aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEugeni Dodonov <eugeni@mandriva.org>2010-02-08 14:09:02 +0000
committerEugeni Dodonov <eugeni@mandriva.org>2010-02-08 14:09:02 +0000
commit69ef1197d44f0cafeee812926cb3826652427727 (patch)
tree992173081e1ca2cc50c02cc9579367f62460de76
parent26d88c67950341dab25b5483a3edd1a27f4d1067 (diff)
downloadmsec-69ef1197d44f0cafeee812926cb3826652427727.tar
msec-69ef1197d44f0cafeee812926cb3826652427727.tar.gz
msec-69ef1197d44f0cafeee812926cb3826652427727.tar.bz2
msec-69ef1197d44f0cafeee812926cb3826652427727.tar.xz
msec-69ef1197d44f0cafeee812926cb3826652427727.zip
Updated level settings to comply with new periodic checks.
-rw-r--r--conf/level.secure36
-rw-r--r--conf/level.standard32
2 files changed, 34 insertions, 34 deletions
diff --git a/conf/level.secure b/conf/level.secure
index bf021db..dc2f2b7 100644
--- a/conf/level.secure
+++ b/conf/level.secure
@@ -1,33 +1,33 @@
BASE_LEVEL=secure
ALLOW_X_CONNECTIONS=no
-CHECK_WRITABLE=yes
+CHECK_WRITABLE=daily
ENABLE_IP_SPOOFING_PROTECTION=yes
MAIL_EMPTY_CONTENT=yes
ACCEPT_BROADCASTED_ICMP_ECHO=no
-CHECK_PERMS=yes
-CHECK_USER_FILES=yes
+CHECK_PERMS=daily
+CHECK_USER_FILES=daily
ENABLE_SUDO=no
ALLOW_XSERVER_TO_LISTEN=no
-CHECK_CHKROOTKIT=yes
+CHECK_CHKROOTKIT=daily
SHELL_HISTORY_SIZE=100
ALLOW_REBOOT=no
-CHECK_SUID_ROOT=yes
+CHECK_SUID_ROOT=daily
SYSLOG_WARN=yes
ENABLE_AT_CRONTAB=no
ACCEPT_BOGUS_ERROR_RESPONSES=no
-CHECK_PASSWD=yes
+CHECK_PASSWD=daily
PASSWORD_HISTORY=2
-CHECK_SUID_MD5=yes
-CHECK_SHOSTS=yes
+CHECK_SUID_MD5=daily
+CHECK_SHOSTS=daily
MAIL_USER=root
ALLOW_AUTOLOGIN=no
ENABLE_PAM_WHEEL_FOR_SU=yes
-CHECK_SHADOW=yes
+CHECK_SHADOW=daily
ALLOW_ROOT_LOGIN=no
-CHECK_UNOWNED=yes
+CHECK_UNOWNED=daily
FIX_UNOWNED=yes
-CHECK_USERS=yes
-CHECK_GROUPS=yes
+CHECK_USERS=daily
+CHECK_GROUPS=daily
ENABLE_CONSOLE_LOG=no
ALLOW_USER_LIST=no
ENABLE_DNS_SPOOFING_PROTECTION=yes
@@ -35,14 +35,14 @@ CREATE_SERVER_LINK=remote
ENABLE_PASSWORD=yes
NOTIFY_WARN=no
WIN_PARTS_UMASK=022
-CHECK_OPEN_PORT=yes
-CHECK_FIREWALL=yes
+CHECK_OPEN_PORT=daily
+CHECK_FIREWALL=daily
SHELL_TIMEOUT=600
ALLOW_REMOTE_ROOT_LOGIN=no
ENABLE_LOG_STRANGE_PACKETS=yes
