Updated to working version of new msec.

Conflicts:
	Makefile
	cron-sh/security_check.sh
	share/msec.py

1 files changed, 54 insertions, 0 deletions

diff --git a/conf/level.secure b/conf/level.secure
new file mode 100644
index 0000000..4d12b1d
--- /dev/null
+++ b/conf/level.secure
@@ -0,0 +1,54 @@
+ENABLE_APPARMOR=yes
+ALLOW_X_CONNECTIONS=no
+CHECK_WRITABLE=yes
+ENABLE_IP_SPOOFING_PROTECTION=yes
+MAIL_EMPTY_CONTENT=yes
+ACCEPT_BROADCASTED_ICMP_ECHO=no
+CHECK_PERMS=yes
+CHECK_USER_FILES=yes
+ENABLE_SUDO=no
+ALLOW_XSERVER_TO_LISTEN=no
+CHECK_CHKROOTKIT=yes
+SHELL_HISTORY_SIZE=100
+ALLOW_REBOOT=no
+CHECK_SUID_ROOT=yes
+SYSLOG_WARN=yes
+ENABLE_AT_CRONTAB=no
+ACCEPT_BOGUS_ERROR_RESPONSES=no
+CHECK_PASSWD=yes
+PASSWORD_HISTORY=2
+CHECK_SUID_MD5=yes
+CHECK_SHOSTS=yes
+MAIL_USER=root
+ALLOW_AUTOLOGIN=no
+ENABLE_PAM_WHEEL_FOR_SU=yes
+CHECK_SHADOW=yes
+ALLOW_ROOT_LOGIN=no
+CHECK_UNOWNED=yes
+ENABLE_CONSOLE_LOG=no
+ALLOW_USER_LIST=no
+ENABLE_DNS_SPOOFING_PROTECTION=yes
+CREATE_SERVER_LINK=secure
+ENABLE_PASSWORD=yes
+NOTIFY_WARN=no
+WIN_PARTS_UMASK=0
+CHECK_OPEN_PORT=yes
+SHELL_TIMEOUT=600
+ALLOW_REMOTE_ROOT_LOGIN=no
+ENABLE_LOG_STRANGE_PACKETS=yes
+USER_UMASK=077
+CHECK_RPM=yes
+ENABLE_SULOGIN=yes
+ENABLE_PAM_ROOT_FROM_WHEEL=no
+MAIL_WARN=yes
+ALLOW_XAUTH_FROM_ROOT=no
+CHECK_SECURITY=yes
+ACCEPT_ICMP_ECHO=yes
+PASSWORD_LENGTH=6,1,1
+AUTHORIZE_SERVICES=local
+ROOT_UMASK=077
+ENABLE_MSEC_CRON=yes
+TTY_WARN=yes
+ENABLE_POLICYKIT=no
+CHECK_SGID=yes
+CHECK_PROMISC=yes