diff options
author | Eugeni Dodonov <eugeni@mandriva.org> | 2009-01-06 21:31:46 +0000 |
---|---|---|
committer | Eugeni Dodonov <eugeni@mandriva.org> | 2009-01-06 21:31:46 +0000 |
commit | ff31c9236b1fd7465ea9687fc735e8af882e780e (patch) | |
tree | eec89033b4ad0b2459fbb91fa6dd39077eeaf407 /src/msec/man.py | |
parent | ab984707253940bf5ced3a379699e8d0dc757fa6 (diff) | |
download | msec-ff31c9236b1fd7465ea9687fc735e8af882e780e.tar msec-ff31c9236b1fd7465ea9687fc735e8af882e780e.tar.gz msec-ff31c9236b1fd7465ea9687fc735e8af882e780e.tar.bz2 msec-ff31c9236b1fd7465ea9687fc735e8af882e780e.tar.xz msec-ff31c9236b1fd7465ea9687fc735e8af882e780e.zip |
Updated to working version of new msec.
Conflicts:
Makefile
cron-sh/security_check.sh
share/msec.py
Diffstat (limited to 'src/msec/man.py')
-rwxr-xr-x | src/msec/man.py | 197 |
1 files changed, 197 insertions, 0 deletions
diff --git a/src/msec/man.py b/src/msec/man.py new file mode 100755 index 0000000..ce8fb33 --- /dev/null +++ b/src/msec/man.py @@ -0,0 +1,197 @@ +#!/usr/bin/python +#--------------------------------------------------------------- +# Project : Mandriva Linux +# Module : share +# File : man.py +# Version : $Id$ +# Author : Frederic Lepied +# Created On : Sat Jan 26 17:38:39 2002 +# Purpose : loads a python module and creates a man page from +# the doc strings of the functions. +#--------------------------------------------------------------- + +import sys +import imp +import inspect + +import config +from libmsec import MSEC, Log +try: + from version import version +except: + version = "(development version)" + +header = '''.ds q \N'34' +.TH msec %s msec "Mandriva Linux" +.SH NAME +msec \- Mandriva Linux security tools +.SH SYNOPSIS +.nf +.B msec [options] +.B msecperms [options] +.B msecgui [options] +.fi +.SH DESCRIPTION +.B msec +is responsible to maintain system security in Mandriva. It supports different security +configurations, which can be organized into several security levels. Currently, three +preconfigured security levels are provided: + +.TP +\\fBnone\\fR +this level aims to provide the most basic security. It should be used when you want to +manage all aspects of system security on your own. + +.TP +\\fBdefault\\fR +this is the default security level, which configures a reasonably safe set of security +features. It activates several periodic system checks, and sends the results of their +execution by email (by default, the local 'root' account is used). + +.TP +\\fBsecure\\fR +this level is configured to provide maximum system security, even at the cost of limiting +the remote access to the system, and local user permissions. It also runs a wider set of +periodic checks, enforces the local password settings, and periodically checks if the +system security settings, configured by msec, were modified directly or by some other +application. + +.PP + +The security settings are stored in \\fB/etc/security/msec/security.conf\\fR +file, and default settings for each predefined level are stored in +\\fB/etc/security/msec/level.LEVEL\\fR. Permissions for files and directories +that should be enforced or checked for changes are stored in +\\fB/etc/security/msec/perms.conf\\fR, and default permissions for each +predefined level are stored in \\fB/etc/security/msec/perm.LEVEL\\fR. Note +that user-modified parameters take precedence over default level settings. For +example, when default level configuration forbids direct root logins, this +setting can be overridden by the user. + +.PP + +The following options are supported by msec applications: + +.TP +\\fBmsec\\fR: +.PP + +This is the console version of msec. It is responsible for system security configuration +and checking and transitions between security levels. + +When executed without parameters, msec will read the system configuration file +(/etc/security/msec/security.conf), and enforce the specified security +settings. The operations are logged to \\fB/var/log/msec.log\\fP file, and also +to syslog, using \\fBLOG_AUTHPRIV\\fR facility. Please note that msec should +by run as root. + +\\fB\-h, --help\\fR + This option will display the list of supported command line options. + +\\fB\-l, --level <level>\\fR + List the default configuration for given security level. + +\\fB\-f, --force <level>\\fR + Apply the specified security level to the system, overwritting all +local changes. This is necessary to initialize a security level, either on first +install, on when a change to a different level is required. + +\\fB\-d\\fR + Enable debugging messages. + +\\fB\-p, --pretend\\fR + Verify the actions that will be performed by msec, without actually +doing anything to the system. In this mode of operation, msec performs all the +required tasks, except effectively writting data back to disk. + +.TP +\\fBmsecperms\\fR: +.PP + +This application is responsible for system permission checking and enforcements. + +When executed without parameters, msecperms will read the permissions +configuration file (/etc/security/msec/perms.conf), and enforce the specified +security settings. The operations are logged to \\fB/var/log/msec.log\\fP file, +and also to syslog, using \\fBLOG_AUTHPRIV\\fR facility. Please note that msecperms +should by run as root. + +\\fB\-h, --help\\fR + This option will display the list of supported command line options. + +\\fB\-l, --level <level>\\fR + List the default configuration for given security level. + +\\fB\-f, --force <level>\\fR + Apply the specified security level to the system, overwritting all +local changes. This is necessary to initialize a security level, either on first +install, on when a change to a different level is required. + +\\fB\-e, --enforce\\fR + Enforce the default permissions on all files. + +\\fB\-d\\fR + Enable debugging messages. + +\\fB\-p, --pretend\\fR + Verify the actions that will be performed by msec, without actually +doing anything to the system. In this mode of operation, msec performs all the +required tasks, except effectively writting data back to disk. + +.TP +\\fBmsecgui\\fR: +.PP + +This is the GTK version of msec. It acts as frontend to all msec functionalities. + +\\fB\-h, --help\\fR + This option will display the list of supported command line options. + +\\fB\-d\\fR + Enable debugging messages. + +.SH "SECURITY OPTIONS" + +The following security options are supported by msec: + +''' % version + +footer = '''.RE +.SH NOTES +Msec applications must be run by root. +.SH AUTHORS +Frederic Lepied <flepied@mandriva.com> + +Eugeni Dodonov <eugeni@mandriva.com> +''' + +### strings used in the rewritting +function_str = ''' +.TP 4 +.B \\fI%s\\fP +%s + +MSEC parameter: \\fI%s\\fP + +Accepted values: \\fI%s\\fP +''' + +### code + +# process all configuration parameters +log = Log(log_syslog=False, log_file=False) +msec = MSEC(log) + +#print >>sys.stderr, dir(msec.create_server_link) + +print header + +for variable in config.SETTINGS: + callback, params = config.SETTINGS[variable] + func = msec.get_action(callback) + if func: + print function_str % (callback, func.__doc__.strip(), variable, ", ".join(params)) + +print footer + +# man.py ends here |