USER_UMASK=077
-CHECK_RPM_PACKAGES=yes
-CHECK_RPM_INTEGRITY=yes
+CHECK_RPM_PACKAGES=daily
+CHECK_RPM_INTEGRITY=weekly
SECURE_TMP=yes
ENABLE_SULOGIN=yes
ENABLE_PAM_ROOT_FROM_WHEEL=no
@@ -55,8 +55,8 @@ AUTHORIZE_SERVICES=local
ROOT_UMASK=077
ENABLE_MSEC_CRON=yes
TTY_WARN=yes
-CHECK_SGID=yes
-CHECK_PROMISC=yes
+CHECK_SGID=daily
+CHECK_PROMISC=daily
ENABLE_STARTUP_MSEC=yes
ENABLE_STARTUP_PERMS=yes
ALLOW_CURDIR_IN_PATH=no
diff --git a/conf/level.standard b/conf/level.standard
index 0618edf..b9dceb3 100644
--- a/conf/level.standard
+++ b/conf/level.standard
@@ -1,33 +1,33 @@
BASE_LEVEL=standard
ALLOW_X_CONNECTIONS=local
-CHECK_WRITABLE=yes
+CHECK_WRITABLE=weekly
ENABLE_IP_SPOOFING_PROTECTION=yes
MAIL_EMPTY_CONTENT=no
ACCEPT_BROADCASTED_ICMP_ECHO=yes
CHECK_PERMS=no
-CHECK_USER_FILES=yes
+CHECK_USER_FILES=daily
ENABLE_SUDO=wheel
ALLOW_XSERVER_TO_LISTEN=no
-CHECK_CHKROOTKIT=yes
+CHECK_CHKROOTKIT=daily
SHELL_HISTORY_SIZE=-1
ALLOW_REBOOT=yes
-CHECK_SUID_ROOT=yes
+CHECK_SUID_ROOT=daily
SYSLOG_WARN=yes
ENABLE_AT_CRONTAB=yes
ACCEPT_BOGUS_ERROR_RESPONSES=no
-CHECK_PASSWD=yes
+CHECK_PASSWD=daily
PASSWORD_HISTORY=0
-CHECK_SUID_MD5=yes
-CHECK_SHOSTS=yes
+CHECK_SUID_MD5=daily
+CHECK_SHOSTS=daily
MAIL_USER=root
ALLOW_AUTOLOGIN=yes
ENABLE_PAM_WHEEL_FOR_SU=no
-CHECK_SHADOW=yes
+CHECK_SHADOW=daily
ALLOW_ROOT_LOGIN=yes
-CHECK_UNOWNED=yes
+CHECK_UNOWNED=weekly
FIX_UNOWNED=no
-CHECK_USERS=yes
-CHECK_GROUPS=yes
+CHECK_USERS=daily
+CHECK_GROUPS=daily
ENABLE_CONSOLE_LOG=yes
ALLOW_USER_LIST=yes
ENABLE_DNS_SPOOFING_PROTECTION=yes
@@ -35,13 +35,13 @@ CREATE_SERVER_LINK=no
ENABLE_PASSWORD=yes
NOTIFY_WARN=yes
WIN_PARTS_UMASK=000
-CHECK_OPEN_PORT=yes
-CHECK_FIREWALL=yes
+CHECK_OPEN_PORT=daily
+CHECK_FIREWALL=daily
SHELL_TIMEOUT=0
ALLOW_REMOTE_ROOT_LOGIN=without-password
ENABLE_LOG_STRANGE_PACKETS=yes
USER_UMASK=022
-CHECK_RPM_PACKAGES=yes
+CHECK_RPM_PACKAGES=weekly
CHECK_RPM_INTEGRITY=no
SECURE_TMP=yes
ENABLE_SULOGIN=no
@@ -55,8 +55,8 @@ AUTHORIZE_SERVICES=yes
ROOT_UMASK=022
ENABLE_MSEC_CRON=yes
TTY_WARN=no
-CHECK_SGID=yes
-CHECK_PROMISC=yes
+CHECK_SGID=daily
+CHECK_PROMISC=daily
ENABLE_STARTUP_MSEC=yes
ENABLE_STARTUP_PERMS=yes
ALLOW_CURDIR_IN_PATH=no