diff options
author | Eugeni Dodonov <eugeni@mandriva.org> | 2009-01-06 21:31:46 +0000 |
---|---|---|
committer | Eugeni Dodonov <eugeni@mandriva.org> | 2009-01-06 21:31:46 +0000 |
commit | ff31c9236b1fd7465ea9687fc735e8af882e780e (patch) | |
tree | eec89033b4ad0b2459fbb91fa6dd39077eeaf407 /src/msec/CHANGES | |
parent | ab984707253940bf5ced3a379699e8d0dc757fa6 (diff) | |
download | msec-ff31c9236b1fd7465ea9687fc735e8af882e780e.tar msec-ff31c9236b1fd7465ea9687fc735e8af882e780e.tar.gz msec-ff31c9236b1fd7465ea9687fc735e8af882e780e.tar.bz2 msec-ff31c9236b1fd7465ea9687fc735e8af882e780e.tar.xz msec-ff31c9236b1fd7465ea9687fc735e8af882e780e.zip |
Updated to working version of new msec.
Conflicts:
Makefile
cron-sh/security_check.sh
share/msec.py
Diffstat (limited to 'src/msec/CHANGES')
-rw-r--r-- | src/msec/CHANGES | 73 |
1 files changed, 73 insertions, 0 deletions
diff --git a/src/msec/CHANGES b/src/msec/CHANGES new file mode 100644 index 0000000..22e546a --- /dev/null +++ b/src/msec/CHANGES @@ -0,0 +1,73 @@ +changes in version 0.30 +======================= + + * don't lower security if the admin has already augmented it (when called without argument). + * splitted functions that worked on multiple levels. + +changes between version 0.18 and 0.19 +===================================== + +msec utility changes: + + * no password in level 0 + +Periodic security checks changes: + + * config file is now in /var/lib/msec/security.conf and can +be overriden by /etc/security/msec/security.conf. + +changes between version 0.17 and 0.18 +===================================== + +msec utility changes: + + * allow /etc/security/msec/level.local to override the default +setting of the level. + * promisc_check.sh works now. + * added mseclib man page. + +changes between version 0.16 and 0.17 +===================================== + +msec utility changes: + + * handle shell timeout (level 4 and 5) + * limit shell history (level 4 and 5) + * su only for wheel group (level 5) + * sulogin for single user mode (level 4 and 5) + * various sysctl.conf settings for icmp and network parameters + * password aging (level 4 and 5) + * suppress /etc/issue.net (level 4 and 5) and /etc/issue (level 5) + * removed manipulation of the groups of users + * removed removal of services + * logging in syslog according to the guideline for explanations in tools + * more correct prevention of direct root logins + * rewritten in python + +msec can be used to change level and it's also run hourly by cron to +maintain the security level on the system. Only the minimum of changes +on the filesystem are applied and the minimum of programs started. + +Periodic security checks changes: + + * added rpm database checks (rpm -va and rpm -qa) + * report when a user other than root is at uid 0 + * diff_check reports even when the log is empty + * use chkrootkit if present. + +Permissions settings changes: + + * / + * removed audio group handling because it has always conflicted with pam_console + * handle /var/log sub-directories in a generic manner + * /etc/rc.d/init.d/* + * corrected ssh and ping related paths + * /etc/sysconfig + * /proc + * corrected gcc files + * rpm related files to avoid exposing what is installed + * /var/lock/subsys + * added a local.perm to allow modifications without modifying level perms + * corrected all the inconsistencies between levels to be able to change and come back +without problem + * rewritten in python |