- remove now useless spec file

1 files changed, 0 insertions, 955 deletions

diff --git a/msec.spec b/msec.spec
deleted file mode 100644
index bdbea44..0000000
--- a/msec.spec
+++ /dev/null
@@ -1,955 +0,0 @@
-Summary:	Security Level management for the Mandriva Linux distribution
-Name:		msec
-Version:	0.50.0
-Release:	%mkrel 1
-Url:		http://www.mandrivalinux.com/
-Source0:	%{name}-%{version}.tar.bz2
-Source1:    	msec.logrotate
-Source2:    	msec.sh
-Source3:    	msec.csh
-
-License:	GPL
-Group:		System/Base
-BuildRoot:	%_tmppath/%name-%version-%release-root
-BuildRequires:	python
-Requires:	/bin/bash /bin/touch perl-base diffutils /usr/bin/python /usr/bin/chage gawk
-Requires:	setup >= 2.2.0-21mdk
-Requires:	chkconfig >= 1.2.24-3mdk
-Requires:	coreutils
-Requires:	iproute2
-Requires(pre):	rpm-helper >= 0.4
-Requires(postun): rpm-helper >= 0.4
-Conflicts:	passwd < 0.67
-Requires:	python-base >= 2.3.3-2mdk
-Requires:	mailx
-
-%description
-The Mandriva Linux Security package is designed to provide generic
-secure level to the Mandriva Linux users...  It will permit you to
-choose between level 0 to 5 for a less -> more secured distribution.
-This packages includes several programs that will be run periodically
-in order to test the security of your system and alert you if needed.
-
-%prep
-
-%setup -q
-
-%build
-make CFLAGS="$RPM_OPT_FLAGS"
-
-%install
-rm -rf $RPM_BUILD_ROOT
-#make install RPM_BUILD_ROOT=$RPM_BUILD_ROOT
-
-install -d $RPM_BUILD_ROOT/etc/security/msec
-install -d $RPM_BUILD_ROOT/etc/sysconfig
-install -d $RPM_BUILD_ROOT/usr/share/msec
-install -d $RPM_BUILD_ROOT/var/lib/msec
-install -d $RPM_BUILD_ROOT/usr/sbin $RPM_BUILD_ROOT/usr/bin
-install -d $RPM_BUILD_ROOT/var/log/security
-install -d $RPM_BUILD_ROOT%{_mandir}/man{3,8}
-
-cp -p init-sh/cleanold.sh share/*.py share/*.pyo share/level.* cron-sh/*.sh $RPM_BUILD_ROOT/usr/share/msec
-chmod 644 $RPM_BUILD_ROOT/usr/share/msec/{security,diff}_check.sh
-install -m 755 share/msec $RPM_BUILD_ROOT/usr/sbin
-install -m 644 conf/server.* $RPM_BUILD_ROOT/etc/security/msec
-install -m 644 conf/perm.* $RPM_BUILD_ROOT/usr/share/msec
-install -m 755 src/promisc_check/promisc_check src/msec_find/msec_find $RPM_BUILD_ROOT/usr/bin
-
-install -m644 man/C/*8 $RPM_BUILD_ROOT%{_mandir}/man8/
-install -m644 man/C/*3 $RPM_BUILD_ROOT%{_mandir}/man3/
-
-
-for i in man/??* ; do
-    install -d $RPM_BUILD_ROOT%{_mandir}/`basename $i`/man8
-    install -m 644 $i/*.8 $RPM_BUILD_ROOT%{_mandir}/`basename $i`/man8/
-    install -d $RPM_BUILD_ROOT%{_mandir}/`basename $i`/man3
-    install -m 644 $i/*.3 $RPM_BUILD_ROOT%{_mandir}/`basename $i`/man3/ || :
-done;
-
-
-touch $RPM_BUILD_ROOT/var/log/security.log $RPM_BUILD_ROOT/%{_sysconfdir}/sysconfig/%{name}
-
-mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/{logrotate.d,profile.d}
-install -m 644 %{SOURCE1} $RPM_BUILD_ROOT/etc/logrotate.d/msec
-install -m 755 %{SOURCE2} $RPM_BUILD_ROOT/etc/profile.d
-install -m 755 %{SOURCE3} $RPM_BUILD_ROOT/etc/profile.d
-touch $RPM_BUILD_ROOT/var/log/security.log
-
-%find_lang %name
-
-%pre
-%_pre_groupadd xgrp
-%_pre_groupadd ntools
-%_pre_groupadd ctools
-
-%post
-touch /var/log/security.log
-
-if [ $1 != 1 ]; then
-	# manage spelling change
-     for i in /etc/security/msec/level.local /etc/security/msec/security.conf /var/lib/msec/security.conf; do
-		if [ -f $i ]; then
-			perl -pi -e 's/CHECK_WRITEABLE/CHECK_WRITABLE/g;s/CHECK_SUID_GROUP/CHECK_SGID/g' $i
-		fi
-	done
-	for ext in today yesterday diff; do
-		if [ -f /var/log/security/writeable.$ext ]; then
-			mv -f /var/log/security/writeable.$ext /var/log/security/writable.$ext
-		fi
-		if [ -f /var/log/security/suid_group.$ext ]; then
-			mv -f /var/log/security/suid_group.$ext /var/log/security/sgid.$ext
-		fi
-	done
-
-	# find secure level
-	SL=$SECURE_LEVEL
- 	[ ! -r /etc/sysconfig/msec ] || SL=`sed -n 's/SECURE_LEVEL=//p' < /etc/sysconfig/msec` || :
-
-	# upgrade from old style msec or rerun the new msec
-	if grep -q "# Mandrake-Security : if you remove this comment" /etc/profile; then
