diff options
-rw-r--r-- | conf/level.secure | 1 | ||||
-rw-r--r-- | conf/level.standard | 1 | ||||
-rwxr-xr-x | cron-sh/security.sh | 10 | ||||
-rw-r--r-- | src/msec/plugins/audit.py | 7 |
4 files changed, 18 insertions, 1 deletions
diff --git a/conf/level.secure b/conf/level.secure index df4b152..bf021db 100644 --- a/conf/level.secure +++ b/conf/level.secure @@ -60,3 +60,4 @@ CHECK_PROMISC=yes ENABLE_STARTUP_MSEC=yes ENABLE_STARTUP_PERMS=yes ALLOW_CURDIR_IN_PATH=no +CHECK_ON_BATTERY=no diff --git a/conf/level.standard b/conf/level.standard index ad56837..c34186c 100644 --- a/conf/level.standard +++ b/conf/level.standard @@ -60,3 +60,4 @@ CHECK_PROMISC=yes ENABLE_STARTUP_MSEC=yes ENABLE_STARTUP_PERMS=yes ALLOW_CURDIR_IN_PATH=no +CHECK_ON_BATTERY=no diff --git a/cron-sh/security.sh b/cron-sh/security.sh index df3e9f5..32dac9c 100755 --- a/cron-sh/security.sh +++ b/cron-sh/security.sh @@ -16,6 +16,16 @@ if [[ ${CHECK_SECURITY} != yes ]]; then exit 0 fi +# are we running on battery power? +if [[ ${CHECK_ON_BATTERY} == no ]]; then + grep 'charging state' /proc/acpi/battery/*/state 2>/dev/null | grep -q 'discharging' + ret=$? + if [[ $ret = 0 ]]; then + # skipping check as we are running on battery power + exit 0 + fi +fi + . /usr/share/msec/functions.sh # variables diff --git a/src/msec/plugins/audit.py b/src/msec/plugins/audit.py index a345d52..94f79a9 100644 --- a/src/msec/plugins/audit.py +++ b/src/msec/plugins/audit.py @@ -58,13 +58,14 @@ class audit: config.SETTINGS['NOTIFY_WARN'] = ("audit.notify_warn", ['yes', 'no']) # security checks from audit plugins config.SETTINGS['CHECK_SECURITY'] = ("audit.check_security", ['yes', 'no']) + config.SETTINGS['CHECK_ON_BATTERY'] = ("audit.check_on_battery", ['yes', 'no']) # preparing msecgui menu for check in ["CHECK_PERMS", "CHECK_USER_FILES", "CHECK_SUID_ROOT", "CHECK_SUID_MD5", "CHECK_SGID", "CHECK_WRITABLE", "CHECK_UNOWNED", "FIX_UNOWNED", "CHECK_PROMISC", "CHECK_OPEN_PORT", "CHECK_FIREWALL", "CHECK_PASSWD", "CHECK_SHADOW", "CHECK_CHKROOTKIT", "CHECK_RPM_PACKAGES", "CHECK_RPM_INTEGRITY", "CHECK_SHOSTS", "CHECK_USERS", "CHECK_GROUPS", - "TTY_WARN", "SYSLOG_WARN", "MAIL_EMPTY_CONTENT"]: + "TTY_WARN", "SYSLOG_WARN", "MAIL_EMPTY_CONTENT", "CHECK_ON_BATTERY"]: config.SETTINGS_PERIODIC.append(check) # checks with exceptions @@ -173,6 +174,10 @@ class audit: """Show security notifications in system tray using libnotify.""" pass + def check_on_battery(self, param): + """Run security checks when machine is running on battery power.""" + pass + def check_promisc(self, param): ''' Activate ethernet cards promiscuity check.''' cron = self.configfiles.get_config_file(CRON) |