aboutsummaryrefslogtreecommitdiffstats
path: root/conf
diff options
context:
space:
mode:
authorEugeni Dodonov <eugeni@mandriva.org>2009-01-06 21:31:46 +0000
committerEugeni Dodonov <eugeni@mandriva.org>2009-01-06 21:31:46 +0000
commitff31c9236b1fd7465ea9687fc735e8af882e780e (patch)
treeeec89033b4ad0b2459fbb91fa6dd39077eeaf407 /conf
parentab984707253940bf5ced3a379699e8d0dc757fa6 (diff)
downloadmsec-ff31c9236b1fd7465ea9687fc735e8af882e780e.tar
msec-ff31c9236b1fd7465ea9687fc735e8af882e780e.tar.gz
msec-ff31c9236b1fd7465ea9687fc735e8af882e780e.tar.bz2
msec-ff31c9236b1fd7465ea9687fc735e8af882e780e.tar.xz
msec-ff31c9236b1fd7465ea9687fc735e8af882e780e.zip
Updated to working version of new msec.
Conflicts: Makefile cron-sh/security_check.sh share/msec.py
Diffstat (limited to 'conf')
-rw-r--r--conf/level.default54
-rw-r--r--conf/level.none54
-rw-r--r--conf/level.secure54
-rw-r--r--conf/perm.092
-rw-r--r--conf/perm.396
-rw-r--r--conf/perm.596
-rw-r--r--conf/perm.default (renamed from conf/perm.2)14
-rw-r--r--conf/perm.none (renamed from conf/perm.1)8
-rw-r--r--conf/perm.secure (renamed from conf/perm.4)49
-rw-r--r--conf/server.default (renamed from conf/server.4)0
-rw-r--r--conf/server.secure (renamed from conf/server.5)0
11 files changed, 198 insertions, 319 deletions
diff --git a/conf/level.default b/conf/level.default
new file mode 100644
index 0000000..f9c0f7f
--- /dev/null
+++ b/conf/level.default
@@ -0,0 +1,54 @@
+ENABLE_APPARMOR=no
+ALLOW_X_CONNECTIONS=local
+CHECK_WRITABLE=yes
+ENABLE_IP_SPOOFING_PROTECTION=yes
+MAIL_EMPTY_CONTENT=no
+ACCEPT_BROADCASTED_ICMP_ECHO=yes
+CHECK_PERMS=yes
+CHECK_USER_FILES=yes
+ENABLE_SUDO=wheel
+ALLOW_XSERVER_TO_LISTEN=no
+CHECK_CHKROOTKIT=yes
+SHELL_HISTORY_SIZE=-1
+ALLOW_REBOOT=yes
+CHECK_SUID_ROOT=yes
+SYSLOG_WARN=yes
+ENABLE_AT_CRONTAB=yes
+ACCEPT_BOGUS_ERROR_RESPONSES=no
+CHECK_PASSWD=yes
+PASSWORD_HISTORY=0
+CHECK_SUID_MD5=yes
+CHECK_SHOSTS=yes
+MAIL_USER=root
+ALLOW_AUTOLOGIN=yes
+ENABLE_PAM_WHEEL_FOR_SU=no
+CHECK_SHADOW=yes
+ALLOW_ROOT_LOGIN=yes
+CHECK_UNOWNED=no
+ENABLE_CONSOLE_LOG=yes
+ALLOW_USER_LIST=yes
+ENABLE_DNS_SPOOFING_PROTECTION=yes
+CREATE_SERVER_LINK=default
+ENABLE_PASSWORD=yes
+NOTIFY_WARN=yes
+WIN_PARTS_UMASK=no
+CHECK_OPEN_PORT=yes
+SHELL_TIMEOUT=0
+ALLOW_REMOTE_ROOT_LOGIN=without_password
+ENABLE_LOG_STRANGE_PACKETS=yes
+USER_UMASK=022
+CHECK_RPM=yes
+ENABLE_SULOGIN=no
+ENABLE_PAM_ROOT_FROM_WHEEL=no
+MAIL_WARN=yes
+ALLOW_XAUTH_FROM_ROOT=yes
+CHECK_SECURITY=yes
+ACCEPT_ICMP_ECHO=yes
+PASSWORD_LENGTH=4,0,0
+AUTHORIZE_SERVICES=yes
+ROOT_UMASK=022
+ENABLE_MSEC_CRON=yes
+TTY_WARN=no
+ENABLE_POLICYKIT=yes
+CHECK_SGID=yes
+CHECK_PROMISC=no
diff --git a/conf/level.none b/conf/level.none