-		[ -z "$SL" -a -r /etc/profile.d/msec.sh ] && SL=`sed -n 's/.*SECURE_LEVEL=//p' <  /etc/profile.d/msec.sh` || :
-		/usr/share/msec/cleanold.sh || :
- 		[ -n "$SL" ] && msec $SL < /dev/null || :
-	else
-		[ -n "$SL" ] && msec < /dev/null || :
-	fi
-
-	# remove the old way of doing the daily cron
-	rm -f /etc/cron.d/msec
-fi
-
-%postun
-
-if [ $1 = 0 ]; then
-	# cleanup crontabs on package removal
-	rm -f /etc/cron.d/msec /etc/cron.hourly/msec /etc/cron.daily/msec
-fi
-
-%_postun_groupdel xgrp
-%_postun_groupdel ntools
-%_postun_groupdel ctools
-
-%clean
-rm -rf $RPM_BUILD_ROOT
-
-%files -f %{name}.lang
-%defattr(-,root,root)
-%doc AUTHORS COPYING share/README share/CHANGES
-%doc ChangeLog doc/*.txt
-%_bindir/promisc_check
-%_bindir/msec_find
-%_sbindir/msec
-%_datadir/msec
-%_mandir/*/*.*
-%_mandir/*/*/*.*
-
-%dir /var/log/security
-%dir /etc/security/msec
-%dir /var/lib/msec
-
-%config(noreplace) /etc/security/msec/*
-%config(noreplace) /etc/logrotate.d/msec
-/etc/profile.d/msec*
-%config(noreplace) %{_sysconfdir}/sysconfig/%{name}
-
-%ghost /var/log/security.log
-
-# MAKE THE CHANGES IN CVS: NO PATCH OR SOURCE ALLOWED
-
-%changelog
-* Fri Nov 18 2005 Frederic Lepied <flepied@mandriva.com> 0.49.1-1mdk
-- fix bug #17921
-
-* Mon Nov 14 2005 Frederic Lepied <flepied@mandriva.com> 0.49-1mdk
-- scripts in /etc/profile.d no more config files
-- fix bug #19206 by really generating /var/lib/msec/security.conf
-
-* Mon Sep 19 2005 Frederic Lepied <flepied@mandriva.com> 0.48-1mdk
-- enable_pam_root_from_wheel: fixed too laxist config in level 2 (bug #18403).
-
-* Fri Sep  9 2005 Frederic Lepied <flepied@mandriva.com> 0.47.5-1mdk
-- remove debugging output
-
-* Thu Sep  8 2005 Frederic Lepied <flepied@mandriva.com> 0.47.4-1mdk
-- fixed security.conf path (bug #18271).
-- security.sh fix parsing of rpm -Va (bug #18326 , Michael Reinsch).
-- security.sh: don't check sysfs and usbfs file system (bug #14359).
-- make msec.sh bourne shell compatible.
-- allow_xserver_to_listen: adapt to new way of specifying X server
-arguments for kdm (bug #15759).
-
-* Thu Sep  1 2005 Frederic Lepied <flepied@mandriva.com> 0.47.3-1mdk
-- make /etc/rc.d/init.d/functions always readable (bug #18080)
-
-* Wed Aug 17 2005 Frederic Lepied <flepied@mandriva.com> 0.47.2-1mdk
-- another fix for bug #17477
-
-* Tue Aug 16 2005 Frederic Lepied <flepied@mandriva.com> 0.47.1-1mdk
-- really fix bug #17477
-
-* Fri Aug 12 2005 Frederic Lepied <flepied@mandriva.com> 0.47-1mdk
-- security_check.sh: fix user or homedir with spaces in
-  (bug #16237).
-- perm.*: o /etc/rc.d/init.d/xprint exception
-          o  manage apache files (Guillaume Rousse) (bug #12183)
-- allow_user_list: fixed kdmrc settings.
-- support new inittab syntax for single user mode.
-- fix parsing of new chage output (bug #17477).
-- Perms.py: more robust parsing
-- fixed wrong kdmrc values (bug #16268).
-- follow new Single user need in inittab.
-
-* Fri Jun 17 2005 Frederic Lepied <flepied@mandriva.com> 0.46-1mdk
-- Mandriva
-- new function enable_pam_root_from_wheel to allow transparent root
-  access for the wheel group members.
-
-* Mon Mar 21 2005 Frederic Lepied <flepied@mandrakesoft.com> 0.45.1-1mdk
-- allow to use the variable CHKROOTKIT_OPTION as an argument to
-chkrootkit (Michael, bug #12687).
-- fixed documentation of the use of the current keyword (bug #12866).
-- fixed password_history.
-
-* Mon Feb 21 2005 Frederic Lepied <flepied@mandrakesoft.com> 0.45-1mdk
-- requires mailx (bug #13497).
-- fixed the permissions of sendmail symlinks (bug #13515).
-- allow to put an EXCLUDE_REGEXP variable in
-/etc/security/msec/security.conf to be used in msec_find (bug #508).
-
-* Thu Sep 30 2004 Frederic Lepied <flepied@mandrakesoft.com> 0.44.2-1mdk
-- fix allow_reboot
-
-* Fri Jul 30 2004 Frederic Lepied <flepied@mandrakesoft.com> 0.44.1-1mdk
-- fix directory creation code
-
-* Fri Jul 30 2004 Frederic Lepied <flepied@mandrakesoft.com> 0.44-1mdk
-- new function allow_xauth_from_root
-- the perm.local config file is now forcing permissions even if it's lowering the security.
