aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--po/Makefile5
-rw-r--r--po/msec.pot1152
-rwxr-xr-xsrc/msec/man.py294
3 files changed, 991 insertions, 460 deletions
diff --git a/po/Makefile b/po/Makefile
index 04c6c15..b8668b6 100644
--- a/po/Makefile
+++ b/po/Makefile
@@ -11,7 +11,8 @@ PL_FILES = ../src/msec/msec.py ../src/msec/msecperms.py ../src/msec/help.py \
../src/msec/plugins/audit.py \
../src/msec/plugins/pam.py ../src/msec/plugins/network.py \
../src/msec/plugins/msec.py ../src/msec/plugins/sectool.py \
- ../src/msec/plugins/sudo.py ../src/msec/plugins/log.py
+ ../src/msec/plugins/sudo.py ../src/msec/plugins/log.py \
+ ../src/msec/man.py
SHELL_FILES =../cron-sh/security.sh
# C-like files to search translatable strings in
#CFILES =
@@ -26,6 +27,8 @@ LOCALEDIR=$(DATADIR)/locale
GOALS = $(PGOAL).pot $(MOFILES)
+.PHONY: $(PGOAL).pot
+
all: $(GOALS)
install: all
diff --git a/po/msec.pot b/po/msec.pot
index 2899b1e..e22c8dd 100644
--- a/po/msec.pot
+++ b/po/msec.pot
@@ -1,501 +1,404 @@
# SOME DESCRIPTIVE TITLE.
-# Copyright (C) YEAR ORGANIZATION
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the msec package.
# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
#
+#, fuzzy
msgid ""
msgstr ""
-"Project-Id-Version: PACKAGE VERSION\n"
-"POT-Creation-Date: 2018-03-08 14:08+CET\n"
+"Project-Id-Version: msec\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2020-05-24 17:42+0200\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
+"Language: \n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=CHARSET\n"
-"Content-Transfer-Encoding: ENCODING\n"
-"Generated-By: pygettext.py 1.5\n"
+"Content-Transfer-Encoding: 8bit\n"
+#: ../src/msec/msec.py:87 ../src/msec/msecperms.py:96
+#, python-format
+msgid "Invalid security level '%s'."
+msgstr ""
-#: ../src/msec/config.py:46
-msgid "Modified system files"
+#: ../src/msec/msec.py:114 ../src/msec/msecperms.py:121
+#, python-format
+msgid "Msec: Mageia Security Center (%s)\n"
msgstr ""
-#: ../src/msec/config.py:47
-msgid "No changes in system files"
+#: ../src/msec/msec.py:115 ../src/msec/msecperms.py:122
+msgid "Error: This application must be executed by root!"
msgstr ""
-#: ../src/msec/config.py:60 ../src/msec/tools.py:36
-msgid "Disabled"
+#: ../src/msec/msec.py:116 ../src/msec/msecperms.py:123
+msgid "Run with --help to get help."
msgstr ""
-#: ../src/msec/config.py:222 ../src/msec/config.py:436
-msgid "Unable to load configuration file %s: %s"
+#: ../src/msec/msec.py:142
+#, python-format
+msgid "Level '%s' not found, aborting."
msgstr ""
-#: ../src/msec/config.py:236 ../src/msec/config.py:346
-#: ../src/msec/config.py:455
-msgid "Bad config option: %s"
+#: ../src/msec/msec.py:144
+#, python-format
+msgid "Switching to '%s' level."
msgstr ""
-#: ../src/msec/config.py:271 ../src/msec/config.py:385
-#: ../src/msec/config.py:481
-msgid "Unable to save %s: %s"
+#: ../src/msec/msec.py:151
+#, python-format
+msgid "No custom file permissions for level '%s'."
msgstr ""
-#: ../src/msec/config.py:331
-msgid "loading exceptions file %s: %s"
+#: ../src/msec/msec.py:152
+#, python-format
+msgid "Saving file permissions to '%s' level."
msgstr ""
-#: ../src/msec/config.py:332
-msgid "No exceptions loaded"
+#: ../src/msec/msec.py:192 ../src/msec/msecperms.py:166
+msgid "Unable to save config!"
+msgstr ""
+
+#: ../src/msec/msec.py:194
+msgid "Unable to save file system permissions!"
msgstr ""
#: ../src/msec/help.py:14
-msgid "Include current directory into user PATH by default"
+msgid ""
+"Defines the base security level, on top of which the current configuration "
+"is based."
msgstr ""
#: ../src/msec/help.py:16
-msgid "Enable checking for files/directories writable by everybody."
+msgid ""
+"Enable sectools checks. This check will run all sectool checks for a "
+"security level configuration. The security level to be used during this test "
+"is determined by the CHECK_SECTOOL_LEVELS variable."
msgstr ""
#: ../src/msec/help.py:18
-msgid "Allow only users in wheel group to su to root."
+msgid ""
+"Defines the sectool level to use during the periodic security check. You may "
+"use the sectool-gui application to select individual tests for each level. "
+"If this variable is not defined, the default level defined in sectool "
+"configuration will be used."
msgstr ""
#: ../src/msec/help.py:20
-msgid "Allow users in wheel group to use sudo. If this option is set to 'yes', the users in wheel group are allowed to use sudo and run commands as root by using their passwords. If this option to set to 'without-password', the users can use sudo without being asked for their password. WARNING: using sudo without any password makes your system very vulnerable, and you should only use this setting if you know what you are doing!"
+msgid "Accept bogus IPv4 error messages."
msgstr ""
#: ../src/msec/help.py:22
-msgid "Ask for root password when going to single user level (man sulogin(8))."
+msgid "Accept broadcasted ICMP echo."
msgstr ""
#: ../src/msec/help.py:24
-msgid "Enable password-related checks, such as empty passwords and strange super-user accounts."
+msgid "Accept ICMP echo."
msgstr ""
#: ../src/msec/help.py:26
-msgid "Show security notifications in system tray using libnotify."
+msgid ""
+"Allow remote root login via sshd. If yes, login is allowed. If without-"
+"password, only public-key authentication logins are allowed. See "
+"sshd_config(5) man page for more information."
msgstr ""
#: ../src/msec/help.py:28
-msgid "Enable sectools checks. This check will run all sectool checks for a security level configuration. The security level to be used during this test is determined by the CHECK_SECTOOL_LEVELS variable."
+msgid "Enable IP spoofing protection."
msgstr ""
#: ../src/msec/help.py:30
-msgid "Fix owner and group of unowned files to use nobody/nogroup."
+msgid "Enable logging of strange network packets."
msgstr ""
#: ../src/msec/help.py:32
-msgid "Accept ICMP echo."
+msgid "Enable periodic permission checking for files specified in msec policy."
msgstr ""
#: ../src/msec/help.py:34
-msgid "Enable checking for changes in firewall settings."
+msgid ""
+"Enable msec to enforce file permissions to the values specified in the msec "
+"security policy."
msgstr ""
#: ../src/msec/help.py:36
-msgid "Enable verification for changes in the installed RPM packages. This will notify you when new packages are installed or removed."
+msgid ""
+"Patterns to exclude from disk checks. This parameter is parsed as a regex "
+"(7), so you may use complex expressions."
msgstr ""
#: ../src/msec/help.py:38
-msgid "Accept broadcasted ICMP echo."
+msgid ""
+"Enable permission checking on users' files that should not be owned by "
+"someone else, or writable."
msgstr ""
#: ../src/msec/help.py:40
-msgid "Enable periodic security check results to terminal."
+msgid "Enable checking for additions/removals of suid root files."
msgstr ""
#: ../src/msec/help.py:42
-msgid "Enable msec to enforce file permissions to the values specified in the msec security policy."
+msgid "Enable checksum verification for suid files."
msgstr ""
#: ../src/msec/help.py:44
-msgid "Log journal messages on console terminal 12."
+msgid "Enable checking for additions/removals of sgid files."
msgstr ""
#: ../src/msec/help.py:46
-msgid "Set the root umask."
+msgid "Enable checking for files/directories writable by everybody."
msgstr ""
#: ../src/msec/help.py:48
-msgid "Enable checking for additions/removals of sgid files."
+msgid "Enable checking for unowned files."
msgstr ""
#: ../src/msec/help.py:50
-msgid "Activate ethernet cards promiscuity check."
+msgid "Fix owner and group of unowned files to use nobody/nogroup."
msgstr ""
#: ../src/msec/help.py:52
-msgid "Enable checking for empty passwords in /etc/shadow (man shadow(5))."
+msgid "Activate ethernet cards promiscuity check."
msgstr ""
#: ../src/msec/help.py:54
-msgid "Allow autologin."
+msgid "Enable checking for open network ports."
msgstr ""
#: ../src/msec/help.py:56
-msgid "Define the default retention period for logs, in weeks. Some countries require that the log files should be kept for 12 months, other do not have such strict requirements. This variable defines the number of past log files that should be kept by logrotate on the system."
+msgid "Ignore changes in process IDs when checking for open network ports."
msgstr ""
#: ../src/msec/help.py:58
-msgid "Enable checking for additions/removals of suid root files."
+msgid "Enable checking for changes in firewall settings."
msgstr ""
#: ../src/msec/help.py:60
-msgid "Enable permission checking on users' files that should not be owned by someone else, or writable."
