Updated to working version of new msec.

Conflicts:
	Makefile
	cron-sh/security_check.sh
	share/msec.py

1 files changed, 197 insertions, 0 deletions

diff --git a/src/msec/man.py b/src/msec/man.py
new file mode 100755
index 0000000..ce8fb33
--- /dev/null
+++ b/src/msec/man.py
@@ -0,0 +1,197 @@
+#!/usr/bin/python
+#---------------------------------------------------------------
+# Project         : Mandriva Linux
+# Module          : share
+# File            : man.py
+# Version         : $Id$
+# Author          : Frederic Lepied
+# Created On      : Sat Jan 26 17:38:39 2002
+# Purpose         : loads a python module and creates a man page from
+# the doc strings of the functions.
+#---------------------------------------------------------------
+
+import sys
+import imp
+import inspect
+
+import config
+from libmsec import MSEC, Log
+try:
+    from version import version
+except:
+    version = "(development version)"
+
+header = '''.ds q \N'34'
+.TH msec %s msec "Mandriva Linux"
+.SH NAME
+msec \- Mandriva Linux security tools
+.SH SYNOPSIS
+.nf
+.B msec [options]
+.B msecperms [options]
+.B msecgui [options]
+.fi
+.SH DESCRIPTION
+.B msec
+is responsible to maintain system security in Mandriva. It supports different security
+configurations, which can be organized into several security levels. Currently, three
+preconfigured security levels are provided:
+
+.TP
+\\fBnone\\fR
+this level aims to provide the most basic security. It should be used when you want to
+manage all aspects of system security on your own.
+
+.TP
+\\fBdefault\\fR
+this is the default security level, which configures a reasonably safe set of security
+features. It activates several periodic system checks, and sends the results of their
+execution by email (by default, the local 'root' account is used).
+
+.TP
+\\fBsecure\\fR
+this level is configured to provide maximum system security, even at the cost of limiting
+the remote access to the system, and local user permissions. It also runs a wider set of
+periodic checks, enforces the local password settings, and periodically checks if the
+system security settings, configured by msec, were modified directly or by some other
+application.
+
+.PP
+
+The security settings are stored in \\fB/etc/security/msec/security.conf\\fR
+file, and default settings for each predefined level are stored in
+\\fB/etc/security/msec/level.LEVEL\\fR.  Permissions for files and directories
+that should be enforced or checked for changes are stored in
+\\fB/etc/security/msec/perms.conf\\fR, and default permissions for each
+predefined level are stored in \\fB/etc/security/msec/perm.LEVEL\\fR.  Note
+that user-modified parameters take precedence over default level settings. For
+example, when default level configuration forbids direct root logins, this
+setting can be overridden by the user.
+
+.PP
+
+The following options are supported by msec applications:
+
+.TP
+\\fBmsec\\fR:
+.PP
+
+This is the console version of msec. It is responsible for system security configuration
+and checking and transitions between security levels.
+
+When executed without parameters, msec will read the system configuration file
+(/etc/security/msec/security.conf), and enforce the specified security
+settings. The operations are logged to \\fB/var/log/msec.log\\fP file, and also
+to syslog, using \\fBLOG_AUTHPRIV\\fR facility.  Please note that msec should
+by run as root.
+
+\\fB\-h, --help\\fR
+    This option will display the list of supported command line options.
+
+\\fB\-l, --level <level>\\fR
+    List the default configuration for given security level.
+
+\\fB\-f, --force <level>\\fR
+    Apply the specified security level to the system, overwritting all
+local changes. This is necessary to initialize a security level, either on first
+install, on when a change to a different level is required.
+
+\\fB\-d\\fR
+    Enable debugging messages.
+
+\\fB\-p, --pretend\\fR
+    Verify the actions that will be performed by msec, without actually
+doing anything to the system. In this mode of operation, msec performs all the
+required tasks, except effectively writting data back to disk.
+
+.TP
+\\fBmsecperms\\fR:
+.PP
+
+This application is responsible for system permission checking and enforcements.
+
+When executed without parameters, msecperms will read the permissions
+configuration file (/etc/security/msec/perms.conf), and enforce the specified
+security settings. The operations are logged to \\fB/var/log/msec.log\\fP file,
+and also to syslog, using \\fBLOG_AUTHPRIV\\fR facility.  Please note that msecperms
+should by run as root.
+
+\\fB\-h, --help\\fR
+    This option will display the list of supported command line options.
+
+\\fB\-l, --level <level>\\fR
+    List the default configuration for given security level.
+
+\\fB\-f, --force <level>\\fR
+    Apply the specified security level to the system, overwritting all
+local changes. This is necessary to initialize a security level, either on first
+install, on when a change to a different level is required.
+
+\\fB\-e, --enforce\\fR
+    Enforce the default permissions on all files.
+
+\\fB\-d\\fR
+    Enable debugging messages.
+
+\\fB\-p, --pretend\\fR
+    Verify the actions that will be performed by msec, without actually
+doing anything to the system. In this mode of operation, msec performs all the
+required tasks, except effectively writting data back to disk.
+
+.TP
+\\fBmsecgui\\fR:
+.PP
+
+This is the GTK version of msec. It acts as frontend to all msec functionalities.
+
+\\fB\-h, --help\\fR
+    This option will display the list of supported command line options.
+
+\\fB\-d\\fR
+    Enable debugging messages.
+
+.SH "SECURITY OPTIONS"
+
+The following security options are supported by msec:
+
+''' % version
+
+footer = '''.RE
+.SH NOTES
+Msec applications must be run by root.
+.SH AUTHORS
+Frederic Lepied <flepied@mandriva.com>
+
+Eugeni Dodonov <eugeni@mandriva.com>
+'''
+
+### strings used in the rewritting
+function_str = '''
+.TP 4
+.B \\fI%s\\fP
+%s
+
+MSEC parameter: \\fI%s\\fP
+
+Accepted values: \\fI%s\\fP
+'''
+
+### code
+
+# process all configuration parameters
+log = Log(log_syslog=False, log_file=False)
+msec = MSEC(log)
+
+#print >>sys.stderr, dir(msec.create_server_link)
+
+print header
+
+for variable in config.SETTINGS:
+    callback, params = config.SETTINGS[variable]
+    func = msec.get_action(callback)
+    if func:
+        print function_str % (callback, func.__doc__.strip(), variable, ", ".join(params))
+
+print footer
+
+# man.py ends here