-- install translated man pages
-- Mandrakelinux/Mandrakesoft
-
-* Wed Jul  7 2004 Frederic Lepied <flepied@mandrakesoft.com> 0.43-1mdk
-- fixed again mailman permissions for mailman in level 3 (bug #9319)
-- use getent to parse the passwd database (bug #9904)
-- fix msec.csh (Pixel)
-- more servers in level 4 (Florin)
-
-* Fri Apr 23 2004 Frederic Lepied <flepied@mandrakesoft.com> 0.42.2-1mdk
-- corrected mailman log permissions (Guillaume Rousse bug #9319)
-
-* Sun Mar 21 2004 Frederic Lepied <flepied@mandrakesoft.com> 0.42.1-1mdk
-- check files on / in the daily check (workaround strange ntfw bug #9121)
-
-* Fri Feb 27 2004 Frederic Lepied <flepied@mandrakesoft.com> 0.42-1mdk
-- fix mailman log perm (Guillaume Rousse) [bug #8158]
-- allow to specify only group or user in perm files (Bill Shirley)
-- allow the force keyword in perm files to be able to lower security (Bill Shirley)
-- document perl files syntax in README
-
-* Sat Feb 14 2004 Frederic Lepied <flepied@mandrakesoft.com> 0.41.1-1mdk
-- allow % in file names [bug #6144] (Sven Hoexter)
-- fixed system-auth growing line forever [bug #7853] (Michael Scherer)
-
-* Thu Feb 12 2004 Frederic Lepied <flepied@mandrakesoft.com> 0.41-1mdk
-- make it lib64 aware wrt pam files rewriting
-- more csh-ish msec.csh (Pixel)
-- msec.csh: only set SECURE_LEVEL whenever it already exists
-  locally
-- conf/: perm.0, perm.1, perm.2, perm.3, perm.4, perm.5: fixed typo
-  rpp => rpm
-- share/libmsec.py: allow_xserver_to_listen: corrected startx
-  modifications (Gavin Porter)
-- cron-sh/security.sh: removed xfs from remote filesystems and
-  added hfs in foreign filesystems (Stefaan Simoens)
-- conf/: perm.0, perm.1, perm.2, perm.3, perm.4, perm.5: handle
-  /var/lib/rpm/Packages
-- AUTHORS, README, TODO: fix #6145 (list current maintainer instead
-  of old one) (Thierry)
-- share/shadow.py: Added local_config to say that the calls are now
-  coming from the config file.	Call force_val in indirect to store
-  that the arguments of the function need to be used even if the
-  security is lowered.
-- share/libmsec.py: Rework same_level to be able to put the
-  priority on the config file.	This is realized by inspecting the
-  stack trace and using a global associative array.
-- man/cs/msec.8: updated Czech man page (Pablo)
-
-* Wed Sep  3 2003 Frederic Lepied <flepied@mandrakesoft.com> 0.40-1mdk
-- corrected strange permission settings in /var/log (bug #4854)
-- allow set_shell_history_size(-1) in level.local (bug #4392)
-
-* Fri Aug 22 2003 Frederic Lepied <flepied@mandrakesoft.com> 0.39-1mdk
-- don't write True or False in sysctl.conf (bug #4629)
-- don't use apply anymore (Olivier Blin) (bug #4632)
-- better documentation for no_password_aging_for (bug #1629)
-- support passing arg as a number in set_root_umask, set_user_umask (bug #3640)
-- better support for symlinks
-
-* Thu Jul 24 2003 Thierry Vignaud <tvignaud@mandrakesoft.com> 0.38-5mdk
-- fix upgrade
-
-* Fri Jun 06 2003 Per Øyvind Karlsen <peroyvind@sintrax.net> 0.38-4mdk
-- use double %%'s in changelog
-
-* Fri Mar  7 2003 Frederic Lepied <flepied@mandrakesoft.com> 0.38-3mdk
-- report correct message in log (bug #748)
-
-* Sun Feb  2 2003 Thierry Vignaud <tvignaud@mandrakesoft.com> 0.38-2mdk
-- move security::help from msec to drakxtools so that it get
-  translated
-
-* Mon Jan 20 2003 Thierry Vignaud <tvignaud@mandrakesoft.com> 0.38-1mdk
-- generate help for draksec
-
-* Wed Nov 20 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.37-1mdk
-- chage is l10n now so use LC_ALL=C before calling it
-
-* Thu Nov 07 2002 Thierry Vignaud <tvignaud@mandrakesoft.com> 0.36-2mdk
-- requires s/(sh-|text|file)utils/coreutils/
-
-* Tue Sep 17 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.36-1mdk
-- allow_user_list handles Selected in X-*-Greeter section of kdmrc
-  when not changing security level.
-- allow_reboot handles Root in X-:*-Core section of kdmrc when not
-  changing security level.
-
-* Sun Sep  8 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.35-1mdk
-- when changing the aging expiry, change the date of last password
-  change to today to avoid having accounts already expired.
-
-* Fri Sep  6 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.34.5-2mdk
-- fixed bad file name in find.c (David Relson)
-
-* Thu Sep  5 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.34.5-1mdk
-- correct allow_user_list with the new place for kdm3
-
-* Thu Sep  5 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.34.4-2mdk
-- removed debug message
-- corrected credit in the changelog for sgid to David Walser
-
-* Tue Sep  3 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.34.4-1mdk
-- more spelling errors fixes thx to David Walser:
-	o CHECK_SUID_GROUP => CHECK_SGID
-
-* Fri Aug 30 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.34.3-1mdk
-- fixed server symlink creation
-- corrected spelling errors thx to David Relson
-
-* Tue Aug 27 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.34.2-1mdk
-- fixed /boot as suggested by Guillaume Rousse.
-
-* Tue Aug 27 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.34.1-1mdk
-- corrected permissions for /boot/kernel.h*
-- corrected syntax error in cron (David Relson)
-
-* Sun Aug 25 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.34-1mdk
-- let hosts.{allow,deny} be readable by everyone (to allow all the
-  daemons to access them).
-- doc/security.txt: documented daily mailing of security checks
-- allow_reboot: used section X-:0-Core instead of X-:*-Greeter for
-  kdmrc.
-- password_history: create /etc/security/opasswd if it doesn't exist.
