diff options
| author | Eugeni Dodonov <eugeni@mandriva.org> | 2009-01-06 21:31:46 +0000 |
|---|---|---|
| committer | Eugeni Dodonov <eugeni@mandriva.org> | 2009-01-06 21:31:46 +0000 |
| commit | ff31c9236b1fd7465ea9687fc735e8af882e780e (patch) | |
| tree | eec89033b4ad0b2459fbb91fa6dd39077eeaf407 /share/CHANGES | |
| parent | ab984707253940bf5ced3a379699e8d0dc757fa6 (diff) | |
| download | msec-ff31c9236b1fd7465ea9687fc735e8af882e780e.tar msec-ff31c9236b1fd7465ea9687fc735e8af882e780e.tar.gz msec-ff31c9236b1fd7465ea9687fc735e8af882e780e.tar.bz2 msec-ff31c9236b1fd7465ea9687fc735e8af882e780e.tar.xz msec-ff31c9236b1fd7465ea9687fc735e8af882e780e.zip | |
Updated to working version of new msec.
Conflicts:
Makefile
cron-sh/security_check.sh
share/msec.py
Diffstat (limited to 'share/CHANGES')
| -rw-r--r-- | share/CHANGES | 73 |
1 files changed, 0 insertions, 73 deletions
diff --git a/share/CHANGES b/share/CHANGES deleted file mode 100644 index 22e546a..0000000 --- a/share/CHANGES +++ /dev/null @@ -1,73 +0,0 @@ -changes in version 0.30 -======================= - - * don't lower security if the admin has already augmented it (when called without argument). - * splitted functions that worked on multiple levels. - -changes between version 0.18 and 0.19 -===================================== - -msec utility changes: - - * no password in level 0 - -Periodic security checks changes: - - * config file is now in /var/lib/msec/security.conf and can -be overriden by /etc/security/msec/security.conf. - -changes between version 0.17 and 0.18 -===================================== - -msec utility changes: - - * allow /etc/security/msec/level.local to override the default -setting of the level. - * promisc_check.sh works now. - * added mseclib man page. - -changes between version 0.16 and 0.17 -===================================== - -msec utility changes: - - * handle shell timeout (level 4 and 5) - * limit shell history (level 4 and 5) - * su only for wheel group (level 5) - * sulogin for single user mode (level 4 and 5) - * various sysctl.conf settings for icmp and network parameters - * password aging (level 4 and 5) - * suppress /etc/issue.net (level 4 and 5) and /etc/issue (level 5) - * removed manipulation of the groups of users - * removed removal of services - * logging in syslog according to the guideline for explanations in tools - * more correct prevention of direct root logins - * rewritten in python - -msec can be used to change level and it's also run hourly by cron to -maintain the security level on the system. Only the minimum of changes -on the filesystem are applied and the minimum of programs started. - -Periodic security checks changes: - - * added rpm database checks (rpm -va and rpm -qa) - * report when a user other than root is at uid 0 - * diff_check reports even when the log is empty - * use chkrootkit if present. - -Permissions settings changes: - - * / - * removed audio group handling because it has always conflicted with pam_console - * handle /var/log sub-directories in a generic manner - * /etc/rc.d/init.d/* - * corrected ssh and ping related paths - * /etc/sysconfig - * /proc - * corrected gcc files - * rpm related files to avoid exposing what is installed - * /var/lock/subsys - * added a local.perm to allow modifications without modifying level perms - * corrected all the inconsistencies between levels to be able to change and come back -without problem - * rewritten in python |