Added 'netbook' level.

author: Eugeni Dodonov <eugeni@mandriva.org> 2010-02-18 18:19:54 +0000
committer: Eugeni Dodonov <eugeni@mandriva.org> 2010-02-18 18:19:54 +0000
commit: 94928f9396a9067c20bc6a8c50d4cecb0d4687fa (patch)
tree: 55357824f6e651db381ac085997450e76ab52eef /conf
parent: 531e87178deeecef763eddd9115d70395bc18cf4 (diff)
download: msec-94928f9396a9067c20bc6a8c50d4cecb0d4687fa.tar
msec-94928f9396a9067c20bc6a8c50d4cecb0d4687fa.tar.gz
msec-94928f9396a9067c20bc6a8c50d4cecb0d4687fa.tar.bz2
msec-94928f9396a9067c20bc6a8c50d4cecb0d4687fa.tar.xz
msec-94928f9396a9067c20bc6a8c50d4cecb0d4687fa.zip
2 files changed, 142 insertions, 0 deletions
diff --git a/conf/level.netbook b/conf/level.netbook
new file mode 100644
index 0000000..76d1ce7
--- /dev/null
+++ b/conf/level.netbook
@@ -0,0 +1,66 @@
+BASE_LEVEL=netbook
+ALLOW_X_CONNECTIONS=local
+CHECK_WRITABLE=no
+ENABLE_IP_SPOOFING_PROTECTION=yes
+MAIL_EMPTY_CONTENT=no
+ACCEPT_BROADCASTED_ICMP_ECHO=yes
+CHECK_PERMS=no
+CHECK_PERMS_ENFORCE=no
+CHECK_SECTOOL=weekly
+CHECK_SECTOOL_LEVEL=2
+CHECK_USER_FILES=weekly
+ALLOW_XSERVER_TO_LISTEN=no
+CHECK_CHKROOTKIT=monthly
+SHELL_HISTORY_SIZE=-1
+ALLOW_REBOOT=yes
+CHECK_SUID_ROOT=weekly
+SYSLOG_WARN=no
+ENABLE_AT_CRONTAB=yes
+ACCEPT_BOGUS_ERROR_RESPONSES=no
+CHECK_PASSWD=weekly
+PASSWORD_HISTORY=0
+CHECK_SUID_MD5=weekly
+CHECK_SHOSTS=weekly
+MAIL_USER=root
+ALLOW_AUTOLOGIN=yes
+ENABLE_PAM_WHEEL_FOR_SU=no
+CHECK_SHADOW=weekly
+ALLOW_ROOT_LOGIN=yes
+CHECK_UNOWNED=no
+FIX_UNOWNED=no
+CHECK_USERS=weekly
+CHECK_GROUPS=weekly
+ENABLE_CONSOLE_LOG=yes
+ALLOW_USER_LIST=yes
+ENABLE_DNS_SPOOFING_PROTECTION=yes
+CREATE_SERVER_LINK=no
+ENABLE_PASSWORD=yes
+NOTIFY_WARN=yes
+WIN_PARTS_UMASK=000
+CHECK_OPEN_PORT=no
+CHECK_FIREWALL=no
+SHELL_TIMEOUT=0
+ALLOW_REMOTE_ROOT_LOGIN=no
+ENABLE_LOG_STRANGE_PACKETS=yes
+USER_UMASK=022
+CHECK_RPM_PACKAGES=weekly
+CHECK_RPM_INTEGRITY=no
+SECURE_TMP=yes
+ENABLE_SULOGIN=no
+ENABLE_PAM_ROOT_FROM_WHEEL=no
+MAIL_WARN=yes
+ALLOW_XAUTH_FROM_ROOT=yes
+CHECK_SECURITY=yes
+ACCEPT_ICMP_ECHO=yes
+PASSWORD_LENGTH=4,0,0
+AUTHORIZE_SERVICES=yes
+ROOT_UMASK=022
+ENABLE_MSEC_CRON=no
+TTY_WARN=no
+CHECK_SGID=weekly
+CHECK_PROMISC=no
+ENABLE_STARTUP_MSEC=yes
+ENABLE_STARTUP_PERMS=yes
+ALLOW_CURDIR_IN_PATH=no
+CHECK_ON_BATTERY=no
+LOG_RETENTION=2
diff --git a/conf/perm.netbook b/conf/perm.netbook
new file mode 100644
index 0000000..7e908f7
--- /dev/null
+++ b/conf/perm.netbook
@@ -0,0 +1,76 @@
+# default permissions level
+###
+/						root.adm		755
+/bin/						root.root		755
+/bin/ping					root.root		4755
+/bin/rpm					rpm.rpm			755
+/boot/						root.root		755
+/dev/						root.root		755
+/etc/						root.root		755
+/etc/conf.modules				root.root		644
+/etc/cron.daily/				root.root		755
+/etc/cron.hourly/				root.root		755
+/etc/cron.monthly/				root.root		755
