aboutsummaryrefslogtreecommitdiffstats
path: root/conf/level.secure
diff options
context:
space:
mode:
authorEugeni Dodonov <eugeni@mandriva.org>2010-02-08 14:09:02 +0000
committerEugeni Dodonov <eugeni@mandriva.org>2010-02-08 14:09:02 +0000
commit69ef1197d44f0cafeee812926cb3826652427727 (patch)
tree992173081e1ca2cc50c02cc9579367f62460de76 /conf/level.secure
parent26d88c67950341dab25b5483a3edd1a27f4d1067 (diff)
downloadmsec-69ef1197d44f0cafeee812926cb3826652427727.tar
msec-69ef1197d44f0cafeee812926cb3826652427727.tar.gz
msec-69ef1197d44f0cafeee812926cb3826652427727.tar.bz2
msec-69ef1197d44f0cafeee812926cb3826652427727.tar.xz
msec-69ef1197d44f0cafeee812926cb3826652427727.zip
Updated level settings to comply with new periodic checks.
Diffstat (limited to 'conf/level.secure')
-rw-r--r--conf/level.secure36
1 files changed, 18 insertions, 18 deletions
diff --git a/conf/level.secure b/conf/level.secure
index bf021db..dc2f2b7 100644
--- a/conf/level.secure
+++ b/conf/level.secure
@@ -1,33 +1,33 @@
BASE_LEVEL=secure
ALLOW_X_CONNECTIONS=no
-CHECK_WRITABLE=yes
+CHECK_WRITABLE=daily
ENABLE_IP_SPOOFING_PROTECTION=yes
MAIL_EMPTY_CONTENT=yes
ACCEPT_BROADCASTED_ICMP_ECHO=no
-CHECK_PERMS=yes
-CHECK_USER_FILES=yes
+CHECK_PERMS=daily
+CHECK_USER_FILES=daily
ENABLE_SUDO=no
ALLOW_XSERVER_TO_LISTEN=no
-CHECK_CHKROOTKIT=yes
+CHECK_CHKROOTKIT=daily
SHELL_HISTORY_SIZE=100
ALLOW_REBOOT=no
-CHECK_SUID_ROOT=yes
+CHECK_SUID_ROOT=daily
SYSLOG_WARN=yes
ENABLE_AT_CRONTAB=no
ACCEPT_BOGUS_ERROR_RESPONSES=no
-CHECK_PASSWD=yes
+CHECK_PASSWD=daily
PASSWORD_HISTORY=2
-CHECK_SUID_MD5=yes
-CHECK_SHOSTS=yes
+CHECK_SUID_MD5=daily
+CHECK_SHOSTS=daily
MAIL_USER=root
ALLOW_AUTOLOGIN=no
ENABLE_PAM_WHEEL_FOR_SU=yes
-CHECK_SHADOW=yes
+CHECK_SHADOW=daily
ALLOW_ROOT_LOGIN=no
-CHECK_UNOWNED=yes
+CHECK_UNOWNED=daily
FIX_UNOWNED=yes
-CHECK_USERS=yes
-CHECK_GROUPS=yes
+CHECK_USERS=daily
+CHECK_GROUPS=daily
ENABLE_CONSOLE_LOG=no
ALLOW_USER_LIST=no
ENABLE_DNS_SPOOFING_PROTECTION=yes
@@ -35,14 +35,14 @@ CREATE_SERVER_LINK=remote
ENABLE_PASSWORD=yes
NOTIFY_WARN=no
WIN_PARTS_UMASK=022
-CHECK_OPEN_PORT=yes
-CHECK_FIREWALL=yes
+CHECK_OPEN_PORT=daily
+CHECK_FIREWALL=daily
SHELL_TIMEOUT=600
ALLOW_REMOTE_ROOT_LOGIN=no
ENABLE_LOG_STRANGE_PACKETS=yes
USER_UMASK=077
-CHECK_RPM_PACKAGES=yes
-CHECK_RPM_INTEGRITY=yes
+CHECK_RPM_PACKAGES=daily
+CHECK_RPM_INTEGRITY=weekly
SECURE_TMP=yes
ENABLE_SULOGIN=yes
ENABLE_PAM_ROOT_FROM_WHEEL=no
@@ -55,8 +55,8 @@ AUTHORIZE_SERVICES=local
ROOT_UMASK=077
ENABLE_MSEC_CRON=yes
TTY_WARN=yes
-CHECK_SGID=yes
-CHECK_PROMISC=yes
+CHECK_SGID=daily
+CHECK_PROMISC=daily
ENABLE_STARTUP_MSEC=yes
ENABLE_STARTUP_PERMS=yes
ALLOW_CURDIR_IN_PATH=no