+msgid ""
+"Enable password-related checks, such as empty passwords and strange super-"
+"user accounts."
msgstr ""
#: ../src/msec/help.py:62
-msgid "Enable IP spoofing protection."
+msgid "Enable checking for empty passwords in /etc/shadow (man shadow(5))."
msgstr ""
#: ../src/msec/help.py:64
-msgid "Allow to export display when passing from the root account to the other users. See pam_xauth(8) for more details."
+msgid "Enable checking for known rootkits using chkrootkit."
msgstr ""
#: ../src/msec/help.py:66
-msgid "Set the user umask."
+msgid ""
+"Enable verification for changes in the installed RPM packages. This will "
+"notify you when new packages are installed or removed."
msgstr ""
#: ../src/msec/help.py:68
-msgid "Allow direct root login on terminal."
+msgid ""
+"Enable verification of integrity of installed RPM packages. This will notify "
+"you if checksums of the installed files were changed, showing separate "
+"results for binary and configuration files."
msgstr ""
#: ../src/msec/help.py:70
-msgid "Enable checking for changes in system groups."
+msgid "Enable checking for dangerous options in users' .rhosts/.shosts files."
msgstr ""
#: ../src/msec/help.py:72
-msgid "Enable verification of integrity of installed RPM packages. This will notify you if checksums of the installed files were changed, showing separate results for binary and configuration files."
+msgid "Enable checking for changes in system users."
msgstr ""
#: ../src/msec/help.py:74
-msgid "Enables logging of periodic checks to system log."
+msgid "Enable checking for changes in system groups."
msgstr ""
#: ../src/msec/help.py:76
-msgid "Creates the symlink /etc/security/msec/server to point to /etc/security/msec/server.SERVER_LEVEL. The /etc/security/msec/server is used by chkconfig --add to decide to add a service if it is present in the file during the installation of packages. By default, two presets are provided: local (which only enables local services) and remote (which also enables some remote services considered safe). Note that the allowed services must be placed manually into the server.SERVER_LEVEL files when necessary."
+msgid "Enable periodic security check results to terminal."
msgstr ""
#: ../src/msec/help.py:78
-msgid "Allow remote root login via sshd. If yes, login is allowed. If without-password, only public-key authentication logins are allowed. See sshd_config(5) man page for more information."
+msgid "Send security check results by email."
msgstr ""
#: ../src/msec/help.py:80
-msgid "Set umask option for mounting vfat and ntfs partitions. If umask is '-1', default system umask is used."
+msgid "User email to receive security notifications."
msgstr ""
#: ../src/msec/help.py:82
-msgid "Enable daily security checks."
+msgid "Send mail reports even if no changes were detected."
msgstr ""
#: ../src/msec/help.py:84
-msgid "Enable checking for known rootkits using chkrootkit."
+msgid "Enables logging of periodic checks to system log."
msgstr ""
#: ../src/msec/help.py:86
-msgid "Enable checking for unowned files."
+msgid "Show security notifications in system tray using libnotify."
msgstr ""
#: ../src/msec/help.py:88
-msgid "Patterns to exclude from disk checks. This parameter is parsed as a regex (7), so you may use complex expressions."
+msgid "Enable daily security checks."
msgstr ""
#: ../src/msec/help.py:90
-msgid "Set shell commands history size. A value of -1 means unlimited."
+msgid "Run security checks when machine is running on battery power."
msgstr ""
#: ../src/msec/help.py:92
-msgid "Ignore changes in process IDs when checking for open network ports."
+msgid "Set the user umask."
msgstr ""
#: ../src/msec/help.py:94
-msgid "Allow X server to accept connections from network on tcp port 6000."
+msgid "Set the root umask."
msgstr ""
#: ../src/msec/help.py:96
-msgid "Enable checksum verification for suid files."
+msgid "Include current directory into user PATH by default"
msgstr ""
#: ../src/msec/help.py:98
-msgid "Set the shell timeout. A value of zero means no timeout."
+msgid ""
+"Set umask option for mounting vfat and ntfs partitions. If umask is '-1', "
+"default system umask is used."
msgstr ""
#: ../src/msec/help.py:100
-msgid "Set the password minimum length and minimum number of digit and minimum number of capitalized letters, using length,ndigits,nupper format."
+msgid "Allow autologin."
msgstr ""
#: ../src/msec/help.py:102
-msgid "User email to receive security notifications."
+msgid "Allow system reboot and shutdown to local users."
msgstr ""
#: ../src/msec/help.py:104
-msgid "Allow full access to network services controlled by tcp_wrapper (see hosts.deny(5)). If yes, all services are allowed. If local, only connections to local services are authorized. If no, the services must be authorized manually in /etc/hosts.allow (see hosts.allow(5))."
+msgid "Allow direct root login on terminal."
msgstr ""
#: ../src/msec/help.py:106
-msgid "Enable logging of strange network packets."
+msgid "Allow display managers (sddm and gdm) to display list of local users."
msgstr ""
#: ../src/msec/help.py:108
-msgid "Enforce MSEC file directory permissions on system startup. If this parameter is set to 'enforce', system permissions will be enforced automatically, according to system security settings."
+msgid ""
+"Allow local users to connect to X server. Accepted arguments: yes (all "
+"connections are allowed), local (only local connection), no (no connection)."
msgstr ""
#: ../src/msec/help.py:110
-msgid "Enable checking for open network ports."
+msgid ""
+"Allow to export display when passing from the root account to the other "
+"users. See pam_xauth(8) for more details."
msgstr ""
#: ../src/msec/help.py:112
-msgid "Send mail reports even if no changes were detected."
+msgid "Allow X server to accept connections from network on tcp port 6000."
msgstr ""
#: ../src/msec/help.py:114
-msgid "Send security check results by email."
+msgid ""
+"Allow full access to network services controlled by tcp_wrapper (see hosts."
+"deny(5)). If yes, all services are allowed. If local, only connections to "
+"local services are authorized. If no, the services must be authorized "
+"manually in /etc/hosts.allow (see hosts.allow(5))."
msgstr ""
#: ../src/msec/help.py:116
-msgid "Enable checking for changes in system users."
+msgid ""
+"Creates the symlink /etc/security/msec/server to point to /etc/security/msec/"
+"server.SERVER_LEVEL. The /etc/security/msec/server is used by chkconfig --"
+"add to decide to add a service if it is present in the file during the "
+"installation of packages. By default, two presets are provided: local (which "
+"only enables local services) and remote (which also enables some remote "
+"services considered safe). Note that the allowed services must be placed "
+"manually into the server.SERVER_LEVEL files when necessary."
msgstr ""
#: ../src/msec/help.py:118
-msgid "Allow display managers (sddm and gdm) to display list of local users."
+msgid ""
+"Enable crontab and at for users. Put allowed users in /etc/cron.allow and /"
+"etc/at.allow (see man at(1) and crontab(1))."
msgstr ""
#: ../src/msec/help.py:120
-msgid "Defines the sectool level to use during the periodic security check. You may use the sectool-gui application to select individual tests for each level. If this variable is not defined, the default level defined in sectool configuration will be used."
+msgid "Log journal messages on console terminal 12."
msgstr ""
#: ../src/msec/help.py:122
-msgid "Accept bogus IPv4 error messages."
+msgid "Perform hourly security check for changes in system configuration."
msgstr ""
#: ../src/msec/help.py:124
-msgid "Allow root access without password for the members of the wheel group."
+msgid "Ask for root password when going to single user level (man sulogin(8))."
msgstr ""
#: ../src/msec/help.py:126
-msgid "Set the password history length to prevent password reuse. This is not supported by pam_tcb."
+msgid ""
+"Use secure location for temporary files. If this parameter is set to 'yes', "
+"user home directory will be used for temporary files. Otherwise, /tmp will "
+"be used."
msgstr ""
#: ../src/msec/help.py:128
-msgid "Perform hourly security check for changes in system configuration."
+msgid "Set shell commands history size. A value of -1 means unlimited."
msgstr ""
#: ../src/msec/help.py:130
-msgid "Use secure location for temporary files. If this parameter is set to 'yes', user home directory will be used for temporary files. Otherwise, /tmp will be used."
+msgid "Set the shell timeout. A value of zero means no timeout."
msgstr ""
#: ../src/msec/help.py:132
-msgid "Enable periodic permission checking for files specified in msec policy."
+msgid "Enforce MSEC settings on system startup"
msgstr ""
#: ../src/msec/help.py:134
-msgid "Allow local users to connect to X server. Accepted arguments: yes (all connections are allowed), local (only local connection), no (no connection)."
+msgid ""
+"Enforce MSEC file directory permissions on system startup. If this parameter "
+"is set to 'enforce', system permissions will be enforced automatically, "
+"according to system security settings."
msgstr ""
#: ../src/msec/help.py:136
-msgid "Use password to authenticate users. Take EXTREME care when disabling passwords, as it will leave the machine vulnerable."
+msgid ""
+"Define the default retention period for logs, in weeks. Some countries "
+"require that the log files should be kept for 12 months, other do not have "
+"such strict requirements. This variable defines the number of past log files "
+"that should be kept by logrotate on the system."
msgstr ""
#: ../src/msec/help.py:138
-msgid "Defines the base security level, on top of which the current configuration is based."
