aboutsummaryrefslogtreecommitdiffstats
path: root/msec.spec
diff options
context:
space:
mode:
authorThierry Vignaud <tvignaud@mandriva.org>2003-07-24 17:22:13 +0000
committerThierry Vignaud <tvignaud@mandriva.org>2003-07-24 17:22:13 +0000
commite5ac2ac6ad6580b25a885c7728fa03f0f981c7c1 (patch)
tree9d61eaf17c6bbbd41a8a4099a88eb2e04f2d013e /msec.spec
parent93b7a03834d95778be57895f37324b76607e078a (diff)
downloadmsec-e5ac2ac6ad6580b25a885c7728fa03f0f981c7c1.tar
msec-e5ac2ac6ad6580b25a885c7728fa03f0f981c7c1.tar.gz
msec-e5ac2ac6ad6580b25a885c7728fa03f0f981c7c1.tar.bz2
msec-e5ac2ac6ad6580b25a885c7728fa03f0f981c7c1.tar.xz
msec-e5ac2ac6ad6580b25a885c7728fa03f0f981c7c1.zip
fix upgrade (spotted by new draksec localization scheme)
Diffstat (limited to 'msec.spec')
-rw-r--r--msec.spec83
1 files changed, 43 insertions, 40 deletions
diff --git a/msec.spec b/msec.spec
index c395ce5..a5d6909 100644
--- a/msec.spec
+++ b/msec.spec
@@ -1,7 +1,7 @@
Summary: Security Level & Program for the Mandrake Linux distribution
Name: msec
Version: 0.38
-Release: 3mdk
+Release: 4mdk
Url: http://www.linux-mandrake.com/
Source0: %{name}-%{version}.tar.bz2
Source1: msec.logrotate
@@ -83,12 +83,11 @@ touch /var/log/security.log
if [ $1 != 1 ]; then
# manage spelling change
- if [ -f /etc/security/msec/level.local ]; then
- perl -pi -e 's/CHECK_WRITEABLE/CHECK_WRITABLE/g;s/CHECK_SUID_GROUP/CHECK_SGID/g' /etc/security/msec/level.local
- fi
- if [ -f /etc/security/msec/security.conf ]; then
- perl -pi -e 's/CHECK_WRITEABLE/CHECK_WRITABLE/g;s/CHECK_SUID_GROUP/CHECK_SGID/g' /etc/security/msec/security.conf
- fi
+ for i in /etc/security/msec/level.local /etc/security/msec/security.conf /var/lib/msec/security.conf; do
+ if [ -f $i ]; then
+ perl -pi -e 's/CHECK_WRITEABLE/CHECK_WRITABLE/g;s/CHECK_SUID_GROUP/CHECK_SGID/g' $i
+ fi
+ done
for ext in today yesterday diff; do
if [ -f /var/log/security/writeable.$ext ]; then
mv -f /var/log/security/writeable.$ext /var/log/security/writable.$ext
@@ -153,6 +152,9 @@ rm -rf $RPM_BUILD_ROOT
# MAKE THE CHANGES IN CVS: NO PATCH OR SOURCE ALLOWED
%changelog
+* Thu Jul 24 2003 Thierry Vignaud <tvignaud@mandrakesoft.com> 0.38-4mdk
+- fix upgrade
+
* Fri Mar 7 2003 Frederic Lepied <flepied@mandrakesoft.com> 0.38-3mdk
- report correct message in log (bug #748)
@@ -171,13 +173,13 @@ rm -rf $RPM_BUILD_ROOT
* Tue Sep 17 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.36-1mdk
- allow_user_list handles Selected in X-*-Greeter section of kdmrc
-when not changing security level.
+ when not changing security level.
- allow_reboot handles Root in X-:*-Core section of kdmrc when not
-changing security level.
+ changing security level.
* Sun Sep 8 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.35-1mdk
- when changing the aging expiry, change the date of last password
-change to today to avoid having accounts already expired.