new file mode 100644
index 0000000..1e0f2c8
--- /dev/null
+++ b/conf/level.none
@@ -0,0 +1,54 @@
+ENABLE_APPARMOR=no
+ALLOW_X_CONNECTIONS=yes
+CHECK_WRITABLE=no
+ENABLE_IP_SPOOFING_PROTECTION=yes
+MAIL_EMPTY_CONTENT=no
+ACCEPT_BROADCASTED_ICMP_ECHO=yes
+CHECK_PERMS=no
+CHECK_USER_FILES=no
+ENABLE_SUDO=yes
+ALLOW_XSERVER_TO_LISTEN=yes
+CHECK_CHKROOTKIT=no
+SHELL_HISTORY_SIZE=-1
+ALLOW_REBOOT=yes
+CHECK_SUID_ROOT=no
+SYSLOG_WARN=no
+ENABLE_AT_CRONTAB=yes
+ACCEPT_BOGUS_ERROR_RESPONSES=yes
+CHECK_PASSWD=no
+PASSWORD_HISTORY=0
+CHECK_SUID_MD5=no
+CHECK_SHOSTS=no
+MAIL_USER=root
+ALLOW_AUTOLOGIN=yes
+ENABLE_PAM_WHEEL_FOR_SU=no
+CHECK_SHADOW=no
+ALLOW_ROOT_LOGIN=yes
+CHECK_UNOWNED=no
+ENABLE_CONSOLE_LOG=yes
+ALLOW_USER_LIST=yes
+ENABLE_DNS_SPOOFING_PROTECTION=yes
+CREATE_SERVER_LINK=no
+ENABLE_PASSWORD=yes
+NOTIFY_WARN=yes
+WIN_PARTS_UMASK=no
+CHECK_OPEN_PORT=no
+SHELL_TIMEOUT=0
+ALLOW_REMOTE_ROOT_LOGIN=yes
+ENABLE_LOG_STRANGE_PACKETS=no
+USER_UMASK=022
+CHECK_RPM=no
+ENABLE_SULOGIN=no
+ENABLE_PAM_ROOT_FROM_WHEEL=no
+MAIL_WARN=no
+ALLOW_XAUTH_FROM_ROOT=yes
+CHECK_SECURITY=no
+ACCEPT_ICMP_ECHO=yes
+PASSWORD_LENGTH=0,0,0
+AUTHORIZE_SERVICES=yes
+ROOT_UMASK=022
+ENABLE_MSEC_CRON=no
+TTY_WARN=no
+ENABLE_POLICYKIT=yes
+CHECK_SGID=no
+CHECK_PROMISC=no
diff --git a/conf/level.secure b/conf/level.secure
new file mode 100644
index 0000000..4d12b1d
--- /dev/null
+++ b/conf/level.secure
@@ -0,0 +1,54 @@
+ENABLE_APPARMOR=yes
+ALLOW_X_CONNECTIONS=no
+CHECK_WRITABLE=yes
+ENABLE_IP_SPOOFING_PROTECTION=yes
+MAIL_EMPTY_CONTENT=yes
+ACCEPT_BROADCASTED_ICMP_ECHO=no
+CHECK_PERMS=yes
+CHECK_USER_FILES=yes
+ENABLE_SUDO=no
+ALLOW_XSERVER_TO_LISTEN=no
+CHECK_CHKROOTKIT=yes
+SHELL_HISTORY_SIZE=100
+ALLOW_REBOOT=no
+CHECK_SUID_ROOT=yes
+SYSLOG_WARN=yes
+ENABLE_AT_CRONTAB=no
+ACCEPT_BOGUS_ERROR_RESPONSES=no
+CHECK_PASSWD=yes
+PASSWORD_HISTORY=2
+CHECK_SUID_MD5=yes
+CHECK_SHOSTS=yes
+MAIL_USER=root
+ALLOW_AUTOLOGIN=no
+ENABLE_PAM_WHEEL_FOR_SU=yes
+CHECK_SHADOW=yes
+ALLOW_ROOT_LOGIN=no
+CHECK_UNOWNED=yes
+ENABLE_CONSOLE_LOG=no
+ALLOW_USER_LIST=no
+ENABLE_DNS_SPOOFING_PROTECTION=yes
+CREATE_SERVER_LINK=secure
+ENABLE_PASSWORD=yes
+NOTIFY_WARN=no
+WIN_PARTS_UMASK=0
+CHECK_OPEN_PORT=yes
+SHELL_TIMEOUT=600
+ALLOW_REMOTE_ROOT_LOGIN=no
+ENABLE_LOG_STRANGE_PACKETS=yes
+USER_UMASK=077
+CHECK_RPM=yes
+ENABLE_SULOGIN=yes
+ENABLE_PAM_ROOT_FROM_WHEEL=no
+MAIL_WARN=yes
+ALLOW_XAUTH_FROM_ROOT=no
+CHECK_SECURITY=yes
+ACCEPT_ICMP_ECHO=yes
+PASSWORD_LENGTH=6,1,1
+AUTHORIZE_SERVICES=local
+ROOT_UMASK=077
+ENABLE_MSEC_CRON=yes
+TTY_WARN=yes
+ENABLE_POLICYKIT=no
+CHECK_SGID=yes
+CHECK_PROMISC=yes
diff --git a/conf/perm.0 b/conf/perm.0
deleted file mode 100644
index e786706..0000000
