diff options
author | Eugeni Dodonov <eugeni@mandriva.org> | 2009-01-06 21:31:46 +0000 |
---|---|---|
committer | Eugeni Dodonov <eugeni@mandriva.org> | 2009-01-06 21:31:46 +0000 |
commit | ff31c9236b1fd7465ea9687fc735e8af882e780e (patch) | |
tree | eec89033b4ad0b2459fbb91fa6dd39077eeaf407 /conf | |
parent | ab984707253940bf5ced3a379699e8d0dc757fa6 (diff) | |
download | msec-ff31c9236b1fd7465ea9687fc735e8af882e780e.tar msec-ff31c9236b1fd7465ea9687fc735e8af882e780e.tar.gz msec-ff31c9236b1fd7465ea9687fc735e8af882e780e.tar.bz2 msec-ff31c9236b1fd7465ea9687fc735e8af882e780e.tar.xz msec-ff31c9236b1fd7465ea9687fc735e8af882e780e.zip |
Updated to working version of new msec.
Conflicts:
Makefile
cron-sh/security_check.sh
share/msec.py
Diffstat (limited to 'conf')
-rw-r--r-- | conf/level.default | 54 | ||||
-rw-r--r-- | conf/level.none | 54 | ||||
-rw-r--r-- | conf/level.secure | 54 | ||||
-rw-r--r-- | conf/perm.0 | 92 | ||||
-rw-r--r-- | conf/perm.3 | 96 | ||||
-rw-r--r-- | conf/perm.5 | 96 | ||||
-rw-r--r-- | conf/perm.default (renamed from conf/perm.2) | 14 | ||||
-rw-r--r-- | conf/perm.none (renamed from conf/perm.1) | 8 | ||||
-rw-r--r-- | conf/perm.secure (renamed from conf/perm.4) | 49 | ||||
-rw-r--r-- | conf/server.default (renamed from conf/server.4) | 0 | ||||
-rw-r--r-- | conf/server.secure (renamed from conf/server.5) | 0 |
11 files changed, 198 insertions, 319 deletions
diff --git a/conf/level.default b/conf/level.default new file mode 100644 index 0000000..f9c0f7f --- /dev/null +++ b/conf/level.default @@ -0,0 +1,54 @@ +ENABLE_APPARMOR=no +ALLOW_X_CONNECTIONS=local +CHECK_WRITABLE=yes +ENABLE_IP_SPOOFING_PROTECTION=yes +MAIL_EMPTY_CONTENT=no +ACCEPT_BROADCASTED_ICMP_ECHO=yes +CHECK_PERMS=yes +CHECK_USER_FILES=yes +ENABLE_SUDO=wheel +ALLOW_XSERVER_TO_LISTEN=no +CHECK_CHKROOTKIT=yes +SHELL_HISTORY_SIZE=-1 +ALLOW_REBOOT=yes +CHECK_SUID_ROOT=yes +SYSLOG_WARN=yes +ENABLE_AT_CRONTAB=yes +ACCEPT_BOGUS_ERROR_RESPONSES=no +CHECK_PASSWD=yes +PASSWORD_HISTORY=0 +CHECK_SUID_MD5=yes +CHECK_SHOSTS=yes +MAIL_USER=root +ALLOW_AUTOLOGIN=yes +ENABLE_PAM_WHEEL_FOR_SU=no +CHECK_SHADOW=yes +ALLOW_ROOT_LOGIN=yes +CHECK_UNOWNED=no +ENABLE_CONSOLE_LOG=yes +ALLOW_USER_LIST=yes +ENABLE_DNS_SPOOFING_PROTECTION=yes +CREATE_SERVER_LINK=default +ENABLE_PASSWORD=yes +NOTIFY_WARN=yes +WIN_PARTS_UMASK=no +CHECK_OPEN_PORT=yes +SHELL_TIMEOUT=0 +ALLOW_REMOTE_ROOT_LOGIN=without_password +ENABLE_LOG_STRANGE_PACKETS=yes +USER_UMASK=022 +CHECK_RPM=yes +ENABLE_SULOGIN=no +ENABLE_PAM_ROOT_FROM_WHEEL=no +MAIL_WARN=yes +ALLOW_XAUTH_FROM_ROOT=yes +CHECK_SECURITY=yes +ACCEPT_ICMP_ECHO=yes +PASSWORD_LENGTH=4,0,0 +AUTHORIZE_SERVICES=yes +ROOT_UMASK=022 +ENABLE_MSEC_CRON=yes +TTY_WARN=no +ENABLE_POLICYKIT=yes +CHECK_SGID=yes +CHECK_PROMISC=no diff --git a/conf/level.none b/conf/level.none new file mode 100644 index 0000000..1e0f2c8 --- /dev/null +++ b/conf/level.none @@ -0,0 +1,54 @@ +ENABLE_APPARMOR=no +ALLOW_X_CONNECTIONS=yes +CHECK_WRITABLE=no +ENABLE_IP_SPOOFING_PROTECTION=yes +MAIL_EMPTY_CONTENT=no +ACCEPT_BROADCASTED_ICMP_ECHO=yes +CHECK_PERMS=no +CHECK_USER_FILES=no +ENABLE_SUDO=yes +ALLOW_XSERVER_TO_LISTEN=yes +CHECK_CHKROOTKIT=no +SHELL_HISTORY_SIZE=-1 +ALLOW_REBOOT=yes +CHECK_SUID_ROOT=no +SYSLOG_WARN=no +ENABLE_AT_CRONTAB=yes +ACCEPT_BOGUS_ERROR_RESPONSES=yes +CHECK_PASSWD=no +PASSWORD_HISTORY=0 +CHECK_SUID_MD5=no +CHECK_SHOSTS=no +MAIL_USER=root +ALLOW_AUTOLOGIN=yes +ENABLE_PAM_WHEEL_FOR_SU=no +CHECK_SHADOW=no +ALLOW_ROOT_LOGIN=yes +CHECK_UNOWNED=no +ENABLE_CONSOLE_LOG=yes +ALLOW_USER_LIST=yes +ENABLE_DNS_SPOOFING_PROTECTION=yes +CREATE_SERVER_LINK=no +ENABLE_PASSWORD=yes +NOTIFY_WARN=yes +WIN_PARTS_UMASK=no +CHECK_OPEN_PORT=no +SHELL_TIMEOUT=0 +ALLOW_REMOTE_ROOT_LOGIN=yes +ENABLE_LOG_STRANGE_PACKETS=no +USER_UMASK=022 +CHECK_RPM=no +ENABLE_SULOGIN=no +ENABLE_PAM_ROOT_FROM_WHEEL=no +MAIL_WARN=no +ALLOW_XAUTH_FROM_ROOT=yes +CHECK_SECURITY=no +ACCEPT_ICMP_ECHO=yes +PASSWORD_LENGTH=0,0,0 +AUTHORIZE_SERVICES=yes +ROOT_UMASK=022 +ENABLE_MSEC_CRON=no +TTY_WARN=no +ENABLE_POLICYKIT=yes +CHECK_SGID=no +CHECK_PROMISC=no diff --git a/conf/level.secure b/conf/level.secure new file mode 100644 index 0000000..4d12b1d --- /dev/null +++ b/conf/level.secure @@ -0,0 +1,54 @@ +ENABLE_APPARMOR=yes +ALLOW_X_CONNECTIONS=no +CHECK_WRITABLE=yes +ENABLE_IP_SPOOFING_PROTECTION=yes +MAIL_EMPTY_CONTENT=yes +ACCEPT_BROADCASTED_ICMP_ECHO=no +CHECK_PERMS=yes +CHECK_USER_FILES=yes +ENABLE_SUDO=no +ALLOW_XSERVER_TO_LISTEN=no +CHECK_CHKROOTKIT=yes +SHELL_HISTORY_SIZE=100 +ALLOW_REBOOT=no +CHECK_SUID_ROOT=yes +SYSLOG_WARN=yes +ENABLE_AT_CRONTAB=no +ACCEPT_BOGUS_ERROR_RESPONSES=no +CHECK_PASSWD=yes +PASSWORD_HISTORY=2 +CHECK_SUID_MD5=yes +CHECK_SHOSTS=yes +MAIL_USER=root +ALLOW_AUTOLOGIN=no +ENABLE_PAM_WHEEL_FOR_SU=yes +CHECK_SHADOW=yes +ALLOW_ROOT_LOGIN=no +CHECK_UNOWNED=yes +ENABLE_CONSOLE_LOG=no +ALLOW_USER_LIST=no +ENABLE_DNS_SPOOFING_PROTECTION=yes +CREATE_SERVER_LINK=secure +ENABLE_PASSWORD=yes +NOTIFY_WARN=no +WIN_PARTS_UMASK=0 +CHECK_OPEN_PORT=yes +SHELL_TIMEOUT=600 +ALLOW_REMOTE_ROOT_LOGIN=no +ENABLE_LOG_STRANGE_PACKETS=yes +USER_UMASK=077 +CHECK_RPM=yes +ENABLE_SULOGIN=yes +ENABLE_PAM_ROOT_FROM_WHEEL=no +MAIL_WARN=yes +ALLOW_XAUTH_FROM_ROOT=no +CHECK_SECURITY=yes +ACCEPT_ICMP_ECHO=yes +PASSWORD_LENGTH=6,1,1 +AUTHORIZE_SERVICES=local +ROOT_UMASK=077 +ENABLE_MSEC_CRON=yes +TTY_WARN=yes +ENABLE_POLICYKIT=no +CHECK_SGID=yes +CHECK_PROMISC=yes diff --git a/conf/perm.0 b/conf/perm.0 