+ change to today to avoid having accounts already expired.
* Fri Sep 6 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.34.5-2mdk
- fixed bad file name in find.c (David Relson)
@@ -206,10 +208,10 @@ change to today to avoid having accounts already expired.
* Sun Aug 25 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.34-1mdk
- let hosts.{allow,deny} be readable by everyone (to allow all the
-daemons to access them).
+ daemons to access them).
- doc/security.txt: documented daily mailing of security checks
- allow_reboot: used section X-:0-Core instead of X-:*-Greeter for
-kdmrc.
+ kdmrc.
- password_history: create /etc/security/opasswd if it doesn't exist.
* Mon Aug 19 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.33-1mdk
@@ -219,8 +221,8 @@ kdmrc.
- do not change permissions/groups/owners of remote files/directories.
- documented the command line options in the man page
- added password_history function (level 5)
-- password_length uses system-auth pam file instead of passwd pam file (added
-Conflicts with the old passwd package)
+- password_length uses system-auth pam file instead of passwd pam file
+ (added Conflicts with the old passwd package)
- allow_remote_root_login handles the without_password argument (level 4)
* Wed Jul 31 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.31.1-1mdk
@@ -248,7 +250,7 @@ Conflicts with the old passwd package)
* Thu Jul 4 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.25-1mdk
- insert the change at the end of the file if no match is found for
-PermitRootLogin and logindefs.
+ PermitRootLogin and logindefs.
- updated server.4 with MNF needs
* Thu Jun 27 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.24-1mdk
@@ -265,17 +267,17 @@ PermitRootLogin and logindefs.
* Tue Apr 16 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.21-1mdk
- applied patch from John Ehresman to exec the config file in the
-context of mseclib.
+ context of mseclib.
* Wed Mar 27 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.20-2mdk
- allow_reboot: only touch the shutdown, poweroff, reboot and halt
-files if they don't exist (reported by Jason Baker).
+ files if they don't exist (reported by Jason Baker).
* Mon Mar 25 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.20-1mdk
- Maximum password aging can be -1 (David Relson)
- allow to pass ignore in function calls in
-/etc/security/msec/level.local to ask msec to do nothing with this
-feature.
+ /etc/security/msec/level.local to ask msec to do nothing with this
+ feature.
* Fri Mar 8 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.19-8mdk
- /var/log/lp-errs must always be 600
@@ -290,21 +292,21 @@ feature.
* Thu Feb 28 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.19-5mdk
- use 127.0.0.1 instead of localhost in hosts.deny
-- msec.csh: "unhash" workaround for /usr/bin non-readable (msec 5) applied
-after modifying PATH (eurk!)
+- msec.csh: "unhash" workaround for /usr/bin non-readable (msec 5)
+ applied after modifying PATH (eurk!)
* Mon Feb 25 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.19-4mdk
-- separate config files and other files in the rpmv check (idea
-of Michael Reinsch)
+- separate config files and other files in the rpmv check (idea of
+ Michael Reinsch)
- don't restart network on sysctl.conf change
- doc/security.txt: resync with code.
* Fri Feb 22 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.19-3mdk
-- security_check.sh: check uid and not gid ! (change of meaning of the -g option
-of ls).
+- security_check.sh: check uid and not gid ! (change of meaning of the
+ -g option of ls).
- perm.*: do not manage lilo.conf.
- corrected missing security.conf migration from /etc/security/msec/
-to /var/lib/msec.
+ to /var/lib/msec.
- don't handle libsafe (let the package do it's job)
* Wed Feb 20 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.19-2mdk
@@ -314,10 +316,10 @@ to /var/lib/msec.
* Tue Feb 19 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.19-1mdk
- corrected msec.sh and msec.csh problems.
- security.conf is now read from /var/lib/msec and can be overridden
-from /etc/security/msec/security.conf.