+msgid ""
+"Allow users in wheel group to use sudo. If this option is set to 'yes', the "
+"users in wheel group are allowed to use sudo and run commands as root by "
+"using their passwords. If this option to set to 'without-password', the "
+"users can use sudo without being asked for their password. WARNING: using "
+"sudo without any password makes your system very vulnerable, and you should "
+"only use this setting if you know what you are doing!"
msgstr ""
#: ../src/msec/help.py:140
-msgid "Run security checks when machine is running on battery power."
+msgid "Allow only users in wheel group to su to root."
msgstr ""
#: ../src/msec/help.py:142
-msgid "Enable checking for dangerous options in users' .rhosts/.shosts files."
+msgid "Allow root access without password for the members of the wheel group."
msgstr ""
#: ../src/msec/help.py:144
-msgid "Allow system reboot and shutdown to local users."
+msgid ""
+"Use password to authenticate users. Take EXTREME care when disabling "
+"passwords, as it will leave the machine vulnerable."
msgstr ""
#: ../src/msec/help.py:146
-msgid "Enforce MSEC settings on system startup"
+msgid ""
+"Set the password history length to prevent password reuse. This is not "
+"supported by pam_tcb."
msgstr ""
#: ../src/msec/help.py:148
-msgid "Enable crontab and at for users. Put allowed users in /etc/cron.allow and /etc/at.allow (see man at(1) and crontab(1))."
-msgstr ""
-
-#: ../src/msec/libmsec.py:265
-msgid "%s modified so launched command: %s"
-msgstr ""
-
-#: ../src/msec/libmsec.py:274
-msgid "%s modified so should have run command: %s"
-msgstr ""
-
-#: ../src/msec/libmsec.py:376 ../src/msec/libmsec.py:408
-msgid "deleted %s"
-msgstr ""
-
-#: ../src/msec/libmsec.py:394
-msgid "touched file %s"
-msgstr ""
-
-#: ../src/msec/libmsec.py:414
-msgid "made symbolic link from %s to %s"
-msgstr ""
-
-#: ../src/msec/libmsec.py:417
-msgid "moved file %s to %s"
-msgstr ""
-
-#: ../src/msec/libmsec.py:467 ../src/msec/libmsec.py:483
-msgid "set variable %s to %s in %s"
-msgstr ""
-
-#: ../src/msec/libmsec.py:685
-msgid "Error loading plugin '%s' from %s: %s"
-msgstr ""
-
-#: ../src/msec/libmsec.py:702
-msgid "Invalid callback: %s"
-msgstr ""
-
-#: ../src/msec/libmsec.py:711
-msgid "Plugin %s not found"
-msgstr ""
-
-#: ../src/msec/libmsec.py:718
-msgid "Not supported function '%s' in '%s'"
-msgstr ""
-
-#: ../src/msec/libmsec.py:725 ../src/msec/libmsec.py:855
-msgid "In check-only mode, nothing is written back to disk."
-msgstr ""
-
-#: ../src/msec/libmsec.py:752
-msgid "Invalid parameter for %s: '%s'. Valid parameters: '%s'."
-msgstr ""
-
-#: ../src/msec/libmsec.py:785
-msgid "user name %s not found"
-msgstr ""
-
-#: ../src/msec/libmsec.py:797
-msgid "user name not found for id %d"
-msgstr ""
-
-#: ../src/msec/libmsec.py:809
-msgid "group name %s not found"
-msgstr ""
-
-#: ../src/msec/libmsec.py:821
-msgid "group name not found for id %d"
-msgstr ""
-
-#: ../src/msec/libmsec.py:831
-msgid "Unable to check /proc/mounts. Assuming all file systems are local."
-msgstr ""
-
-#: ../src/msec/libmsec.py:870
-msgid "Forcing ownership of %s to %s"
-msgstr ""
-
-#: ../src/msec/libmsec.py:874
-msgid "Error changing user on %s: %s"
-msgstr ""
-
-#: ../src/msec/libmsec.py:876
-msgid "Wrong owner of %s: should be %s"
-msgstr ""
-
-#: ../src/msec/libmsec.py:879
-msgid "Enforcing group on %s to %s"
-msgstr ""
-
-#: ../src/msec/libmsec.py:883
-msgid "Error changing group on %s: %s"
-msgstr ""
-
-#: ../src/msec/libmsec.py:885
-msgid "Wrong group of %s: should be %s"
-msgstr ""
-
-#: ../src/msec/libmsec.py:890
-msgid "Enforcing permissions on %s to %o"
-msgstr ""
-
-#: ../src/msec/libmsec.py:894
-msgid "Error changing permissions on %s: %s"
-msgstr ""
-
-#: ../src/msec/libmsec.py:896
-msgid "Wrong permissions of %s: should be %o"
-msgstr ""
-
-#: ../src/msec/libmsec.py:900
-msgid "Enforcing acl on %s"
-msgstr ""
-
-#: ../src/msec/libmsec.py:914
-msgid "Unable to add filesystem-specific ACL %s to %s"
-msgstr ""
-
-#: ../src/msec/libmsec.py:916
-msgid "Error changing acl on %s: %s"
-msgstr ""
-
-#: ../src/msec/libmsec.py:918
-msgid "Wrong acl of %s"
-msgstr ""
-
-#: ../src/msec/libmsec.py:935
-msgid "bad permissions for '%s': '%s'"
-msgstr ""
-
-#: ../src/msec/libmsec.py:960
-msgid "Non local file: \"%s\". Nothing changed."
-msgstr ""
-
-#: ../src/msec/libmsec.py:1005
-msgid "Checking paths: %s"
-msgstr ""
-
-#: ../src/msec/msec.py:87 ../src/msec/msecperms.py:96
-msgid "Invalid security level '%s'."
-msgstr ""
-
-#: ../src/msec/msec.py:114 ../src/msec/msecperms.py:121
msgid ""
-"Msec: Mageia Security Center (%s)\n"
-msgstr ""
-
-#: ../src/msec/msec.py:115 ../src/msec/msecperms.py:122
-msgid "Error: This application must be executed by root!"
-msgstr ""
-
-#: ../src/msec/msec.py:116 ../src/msec/msecperms.py:123
-msgid "Run with --help to get help."
-msgstr ""
-
-#: ../src/msec/msec.py:142
-msgid "Level '%s' not found, aborting."
-msgstr ""
-
-#: ../src/msec/msec.py:144
-msgid "Switching to '%s' level."
-msgstr ""
-
-#: ../src/msec/msec.py:151
-msgid "No custom file permissions for level '%s'."
-msgstr ""
-
-#: ../src/msec/msec.py:152
-msgid "Saving file permissions to '%s' level."
-msgstr ""
-
-#: ../src/msec/msec.py:192 ../src/msec/msecperms.py:166
-msgid "Unable to save config!"
-msgstr ""
-
-#: ../src/msec/msec.py:194
-msgid "Unable to save file system permissions!"
+"Set the password minimum length and minimum number of digit and minimum "
+"number of capitalized letters, using length,ndigits,nupper format."
msgstr ""
#: ../src/msec/msecgui.py:57
@@ -506,31 +409,48 @@ msgid ""
msgstr ""
#: ../src/msec/msecgui.py:63
-msgid "This profile configures a reasonably safe set of security features. It is the suggested level for Desktop. If unsure which profile to use, use this one."
+msgid ""
+"This profile configures a reasonably safe set of security features. It is "
+"the suggested level for Desktop. If unsure which profile to use, use this "
+"one."
msgstr ""
#: ../src/msec/msecgui.py:64
-msgid "This profile is focused on netbooks, laptops or low-end devices, which are only accessed by local users and run on batteries."
+msgid ""
+"This profile is focused on netbooks, laptops or low-end devices, which are "
+"only accessed by local users and run on batteries."
msgstr ""
#: ../src/msec/msecgui.py:66
-msgid "This profile is configured to provide maximum security, even at the cost of limiting the remote access to the system. This level is suggested for security-concerned systems and servers. "
+msgid ""
+"This profile is configured to provide maximum security, even at the cost of "
+"limiting the remote access to the system. This level is suggested for "
+"security-concerned systems and servers. "
msgstr ""
#: ../src/msec/msecgui.py:68
-msgid "This profile is targeted on local network servers, which do not receive accesses from unauthorized Internet users."
+msgid ""
+"This profile is targeted on local network servers, which do not receive "
+"accesses from unauthorized Internet users."
msgstr ""
#: ../src/msec/msecgui.py:70
-msgid "This profile is provided for servers which are intended to be accessed by unauthorized Internet users."
+msgid ""
+"This profile is provided for servers which are intended to be accessed by "
+"unauthorized Internet users."
msgstr ""
#: ../src/msec/msecgui.py:71
-msgid "This profile is intended for the users who do not rely on msec to change system settings, and use it for periodic checks only. It configures all periodic checks to run once a day."
+msgid ""
+"This profile is intended for the users who do not rely on msec to change "
+"system settings, and use it for periodic checks only. It configures all "
+"periodic checks to run once a day."
msgstr ""
#: ../src/msec/msecgui.py:72
-msgid "This profile is similar to the 'audit_daily' profile, but it runs all checks weekly."