deleted file mode 100644 index e786706..0000000 --- a/conf/perm.0 +++ /dev/null @@ -1,92 +0,0 @@ -# Welcome in Level 0 -### -/ root.root 755 -/bin/ root.root 755 -/bin/ping root.root 4755 -/bin/rpm rpm.rpm 755 -/boot/ root.root 755 -/dev/ root.root 755 -/etc/ root.root 755 -/etc/conf.modules root.root 644 -/etc/cron.daily/ root.root 755 -/etc/cron.hourly/ root.root 755 -/etc/cron.monthly/ root.root 755 -/etc/cron.weekly/ root.root 755 -/etc/crontab root.root 644 -/etc/dhcpcd/ root.root 755 -/etc/dhcpcd/* root.root 644 -/etc/ftpaccess root.root 644 -/etc/ftpconversions root.root 644 -/etc/ftpgroups root.root 644 -/etc/ftphosts root.root 644 -/etc/ftpusers root.root 644 -/etc/gettydefs root.root 644 -/etc/hosts.allow root.root 644 -/etc/hosts.deny root.root 644 -/etc/hosts.equiv root.root 644 -/etc/httpd/modules.d/*.conf root.root 644 -/etc/httpd/conf/*.conf root.root 644 -/etc/httpd/conf/addon-modules/* root.root 644 -/etc/httpd/conf/vhosts.d/* root.root 644 -/etc/httpd/conf/webapps.d/* root.root 644 -/etc/inetd.conf root.root 644 -/etc/inittab root.root 644 -/etc/ld.so.conf root.root 644 -/etc/mandrake-release root.root 644 -/etc/modules.conf root.root 644 -/etc/motd root.root 644 -/etc/printcap root.root 644 -/etc/profile.d/* root.root 755 -/etc/rc.d/ root.root 755 -/etc/rc.d/init.d/ root.root 755 -/etc/rc.d/init.d/* root.root 755 -/etc/securetty root.root 644 -/etc/mail/sendmail.cf root.mail 644 -/etc/shutdown.allow root.root 644 -/etc/ssh/ssh_config root.root 644 -/etc/ssh/ssh_host_*key root.root 600 -/etc/ssh/ssh_host_*key.pub root.root 644 -/etc/ssh/sshd_config root.root 644 -/etc/sysconfig root.root 755 -/etc/syslog.conf root.root 644 -/etc/updatedb.conf root.root 644 -/home/ root.root 755 -/home/* current 755 -/lib/ root.root 755 -/mnt/ root.root 755 -/proc root.root 555 -/root/ root.root 755 -/sbin/ root.root 755 -/tmp/ root.root 777 -/usr/ root.root 755 -/usr/* root.root 755 -/usr/bin/ root.root 755 -/usr/bin/cc root.root 755 -/usr/bin/finger root.root 755 -/usr/bin/g++* root.root 755 -/usr/bin/gcc* root.root 755 -/usr/bin/ssh root.root 755 -/usr/bin/telnet root.root 755 -/usr/bin/w root.root 755 -/usr/bin/who root.root 755 -/usr/lib/rpm/rpm? rpm.rpm 755 -/usr/sbin/ root.root 755 -/usr/sbin/sendmail.postfix root.root 755 -/usr/sbin/sendmail.sendmail root.mail 2755 -/usr/sbin/traceroute root.bin 4755 -/usr/share/doc root.root 755 -/usr/share/man root.root 755 -/usr/tmp root.root 777 -/var/ root.root 755 -/var/lib/rpm/Packages rpm.rpm 644 -/var/lock/subsys root.root 755 -/var/log/ root.root 755 -/var/log/* root.adm 644 -/var/log/lp-errs lp.lp 600 -/var/log/*/* current 644 -/var/log/*/*/* current 644 -/var/log/*/. current 755 -/var/log/mailman/ root.mail 