-
-* Mon Aug 19 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.33-1mdk
-- reworked wording of mails
-
-* Fri Aug  9 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.32-1mdk
-- do not change permissions/groups/owners of remote files/directories.
-- documented the command line options in the man page
-- added password_history function (level 5)
-- password_length uses system-auth pam file instead of passwd pam file
-  (added Conflicts with the old passwd package)
-- allow_remote_root_login handles the without_password argument (level 4)
-
-* Wed Jul 31 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.31.1-1mdk
-- handle again level.local
-
-* Tue Jul 30 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.31-1mdk
-- added level.* for draksec
-- add needed groups in %%pre
-
-* Mon Jul 29 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.30.2-1mdk
-- fixed allow_root_login
-
-* Sun Jul 28 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.30.1-1mdk
-- corrected a bug when the variable doesn't exist before setting it.
-
-* Sat Jul 27 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.30-1mdk
-- integrated fixes and requests from David Harris.
-- documentation fixes.
-- don't lower the security when called without argument (by the hourly cron for example).
-- splitted functions that worked at multiple levels:
-  * splitted accept_broadcasted_icmp_echo from from accept_icmp_echo.
-  * splitted enable_dns_spoofing_protection from enable_ip_spoofing_protection.
-  * splitted allow_remote_root_login from allow_root_login.
-  * splitted allow_xserver_to_listen from from allow_x_connections.
-
-* Thu Jul  4 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.25-1mdk
-- insert the change at the end of the file if no match is found for
-  PermitRootLogin and logindefs.
-- updated server.4 with MNF needs
-
-* Thu Jun 27 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.24-1mdk
-- don't lower access rights when not changing security level
-
-* Thu May 30 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.23-1mdk
-- check that only root can run msec
-- added more complete error messages
-
-* Wed May 29 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.22-1mdk
-- corrected alias files loop (Jérôme UZEL).
-- added no_password_aging_for function to mseclib
-- server.4, server.5: added shorewall
-
-* Tue Apr 16 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.21-1mdk
-- applied patch from John Ehresman to exec the config file in the
-  context of mseclib.
-
-* Wed Mar 27 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.20-2mdk
-- allow_reboot: only touch the shutdown, poweroff, reboot and halt
-  files if they don't exist (reported by Jason Baker).
-
-* Mon Mar 25 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.20-1mdk
-- Maximum password aging can be -1 (David Relson)
-- allow to pass ignore in function calls in
-  /etc/security/msec/level.local to ask msec to do nothing with this
-  feature.
-
-* Fri Mar  8 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.19-8mdk
-- /var/log/lp-errs must always be 600
-
-* Fri Mar  8 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.19-7mdk
-- fix permissions of /var/log/lp-errs for LPRng (Till)
-- add yes and no as good values for mseclib
-- some doc updates
-
-* Tue Mar  5 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.19-6mdk
-- protect scripts from beeing run twice
-
-* Thu Feb 28 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.19-5mdk
-- use 127.0.0.1 instead of localhost in hosts.deny
-- msec.csh: "unhash" workaround for /usr/bin non-readable (msec 5)
-  applied after modifying PATH (eurk!)
-
-* Mon Feb 25 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.19-4mdk
-- separate config files and other files in the rpmv check (idea of
-  Michael Reinsch)
-- don't restart network on sysctl.conf change
-- doc/security.txt: resync with code.
-
-* Fri Feb 22 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.19-3mdk
-- security_check.sh: check uid and not gid ! (change of meaning of the
-  -g option of ls).
-- perm.*: do not manage lilo.conf.
-- corrected missing security.conf migration from /etc/security/msec/
-  to /var/lib/msec.
-- don't handle libsafe (let the package do it's job)
-
-* Wed Feb 20 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.19-2mdk
-- implement no password in level 0
-- X listens to tcp connections in level 3
-
-* Tue Feb 19 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.19-1mdk
-- corrected msec.sh and msec.csh problems.
-- security.conf is now read from /var/lib/msec and can be overridden
-  from /etc/security/msec/security.conf.
-- enhanced mseclib man page.
-- perm files are now in /usr/share/msec but the custom file stays in
-  /etc/security/msec/perm.local.
-
-* Fri Feb 15 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.18-6mdk
-- promisc_check.sh: use complete path to the ip command
-- correct upgrade when secure level isn't set
-- enable_console_log support an arg to specify what to log
-
-* Wed Feb 13 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.18-5mdk
-- perm.5: /etc/sendmail.cf 640 for sendmail to work.
-- set umask and . in path according to the secure level
-- use the ip command to detect promiscuous mode with 2.4 kernel
-
-* Tue Feb  5 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.18-4mdk
-- password aging also enable delay to change
-- correct gdm.conf modifications
-
-* Mon Feb  4 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.18-3mdk
-- in level > 2 X server doesn't listen on tcp connection.
-- in level > 3 /etc/hosts.{allow,deny,equiv} readable by daemon group.
-- don't report /tmp and /var/tmp as bogus world writable directories.
-- security_check.sh: added .ssh/id_dsa .ssh/id_rsa to the list of files to check.
-- corrected /etc/issue* moving.
-- permissions settings part processes options like the rules part.
-- add a man page for the mseclib python library.
-
-* Mon Jan 28 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.18-2mdk
-- do the daily cron through /etc/cron.daily to avoid heavy loads
-- clean crontabs when removing the package (Dadou)
-- 644 for /etc/rc.d/init.d/mandrake_consmap (Andrej)
-- fix sendmail perms (Florin)
-- symlink /etc/security/msec/server.<level> to
-  /etc/security/msec/server for secure levels > 3 (used by chkconfig).
-- password aging for the root account too.