+msgid ""
+"This profile is similar to the 'audit_daily' profile, but it runs all checks "
+"weekly."
msgstr ""
#: ../src/msec/msecgui.py:79
@@ -540,22 +460,26 @@ msgstr ""
#: ../src/msec/msecgui.py:82
msgid ""
"<big><b>System security options</b></big>\n"
-"These options control the local security configuration, such as the login restrictions,\n"
-"password configurations, integration with other security tools, and default file creation\n"
+"These options control the local security configuration, such as the login "
+"restrictions,\n"
+"password configurations, integration with other security tools, and default "
+"file creation\n"
"permissions. "
msgstr ""
#: ../src/msec/msecgui.py:87
msgid ""
"<big><b>Network security options</b></big>\n"
-"These options define the network security against remote threats, unauthorized accesses,\n"
+"These options define the network security against remote threats, "
+"unauthorized accesses,\n"
"and breakin attempts. "
msgstr ""
#: ../src/msec/msecgui.py:91
msgid ""
"<big><b>Periodic security checks</b></big>\n"
-"These options configure the security checks that should be executed periodically. "
+"These options configure the security checks that should be executed "
+"periodically. "
msgstr ""
#: ../src/msec/msecgui.py:94
@@ -569,9 +493,12 @@ msgstr ""
#: ../src/msec/msecgui.py:99
msgid ""
"<big><b>File permissions</b></big>\n"
-"These options allow to fine-tune system permissions for important files and directories.\n"
-"The following permissions are checked periodically, and any change to the owner, group,\n"
-"or current permission is reported. The permissions can be enforced, automatically\n"
+"These options allow to fine-tune system permissions for important files and "
+"directories.\n"
+"The following permissions are checked periodically, and any change to the "
+"owner, group,\n"
+"or current permission is reported. The permissions can be enforced, "
+"automatically\n"
"changing them to the specified values when a change is detected. "
msgstr ""
@@ -580,10 +507,12 @@ msgid "Save and apply new configuration?"
msgstr ""
#: ../src/msec/msecgui.py:156
+#, python-format
msgid "Unable to load configuration for level '%s'"
msgstr ""
#: ../src/msec/msecgui.py:162
+#, python-format
msgid "Unable to load permissions for level '%s'"
msgstr ""
@@ -660,14 +589,17 @@ msgid "permission check"
msgstr ""
#: ../src/msec/msecgui.py:314
+#, python-format
msgid "changed %s <b>%s</b> (%s -> %s)"
msgstr ""
#: ../src/msec/msecgui.py:319
+#, python-format
msgid "added %s <b>%s</b> (%s)"
msgstr ""
#: ../src/msec/msecgui.py:324
+#, python-format
msgid "removed %s <b>%s</b>"
msgstr ""
@@ -684,11 +616,12 @@ msgid "Ignore and quit"
msgstr ""
#: ../src/msec/msecgui.py:382
-msgid ""
-"<b>%s:</b> <i>%s</i>\n"
+#, python-format
+msgid "<b>%s:</b> <i>%s</i>\n"
msgstr ""
#: ../src/msec/msecgui.py:389
+#, python-format
msgid "<b>MSEC test run results:</b> <i>%s</i>"
msgstr ""
@@ -697,18 +630,22 @@ msgid "Details"
msgstr ""
#: ../src/msec/msecgui.py:403
+#, python-format
msgid "MSEC messages (%s): %d"
msgstr ""
#: ../src/msec/msecgui.py:417
+#, python-format
msgid "Details (%d changes).."
msgstr ""
#: ../src/msec/msecgui.py:470
+#, python-format
msgid "No base msec level specified, using '%s'"
msgstr ""
#: ../src/msec/msecgui.py:473
+#, python-format
msgid "Detected base msec level '%s'"
msgstr ""
@@ -725,6 +662,7 @@ msgid "Value"
msgstr ""
#: ../src/msec/msecgui.py:527
+#, python-format
msgid "Invalid option '%s'!"
msgstr ""
@@ -757,10 +695,12 @@ msgid "Msec is enabled"
msgstr ""
#: ../src/msec/msecgui.py:632
+#, python-format
msgid "Base security level: '%s'"
msgstr ""
#: ../src/msec/msecgui.py:640
+#, python-format
msgid "Custom settings: %d"
msgstr ""
@@ -769,6 +709,7 @@ msgid "Never"
msgstr ""
#: ../src/msec/msecgui.py:662
+#, python-format
msgid "Check: %s. Last run: %s"
msgstr ""
@@ -781,6 +722,7 @@ msgid "Run now"
msgstr ""
#: ../src/msec/msecgui.py:694
+#, python-format
msgid "Unable to read log file: %s"
msgstr ""
@@ -789,7 +731,10 @@ msgid "Periodic check results"
msgstr ""
#: ../src/msec/msecgui.py:727
-msgid "Do you want to run the <b>%s</b> periodic check? Please note that it could take a considerable time to finish."
+#, python-format
+msgid ""
+"Do you want to run the <b>%s</b> periodic check? Please note that it could "
+"take a considerable time to finish."
msgstr ""
#: ../src/msec/msecgui.py:735 ../src/msec/msecgui.py:743
@@ -878,7 +823,8 @@ msgstr ""
#: ../src/msec/msecgui.py:1436
msgid ""
-"Editing exception. Please select the correspondent msec check and exception value\n"
+"Editing exception. Please select the correspondent msec check and exception "
+"value\n"
msgstr ""
#: ../src/msec/msecgui.py:1443
@@ -890,6 +836,7 @@ msgid "Exception: "
msgstr ""
#: ../src/msec/msecgui.py:1494
+#, python-format
msgid "Changing permissions for %s"
msgstr ""
@@ -898,6 +845,7 @@ msgid "Adding new permission check"
msgstr ""
#: ../src/msec/msecgui.py:1514
+#, python-format
msgid "Changing permissions on <b>%s</b>"
msgstr ""
@@ -910,7 +858,9 @@ msgid "File: "
msgstr ""
#: ../src/msec/msecgui.py:1535
-msgid "Please specify new file owner and permissions, or use 'current' to keep current settings."
+msgid ""
+"Please specify new file owner and permissions, or use 'current' to keep "
+"current settings."
msgstr ""
#: ../src/msec/msecgui.py:1542
@@ -927,7 +877,8 @@ msgstr ""
#: ../src/msec/msecgui.py:1573
msgid ""
-"To enforce additional ACL (Access Control List) on file, specify them in the following format:\n"
+"To enforce additional ACL (Access Control List) on file, specify them in the "
+"following format:\n"
"user1:acl,user2:acl\n"
"Refer to 'man setfacl' for details."
msgstr ""
@@ -937,10 +888,12 @@ msgid "ACL: "
msgstr ""
#: ../src/msec/msecgui.py:1647
+#, python-format
msgid "Select new value for %s"
msgstr ""
#: ../src/msec/msecgui.py:1656
+#, python-format
msgid ""
"<i>%s</i>\n"
"\n"
@@ -952,6 +905,236 @@ msgstr ""
msgid "New value:"
msgstr ""
+#: ../src/msec/libmsec.py:265
+#, python-format
+msgid "%s modified so launched command: %s"
+msgstr ""
+
+#: ../src/msec/libmsec.py:274
+#, python-format
+msgid "%s modified so should have run command: %s"
+msgstr ""
+
+#: ../src/msec/libmsec.py:376 ../src/msec/libmsec.py:408
+#, python-format
+msgid "deleted %s"
+msgstr ""
+
+#: ../src/msec/libmsec.py:394
+#, python-format
+msgid "touched file %s"
+msgstr ""
+
+#: ../src/msec/libmsec.py:414
+#, python-format
+msgid "made symbolic link from %s to %s"
+msgstr ""
+
+#: ../src/msec/libmsec.py:417
+#, python-format
+msgid "moved file %s to %s"
+msgstr ""
+
+#: ../src/msec/libmsec.py:467 ../src/msec/libmsec.py:483
+#, python-format
+msgid "set variable %s to %s in %s"
+msgstr ""
+
+#: ../src/msec/libmsec.py:685
+#, python-format
+msgid "Error loading plugin '%s' from %s: %s"
+msgstr ""
+
+#: ../src/msec/libmsec.py:702
+#, python-format
+msgid "Invalid callback: %s"
+msgstr ""
+
+#: ../src/msec/libmsec.py:711
+#, python-format
+msgid "Plugin %s not found"
+msgstr ""
+
+#: ../src/msec/libmsec.py:718
+#, python-format
+msgid "Not supported function '%s' in '%s'"
+msgstr ""
+
+#: ../src/msec/libmsec.py:725 ../src/msec/libmsec.py:855
+msgid "In check-only mode, nothing is written back to disk."
+msgstr ""
+
+#: ../src/msec/libmsec.py:752
+#, python-format
+msgid "Invalid parameter for %s: '%s'. Valid parameters: '%s'."