+/etc/cron.weekly/				root.root		755
+/etc/crontab					root.root		644
+/etc/dhcpcd/					root.root		755
+/etc/dhcpcd/*					root.root		644
+/etc/hosts.allow				root.root		644
+/etc/hosts.deny					root.root		644
+/etc/hosts.equiv				root.root		644
+/etc/inittab					root.root		644
+/etc/ld.so.conf					root.root		644
+/etc/mandrake-release				root.root		644
+/etc/modules.conf				root.root		644
+/etc/motd					root.root		644
+/etc/printcap					root.root		644
+/etc/profile.d/*				root.root		755
+/etc/rc.d/					root.root		755
+/etc/rc.d/init.d/				root.root		755
+/etc/rc.d/init.d/functions			root.root		644
+/etc/securetty					root.root		644
+/etc/shutdown.allow				root.root		644
+/etc/ssh/ssh_config				root.root		644
+/etc/ssh/ssh_host_*key				root.root		600
+/etc/ssh/ssh_host_*key.pub			root.root		644
+/etc/ssh/sshd_config				root.root		644
+/etc/sysconfig					root.root		755
+/etc/syslog.conf				root.root		644
+/home/						root.root		755
+/home/*						current.current		755
+/lib/						root.root		755
+/mnt/						root.root		755
+/proc						root.root		555
+/root/						root.root		700
+/sbin/						root.root		755
+/tmp/						root.root		1777
+/usr/						root.root		755
+/usr/*						root.root		755
+/usr/bin/					root.root		755
+/usr/bin/cc					root.root		755
+/usr/bin/finger					root.root		755
+/usr/bin/g++*					root.root		755
+/usr/bin/gcc*					root.root		755
+/usr/bin/ssh					root.root		755
+/usr/bin/telnet					root.root		755
+/usr/bin/w					root.root		755
+/usr/bin/who					root.root		755
+/usr/lib/rpm/rpm?				rpm.rpm			755
+/usr/sbin/					root.root		755
+/usr/sbin/sendmail.postfix			root.root		755
+/usr/sbin/sendmail.sendmail			root.mail		2755
+/usr/sbin/traceroute				root.bin		4755
+/usr/tmp					root.root		1777
+/var/						root.root		755
+/var/lib/rpm/Packages				rpm.rpm			644
+/var/lock/subsys				root.root		755
+/var/log/					root.root		755
+/var/log/security.log				root.adm		640 force
+/var/log/msec.log				root.adm		640 force
+/var/log/security/				root.adm		740 force
+/var/log/security/*				root.adm		640 force
+/var/log/btmp					root.utmp		600 force
+/var/log/wtmp					root.utmp		664 force
+/var/log/lp-errs				lp.lp			600
+/var/spool/mail/				root.mail		2775
+/var/tmp					root.root		1777
author	Eugeni Dodonov <eugeni@mandriva.org>	2010-02-18 18:19:54 +0000
committer	Eugeni Dodonov <eugeni@mandriva.org>	2010-02-18 18:19:54 +0000
commit	94928f9396a9067c20bc6a8c50d4cecb0d4687fa (patch)
tree	55357824f6e651db381ac085997450e76ab52eef /conf
parent	531e87178deeecef763eddd9115d70395bc18cf4 (diff)
download	msec-94928f9396a9067c20bc6a8c50d4cecb0d4687fa.tar msec-94928f9396a9067c20bc6a8c50d4cecb0d4687fa.tar.gz msec-94928f9396a9067c20bc6a8c50d4cecb0d4687fa.tar.bz2 msec-94928f9396a9067c20bc6a8c50d4cecb0d4687fa.tar.xz msec-94928f9396a9067c20bc6a8c50d4cecb0d4687fa.zip