-
-* Sat Jan 26 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.18-1mdk
-- corrected upgrade from 0.16 and older versions
-- allow customization of level through /etc/security/msec/level.local
-
-* Tue Jan 22 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.17-15mdk
-- change Requires: from perl to perl-base.
-- perm.*: corrected errors reported by Pierre Fortin's script.
-
-* Mon Jan 21 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.17-14mdk
-- perm.*: make mandrake_consmap 755 because it needs to be readable by everyone
-
-* Sun Jan 20 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.17-13mdk
-- diff_check.sh: mail even if the report is empty to show that the
-  check was fine.
-- the string "current" signifies to not change the permissions.
-- perm.*: corrected mandrake_consmap permissions and ping path/permissions.
-- /home is 711 in level 3.
-
-* Thu Jan 17 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.17-12mdk
-- report cron log to tty only on root ttys.
-- better layout of rpm modified files report.
-
-* Wed Jan  9 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.17-11mdk
-- added hostname to the subject of the mail report for better
-  information when you receive multiple reports
-- really added rpm-va check to the mail report
-- fix handling of the owner/group of subdirectories of /var/log in a
-  generic manner.
-- oops put back periodic filesystems check
-
-* Mon Jan  7 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.17-10mdk
-- corrected first invocation.
-
-* Sun Jan  6 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.17-9mdk
-- oops: corrected broken security.sh script
-
-* Fri Jan  4 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.17-8mdk
-- TMOUT is now a read only variable
-- allow/forbid reboot/shutdown by [kg]dm
-
-* Thu Jan  3 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.17-7mdk
-- rpm -qa check now logs install time too
-- corrected the way we install the byte compiled python files to avoid
-  false rpm -V warnings.
-- added a CHANGES file to document what has changed between 0.16 and 0.17
-- send complete rpm -va check to the main mail
-- perm.*: added handling of /etc/rc.d/init.d/*
-- changed the way /etc/security/msec/perm.local is used to avoid flip/flap changes
-- reworked output in diff rpm check to be more coherent
-
-* Sat Dec 29 2001 Frederic Lepied <flepied@mandrakesoft.com> 0.17-6mdk
-- added doc of the features of the msec utility
-- corrected enable_at_crontab
-
-- password_aging only takes care of /etc/shadow users and avoid the
-  users with a deactivated password.
-
-* Fri Dec 28 2001 Frederic Lepied <flepied@mandrakesoft.com> 0.17-5mdk
-- added rpm database checks
-- added check of accounts with the 0 id that aren't root.
-
-* Thu Dec 27 2001 Frederic Lepied <flepied@mandrakesoft.com> 0.17-4mdk
-- disable root login in xdm,kdm,gdm the same way as in Bastille (via pam).
-- manage password aging.
-- manage crontab and at authorization.
-
-* Thu Dec 27 2001 Frederic Lepied <flepied@mandrakesoft.com> 0.17-3mdk
-- avoid changing permissions twice in the same run (to avoid unneeded logging).
-- when run in non-interactive mode, the output goes to the auth facility.
-
-* Fri Dec 14 2001 Frederic Lepied <flepied@mandrakesoft.com> 0.17-2mdk
-- fixed sysctl.conf handling
-
-* Thu Dec 13 2001 Frederic Lepied <flepied@mandrakesoft.com> 0.17-1mdk
-- rewritten file modifications part in python
-
-* Wed Dec 05 2001 Florin <florin@mandrakesoft.com> 0.16-4mdk
-- oups, use %%{_sysconfdir}/sysconfig/%%{name} instead of %%{_sysconfdir}/%%{name}
-- fix the msec.csh file (thks again to Konrad Bernlohr)
-
-* Thu Nov 29 2001 Florin <florin@mandrakesoft.com> 0.16-3mdk
-- remove the redundance related to umask and /etc/bashrc
-- add the %%{_sysconfdir}/%%{name} file
-- allow the ssh connexions in the snf security level
-- sort of update the ChangeLog
-- updated msec.csh to read %%{_sysconfdir}/%%{name} with sed black magic (Fred)
-- added console timeout support (Fred)
-- added command history disabling (Fred)
-- added sysctl settings (Fred)
-- changed perms of rpm progs in high security levels to prevent
-  exposing what is installed (and access to /usr/share/doc too). (Fred)
-- spoof protection for name resoluton (Fred)
-- remove /etc/issue and /etc/issue.net according to level (Fred)
-
-* Thu Nov 08 2001 Florin <florin@mandrakesoft.com> 0.16-2mdk
-- oups forgot to create the needed links in post:
-- create the /etc/security/msec/server
-- the /usr/share/msec/current-level.sh and
-- /etc/security/msec/current.perm files
-
-* Thu Nov 08 2001 Florin <florin@mandrakesoft.com> 0.16-1mdk
-- 0.16
-- add requires on chkconfig >= 1.2.24-3mdk
-- add the new link /etc/security/msec/server 
-- fix permissions for monitoring in snf level
-- deny root ssh access in snf level
-
-* Wed Nov 07 2001 Florin <florin@mandrakesoft.com> 0.15-31mdk
-- bring back the squid.squid permissions
-- add some permissions for the naat servers
-- add some authorized servers for naat-snf, cooker version
-- add the snf security level
-- make rpmlint happy with the distribution name
-- add Url tag
-
-* Wed Oct 03 2001 Florin <florin@mandrakesoft.com> 0.15-30mdk
-- more things from /etc/profile to /etc/profile.d/msec.{sh|csh}
-- update the doc path in the man pages
-- add the msec*sh sources
-- libsafe.so.2 in levels 4/5
-
-* Thu Sep 20 2001 Florin <florin@mandrakesoft.com> 0.15-29mdk
-- fix the /etc/profile.d/msec.{sh|csh} entries
-- get rid of /etc/profile entries
-
-* Thu Sep 20 2001 Florin <florin@mandrakesoft.com> 0.15-28mdk
-- authorize the usb service in the 4/5 levels of security
-
-* Wed Sep 19 2001 Yoann Vandoorselaere <yoann@mandrakesoft.com> 0.15-27mdk
-
-- Require /bin/touch.