+msgstr ""
+
+#: ../src/msec/libmsec.py:785
+#, python-format
+msgid "user name %s not found"
+msgstr ""
+
+#: ../src/msec/libmsec.py:797
+#, python-format
+msgid "user name not found for id %d"
+msgstr ""
+
+#: ../src/msec/libmsec.py:809
+#, python-format
+msgid "group name %s not found"
+msgstr ""
+
+#: ../src/msec/libmsec.py:821
+#, python-format
+msgid "group name not found for id %d"
+msgstr ""
+
+#: ../src/msec/libmsec.py:831
+msgid "Unable to check /proc/mounts. Assuming all file systems are local."
+msgstr ""
+
+#: ../src/msec/libmsec.py:870
+#, python-format
+msgid "Forcing ownership of %s to %s"
+msgstr ""
+
+#: ../src/msec/libmsec.py:874
+#, python-format
+msgid "Error changing user on %s: %s"
+msgstr ""
+
+#: ../src/msec/libmsec.py:876
+#, python-format
+msgid "Wrong owner of %s: should be %s"
+msgstr ""
+
+#: ../src/msec/libmsec.py:879
+#, python-format
+msgid "Enforcing group on %s to %s"
+msgstr ""
+
+#: ../src/msec/libmsec.py:883
+#, python-format
+msgid "Error changing group on %s: %s"
+msgstr ""
+
+#: ../src/msec/libmsec.py:885
+#, python-format
+msgid "Wrong group of %s: should be %s"
+msgstr ""
+
+#: ../src/msec/libmsec.py:890
+#, python-format
+msgid "Enforcing permissions on %s to %o"
+msgstr ""
+
+#: ../src/msec/libmsec.py:894
+#, python-format
+msgid "Error changing permissions on %s: %s"
+msgstr ""
+
+#: ../src/msec/libmsec.py:896
+#, python-format
+msgid "Wrong permissions of %s: should be %o"
+msgstr ""
+
+#: ../src/msec/libmsec.py:900
+#, python-format
+msgid "Enforcing acl on %s"
+msgstr ""
+
+#: ../src/msec/libmsec.py:914
+#, python-format
+msgid "Unable to add filesystem-specific ACL %s to %s"
+msgstr ""
+
+#: ../src/msec/libmsec.py:916
+#, python-format
+msgid "Error changing acl on %s: %s"
+msgstr ""
+
+#: ../src/msec/libmsec.py:918
+#, python-format
+msgid "Wrong acl of %s"
+msgstr ""
+
+#: ../src/msec/libmsec.py:935
+#, python-format
+msgid "bad permissions for '%s': '%s'"
+msgstr ""
+
+#: ../src/msec/libmsec.py:960
+#, python-format
+msgid "Non local file: \"%s\". Nothing changed."
+msgstr ""
+
+#: ../src/msec/libmsec.py:1005
+#, python-format
+msgid "Checking paths: %s"
+msgstr ""
+
+#: ../src/msec/tools.py:33
+#, python-format
+msgid "Unable to parse firewall configuration: %s"
+msgstr ""
+
+#: ../src/msec/tools.py:36 ../src/msec/config.py:60
+msgid "Disabled"
+msgstr ""
+
+#: ../src/msec/tools.py:38
+#, python-format
+msgid "Enabled, with %d rules"
+msgstr ""
+
+#: ../src/msec/tools.py:48
+#, python-format
+msgid "Last updated: %s"
+msgstr ""
+
+#: ../src/msec/tools.py:50
+#, python-format
+msgid "Unable to access %s: %s"
+msgstr ""
+
+#: ../src/msec/tools.py:51
+msgid "Unable to determine update status"
+msgstr ""
+
+#: ../src/msec/config.py:46
+msgid "Modified system files"
+msgstr ""
+
+#: ../src/msec/config.py:47
+msgid "No changes in system files"
+msgstr ""
+
+#: ../src/msec/config.py:222 ../src/msec/config.py:436
+#, python-format
+msgid "Unable to load configuration file %s: %s"
+msgstr ""
+
+#: ../src/msec/config.py:236 ../src/msec/config.py:346
+#: ../src/msec/config.py:455
+#, python-format
+msgid "Bad config option: %s"
+msgstr ""
+
+#: ../src/msec/config.py:271 ../src/msec/config.py:385
+#: ../src/msec/config.py:481
+#, python-format
+msgid "Unable to save %s: %s"
+msgstr ""
+
+#: ../src/msec/config.py:331
+#, python-format
+msgid "loading exceptions file %s: %s"
+msgstr ""
+
+#: ../src/msec/config.py:332
+msgid "No exceptions loaded"
+msgstr ""
+
#: ../src/msec/plugins/audit.py:207
msgid "Activating periodic promiscuity check"
msgstr ""
@@ -968,12 +1151,80 @@ msgstr ""
msgid "Disabling daily security check"
msgstr ""
-#: ../src/msec/plugins/log.py:45
-msgid "Invalid retention period: \"%s\""
+#: ../src/msec/plugins/pam.py:68
+msgid "Using password to authenticate users"
msgstr ""
-#: ../src/msec/plugins/log.py:53
-msgid "Setting log retention period to %d weeks"
+#: ../src/msec/plugins/pam.py:72
+msgid "Don't use password to authenticate users"
+msgstr ""
+
+#: ../src/msec/plugins/pam.py:83
+msgid "Password history not supported with pam_tcb."
+msgstr ""
+
+#: ../src/msec/plugins/pam.py:91
+#, python-format
+msgid "Invalid maximum password history length: \"%s\""
+msgstr ""
+
+#: ../src/msec/plugins/pam.py:106
+#, python-format
+msgid "Setting password history to %d."
+msgstr ""
+
+#: ../src/msec/plugins/pam.py:112
+msgid "Disabling password history"
+msgstr ""
+
+#: ../src/msec/plugins/pam.py:124
+#, python-format
+msgid ""
+"Invalid password length \"%s\". Use \"length,ndigits,nupper\" as parameter"
+msgstr ""
+
+#: ../src/msec/plugins/pam.py:145
+#, python-format
+msgid "Setting minimum password length %d"
+msgstr ""
+
+#: ../src/msec/plugins/pam.py:169
+msgid "Allowing su only from wheel group members"
+msgstr ""
+
+#: ../src/msec/plugins/pam.py:173
+msgid "no wheel group"
+msgstr ""
+
+#: ../src/msec/plugins/pam.py:177
+msgid ""
+"Security configuration is defined to allow only members of the wheel group "
+"to su to root, but this group is empty. Please add the allowed users into "
+"the wheel group."
+msgstr ""
+
+#: ../src/msec/plugins/pam.py:185
+msgid "Allowing su for all"
+msgstr ""
+
+#: ../src/msec/plugins/pam.py:204
+msgid "Allowing transparent root access for wheel group members"
+msgstr ""
+
+#: ../src/msec/plugins/pam.py:211
+msgid "Disabling transparent root access for wheel group members"
+msgstr ""
+
+#: ../src/msec/plugins/network.py:131
+msgid "Allowing remote root login"
+msgstr ""
+
+#: ../src/msec/plugins/network.py:135
+msgid "Forbidding remote root login"
+msgstr ""
+
+#: ../src/msec/plugins/network.py:139
+msgid "Allowing remote root login only by passphrase"
msgstr ""
#: ../src/msec/plugins/msec.py:149
@@ -981,14 +1232,17 @@ msgid "Allowing unrestricted chkconfig for packages"
msgstr ""
#: ../src/msec/plugins/msec.py:154
+#, python-format
msgid "Restricting chkconfig for packages according to \"%s\" profile"
msgstr ""
#: ../src/msec/plugins/msec.py:164
+#, python-format
msgid "Setting root umask to %s"
msgstr ""
#: ../src/msec/plugins/msec.py:174
+#, python-format
msgid "Setting users umask to %s"
msgstr ""
@@ -1005,6 +1259,7 @@ msgid "Restricting X server connection to the console user"
msgstr ""
#: ../src/msec/plugins/msec.py:204
+#, python-format
msgid "invalid allow_x_connections arg: %s"
msgstr ""
@@ -1017,18 +1272,22 @@ msgid "Forbidding the X server to listen to tcp connection"
msgstr ""
#: ../src/msec/plugins/msec.py:257
+#, python-format
msgid "Invalid shell timeout \"%s\""
msgstr ""
#: ../src/msec/plugins/msec.py:265
+#, python-format
msgid "Setting shell timeout to %s"
msgstr ""
#: ../src/msec/plugins/msec.py:273
+#, python-format
msgid "Invalid shell history size \"%s\""
msgstr ""
#: ../src/msec/plugins/msec.py:284
+#, python-format
msgid "Setting shell history size to %s"
msgstr ""
@@ -1037,6 +1296,7 @@ msgid "Removing limit on shell history size"
msgstr ""
#: ../src/msec/plugins/msec.py:297
+#, python-format
msgid "Invalid file system umask \"%s\""
msgstr ""
@@ -1168,106 +1428,316 @@ msgstr ""
msgid "Not allowing including current directory in path"
msgstr ""
-#: ../src/msec/plugins/network.py:131
-msgid "Allowing remote root login"
+#: ../src/msec/plugins/sudo.py:49
+msgid "Allowing users in wheel group to use sudo"
msgstr ""
-#: ../src/msec/plugins/network.py:135
-msgid "Forbidding remote root login"
+#: ../src/msec/plugins/sudo.py:54
+msgid "Allowing users in wheel group to use sudo without password"
msgstr ""
-#: ../src/msec/plugins/network.py:139
-msgid "Allowing remote root login only by passphrase"
+#: ../src/msec/plugins/sudo.py:57
+msgid "Not allowing users in wheel group to use sudo"
msgstr ""
-#: ../src/msec/plugins/pam.py:68
-msgid "Using password to authenticate users"
+#: ../src/msec/plugins/log.py:45
+#, python-format
+msgid "Invalid retention period: \"%s\""
msgstr ""
-#: ../src/msec/plugins/pam.py:72
-msgid "Don't use password to authenticate users"
+#: ../src/msec/plugins/log.py:53
+#, python-format
+msgid "Setting log retention period to %d weeks"
msgstr ""
-#: ../src/msec/plugins/pam.py:83
-msgid "Password history not supported with pam_tcb."