--- a/conf/perm.0
+++ /dev/null
@@ -1,92 +0,0 @@
-# Welcome in Level 0
-###
-/ root.root 755
-/bin/ root.root 755
-/bin/ping root.root 4755
-/bin/rpm rpm.rpm 755
-/boot/ root.root 755
-/dev/ root.root 755
-/etc/ root.root 755
-/etc/conf.modules root.root 644
-/etc/cron.daily/ root.root 755
-/etc/cron.hourly/ root.root 755
-/etc/cron.monthly/ root.root 755
-/etc/cron.weekly/ root.root 755
-/etc/crontab root.root 644
-/etc/dhcpcd/ root.root 755
-/etc/dhcpcd/* root.root 644
-/etc/ftpaccess root.root 644
-/etc/ftpconversions root.root 644
-/etc/ftpgroups root.root 644
-/etc/ftphosts root.root 644
-/etc/ftpusers root.root 644
-/etc/gettydefs root.root 644
-/etc/hosts.allow root.root 644
-/etc/hosts.deny root.root 644
-/etc/hosts.equiv root.root 644
-/etc/httpd/modules.d/*.conf root.root 644
-/etc/httpd/conf/*.conf root.root 644
-/etc/httpd/conf/addon-modules/* root.root 644
-/etc/httpd/conf/vhosts.d/* root.root 644
-/etc/httpd/conf/webapps.d/* root.root 644
-/etc/inetd.conf root.root 644
-/etc/inittab root.root 644
-/etc/ld.so.conf root.root 644
-/etc/mandrake-release root.root 644
-/etc/modules.conf root.root 644
-/etc/motd root.root 644
-/etc/printcap root.root 644
-/etc/profile.d/* root.root 755
-/etc/rc.d/ root.root 755
-/etc/rc.d/init.d/ root.root 755
-/etc/rc.d/init.d/* root.root 755
-/etc/securetty root.root 644
-/etc/mail/sendmail.cf root.mail 644
-/etc/shutdown.allow root.root 644
-/etc/ssh/ssh_config root.root 644
-/etc/ssh/ssh_host_*key root.root 600
-/etc/ssh/ssh_host_*key.pub root.root 644
-/etc/ssh/sshd_config root.root 644
-/etc/sysconfig root.root 755
-/etc/syslog.conf root.root 644
-/etc/updatedb.conf root.root 644
-/home/ root.root 755
-/home/* current 755
-/lib/ root.root 755
-/mnt/ root.root 755
-/proc root.root 555
-/root/ root.root 755
-/sbin/ root.root 755
-/tmp/ root.root 777
-/usr/ root.root 755
-/usr/* root.root 755
-/usr/bin/ root.root 755
-/usr/bin/cc root.root 755
-/usr/bin/finger root.root 755
-/usr/bin/g++* root.root 755
-/usr/bin/gcc* root.root 755
-/usr/bin/ssh root.root 755
-/usr/bin/telnet root.root 755
-/usr/bin/w root.root 755
-/usr/bin/who root.root 755
-/usr/lib/rpm/rpm? rpm.rpm 755
-/usr/sbin/ root.root 755
-/usr/sbin/sendmail.postfix root.root 755
-/usr/sbin/sendmail.sendmail root.mail 2755
-/usr/sbin/traceroute root.bin 4755
-/usr/share/doc root.root 755
-/usr/share/man root.root 755
-/usr/tmp root.root 777
-/var/ root.root 755
-/var/lib/rpm/Packages rpm.rpm 644
-/var/lock/subsys root.root 755
-/var/log/ root.root 755
-/var/log/* root.adm 644
-/var/log/lp-errs lp.lp 600
-/var/log/*/* current 644
-/var/log/*/*/* current 644
-/var/log/*/. current 755
-/var/log/mailman/ root.mail 2775