-
-* Wed Sep 19 2001 Yoann Vandoorselaere <yoann@mandrakesoft.com> 0.15-26mdk
-
-- Output in /etc/profile.d/msec.sh as only .sh extenssion files are read.
-- Keep the output of the SECURE_LEVEL in /etc/profile and /etc/zprofile.
-
-* Wed Sep 19 2001 florin <florin@mandrakesoft.com> 0.15-25mdk
-- RootSshLogin in levels 4/5
-- squidGuard entries
-
-* Wed Sep 19 2001 Yoann Vandoorselaere <yoann@mandrakesoft.com> 0.15-24mdk
-- Fix manpages installation.
-- Fix logrotate config installation.
-- Fix issue with SECURE_LEVEL not updated if not exiting the console
-  (this is a workaround for problems in several terminal programs).
-
-* Mon Sep 17 2001 Daouda LO <daouda@mandrakesoft.com> 0.15-23mdk
-- Resync with cvs (yoann sucks)
-- real fix for kdm is in lib.sh (msec sux)
-
-* Fri Sep 14 2001 Florin <florin@mandrakesoft.com> 0.15-21mdk
-- conf/perm.*: /var/log/squid must be owned by nobody.nobody.
-- add the %%post section for the ghost file
-
-* Mon Sep 03 2001 Yoann Vandoorselaere <yoann@mandrakesoft.com> 0.15-20mdk
-- logrotate entry in %%install, not %%post
-
-* Mon Sep 03 2001 Yoann Vandoorselaere <yoann@mandrakesoft.com> 0.15-19mdk
-- add logrotate entry
-
-* Thu Aug  9 2001 Frederic Lepied <flepied@mandrakesoft.com> 0.15-18mdk
-- added vc/[1-6] to securetty (devfs)
-- merged back in cvs
-
-* Mon Jul  9 2001 Frederic Crozat <fcrozat@mandrakesoft.com> 0.15-17mdk
-- Patch 0: add suppport for usermode halt/reboot
-
-* Thu May 10 2001 Stew Benedict <sbendict@mandrakesoft.com> 0.15-16mdk
-- Check for drakx install environment before running "telinit u" - PPC hang
-
-* Tue May 01 2001 David BAUDENS <baudens@mandrakesoft.com> 0.15-15mdk
-- Use %%_tmppath for BuildRoot
-
-* Tue Oct 10 2000 Yoann Vandoorselaere  <yoann@mandrakesoft.com> 0.15-14mdk
-- call telinit after modifying inittab
-
-* Tue Oct 10 2000 Yoann Vandoorselaere  <yoann@mandrakesoft.com> 0.15-13mdk
-- Applied Warly patch to fix user list problem under kdm.
-- User list option for gdm too.
-
-* Tue Oct 10 2000 Warly <warly@mandrakesoft.com> 0.15-12mdk
-- change the UserList method to not append at the end of kdmrc (in the wrong section)
-
-* Mon Oct  9 2000 Pixel <pixel@mandrakesoft.com> 0.15-11mdk
-- remove the fix for #760 (it needs real fixing!)
-
-* Mon Oct 09 2000 Yoann Vandoorselaere  <yoann@mandrakesoft.com> 0.15-10mdk
-- conf/server.[45]: add pcmcia
-
-* Mon Oct 09 2000 Yoann Vandoorselaere  <yoann@mandrakesoft.com> 0.15-9mdk
-- fix for #760 (kdm should not display the list of users for high security
-  levels)
-
-* Mon Oct 09 2000 Yoann Vandoorselaere  <yoann@mandrakesoft.com> 0.15-8mdk
-- fix a typo in conf/perm.0
-
-* Fri Oct 04 2000 Yoann Vandoorselaere  <yoann@mandrakesoft.com> 0.15-7mdk
-- Autologin allowed in level 0, 1, 2.... I'm against this... but...
-
-* Fri Oct 04 2000 Yoann Vandoorselaere  <yoann@mandrakesoft.com> 0.15-6mdk
-- fix some entry in perm.*
-- Autologin will only work in level 0
-
-* Tue Oct 03 2000 Yoann Vandoorselaere  <yoann@mandrakesoft.com> 0.15-5mdk
-    * init-sh/*.sh : instead of modifying Xsession,
-    create the /etc/X11/xinit.d/msec file which can contain eventual
-    rules appended by msec.
-
-* Mon Oct 02 2000 Yoann Vandoorselaere <yoann@mandrakesoft.com> 0.15-4mdk
-- some fix.
-
-* Mon Oct 02 2000 Yoann Vandoorselaere <yoann@mandrakesoft.com> 0.15-3mdk
-- init-sh/*.sh : modify /etc/X11/Xsession, not /etc/X11/xdm/Xsession
-                 nor /etc/X11/xinit/xinitrc anymore, as they all load
-                 /etc/X11/Xsession.
-
-* Fri Sep 01 2000 Yoann Vandoorselaere <yoann@mandrakesoft.com> 0.15-2mdk
-- install manually
-- use %%{_mandir} macros
-- use %%config(noreplace) for /etc/msec and for logfile
-
-* Tue Jul 18 2000 Yoann Vandoorselaere <yoann@mandrakesoft.com> 0.15-1mdk
-- cron-sh/security_check.sh : use -L in ls, 
-  to dereference symbolic link  Chris Green <cmg@dok.org>
-- conf/perm.*: /var/log/squid must be owned by squid.squid.
-- cron-sh/security.sh: 
-- init-sh/custom.sh: added patch from AG <darkimage@bigfoot.com>,
-  if no user to mail security report to is availlable, send to root.