+#: ../src/msec/man.py:220
+msgid "NAME"
msgstr ""
-#: ../src/msec/plugins/pam.py:91
-msgid "Invalid maximum password history length: \"%s\""
+#: ../src/msec/man.py:221
+msgid "SYNOPSIS"
msgstr ""
-#: ../src/msec/plugins/pam.py:106
-msgid "Setting password history to %d."
+#: ../src/msec/man.py:222
+msgid "DESCRIPTION"
msgstr ""
-#: ../src/msec/plugins/pam.py:112
-msgid "Disabling password history"
+#: ../src/msec/man.py:223
+msgid "options"
msgstr ""
-#: ../src/msec/plugins/pam.py:124
-msgid "Invalid password length \"%s\". Use \"length,ndigits,nupper\" as parameter"
+#: ../src/msec/man.py:224
+msgid "Mageia Linux security tools"
msgstr ""
-#: ../src/msec/plugins/pam.py:145
-msgid "Setting minimum password length %d"
+#: ../src/msec/man.py:225
+msgid ""
+"msec\n"
+"is responsible to maintain system security in Mageia. It supports different "
+"security\n"
+"configurations, which can be organized into several security levels, stored "
+"in\n"
+"/etc/security/msec/level.LEVELNAME. Currently, three basic preconfigured "
+"security levels are\n"
+"provided with Mageia Linux:"
msgstr ""
-#: ../src/msec/plugins/pam.py:169
-msgid "Allowing su only from wheel group members"
+#: ../src/msec/man.py:231
+msgid ""
+"this level disables all msec options. It should be used when you want to "
+"manage\n"
+"all aspects of system security on your own."
msgstr ""
-#: ../src/msec/plugins/pam.py:173
-msgid "no wheel group"
+#: ../src/msec/man.py:233
+msgid ""
+"this is the default security level, which configures a reasonably safe set "
+"of security\n"
+"features. It activates several periodic system checks, and sends the results "
+"of their\n"
+"execution by email (by default, the local 'root' account is used)."
msgstr ""
-#: ../src/msec/plugins/pam.py:177
-msgid "Security configuration is defined to allow only members of the wheel group to su to root, but this group is empty. Please add the allowed users into the wheel group."
+#: ../src/msec/man.py:241
+msgid ""
+"Besides those levels, different task-oriented security are also provided,\n"
+"such as the 'fileserver', 'webserver' and 'netbook' levels. Such levels\n"
+"attempt to pre-configure system security according to the most common use\n"
+"cases."
msgstr ""
-#: ../src/msec/plugins/pam.py:185
-msgid "Allowing su for all"
+#: ../src/msec/man.py:245
+msgid ""
+"Note that besides those levels you may create as many levels as necessary."
msgstr ""
-#: ../src/msec/plugins/pam.py:204
-msgid "Allowing transparent root access for wheel group members"
+#: ../src/msec/man.py:246
+msgid ""
+"The security settings are stored in \\fB/etc/security/msec/security.conf"
+"\\fR\n"
+"file, and default settings for each predefined level are stored in\n"
+"\\fB/etc/security/msec/level.LEVEL\\fR. Permissions for files and "
+"directories\n"
+"that should be enforced or checked for changes are stored in\n"
+"\\fB/etc/security/msec/perms.conf\\fR, and default permissions for each\n"
+"predefined level are stored in \\fB/etc/security/msec/perm.LEVEL\\fR. Note\n"
+"that user-modified parameters take precedence over default level settings. "
+"For\n"
+"example, when default level configuration forbids direct root logins, this\n"
+"setting can be overridden by the user."
msgstr ""
-#: ../src/msec/plugins/pam.py:211
-msgid "Disabling transparent root access for wheel group members"
+#: ../src/msec/man.py:255
+msgid "The following options are supported by msec applications:"
msgstr ""
-#: ../src/msec/plugins/sudo.py:49
-msgid "Allowing users in wheel group to use sudo"
+#: ../src/msec/man.py:257
+msgid ""
+"This is the console version of msec. It is responsible for system security "
+"configuration\n"
+"and checking and transitions between security levels.\n"
+"\n"
+"When executed without parameters, msec will read the system configuration "
+"file\n"
+"(/etc/security/msec/security.conf), and enforce the specified security\n"
+"settings. The operations are logged to \\fB/var/log/msec.log\\fP file, and "
+"also\n"
+"to syslog, using \\fBLOG_AUTHPRIV\\fR facility. Please note that msec "
+"should\n"
+"by run as root."
msgstr ""
-#: ../src/msec/plugins/sudo.py:54
-msgid "Allowing users in wheel group to use sudo without password"
+#: ../src/msec/man.py:265 ../src/msec/man.py:284
+msgid "This option will display the list of supported command line options."
msgstr ""
-#: ../src/msec/plugins/sudo.py:57
-msgid "Not allowing users in wheel group to use sudo"
+#: ../src/msec/man.py:266 ../src/msec/man.py:285
+msgid "List the default configuration for given security level."
msgstr ""
-#: ../src/msec/tools.py:33
-msgid "Unable to parse firewall configuration: %s"
+#: ../src/msec/man.py:267
+msgid ""
+"Apply the specified security level to the system, overwritting all local\n"
+"changes in /etc/security/msec/security.conf. This usually should be "
+"performed\n"
+"either on first install, on when a transition to a different level is "
+"required."
msgstr ""
-#: ../src/msec/tools.py:38
-msgid "Enabled, with %d rules"
+#: ../src/msec/man.py:270
+msgid "Enable debugging messages."
msgstr ""
-#: ../src/msec/tools.py:48
-msgid "Last updated: %s"
+#: ../src/msec/man.py:271
+msgid ""
+"Verify the actions that will be performed by msec, without actually\n"
+"doing anything to the system. In this mode of operation, msec performs all "
+"the\n"
+"required tasks, except effectively writting data back to disk."
msgstr ""
-#: ../src/msec/tools.py:50
-msgid "Unable to access %s: %s"
+#: ../src/msec/man.py:274
+msgid "Use path as root. Can be used to perform msec actions in chroot."
msgstr ""
-#: ../src/msec/tools.py:51
-msgid "Unable to determine update status"
+#: ../src/msec/man.py:275
+msgid "Run quietly"
+msgstr ""
+
+#: ../src/msec/man.py:276
+msgid "Save current settings as a new security level."
+msgstr ""
+
+#: ../src/msec/man.py:277
+msgid ""
+"This application is responsible for system permission checking and "
+"enforcements.\n"
+"\n"
+"When executed without parameters, msecperms will read the permissions\n"
+"configuration file (/etc/security/msec/perms.conf), and enforce the "
+"specified\n"
+"security settings. The operations are logged to \\fB/var/log/msec.log\\fP "
+"file,\n"
+"and also to syslog, using \\fBLOG_AUTHPRIV\\fR facility. Please note that "
+"msecperms\n"
+"should by run as root."
+msgstr ""
+
+#: ../src/msec/man.py:286
+msgid "Enforce the default permissions on all files."
+msgstr ""
+
+#: ../src/msec/man.py:287
+msgid ""
+"This is the GTK version of msec. It acts as frontend to all msec "
+"functionalities."
+msgstr ""
+
+#: ../src/msec/man.py:288
+msgid "EXAMPLES"
msgstr ""
+#: ../src/msec/man.py:289
+msgid ""
+"Enforce system configuration according to /etc/security/msec/security.conf "
+"file:"
+msgstr ""
+
+#: ../src/msec/man.py:290
+msgid "Display system configuration changes without enforcing anything:"
+msgstr ""
+
+#: ../src/msec/man.py:291
+msgid "Install predefined security level 'standard':"
+msgstr ""
+
+#: ../src/msec/man.py:292 ../src/msec/man.py:299
+msgid "Preview changes inflicted by change to 'standard' level:"
+msgstr ""
+
+#: ../src/msec/man.py:293
+msgid "Create a custom security level based on 'standard':"
+msgstr ""
+
+#: ../src/msec/man.py:294 ../src/msec/man.py:301
+msgid ""
+"Export current security settings to create a new security level named "
+"'office':"
+msgstr ""
+
+#: ../src/msec/man.py:295
+msgid "DEFINING EXCEPTIONS FOR PERIODIC CHECKS"
+msgstr ""
+
+#: ../src/msec/man.py:296
+msgid ""
+"Enforce system permissions according to /etc/security/msec/perms.conf file:"
+msgstr ""
+
+#: ../src/msec/man.py:297
+msgid "Display permissions changes without enforcing anything:"
+msgstr ""
+
+#: ../src/msec/man.py:298
+msgid "Install predefined permissions for level 'standard':"
+msgstr ""
+
+#: ../src/msec/man.py:300
+msgid "Create a custom permissions level based on 'secure':"
+msgstr ""
+
+#: ../src/msec/man.py:302
+msgid ""
+"msec\n"
+"is capable of excluding certain patterns from periodic check reports. For\n"
+"this, it is possible to define the exceptions in\n"
+"\\fB/etc/security/msec/exceptions\\fP file, for each supported check."
