diff options
author | Eugeni Dodonov <eugeni@mandriva.org> | 2010-02-08 14:09:02 +0000 |
---|---|---|
committer | Eugeni Dodonov <eugeni@mandriva.org> | 2010-02-08 14:09:02 +0000 |
commit | 69ef1197d44f0cafeee812926cb3826652427727 (patch) | |
tree | 992173081e1ca2cc50c02cc9579367f62460de76 | |
parent | 26d88c67950341dab25b5483a3edd1a27f4d1067 (diff) | |
download | msec-69ef1197d44f0cafeee812926cb3826652427727.tar msec-69ef1197d44f0cafeee812926cb3826652427727.tar.gz msec-69ef1197d44f0cafeee812926cb3826652427727.tar.bz2 msec-69ef1197d44f0cafeee812926cb3826652427727.tar.xz msec-69ef1197d44f0cafeee812926cb3826652427727.zip |
Updated level settings to comply with new periodic checks.
-rw-r--r-- | conf/level.secure | 36 | ||||
-rw-r--r-- | conf/level.standard | 32 |
2 files changed, 34 insertions, 34 deletions
diff --git a/conf/level.secure b/conf/level.secure index bf021db..dc2f2b7 100644 --- a/conf/level.secure +++ b/conf/level.secure @@ -1,33 +1,33 @@ BASE_LEVEL=secure ALLOW_X_CONNECTIONS=no -CHECK_WRITABLE=yes +CHECK_WRITABLE=daily ENABLE_IP_SPOOFING_PROTECTION=yes MAIL_EMPTY_CONTENT=yes ACCEPT_BROADCASTED_ICMP_ECHO=no -CHECK_PERMS=yes -CHECK_USER_FILES=yes +CHECK_PERMS=daily +CHECK_USER_FILES=daily ENABLE_SUDO=no ALLOW_XSERVER_TO_LISTEN=no -CHECK_CHKROOTKIT=yes +CHECK_CHKROOTKIT=daily SHELL_HISTORY_SIZE=100 ALLOW_REBOOT=no -CHECK_SUID_ROOT=yes +CHECK_SUID_ROOT=daily SYSLOG_WARN=yes ENABLE_AT_CRONTAB=no ACCEPT_BOGUS_ERROR_RESPONSES=no -CHECK_PASSWD=yes +CHECK_PASSWD=daily PASSWORD_HISTORY=2 -CHECK_SUID_MD5=yes -CHECK_SHOSTS=yes +CHECK_SUID_MD5=daily +CHECK_SHOSTS=daily MAIL_USER=root ALLOW_AUTOLOGIN=no ENABLE_PAM_WHEEL_FOR_SU=yes -CHECK_SHADOW=yes +CHECK_SHADOW=daily ALLOW_ROOT_LOGIN=no -CHECK_UNOWNED=yes +CHECK_UNOWNED=daily FIX_UNOWNED=yes -CHECK_USERS=yes -CHECK_GROUPS=yes +CHECK_USERS=daily +CHECK_GROUPS=daily ENABLE_CONSOLE_LOG=no ALLOW_USER_LIST=no ENABLE_DNS_SPOOFING_PROTECTION=yes @@ -35,14 +35,14 @@ CREATE_SERVER_LINK=remote ENABLE_PASSWORD=yes NOTIFY_WARN=no WIN_PARTS_UMASK=022 -CHECK_OPEN_PORT=yes -CHECK_FIREWALL=yes +CHECK_OPEN_PORT=daily +CHECK_FIREWALL=daily SHELL_TIMEOUT=600 ALLOW_REMOTE_ROOT_LOGIN=no ENABLE_LOG_STRANGE_PACKETS=yes USER_UMASK=077 -CHECK_RPM_PACKAGES=yes -CHECK_RPM_INTEGRITY=yes +CHECK_RPM_PACKAGES=daily +CHECK_RPM_INTEGRITY=weekly SECURE_TMP=yes ENABLE_SULOGIN=yes ENABLE_PAM_ROOT_FROM_WHEEL=no @@ -55,8 +55,8 @@ AUTHORIZE_SERVICES=local ROOT_UMASK=077 ENABLE_MSEC_CRON=yes TTY_WARN=yes -CHECK_SGID=yes -CHECK_PROMISC=yes +CHECK_SGID=daily +CHECK_PROMISC=daily ENABLE_STARTUP_MSEC=yes ENABLE_STARTUP_PERMS=yes ALLOW_CURDIR_IN_PATH=no diff --git a/conf/level.standard b/conf/level.standard index 0618edf..b9dceb3 100644 --- a/conf/level.standard +++ b/conf/level.standard @@ -1,33 +1,33 @@ BASE_LEVEL=standard ALLOW_X_CONNECTIONS=local -CHECK_WRITABLE=yes +CHECK_WRITABLE=weekly ENABLE_IP_SPOOFING_PROTECTION=yes MAIL_EMPTY_CONTENT=no ACCEPT_BROADCASTED_ICMP_ECHO=yes CHECK_PERMS=no -CHECK_USER_FILES=yes +CHECK_USER_FILES=daily ENABLE_SUDO=wheel ALLOW_XSERVER_TO_LISTEN=no -CHECK_CHKROOTKIT=yes +CHECK_CHKROOTKIT=daily SHELL_HISTORY_SIZE=-1 ALLOW_REBOOT=yes -CHECK_SUID_ROOT=yes +CHECK_SUID_ROOT=daily SYSLOG_WARN=yes ENABLE_AT_CRONTAB=yes ACCEPT_BOGUS_ERROR_RESPONSES=no -CHECK_PASSWD=yes +CHECK_PASSWD=daily PASSWORD_HISTORY=0 -CHECK_SUID_MD5=yes -CHECK_SHOSTS=yes +CHECK_SUID_MD5=daily +CHECK_SHOSTS=daily MAIL_USER=root ALLOW_AUTOLOGIN=yes ENABLE_PAM_WHEEL_FOR_SU=no -CHECK_SHADOW=yes +CHECK_SHADOW=daily ALLOW_ROOT_LOGIN=yes -CHECK_UNOWNED=yes +CHECK_UNOWNED=weekly FIX_UNOWNED=no -CHECK_USERS=yes -CHECK_GROUPS=yes +CHECK_USERS=daily +CHECK_GROUPS=daily ENABLE_CONSOLE_LOG=yes ALLOW_USER_LIST=yes ENABLE_DNS_SPOOFING_PROTECTION=yes @@ -35,13 +35,13 @@ CREATE_SERVER_LINK=no ENABLE_PASSWORD=yes NOTIFY_WARN=yes WIN_PARTS_UMASK=000 -CHECK_OPEN_PORT=yes -CHECK_FIREWALL=yes +CHECK_OPEN_PORT=daily +CHECK_FIREWALL=daily SHELL_TIMEOUT=0 ALLOW_REMOTE_ROOT_LOGIN=without-password ENABLE_LOG_STRANGE_PACKETS=yes USER_UMASK=022 -CHECK_RPM_PACKAGES=yes +CHECK_RPM_PACKAGES=weekly CHECK_RPM_INTEGRITY=no SECURE_TMP=yes ENABLE_SULOGIN=no @@ -55,8 +55,8 @@ AUTHORIZE_SERVICES=yes ROOT_UMASK=022 ENABLE_MSEC_CRON=yes TTY_WARN=no -CHECK_SGID=yes -CHECK_PROMISC=yes +CHECK_SGID=daily +CHECK_PROMISC=daily ENABLE_STARTUP_MSEC=yes ENABLE_STARTUP_PERMS=yes ALLOW_CURDIR_IN_PATH=no |