-	
-* Wed May 17 2000 Yoann Vandoorselaere <yoann@mandrakesoft.com> 0.14-6mdk
-- Handle new libsafe path.
-
-* Wed May 17 2000 Yoann Vandoorselaere <yoann@mandrakesoft.com> 0.14-5mdk
-- corrected a wrong path.
-
-* Wed May 03 2000 Yoann Vandoorselaere <yoann@mandrakesoft.com> 0.14-4mdk
-- LoaderUpdate() make a difference between an empty
-  variable, and a non existing one.
-
-* Fri Apr 25 2000 Yoann Vandoorselaere <yoann@mandrakesoft.com> 0.14-3mdk
-- Fix a bug with comment removed pointed out by Konrad Bernloehr.
-
-* Mon Apr 24 2000 Pixel <pixel@mandrakesoft.com> 0.14-2mdk
-- conf/perm.[0-4]: fix ugly disgusting fucking bloody buggy bug!
-(remove bloody /usr/{bin,sbin}/* entries)
-
-* Wed Apr 19 2000 Yoann Vandoorselaere <yoann@mandrakesoft.com> 0.14-1mdk
-- Bug fix.
-- Support Grub as well as Lilo.
-
-* Tue Apr 18 2000 Yoann Vandoorselaere <yoann@mandrakesoft.com> 0.12-5mdk
-- cron job at 4:00am, msec_find fix.
-
-* Mon Apr 17 2000 Yoann Vandoorselaere <yoann@mandrakesoft.com> 0.12-4mdk
-- perm.5 : -e s'/ntool/ntools/' -e s'/ctool/ctools/'
-- updated documentation.
-- file_perm.sh : bug fix + output to /dev/null.
-- include /var/tmp in perm.[0-5].
-- Patch to msec_find from Thomas Poindessous.
-
-* Fri Apr 14 2000 Yoann Vandoorselaere <yoann@mandrakesoft.com> 0.12-1mdk
-- Modify zprofile.
-- use libsafe-1.3
-
-* Thu Mar 16 2000 Yoann Vandoorselaere <yoann@mandrakesoft.com>
-- security.sh : export *_TODAY variable to be used by msec_find.
-- find.c      : removed a debuging printf.
-
-* Tue Mar 09 2000 Yoann Vandoorselaere <yoann@mandrakesoft.com> 0.10-1mdk
-- custom.sh : added a patch from Havard Bell.
-- custom.sh : check if libsafe is installed before asking if the user want to use it.
-- Heavily modified msec_find.
-- Added msec_find utility, written by Thierry Vignaud which will avoid us to
-  find / 5 times :)
-- Added support for libsafe stack overflow protection in level 4 / 5 /
-  custom
-- trap the sigint signal.
-- use %%config for config file ( thanks to Frederic Lepied ).
-- use /etc/security/msec for config file only.
-- Renamed init.sh to msec, and install it in /usr/sbin.
-- The other shell scripts are located in /usr/share/msec
-- Included patch from Stefan Siegel.
-
-* Tue Jan 18 2000 Yoann Vandoorselaere <yoann@mandrakesoft.com>
-- custom.sh : fix a nasty typo.
-
-* Tue Jan 06 2000 Yoann Vandoorselaere <yoann@mandrakesoft.com>
-- security.sh : find are niced to (+19)
-- Camille updated the documentation.
-- Removed the "spawn a shell on boot" feature of level0 cause of a tty problem.
-- shutdown.allow is 600 in level 4/5; 644 else.
-- updated doc/security.txt
-- updated init-sh/custom.sh
-- level 0-3 -> ctrl-alt-del allowed for any local user.
-- level 4-5 -> ctrl-alt-del allowed for root.
-
-* Wed Dec 29 1999 Yoann Vandoorselaere <yoann@mandrakesoft.com>
-- Removing grpuser manpage, because : 
-  1 - grpuser is not to be used by any user, ( and should not have a manpage so ).
-  2 - manpage is obsolete
-
-* Tue Dec 28 1999 Chmouel Boudjnah <chmouel@mandrakesoft.com>
-- add man-pages from camille.
-
-* Fri Dec 24 1999 Yoann Vandoorselaere <yoann@mandrakesoft.com>
-- Use the mail user variable.
-- level[35]: also do a mail report.
-- moved Syslog(), Ttylog(), Maillog() to security.sh
-- security_check.sh & diff_check.sh now sourced from security.sh
-- Typo / bug fix
-- init-sh/perm[15]: files should be constant in their content.
-  all entry should be in each perm file
-
-* Tue Dec 21 1999 Pixel <pixel@mandrakesoft.com>
-- init-sh/lib.sh (LiloUpdate): replace the -z ${LILO_PASSWORD} by
-${LILO_PASSWORD+set} != set 
-- init-sh/lib.sh (LiloUpdate): replace the call to AddRules to
-AddBegRules (password= must in the beginning of lilo.conf)
-- init-sh/lib.sh (AddBegRules): 1 \n instead of 2
-
-* Mon Dec 20 1999 Yoann Vandoorselaere <yoann@mandrakesoft.com>
-- Use grpconv after modifying /etc/group.
-- Add a message for level 5 saying that user who want X access
-  should be in the xgrp group.
-
-* Mon Dec 20 1999 Yoann Vandoorselaere <yoann@mandrakesoft.com>
-- fixed a typo / variable pb.
-
-* Mon Dec 20 1999 Yoann Vandoorselaere <yoann@mandrakesoft.com>
-- init-sh/perm.[05]: Oops, /var/spool/mail is 771 not 755.
-- init-sh/lib.sh: removed the failsafe for not a tty stdin (not efficient)
-- init-sh/lib.sh: rewrote the perl script (now a one-liner :)
-- Big cleanup.
-- All work properly now.
