SERVER_LINK=
+ENABLE_CONSOLE_LOG=
+ENABLE_DNS_SPOOFING_PROTECTION=
+ENABLE_IP_SPOOFING_PROTECTION=
+ENABLE_LOG_STRANGE_PACKETS=
+ENABLE_MSEC_CRON=
+ENABLE_PAM_ROOT_FROM_WHEEL=
+ENABLE_PAM_WHEEL_FOR_SU=
+ENABLE_PASSWORD=
+ENABLE_STARTUP_MSEC=
+ENABLE_STARTUP_PERMS=
+ENABLE_SULOGIN=
+EXCLUDE_REGEXP=
+FIX_UNOWNED=
+LOG_RETENTION=
+PASSWORD_HISTORY=
+PASSWORD_LENGTH=
+ROOT_UMASK=
+SECURE_TMP=
+SHELL_HISTORY_SIZE=
+SHELL_TIMEOUT=
+USER_UMASK=
+WIN_PARTS_UMASK=
diff --git a/conf/level.audit_weekly b/conf/level.audit_weekly
new file mode 100644
index 0000000..a9e8090
--- /dev/null
+++ b/conf/level.audit_weekly
@@ -0,0 +1,105 @@
+BASE_LEVEL=audit_weekly
+CHECK_WRITABLE=weekly
+MAIL_EMPTY_CONTENT=no
+CHECK_PERMS=no
+CHECK_PERMS_ENFORCE=no
+CHECK_SECTOOL=weekly
+CHECK_SECTOOL_LEVEL=3
+CHECK_USER_FILES=weekly
+CHECK_CHKROOTKIT=weekly
+CHECK_SUID_ROOT=weekly
+SYSLOG_WARN=yes
+ENABLE_AT_CRONTAB=
+CHECK_PASSWD=weekly
+CHECK_SUID_MD5=weekly
+CHECK_SHOSTS=weekly
+MAIL_USER=root
+CHECK_SHADOW=weekly
+CHECK_UNOWNED=weekly
+CHECK_USERS=weekly
+CHECK_GROUPS=weekly
+NOTIFY_WARN=yes
+CHECK_OPEN_PORT=weekly
+CHECK_FIREWALL=weekly
+CHECK_RPM_PACKAGES=weekly
+CHECK_RPM_INTEGRITY=weekly
+MAIL_WARN=yes
+CHECK_SECURITY=yes
+TTY_WARN=yes
+CHECK_SGID=weekly
+CHECK_PROMISC=weekly
+CHECK_ON_BATTERY=yes
+ACCEPT_BOGUS_ERROR_RESPONSES=
+ACCEPT_BROADCASTED_ICMP_ECHO=
+ACCEPT_ICMP_ECHO=
+ALLOW_AUTOLOGIN=
+ALLOW_CURDIR_IN_PATH=
+ALLOW_REBOOT=
+ALLOW_REMOTE_ROOT_LOGIN=
+ALLOW_ROOT_LOGIN=
+ALLOW_SUDO_TO_WHEEL=
+ALLOW_USER_LIST=
+ALLOW_XAUTH_FROM_ROOT=
+ALLOW_XSERVER_TO_LISTEN=
+ALLOW_X_CONNECTIONS=
+AUTHORIZE_SERVICES=
+CREATE_SERVER_LINK=
+ENABLE_CONSOLE_LOG=
+ENABLE_DNS_SPOOFING_PROTECTION=
+ENABLE_IP_SPOOFING_PROTECTION=
+ENABLE_LOG_STRANGE_PACKETS=
+ENABLE_MSEC_CRON=
+ENABLE_PAM_ROOT_FROM_WHEEL=
+ENABLE_PAM_WHEEL_FOR_SU=
+ENABLE_PASSWORD=
+ENABLE_STARTUP_MSEC=
+ENABLE_STARTUP_PERMS=
+ENABLE_SULOGIN=
+EXCLUDE_REGEXP=
+FIX_UNOWNED=
+LOG_RETENTION=
+PASSWORD_HISTORY=
+PASSWORD_LENGTH=
+ROOT_UMASK=
+SECURE_TMP=
+SHELL_HISTORY_SIZE=
+SHELL_TIMEOUT=
+USER_UMASK=
+WIN_PARTS_UMASK=
+ACCEPT_BOGUS_ERROR_RESPONSES=
+ACCEPT_BROADCASTED_ICMP_ECHO=
+ACCEPT_ICMP_ECHO=
+ALLOW_AUTOLOGIN=
+ALLOW_CURDIR_IN_PATH=
+ALLOW_REBOOT=
+ALLOW_REMOTE_ROOT_LOGIN=
+ALLOW_ROOT_LOGIN=
+ALLOW_SUDO_TO_WHEEL=
+ALLOW_USER_LIST=
+ALLOW_XAUTH_FROM_ROOT=
+ALLOW_XSERVER_TO_LISTEN=
+ALLOW_X_CONNECTIONS=
+AUTHORIZE_SERVICES=
+CREATE_SERVER_LINK=
+ENABLE_CONSOLE_LOG=
+ENABLE_DNS_SPOOFING_PROTECTION=
+ENABLE_IP_SPOOFING_PROTECTION=
+ENABLE_LOG_STRANGE_PACKETS=
+ENABLE_MSEC_CRON=
+ENABLE_PAM_ROOT_FROM_WHEEL=
+ENABLE_PAM_WHEEL_FOR_SU=
+ENABLE_PASSWORD=
+ENABLE_STARTUP_MSEC=
+ENABLE_STARTUP_PERMS=
+ENABLE_SULOGIN=
+EXCLUDE_REGEXP=
+FIX_UNOWNED=
+LOG_RETENTION=
+PASSWORD_HISTORY=
+PASSWORD_LENGTH=
+ROOT_UMASK=
+SECURE_TMP=
+SHELL_HISTORY_SIZE=
+SHELL_TIMEOUT=
+USER_UMASK=
+WIN_PARTS_UMASK=
diff --git a/conf/perm.audit_daily b/conf/perm.audit_daily
new file mode 100644
index 0000000..c95a594
--- /dev/null
+++ b/conf/perm.audit_daily
@@ -0,0 +1,3 @@
+# msec not enabled, so let's user handle the permissions
+###
+/ current.current current
diff --git a/conf/perm.audit_weekly b/conf/perm.audit_weekly
new file mode 100644
index 0000000..c95a594
--- /dev/null
+++ b/conf/perm.audit_weekly
@@ -0,0 +1,3 @@
+# msec not enabled, so let's user handle the permissions
+###
+/ current.current current
diff --git a/src/msec/msecgui.py b/src/msec/msecgui.py
index 4b32067..820a8fa 100755
--- a/src/msec/msecgui.py
+++ b/src/msec/msecgui.py
@@ -64,6 +64,8 @@ level_descriptions = {
"fileserver": _("""This profile is targeted on storage-oriented servers, such as FTP, SAMBA or NFS servers, or database servers, which do not receive accesses from unauthorized Internet users."""),
"webserver": _("""This profile is similar to the 'Fileserver', but it assumes that the server receives connection from unauthorized Internet users."""),
+ "audit_daily": _("""This profile is intended for the users who do not rely on msec to change system settings, and use it for periodic checks only. It configures all periodic checks to run once a day."""),
+ "audit_weekly": _("""This profile is similar to the 'audit_daily' profile, but it runs all checks weekly."""),
}
# level order. Levels will appear in this order, the unspecified levels will appear last