+msgstr ""
+
+#: ../src/msec/man.py:306
+msgid ""
+"For example, to exclude all items that match \\fB/mnt\\fP, Mageia-based\n"
+"chrooted installations in \\fB/chroot\\fP and all backup files from the\n"
+"results of of check for unowned files on the system, it is sufficient to\n"
+"define the following entry in the exceptions file:"
+msgstr ""
+
+#: ../src/msec/man.py:310
+msgid ""
+"In a similar way, it is possible to exclude the results for the \\fBdeluge"
+"\\fP application from the list of open ports as follows:"
+msgstr ""
+
+#: ../src/msec/man.py:311
+msgid ""
+"Each exception entry is a regular exception, and you might define as many "
+"exceptions as necessary."
+msgstr ""
+
+#: ../src/msec/man.py:312
+msgid ""
+"In order to exclude a path from all msec checks, you may use * for the check "
+"name. For example, the following would exclude /media/ from all msec checks:"
+msgstr ""
+
+#: ../src/msec/man.py:313
+msgid "See below for all msec options that support this feature."
+msgstr ""
+
+#: ../src/msec/man.py:314
+msgid "SECURITY OPTIONS"
+msgstr ""
+
+#: ../src/msec/man.py:315
+msgid "The following security options are supported by msec:"
+msgstr ""
+
+#: ../src/msec/man.py:326
+msgid "NOTES"
+msgstr ""
+
+#: ../src/msec/man.py:327
+msgid "Msec applications must be run by root."
+msgstr ""
+
+#: ../src/msec/man.py:328
+msgid "AUTHORS"
+msgstr ""
+
+#: ../src/msec/man.py:365
+msgid "MSEC parameter:"
+msgstr ""
+
+#: ../src/msec/man.py:365
+msgid "Accepted values:"
+msgstr ""
+
+#: ../src/msec/man.py:368
+#, python-format
+msgid ""
+"(This check supports exceptions via %s variable defined in \\fB/etc/security/"
+"msec/exceptions\\fP file)"
+msgstr ""
# File: ../cron-sh/security.sh, line: 15
#, sh-format
msgid "Error: base level $BASE_LEVEL not found"
diff --git a/src/msec/man.py b/src/msec/man.py
index 1eaade0..7efad72 100755
--- a/src/msec/man.py
+++ b/src/msec/man.py
@@ -16,6 +16,14 @@ import inspect
import config
from libmsec import MSEC, Log
+
+# localization
+import gettext
+try:
+ gettext.install("msec")
+except IOError:
+ _ = str
+
try:
from version import version
except:
@@ -23,207 +31,160 @@ except:
header = r'''.ds q \N'34'
.TH msec 8 msec "Mageia"
-.SH NAME
-msec \- Mageia Linux security tools
-.SH SYNOPSIS
+.SH {tit1}
+msec \- {p1}
+.SH {tit2}
.nf
-.B msec [options]
-.B msecperms [options]
-.B msecgui [options]
+.B msec [{options}]
+.B msecperms [{options}]
+.B msecgui [{options}]
.fi
-.SH DESCRIPTION
-.B msec
-is responsible to maintain system security in Mageia. It supports different security
-configurations, which can be organized into several security levels, stored in
-/etc/security/msec/level.LEVELNAME. Currently, three basic preconfigured security levels are
-provided with Mageia Linux:
+.SH {tit3}
+.B {p2}
.TP
\fBnone\fR
-this level disables all msec options. It should be used when you want to manage
-all aspects of system security on your own.
+{p3}
.TP
\fBstandard\fR
-this is the default security level, which configures a reasonably safe set of security
-features. It activates several periodic system checks, and sends the results of their
-execution by email (by default, the local 'root' account is used).
+{p4}
.TP
\fBsecure\fR
-this level is configured to provide maximum system security, even at the cost of limiting
-the remote access to the system, and local user permissions. It also runs a wider set of
-periodic checks, enforces the local password settings, and periodically checks if the
-system security settings, configured by msec, were modified directly or by some other
-application.
+{p5}
.TP
-Besides those levels, different task-oriented security are also provided,
-such as the 'fileserver', 'webserver' and 'netbook' levels. Such levels
-attempt to pre-configure system security according to the most common use
-cases.
+{p6}
.TP
-Note that besides those levels you may create as many levels as necessary.
+{p7}
.PP
-The security settings are stored in \fB/etc/security/msec/security.conf\fR
-file, and default settings for each predefined level are stored in
-\fB/etc/security/msec/level.LEVEL\fR. Permissions for files and directories
-that should be enforced or checked for changes are stored in
-\fB/etc/security/msec/perms.conf\fR, and default permissions for each
-predefined level are stored in \fB/etc/security/msec/perm.LEVEL\fR. Note
-that user-modified parameters take precedence over default level settings. For
-example, when default level configuration forbids direct root logins, this
-setting can be overridden by the user.
+{p8}
.PP
-The following options are supported by msec applications:
+{p9}
.TP
\fBmsec\fR:
.PP
-This is the console version of msec. It is responsible for system security configuration
-and checking and transitions between security levels.
-
-When executed without parameters, msec will read the system configuration file
-(/etc/security/msec/security.conf), and enforce the specified security
-settings. The operations are logged to \fB/var/log/msec.log\fP file, and also
-to syslog, using \fBLOG_AUTHPRIV\fR facility. Please note that msec should
-by run as root.
+{p10}
\fB\-h, --help\fR
- This option will display the list of supported command line options.
+ {p11}
\fB\-l, --level <level>\fR
- List the default configuration for given security level.
+ {p12}
\fB\-f, --force <level>\fR
- Apply the specified security level to the system, overwritting all local
-changes in /etc/security/msec/security.conf. This usually should be performed
-either on first install, on when a transition to a different level is required.
+ {p13}
\fB\-d\fR
- Enable debugging messages.
+ {p14}
\fB\-p, --pretend\fR
- Verify the actions that will be performed by msec, without actually
-doing anything to the system. In this mode of operation, msec performs all the
-required tasks, except effectively writting data back to disk.
+ {p15}
\fB\-r, --root <path>\fR
- Use path as root. Can be used to perform msec actions in chroot.
+ {p16}
\fB\-q\fR
- Run quietly
+ {p17}
\fB\-s, --save <level>\fR
- Save current settings as a new security level.
+ {p18}
.TP
\fBmsecperms\fR:
.PP
-This application is responsible for system permission checking and enforcements.
-
-When executed without parameters, msecperms will read the permissions
-configuration file (/etc/security/msec/perms.conf), and enforce the specified
-security settings. The operations are logged to \fB/var/log/msec.log\fP file,
-and also to syslog, using \fBLOG_AUTHPRIV\fR facility. Please note that msecperms
-should by run as root.
+{p19}
\fB\-h, --help\fR
- This option will display the list of supported command line options.
+ {p20}
\fB\-l, --level <level>\fR
- List the default configuration for given security level.
+ {p21}
\fB\-e, --enforce\fR
- Enforce the default permissions on all files.
+ {p22}
\fB\-d\fR
- Enable debugging messages.
+ {p14}
\fB\-p, --pretend\fR
- Verify the actions that will be performed by msec, without actually
-doing anything to the system. In this mode of operation, msec performs all the
-required tasks, except effectively writting data back to disk.
+ {p15}
\fB\-r, --root <path>\fR
- Use path as root. Can be used to perform msec actions in chroot.
+ {p16}
\fB\-q\fR
- Run quietly
+ {p17}
.TP
\fBmsecgui\fR:
.PP
-This is the GTK version of msec. It acts as frontend to all msec functionalities.
+{p24}
\fB\-h, --help\fR
- This option will display the list of supported command line options.
+ {p20}
\fB\-d\fR
- Enable debugging messages.