-- msec.spec: modify to take into account the Makefile modifying the .spec
-- Makefile (VERSION): make it the same as the .spec
-
-* Sat Dec 18 1999 Pixel  <pixel@mandrakesoft.com>
-- init-sh/lib.sh: added failsafe for not a tty stdin
-
-* Sat Dec 18 1999 Pixel <pixel@mandrakesoft.com>
-- no interactive questions if not a tty
-
-* Thu Dec 16 1999 Yoann Vandoorselaere <yoann@mandrakesoft.com>
-- Don't use msec parsing routine to hack inittab
-
-* Thu Dec 16 1999 Yoann Vandoorselaere <yoann@mandrakesoft.com>
-- Fixed the last AddBegRules() problem.
-- Indentation problem should be fixed.
-- All debug finished, changing secure.tmp to a mktemp
-  allocated tmpfile for symlink security.
-- DRAKX_USER variable no longer needed.
-- grpuser.sh take only one opt ( --refresh ),
-  take group name from /etc/security/msec/group.conf
-  and add user from /etc/security/msec/user.conf if secure level > 2
-- level0.sh fixed inittab entry
-- fix a typo
-- As requested, direct shell access for level 0
-- Fixed a little problem with the DRAKX_USERS variable
-- removed chattr +a because of the problem it can cause to
-  other system automated system task.
-
-* Mon Dec 13 1999 Yoann Vandoorselaere <yoann@mandrakesoft.com>
-- diff_check.sh : fix a typo.
-
-* Thu Dec 10 1999 Yoann Vandoorselaere <yoann@mandrakesoft.com>
-- custom.sh : Fix a typo & forgot to export path & secure level
-
-* Thu Dec  9 1999 Yoann Vandoorselaere <yoann@mandrakesoft.com>
-- More bugfix.
-- Many bugfix, always trying to get a bugfree release :).
-- Renamed some variable, added consistencie.
-- security_cjheck.sh: print header at begining of the log.
-- diff_check.sh: typo.
-
-* Wed Dec  8 1999 Yoann Vandoorselaere <yoann@mandrakesoft.com>
-- security_check.sh: remove /tmp stuff.
-- security_check.sh: typo
-- level[1-3].sh: Changed crontab call to file_check.sh
-  from every hour to every midnight ( bug reported by axalon ).
-- diff_check.sh: clean up.
-- moved file_check.sh to diff_check.sh and changed
-  what is related to cron call in level[15].sh
-- Added missing configurations question in level custom.
-- bug fix.
-
-* Wed Dec  8 1999 Chmouel Boudjnah <chmouel@mandrakesoft.com>
-- Various (Makefile|specfiles) clean-up.
-- insert doc.
-
-* Mon Dec  6 1999 Yoann Vandoorselaere <yoann@mandrakesoft.com>
-- Released 0.5
-- Divided security check into 2 files :
-  security_check.sh & file_check.sh, 
-  the first do normal security check, the other watch at anormal change
-  on the system...
-- Bug fix again & again
-- Updated perm files & fix a security problem ( thanks Axalon ).
-
-* Wed Dec  1 1999 Yoann Vandoorselaere <yoann@mandrakesoft.com>
-- DrakX compatibility.
-
-* Wed Dec  1 1999 Yoann Vandoorselaere <yoann@mandrakesoft.com>
-- Add & delete of userlist from audio group ( level 1 & 2 ).
-- Minor fix
-
-* Wed Dec  1 1999 Yoann Vandoorselaere <yoann@mandrakesoft.com>
-- We now preserve config file implementation.
-- Minor fix to lib.sh
-- export profile variable...
-
-* Mon Nov 30 1999 Yoann Vandoorselaere <yoann@mandrakesoft.com>
-- Many cron security check added.
-- Print more infos.
-
-* Mon Nov 29 1999 Yoann Vandoorselaere <yoann@mandrakesoft.com>
-- Released 0.4 :
-- Now have a custom mode, just answer the question.
-- Msec print what it does.
-- Bug fix in LiloUpdate().
-
-* Mon Nov 29 1999 Yoann Vandoorselaere <yoann@mandrakesoft.com>
-- Fixed a few bugs in msec.
-
-* Fri Nov 26 1999 Yoann Vandoorselaere <yoann@mandrakesoft.com>
-- grpuser was not installed.
-
-* Fri Nov 26 1999 Yoann Vandoorselaere <yoann@mandrakesoft.com>
-- Fix a bug in level3.sh
-- level[12].sh Removed some unused code
-
-* Thu Nov 25 1999 Yoann Vandoorselaere <yoann@mandrakesoft.com>
-- Call chkconfig with the new --msec option.
-
-* Thu Nov 25 1999 Yoann Vandoorselaere <yoann@mandrakesoft.com>
-- Cleaned up tree.
-
-* Thu Nov 25 1999 Yoann Vandoorselaere <yoann@mandrakesoft.com>
-- Removed touched file /-i
-
-* Thu Nov 25 1999 Yoann Vandoorselaere <yoann@mandrakesoft.com>
-- Create rc.firewall to avoid error,
-- Call grpuser with the good path,
-- Call groupadd before usermod.
-
-* Tue Nov 23 1999 Yoann Vandoorselaere <yoann@mandrakesoft.com>
-- New release (0.3) :
-  Now each security level has it's own set of permissions.
-  Add "." at the end of $PATH for level 1.
-  Corrected some grave bug, it should work properly now.
-
-* Thu Nov 18 1999 Yoann Vandoorselaere <yoann@mandrakesoft.com>
-- New release (0.2) :
-  Fixed the path for promisc_check.sh :
-  now /etc/security/msec/cron-sh/promisc_check.sh
-  In level 1 & 2, user is now automagically added to the audio group. 
-
-* Tue Nov 16 1999 Yoann Vandoorselaere <yoann@mandrakesoft.com>
-- First packaging attempt :-).
-
-
-