-/var/log/mailman/* root.mail 664
-/var/spool/mail/ root.mail 2775
-/var/tmp root.root 777
diff --git a/conf/perm.3 b/conf/perm.3
deleted file mode 100644
index 23f273b..0000000
--- a/conf/perm.3
+++ /dev/null
@@ -1,96 +0,0 @@
-# Welcome in Level 3
-###
-/ root.adm 755
-/bin/ root.root 755
-/bin/ping root.root 4755
-/bin/rpm rpm.rpm 755
-/boot/ root.root 755
-/dev/ root.root 755
-/etc/ root.root 755
-/etc/conf.modules root.root 644
-/etc/cron.daily/ root.root 755
-/etc/cron.hourly/ root.root 755
-/etc/cron.monthly/ root.root 755
-/etc/cron.weekly/ root.root 755
-/etc/crontab root.root 644
-/etc/dhcpcd/ root.root 755
-/etc/dhcpcd/* root.root 644
-/etc/ftpaccess root.root 644
-/etc/ftpconversions root.root 644
-/etc/ftpgroups root.root 644
-/etc/ftphosts root.root 644
-/etc/ftpusers root.root 644
-/etc/gettydefs root.root 644
-/etc/hosts.allow root.root 644
-/etc/hosts.deny root.root 644
-/etc/hosts.equiv root.root 644
-/etc/httpd/modules.d/*.conf root.root 644
-/etc/httpd/conf/*.conf root.root 644
-/etc/httpd/conf/addon-modules/* root.root 644
-/etc/httpd/conf/vhosts.d/* root.root 644
-/etc/httpd/conf/webapps.d/* root.root 644
-/etc/inetd.conf root.root 644
-/etc/inittab root.root 644
-/etc/ld.so.conf root.root 644
-/etc/mandrake-release root.root 644
-/etc/modules.conf root.root 644
-/etc/motd root.root 644
-/etc/printcap root.root 644
-/etc/profile.d/* root.root 755
-/etc/rc.d/ root.root 755
-/etc/rc.d/init.d/ root.root 755
-/etc/rc.d/init.d/* root.root 700
-/etc/rc.d/init.d/functions root.root 644
-/etc/rc.d/init.d/mandrake_consmap root.root 644
-/etc/rc.d/init.d/xprint root.root 755
-/etc/securetty root.root 644
-/etc/sendmail.cf root.mail 644
-/etc/shutdown.allow root.root 644
-/etc/ssh/ssh_config root.root 644
-/etc/ssh/ssh_host_*key root.root 600
-/etc/ssh/ssh_host_*key.pub root.root 644
-/etc/ssh/sshd_config root.root 644
-/etc/sysconfig root.root 755
-/etc/syslog.conf root.adm 640
-/etc/updatedb.conf root.root 644
-/home/ root.root 755
-/home/* current 711
-/lib/ root.root 755
-/mnt/ root.root 755
-/proc root.root 555
-/root/ root.root 700
-/sbin/ root.root 755
-/tmp/ root.root 1777
-/usr/ root.root 755
-/usr/* root.root 755
-/usr/bin/ root.root 755
-/usr/bin/cc root.root 755
-/usr/bin/finger root.root 755
-/usr/bin/g++* root.root 755
-/usr/bin/gcc* root.root 755
-/usr/bin/ssh root.root 755
-/usr/bin/telnet root.root 755
-/usr/bin/w root.root 755
-/usr/bin/who root.root 755
-/usr/lib/rpm/rpm? rpm.rpm 755
-/usr/sbin/ root.root 755
-/usr/sbin/sendmail.postfix root.root 755
-/usr/sbin/sendmail.sendmail root.mail 2755
-/usr/sbin/traceroute root.bin 4755
-/usr/share/doc root.root 755
-/usr/share/man root.root 755
-/usr/tmp root.root 1777