+ {p14}
-.SH EXAMPLES
+.SH {tit4}
-\fBEnforce system configuration according to /etc/security/msec/security.conf file:\fP
+\fB{p25}\fP
msec
-\fBDisplay system configuration changes without enforcing anything:\fP
+\fB{p26}\fP
msec -p
-\fBInstall predefined security level 'standard':\fP
+\fB{p27}\fP
msec -f standard
-\fBPreview changes inflicted by change to 'standard' level:\fP
+\fB{p28}\fP
msec -p -f standard
-\fBCreate a custom security level based on 'standard':\fP
+\fB{p29}\fP
cp /etc/security/msec/level.standard /etc/security/msec/level.my
edit /etc/security/msec/level.my
msec -f my
-\fBExport current security settings to create a new security level named 'office':\fP
+\fB{p30}\fP
msec -s office
-\fBEnforce system permissions according to /etc/security/msec/perms.conf file:\fP
+\fB{p31}\fP
msecperms
-\fBDisplay permissions changes without enforcing anything:\fP
+\fB{p32}\fP
msecperms -p
-\fBInstall predefined permissions for level 'standard':\fP
+\fB{p33}\fP
msecperms -f standard
-\fBPreview changes inflicted by change to 'standard' level:\fP
+\fB{p34}\fP
msecperms -p -f standard
-\fBCreate a custom permissions level based on 'secure':\fP
+\fB{p35}\fP
cp /etc/security/msec/perm.secure /etc/security/msec/perm.my
edit /etc/security/msec/level.my
msecperms -f my
-\fBExport current security settings to create a new security level named 'office':\fP
+\fB{p36}\fP
msecperms -s office
-.SH "DEFINING EXCEPTIONS FOR PERIODIC CHECKS"
-.B msec
-is capable of excluding certain patterns from periodic check reports. For
-this, it is possible to define the exceptions in
-\fB/etc/security/msec/exceptions\fP file, for each supported check.
+.SH "{tit6}"
+.B {p37}
.PP
-For example, to exclude all items that match \fB/mnt\fP, Mageia-based
-chrooted installations in \fB/chroot\fP and all backup files from the
-results of of check for unowned files on the system, it is sufficient to
-define the following entry in the exceptions file:
+{p38}
.TP
CHECK_UNOWNED /mnt
@@ -233,51 +194,148 @@ define the following entry in the exceptions file:
CHECK_UNOWNED .*~
.PP
-In a similar way, it is possible to exclude the results for the
-\fBdeluge\fP application from the list of open ports as follows:
+{p39}
.TP
CHECK_OPEN_PORT /deluge
.PP
-Each exception entry is a regular exception, and you might define as many
-exceptions as necessary.
+{p40}
.PP
-In order to exclude a path from all msec checks, you may use * for the check
-name. For example, the following would exclude /media/ from all msec checks:
+{p41}
.TP
* /media/
.PP
-See below for all msec options that support this feature.
+{p42}
-.SH "SECURITY OPTIONS"
+.SH "{tit5}"
-The following security options are supported by msec:
+{p43}
-'''
+'''.format(\
+tit1=_('NAME'),
+tit2=_('SYNOPSIS'),
+tit3=_('DESCRIPTION'),
+options=_('options'),
+p1=_( "Mageia Linux security tools"),
+p2 =_( '''msec
+is responsible to maintain system security in Mageia. It supports different security
+configurations, which can be organized into several security levels, stored in
+/etc/security/msec/level.LEVELNAME. Currently, three basic preconfigured security levels are
+provided with Mageia Linux:'''),
+
+p3 =_( '''this level disables all msec options. It should be used when you want to manage
+all aspects of system security on your own.'''),
+p4 =_( '''this is the default security level, which configures a reasonably safe set of security
+features. It activates several periodic system checks, and sends the results of their
+execution by email (by default, the local 'root' account is used).'''),
+p5 = ('''this level is configured to provide maximum system security, even at the cost of limiting
+the remote access to the system, and local user permissions. It also runs a wider set of
+periodic checks, enforces the local password settings, and periodically checks if the
+system security settings, configured by msec, were modified directly or by some other
+application.'''),
+p6=_( '''Besides those levels, different task-oriented security are also provided,
+such as the 'fileserver', 'webserver' and 'netbook' levels. Such levels
+attempt to pre-configure system security according to the most common use
+cases.'''),
+p7=_('''Note that besides those levels you may create as many levels as necessary.'''),
+p8=_('''The security settings are stored in \\fB/etc/security/msec/security.conf\\fR
+file, and default settings for each predefined level are stored in
+\\fB/etc/security/msec/level.LEVEL\\fR. Permissions for files and directories
+that should be enforced or checked for changes are stored in
+\\fB/etc/security/msec/perms.conf\\fR, and default permissions for each
+predefined level are stored in \\fB/etc/security/msec/perm.LEVEL\\fR. Note
+that user-modified parameters take precedence over default level settings. For
+example, when default level configuration forbids direct root logins, this
+setting can be overridden by the user.'''),
+p9=_("The following options are supported by msec applications:"),
+
+p10=_('''This is the console version of msec. It is responsible for system security configuration
+and checking and transitions between security levels.
+
+When executed without parameters, msec will read the system configuration file
+(/etc/security/msec/security.conf), and enforce the specified security
+settings. The operations are logged to \\fB/var/log/msec.log\\fP file, and also
+to syslog, using \\fBLOG_AUTHPRIV\\fR facility. Please note that msec should
+by run as root.'''),
+p11=_("This option will display the list of supported command line options."),
+p12=_("List the default configuration for given security level."),
+p13=_('''Apply the specified security level to the system, overwritting all local
+changes in /etc/security/msec/security.conf. This usually should be performed
+either on first install, on when a transition to a different level is required.'''),
+p14=_("Enable debugging messages."),
+p15=_('''Verify the actions that will be performed by msec, without actually
+doing anything to the system. In this mode of operation, msec performs all the
+required tasks, except effectively writting data back to disk.'''),
+p16=_("Use path as root. Can be used to perform msec actions in chroot."),
+p17=_("Run quietly"),
+p18=_( "Save current settings as a new security level."),
+p19=_('''This application is responsible for system permission checking and enforcements.
+
+When executed without parameters, msecperms will read the permissions
+configuration file (/etc/security/msec/perms.conf), and enforce the specified
+security settings. The operations are logged to \\fB/var/log/msec.log\\fP file,
+and also to syslog, using \\fBLOG_AUTHPRIV\\fR facility. Please note that msecperms
+should by run as root.'''),
+p20=_("This option will display the list of supported command line options."),
+p21=_("List the default configuration for given security level."),
+p22=_("Enforce the default permissions on all files."),
+p24=_("This is the GTK version of msec. It acts as frontend to all msec functionalities."),
+tit4=_("EXAMPLES"),
+p25=_("Enforce system configuration according to /etc/security/msec/security.conf file:"),
+p26=_("Display system configuration changes without enforcing anything:"),
+p27=_("Install predefined security level 'standard':"),
+p28=_("Preview changes inflicted by change to 'standard' level:"),
+p29=_("Create a custom security level based on 'standard':"),
+p30=_("Export current security settings to create a new security level named 'office':"),
+tit6=_("DEFINING EXCEPTIONS FOR PERIODIC CHECKS"),
+p31=_("Enforce system permissions according to /etc/security/msec/perms.conf file:"),
+p32=_("Display permissions changes without enforcing anything:"),
+p33=_("Install predefined permissions for level 'standard':"),
+p34=_("Preview changes inflicted by change to 'standard' level:"),
+p35=_("Create a custom permissions level based on 'secure':"),
+p36=_("Export current security settings to create a new security level named 'office':"),
+p37=_('''msec
+is capable of excluding certain patterns from periodic check reports. For
+this, it is possible to define the exceptions in
+\\fB/etc/security/msec/exceptions\\fP file, for each supported check.'''),
+p38=_('''For example, to exclude all items that match \\fB/mnt\\fP, Mageia-based
+chrooted installations in \\fB/chroot\\fP and all backup files from the
+results of of check for unowned files on the system, it is sufficient to
+define the following entry in the exceptions file:'''),
+p39=_("In a similar way, it is possible to exclude the results for the \\fBdeluge\\fP application from the list of open ports as follows:"),
+p40=_("Each exception entry is a regular exception, and you might define as many exceptions as necessary."),
+p41=_("In order to exclude a path from all msec checks, you may use * for the check name. For example, the following would exclude /media/ from all msec checks:"),
+p42=_("See below for all msec options that support this feature."),
+tit5=_("SECURITY OPTIONS"),
+p43=_("The following security options are supported by msec:")
+)
footer = '''.RE
-.SH NOTES
-Msec applications must be run by root.
-.SH AUTHORS
+.SH {tit6}
+{p45}
+.SH {tit7}
Frederic Lepied
Eugeni Dodonov
-'''
+'''.format(
+tit6=_("NOTES"),
+p45=_("Msec applications must be run by root."),
+tit7=_("AUTHORS"))
### strings used in the rewritting
function_str = '''
.TP 4
-.B \\fI%s\\fP
-%s
+.B \\fI{callback}\\fP
+{f}
-MSEC parameter: \\fI%s\\fP
+{label1} \\fI{v}\\fP
-Accepted values: \\fI%s\\fP
+{label2} \\fI{params}\\fP
'''
### code
@@ -304,10 +362,10 @@ for callback in callbacks:
variable, params = settings_rev[callback]
func = msec.get_action(callback)
if func:
- print(function_str % (callback, func.__doc__.strip(), variable, ", ".join(params)))
+ print(function_str.format(callback=callback, f=func.__doc__.strip(), v=variable, params=", ".join(params), label1=_('MSEC parameter:'), label2=_("Accepted values:")))
if variable in config.CHECKS_WITH_EXCEPTIONS:
# this check supports exceptions
- print("""(This check supports exceptions via %s variable defined in \\fB/etc/security/msec/exceptions\\fP file)""" % variable)
+ print(_("(This check supports exceptions via %s variable defined in \\fB/etc/security/msec/exceptions\\fP file)") % variable)
print(footer)