2775 -/var/log/mailman/* root.mail 664 -/var/spool/mail/ root.mail 2775 -/var/tmp root.root 777 diff --git a/conf/perm.3 b/conf/perm.3 deleted file mode 100644 index 23f273b..0000000 --- a/conf/perm.3 +++ /dev/null @@ -1,96 +0,0 @@ -# Welcome in Level 3 -### -/ root.adm 755 -/bin/ root.root 755 -/bin/ping root.root 4755 -/bin/rpm rpm.rpm 755 -/boot/ root.root 755 -/dev/ root.root 755 -/etc/ root.root 755 -/etc/conf.modules root.root 644 -/etc/cron.daily/ root.root 755 -/etc/cron.hourly/ root.root 755 -/etc/cron.monthly/ root.root 755 -/etc/cron.weekly/ root.root 755 -/etc/crontab root.root 644 -/etc/dhcpcd/ root.root 755 -/etc/dhcpcd/* root.root 644 -/etc/ftpaccess root.root 644 -/etc/ftpconversions root.root 644 -/etc/ftpgroups root.root 644 -/etc/ftphosts root.root 644 -/etc/ftpusers root.root 644 -/etc/gettydefs root.root 644 -/etc/hosts.allow root.root 644 -/etc/hosts.deny root.root 644 -/etc/hosts.equiv root.root 644 -/etc/httpd/modules.d/*.conf root.root 644 -/etc/httpd/conf/*.conf root.root 644 -/etc/httpd/conf/addon-modules/* root.root 644 -/etc/httpd/conf/vhosts.d/* root.root 644 -/etc/httpd/conf/webapps.d/* root.root 644 -/etc/inetd.conf root.root 644 -/etc/inittab root.root 644 -/etc/ld.so.conf root.root 644 -/etc/mandrake-release root.root 644 -/etc/modules.conf root.root 644 -/etc/motd root.root 644 -/etc/printcap root.root 644 -/etc/profile.d/* root.root 755 -/etc/rc.d/ root.root 755 -/etc/rc.d/init.d/ root.root 755 -/etc/rc.d/init.d/* root.root 700 -/etc/rc.d/init.d/functions root.root 644 -/etc/rc.d/init.d/mandrake_consmap root.root 644 -/etc/rc.d/init.d/xprint root.root 755 -/etc/securetty root.root 644 -/etc/sendmail.cf root.mail 644 -/etc/shutdown.allow root.root 644 -/etc/ssh/ssh_config root.root 644 -/etc/ssh/ssh_host_*key root.root 600 -/etc/ssh/ssh_host_*key.pub root.root 644 -/etc/ssh/sshd_config root.root 644 -/etc/sysconfig root.root 755 -/etc/syslog.conf root.adm 640 -/etc/updatedb.conf root.root 644 -/home/ root.root 755 -/home/* current 711 -/lib/ root.root 755 -/mnt/ root.root 755 -/proc root.root 555 -/root/ root.root 700 -/sbin/ root.root 755 -/tmp/ root.root 1777 -/usr/ root.root 755 -/usr/* root.root 755 -/usr/bin/ root.root 755 -/usr/bin/cc root.root 755 -/usr/bin/finger root.root 755 -/usr/bin/g++* root.root 755 -/usr/bin/gcc* root.root 755 -/usr/bin/ssh root.root 755 -/usr/bin/telnet root.root 755 -/usr/bin/w root.root 755 -/usr/bin/who root.root 755 -/usr/lib/rpm/rpm? rpm.rpm 755 -/usr/sbin/ root.root 755 -/usr/sbin/sendmail.postfix root.root 755 -/usr/sbin/sendmail.sendmail root.mail 2755 -/usr/sbin/traceroute root.bin 4755 -/usr/share/doc root.root 755 -/usr/share/man root.root 755 -/usr/tmp root.root 1777 -/var/ root.root 755 -/var/lib/rpm/Packages rpm.rpm 644 -/var/lock/subsys root.root 755 -/var/log/ root.root 755 -/var/log/* root.root 640 -/var/log/Xorg.0.log current current -/var/log/lp-errs lp.lp 600 -/var/log/*/* current 640 -/var/log/*/*/* current 640 -/var/log/*/. current 755 -/var/log/mailman/ root.mail 2775 -/var/log/mailman/* root.mail 660 -/var/spool/mail/ root.mail 2775 -/var/tmp root.root 1777 diff --git a/conf/perm.5 b/conf/perm.5 deleted file mode 100644 index 8aedfc8..0000000 --- a/conf/perm.5 +++ /dev/null @@ -1,96 +0,0 @@ -# Welcome in Level 5, aka paranoid. -### -/ root.root 711 -/bin/ root.root 711 -/bin/ping root.ntools 4750 -/bin/rpm rpm.rpm 750 -/boot/ root.ctools 710 -/dev/ root.root 711 -/etc/ root.root 711 -/etc/conf.modules root.root 600 -/etc/cron.daily/ root.root 700 -/etc/cron.hourly/ root.root 700 -/etc/cron.monthly/ root.root 700 -/etc/cron.weekly/ root.root 700 -/etc/crontab root.root 600 -/etc/dhcpcd/ root.root 700 -/etc/dhcpcd/* root.root 600 -/etc/ftpaccess root.root 600 -/etc/ftpconversions root.root 600 -/etc/ftpgroups root.root 600 -/etc/ftphosts root.root 600 -/etc/ftpusers root.root 600 -/etc/gettydefs root.root 600 -/etc/hosts.allow root.daemon 644 -/etc/hosts.deny root.daemon 644 -/etc/hosts.equiv root.daemon 640 -/etc/httpd/modules.d/*.conf root.root 600 -/etc/httpd/conf/*.conf root.root 600 -/etc/httpd/conf/addon-modules/* root.root 600 -/etc/httpd/conf/vhosts.d/* root.root 600 -/etc/httpd/conf/webapps.d/* root.root 600 -/etc/inetd.conf root.root 600 -/etc/inittab root.root 600 -/etc/ld.so.conf root.root 600 -/etc/mandrake-release root.root 600 -/etc/modules.conf root.root 600 -/etc/motd root.root 644 -/etc/printcap root.lp 640 -/etc/profile.d/* root.root 755 -/etc/rc.d/ root.root 700 -/etc/rc.d/init.d/ root.root 700 -/etc/rc.d/init.d/* root.root 700 -/etc/rc.d/init.d/functions root.root 644 -/etc/rc.d/init.d/mandrake_consmap root.adm 644 -/etc/rc.d/init.d/xprint root.root 755 -/etc/securetty root.root 600 -/etc/sendmail.cf root.mail 640 -/etc/shutdown.allow root.root 600 -/etc/ssh/ssh_config root.root 644 -/etc/ssh/ssh_host_*key root.root 600 -/etc/ssh/ssh_host_*key.pub root.root 644 -/etc/ssh/sshd_config root.root 600 -/etc/sysconfig root.root 711 -/etc/syslog.conf root.root 600 -/etc/updatedb.conf root.root 600 -/home/ root.root 711 -/home/* current 700 -/lib/ root.root 711 -/mnt/ root.root 710 -/proc root.adm 550 -/root/ root.root 700 -/sbin/ root.root 711 -/tmp/ root.root 1733 -/usr/ root.root 711 -/usr/* root.root 711 -/usr/bin/ root.root 711 -/usr/bin/cc root.ctools 750 -/usr/bin/finger root.ntools 750 -/usr/bin/g++* root.ctools 750 -/usr/bin/gcc* root.ctools 750 -/usr/bin/ssh root.ntools 750 -/usr/bin/telnet root.ntools 