+ from /etc/security/msec/security.conf.
- enhanced mseclib man page.
- perm files are now in /usr/share/msec but the custom file stays in
-/etc/security/msec/perm.local.
+ /etc/security/msec/perm.local.
* Fri Feb 15 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.18-6mdk
- promisc_check.sh: use complete path to the ip command
@@ -347,8 +349,8 @@ from /etc/security/msec/security.conf.
- clean crontabs when removing the package (Dadou)
- 644 for /etc/rc.d/init.d/mandrake_consmap (Andrej)
- fix sendmail perms (Florin)
-- symlink /etc/security/msec/server.<level> to /etc/security/msec/server for
-secure levels > 3 (used by chkconfig).
+- symlink /etc/security/msec/server.<level> to
+ /etc/security/msec/server for secure levels > 3 (used by chkconfig).
- password aging for the root account too.
* Sat Jan 26 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.18-1mdk
@@ -363,8 +365,8 @@ secure levels > 3 (used by chkconfig).
- perm.*: make mandrake_consmap 755 because it needs to be readable by everyone
* Sun Jan 20 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.17-13mdk
-- diff_check.sh: mail even if the report is empty to show that the check
-was fine.
+- diff_check.sh: mail even if the report is empty to show that the
+ check was fine.
- the string "current" signifies to not change the permissions.
- perm.*: corrected mandrake_consmap permissions and ping path/permissions.
- /home is 711 in level 3.
@@ -374,11 +376,11 @@ was fine.
- better layout of rpm modified files report.
* Wed Jan 9 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.17-11mdk
-- added hostname to the subject of the mail report for better information
-when you receive multiple reports
+- added hostname to the subject of the mail report for better
+ information when you receive multiple reports
- really added rpm-va check to the mail report
- fix handling of the owner/group of subdirectories of /var/log in a
-generic manner.
+ generic manner.
- oops put back periodic filesystems check
* Mon Jan 7 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.17-10mdk
@@ -394,7 +396,7 @@ generic manner.
* Thu Jan 3 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.17-7mdk
- rpm -qa check now logs install time too
- corrected the way we install the byte compiled python files to avoid
-false rpm -V warnings.
+ false rpm -V warnings.
- added a CHANGES file to document what has changed between 0.16 and 0.17
- send complete rpm -va check to the main mail
- perm.*: added handling of /etc/rc.d/init.d/*
@@ -404,8 +406,9 @@ false rpm -V warnings.
* Sat Dec 29 2001 Frederic Lepied <flepied@mandrakesoft.com> 0.17-6mdk
- added doc of the features of the msec utility
- corrected enable_at_crontab
-- password_aging only takes care of /etc/shadow users and avoid the users
-with a deactivated password.
+
+- password_aging only takes care of /etc/shadow users and avoid the
+ users with a deactivated password.
* Fri Dec 28 2001 Frederic Lepied <flepied@mandrakesoft.com> 0.17-5mdk
- added rpm database checks
@@ -440,7 +443,7 @@ with a deactivated password.
- added command history disabling (Fred)
- added sysctl settings (Fred)
- changed perms of rpm progs in high security levels to prevent
-exposing what is installed (and access to /usr/share/doc too). (Fred)
+ exposing what is installed (and access to /usr/share/doc too). (Fred)
- spoof protection for name resoluton (Fred)
- remove /etc/issue and /etc/issue.net according to level (Fred)
@@ -506,7 +509,7 @@ exposing what is installed (and access to /usr/share/doc too). (Fred)
- add the %post section for the ghost file
* Mon Sep 03 2001 Yoann Vandoorselaere <yoann@mandrakesoft.com> 0.15-20mdk
-- logrotate entry in %install, not %post
+- logrotate entry in %%install, not %post
* Mon Sep 03 2001 Yoann Vandoorselaere <yoann@mandrakesoft.com> 0.15-19mdk
- add logrotate entry