-/var/ root.root 755
-/var/lib/rpm/Packages rpm.rpm 644
-/var/lock/subsys root.root 755
-/var/log/ root.root 755
-/var/log/* root.root 640
-/var/log/Xorg.0.log current current
-/var/log/lp-errs lp.lp 600
-/var/log/*/* current 640
-/var/log/*/*/* current 640
-/var/log/*/. current 755
-/var/log/mailman/ root.mail 2775
-/var/log/mailman/* root.mail 660
-/var/spool/mail/ root.mail 2775
-/var/tmp root.root 1777
diff --git a/conf/perm.5 b/conf/perm.5
deleted file mode 100644
index 8aedfc8..0000000
--- a/conf/perm.5
+++ /dev/null
@@ -1,96 +0,0 @@
-# Welcome in Level 5, aka paranoid.
-###
-/ root.root 711
-/bin/ root.root 711
-/bin/ping root.ntools 4750
-/bin/rpm rpm.rpm 750
-/boot/ root.ctools 710
-/dev/ root.root 711
-/etc/ root.root 711
-/etc/conf.modules root.root 600
-/etc/cron.daily/ root.root 700
-/etc/cron.hourly/ root.root 700
-/etc/cron.monthly/ root.root 700
-/etc/cron.weekly/ root.root 700
-/etc/crontab root.root 600
-/etc/dhcpcd/ root.root 700
-/etc/dhcpcd/* root.root 600
-/etc/ftpaccess root.root 600
-/etc/ftpconversions root.root 600
-/etc/ftpgroups root.root 600
-/etc/ftphosts root.root 600
-/etc/ftpusers root.root 600
-/etc/gettydefs root.root 600
-/etc/hosts.allow root.daemon 644
-/etc/hosts.deny root.daemon 644
-/etc/hosts.equiv root.daemon 640
-/etc/httpd/modules.d/*.conf root.root 600
-/etc/httpd/conf/*.conf root.root 600
-/etc/httpd/conf/addon-modules/* root.root 600
-/etc/httpd/conf/vhosts.d/* root.root 600
-/etc/httpd/conf/webapps.d/* root.root 600
-/etc/inetd.conf root.root 600
-/etc/inittab root.root 600
-/etc/ld.so.conf root.root 600
-/etc/mandrake-release root.root 600
-/etc/modules.conf root.root 600
-/etc/motd root.root 644
-/etc/printcap root.lp 640
-/etc/profile.d/* root.root 755
-/etc/rc.d/ root.root 700
-/etc/rc.d/init.d/ root.root 700
-/etc/rc.d/init.d/* root.root 700
-/etc/rc.d/init.d/functions root.root 644
-/etc/rc.d/init.d/mandrake_consmap root.adm 644
-/etc/rc.d/init.d/xprint root.root 755
-/etc/securetty root.root 600
-/etc/sendmail.cf root.mail 640
-/etc/shutdown.allow root.root 600
-/etc/ssh/ssh_config root.root 644
-/etc/ssh/ssh_host_*key root.root 600
-/etc/ssh/ssh_host_*key.pub root.root 644
-/etc/ssh/sshd_config root.root 600
-/etc/sysconfig root.root 711
-/etc/syslog.conf root.root 600
-/etc/updatedb.conf root.root 600
-/home/ root.root 711
-/home/* current 700
-/lib/ root.root 711
-/mnt/ root.root 710
-/proc root.adm 550
-/root/ root.root 700
-/sbin/ root.root 711
-/tmp/ root.root 1733
-/usr/ root.root 711
-/usr/* root.root 711
-/usr/bin/ root.root 711
-/usr/bin/cc root.ctools 750
-/usr/bin/finger root.ntools 750
-/usr/bin/g++* root.ctools 750
-/usr/bin/gcc* root.ctools 750