750 -/usr/bin/w root.ntools 750 -/usr/bin/who root.ntools 750 -/usr/lib/rpm/rpm? rpm.rpm 750 -/usr/sbin/ root.root 711 -/usr/sbin/sendmail.postfix root.root 711 -/usr/sbin/sendmail.sendmail root.mail 2711 -/usr/sbin/traceroute root.ntools 4750 -/usr/share/doc rpm.rpm 710 -/usr/share/man rpm.rpm 710 -/usr/tmp root.root 1733 -/var/ root.root 755 -/var/lib/rpm/Packages rpm.rpm 640 -/var/lock/subsys root.root 700 -/var/log/ root.root 711 -/var/log/* root.root 600 -/var/log/lp-errs lp.lp 600 -/var/log/*/* current 600 -/var/log/*/*/* current 600 -/var/log/*/. current 700 -/var/log/intraline/. current 750 -/var/log/mailman/ root.mail 2770 -/var/log/mailman/* root.mail 660 -/var/spool/mail/ root.mail 771 -/var/tmp root.root 1733 diff --git a/conf/perm.2 b/conf/perm.default index 7fa4ae8..744e4a8 100644 --- a/conf/perm.2 +++ b/conf/perm.default @@ -1,6 +1,6 @@ # Welcome in Level 2 ### -/ root.root 755 +/ root.adm 755 /bin/ root.root 755 /bin/ping root.root 4755 /bin/rpm rpm.rpm 755 @@ -54,7 +54,7 @@ /etc/syslog.conf root.root 644 /etc/updatedb.conf root.root 644 /home/ root.root 755 -/home/* current 755 +/home/* current.current 755 /lib/ root.root 755 /mnt/ root.root 755 /proc root.root 555 @@ -85,12 +85,12 @@ /var/lock/subsys root.root 755 /var/log/ root.root 755 /var/log/* root.adm 640 -/var/log/Xorg.0.log current current +/var/log/Xorg.0.log current.current current /var/log/lp-errs lp.lp 600 -/var/log/*/* current 640 -/var/log/*/*/* current 640 -/var/log/*/. current 755 +/var/log/*/* current.current 640 +/var/log/*/*/* current.current 640 +/var/log/*/. current.current 755 /var/log/mailman/ root.mail 2775 -/var/log/mailman/* root.mail 664 +/var/log/mailman/* root.mail 660 /var/spool/mail/ root.mail 2775 /var/tmp root.root 1777 diff --git a/conf/perm.1 b/conf/perm.none index ddeaa3c..9df8c21 100644 --- a/conf/perm.1 +++ b/conf/perm.none @@ -53,7 +53,7 @@ /etc/syslog.conf root.root 644 /etc/updatedb.conf root.root 644 /home/ root.root 755 -/home/* current 755 +/home/* current.current 755 /lib/ root.root 755 /mnt/ root.root 755 /proc root.root 555 @@ -85,9 +85,9 @@ /var/log/ root.root 755 /var/log/* root.adm 644 /var/log/lp-errs lp.lp 600 -/var/log/*/* current 644 -/var/log/*/*/* current 644 -/var/log/*/. current 755 +/var/log/*/* current.current 644 +/var/log/*/*/* current.current 644 +/var/log/*/. current.current 755 /var/log/mailman/ root.mail 2775 /var/log/mailman/* root.mail 664 /var/spool/mail/ root.mail 2775 diff --git a/conf/perm.4 b/conf/perm.secure index b8848bf..159a933 100644 --- a/conf/perm.4 +++ b/conf/perm.secure @@ -1,12 +1,12 @@ -# Welcome in Level 4, aka secure & usable. +# Welcome in Level 2 ### -/ root.adm 751 -/bin/ root.adm 751 +/ root.adm 755 +/bin/ root.adm 755 /bin/ping root.ntools 4750 /bin/rpm rpm.rpm 750 /boot/ root.ctools 710 -/dev/ root.root 711 -/etc/ root.adm 711 +/dev/ root.root 755 +/etc/ root.adm 755 /etc/conf.modules root.adm 640 /etc/cron.daily/ root.adm 750 /etc/cron.hourly/ root.adm 750 @@ -32,14 +32,14 @@ /etc/inetd.conf root.adm 640 /etc/inittab root.adm 640 /etc/ld.so.conf root.ctools 640 -/etc/mandrake-release root.adm 640 +/etc/mandrake-release root.adm 644 /etc/modules.conf root.adm 640 /etc/motd root.adm 644 /etc/printcap root.lp 640 /etc/profile.d/* root.root 755 -/etc/rc.d/ root.adm 750 -/etc/rc.d/init.d/ root.adm 750 -/etc/rc.d/init.d/* root.adm 740 +/etc/rc.d/ root.adm 755 +/etc/rc.d/init.d/ root.adm 755 +/etc/rc.d/init.d/* root.adm 744 /etc/rc.d/init.d/functions root.adm 644 /etc/rc.d/init.d/mandrake_consmap root.adm 644 /etc/rc.d/init.d/xprint root.root 755 @@ -50,20 +50,20 @@ /etc/ssh/ssh_host_*key root.adm 600 /etc/ssh/ssh_host_*key.pub root.adm 644 /etc/ssh/sshd_config root.adm 640 -/etc/sysconfig root.adm 751 +/etc/sysconfig root.adm 755 /etc/syslog.conf root.adm 640 -/etc/updatedb.conf root.adm 640 +/etc/updatedb.conf root.adm 644 /home/ root.adm 751 -/home/* current 700 -/lib/ root.adm 751 +/home/* current.current 751 +/lib/ root.adm 755 /mnt/ root.adm 750 -/proc root.adm 550 +/proc root.adm 555 /root/ root.root 700 /sbin/ root.adm 751 /tmp/ root.adm 1773 -/usr/ root.adm 751 -/usr/* root.adm 751 -/usr/bin/ root.adm 751 +/usr/ root.adm 755 +/usr/* root.adm 755 +/usr/bin/ root.adm 755 /usr/bin/cc root.ctools 750 /usr/bin/finger root.ntools 750 /usr/bin/g++* root.ctools 750 @@ -77,19 +77,20 @@ /usr/sbin/sendmail.postfix root.root 711 /usr/sbin/sendmail.sendmail root.mail 2711 /usr/sbin/traceroute root.ntools 4750 -/usr/share/doc rpm.rpm 750 -/usr/share/man rpm.rpm 750 +/usr/share/doc root.root 755 +/usr/share/man root.root 755 /usr/tmp root.adm 1773 /var/ root.root 755 /var/lib/rpm/Packages rpm.rpm 640 /var/lock/subsys root.adm 750 /var/log/ root.adm 751 -/var/log/* root.root 600 +/var/log/* root.root 640 +/var/log/Xorg.0.log current.current current /var/log/lp-errs lp.lp 600 -/var/log/*/* current 600 -/var/log/*/*/* current 600 -/var/log/*/. current 700 -/var/log/intraline/. current 750 +/var/log/*/* current.current 600 +/var/log/*/*/* current.current 600 +/var/log/*/. current.current 700 +/var/log/intraline/. current.current 750 /var/log/mailman/ root.mail 2770 /var/log/mailman/* root.mail 660 /var/spool/mail/ root.mail 771 diff --git a/conf/server.4 b/conf/server.default index d518731..d518731 100644 --- a/conf/server.4 +++ b/conf/server.default diff --git a/conf/server.5 b/conf/server.secure index 2141239..2141239 100644 --- a/conf/server.5 +++ b/conf/server.secure |