-/usr/bin/ssh root.ntools 750
-/usr/bin/telnet root.ntools 750
-/usr/bin/w root.ntools 750
-/usr/bin/who root.ntools 750
-/usr/lib/rpm/rpm? rpm.rpm 750
-/usr/sbin/ root.root 711
-/usr/sbin/sendmail.postfix root.root 711
-/usr/sbin/sendmail.sendmail root.mail 2711
-/usr/sbin/traceroute root.ntools 4750
-/usr/share/doc rpm.rpm 710
-/usr/share/man rpm.rpm 710
-/usr/tmp root.root 1733
-/var/ root.root 755
-/var/lib/rpm/Packages rpm.rpm 640
-/var/lock/subsys root.root 700
-/var/log/ root.root 711
-/var/log/* root.root 600
-/var/log/lp-errs lp.lp 600
-/var/log/*/* current 600
-/var/log/*/*/* current 600
-/var/log/*/. current 700
-/var/log/intraline/. current 750
-/var/log/mailman/ root.mail 2770
-/var/log/mailman/* root.mail 660
-/var/spool/mail/ root.mail 771
-/var/tmp root.root 1733
diff --git a/conf/perm.2 b/conf/perm.default
index 7fa4ae8..744e4a8 100644
--- a/conf/perm.2
+++ b/conf/perm.default
@@ -1,6 +1,6 @@
# Welcome in Level 2
###
-/ root.root 755
+/ root.adm 755
/bin/ root.root 755
/bin/ping root.root 4755
/bin/rpm rpm.rpm 755
@@ -54,7 +54,7 @@
/etc/syslog.conf root.root 644
/etc/updatedb.conf root.root 644
/home/ root.root 755
-/home/* current 755
+/home/* current.current 755
/lib/ root.root 755
/mnt/ root.root 755
/proc root.root 555
@@ -85,12 +85,12 @@
/var/lock/subsys root.root 755
/var/log/ root.root 755
/var/log/* root.adm 640
-/var/log/Xorg.0.log current current
+/var/log/Xorg.0.log current.current current
/var/log/lp-errs lp.lp 600
-/var/log/*/* current 640
-/var/log/*/*/* current 640
-/var/log/*/. current 755
+/var/log/*/* current.current 640
+/var/log/*/*/* current.current 640
+/var/log/*/. current.current 755
/var/log/mailman/ root.mail 2775
-/var/log/mailman/* root.mail 664
+/var/log/mailman/* root.mail 660
/var/spool/mail/ root.mail 2775
/var/tmp root.root 1777
diff --git a/conf/perm.1 b/conf/perm.none
index ddeaa3c..9df8c21 100644
--- a/conf/perm.1
+++ b/conf/perm.none
@@ -53,7 +53,7 @@
/etc/syslog.conf root.root 644
/etc/updatedb.conf root.root 644
/home/ root.root 755
-/home/* current 755
+/home/* current.current 755
/lib/ root.root 755
/mnt/ root.root 755
/proc root.root 555
@@ -85,9 +85,9 @@
/var/log/ root.root 755
/var/log/* root.adm 644
/var/log/lp-errs lp.lp 600
-/var/log/*/* current 644
-/var/log/*/*/* current 644
-/var/log/*/. current 755
+/var/log/*/* current.current 644
+/var/log/*/*/* current.current 644
+/var/log/*/. current.current 755
/var/log/mailman/ root.mail 2775
/var/log/mailman/* root.mail 664
/var/spool/mail/ root.mail 2775
diff --git a/conf/perm.4 b/conf/perm.secure
index b8848bf..159a933 100644
--- a/conf/perm.4
+++ b/conf/perm.secure
@@ -1,12 +1,12 @@
-# Welcome in Level 4, aka secure & usable.
+# Welcome in Level 2
###
-/ root.adm 751
-/bin/ root.adm 751
+/ root.adm 755
+/bin/ root.adm 755
/bin/ping root.ntools 4750
/bin/rpm rpm.rpm 750
/boot/ root.ctools 710
-/dev/ root.root 711
-/etc/ root.adm 711
+/dev/ root.root 755
+/etc/ root.adm 755
/etc/conf.modules root.adm 640
/etc/cron.daily/ root.adm 750
/etc/cron.hourly/ root.adm 750
@@ -32,14 +32,14 @@
/etc/inetd.conf root.adm 640
/etc/inittab root.adm 640
/etc/ld.so.conf root.ctools 640
-/etc/mandrake-release root.adm 640
+/etc/mandrake-release root.adm 644
/etc/modules.conf root.adm 640
/etc/motd root.adm 644
/etc/printcap root.lp 640
/etc/profile.d/* root.root 755
-/etc/rc.d/ root.adm 750
-/etc/rc.d/init.d/ root.adm 750
-/etc/rc.d/init.d/* root.adm 740
+/etc/rc.d/ root.adm 755
+/etc/rc.d/init.d/ root.adm 755
+/etc/rc.d/init.d/* root.adm 744
/etc/rc.d/init.d/functions root.adm 644
/etc/rc.d/init.d/mandrake_consmap root.adm 644
/etc/rc.d/init.d/xprint root.root 755
@@ -50,20 +50,20 @@
/etc/ssh/ssh_host_*key root.adm 600
/etc/ssh/ssh_host_*key.pub root.adm 644
/etc/ssh/sshd_config root.adm 640
-/etc/sysconfig root.adm 751
+/etc/sysconfig root.adm 755
/etc/syslog.conf root.adm 640
-/etc/updatedb.conf root.adm 640
+/etc/updatedb.conf root.adm 644
/home/ root.adm 751
-/home/* current 700
-/lib/ root.adm 751
+/home/* current.current 751
+/lib/ root.adm 755
/mnt/ root.adm 750
-/proc root.adm 550
+/proc root.adm 555
/root/ root.root 700
/sbin/ root.adm 751
/tmp/ root.adm 1773
-/usr/ root.adm 751
-/usr/* root.adm 751
-/usr/bin/ root.adm 751
+/usr/ root.adm 755
+/usr/* root.adm 755
+/usr/bin/ root.adm 755
/usr/bin/cc root.ctools 750
/usr/bin/finger root.ntools 750
/usr/bin/g++* root.ctools 750
@@ -77,19 +77,20 @@
/usr/sbin/sendmail.postfix root.root 711
/usr/sbin/sendmail.sendmail root.mail 2711
/usr/sbin/traceroute root.ntools 4750
-/usr/share/doc rpm.rpm 750
-/usr/share/man rpm.rpm 750
+/usr/share/doc root.root 755
+/usr/share/man root.root 755
/usr/tmp root.adm 1773
/var/ root.root 755
/var/lib/rpm/Packages rpm.rpm 640
/var/lock/subsys root.adm 750
/var/log/ root.adm 751
-/var/log/* root.root 600
+/var/log/* root.root 640
+/var/log/Xorg.0.log current.current current
/var/log/lp-errs lp.lp 600
-/var/log/*/* current 600
-/var/log/*/*/* current 600
-/var/log/*/. current 700
-/var/log/intraline/. current 750
+/var/log/*/* current.current 600
+/var/log/*/*/* current.current 600
+/var/log/*/. current.current 700
+/var/log/intraline/. current.current 750
/var/log/mailman/ root.mail 2770
/var/log/mailman/* root.mail 660
/var/spool/mail/ root.mail 771
diff --git a/conf/server.4 b/conf/server.default
index d518731..d518731 100644
--- a/conf/server.4
+++ b/conf/server.default
diff --git a/conf/server.5 b/conf/server.secure
index 2141239..2141239 100644
--- a/conf/server.5
+++ b/conf/server.secure