diff options
| -rw-r--r-- | conf/level.secure | 2 | ||||
| -rw-r--r-- | conf/level.standard | 2 | ||||
| -rw-r--r-- | conf/server.local (renamed from conf/server.secure) | 0 | ||||
| -rw-r--r-- | conf/server.remote (renamed from conf/server.standard) | 1 | ||||
| -rw-r--r-- | src/msec/config.py | 2 | ||||
| -rwxr-xr-x | src/msec/libmsec.py | 2 |
6 files changed, 5 insertions, 4 deletions
diff --git a/conf/level.secure b/conf/level.secure index aa34490..366679f 100644 --- a/conf/level.secure +++ b/conf/level.secure @@ -29,7 +29,7 @@ CHECK_UNOWNED=yes ENABLE_CONSOLE_LOG=no ALLOW_USER_LIST=no ENABLE_DNS_SPOOFING_PROTECTION=yes -CREATE_SERVER_LINK=secure +CREATE_SERVER_LINK=remote ENABLE_PASSWORD=yes NOTIFY_WARN=no WIN_PARTS_UMASK=027 diff --git a/conf/level.standard b/conf/level.standard index 496fd21..b85879c 100644 --- a/conf/level.standard +++ b/conf/level.standard @@ -29,7 +29,7 @@ CHECK_UNOWNED=no ENABLE_CONSOLE_LOG=yes ALLOW_USER_LIST=yes ENABLE_DNS_SPOOFING_PROTECTION=yes -CREATE_SERVER_LINK=standard +CREATE_SERVER_LINK=no ENABLE_PASSWORD=yes NOTIFY_WARN=yes WIN_PARTS_UMASK=002 diff --git a/conf/server.secure b/conf/server.local index de3617a..de3617a 100644 --- a/conf/server.secure +++ b/conf/server.local diff --git a/conf/server.standard b/conf/server.remote index be61a6e..4192e49 100644 --- a/conf/server.standard +++ b/conf/server.remote @@ -40,6 +40,7 @@ ospfd ospf6d partmon pcmcia +portreserve pptp pptpd preload diff --git a/src/msec/config.py b/src/msec/config.py index c79910e..1402c59 100644 --- a/src/msec/config.py +++ b/src/msec/config.py @@ -91,7 +91,7 @@ SETTINGS = {'BASE_LEVEL': ("libmsec.base_level", 'ALLOW_XAUTH_FROM_ROOT': ("libmsec.allow_xauth_from_root", ['yes', 'no']), 'ALLOW_XSERVER_TO_LISTEN': ("libmsec.allow_xserver_to_listen", ['yes', 'no']), 'AUTHORIZE_SERVICES': ("libmsec.authorize_services", ['yes', 'no', 'local']), - 'CREATE_SERVER_LINK': ("libmsec.create_server_link", ['no', 'standard', 'secure']), + 'CREATE_SERVER_LINK': ("libmsec.create_server_link", ['no', 'remote', 'local']), 'ENABLE_AT_CRONTAB': ("libmsec.enable_at_crontab", ['yes', 'no']), 'ENABLE_CONSOLE_LOG': ("libmsec.enable_console_log", ['yes', 'no']), 'ENABLE_DNS_SPOOFING_PROTECTION':("libmsec.enable_ip_spoofing_protection", ['yes', 'no']), diff --git a/src/msec/libmsec.py b/src/msec/libmsec.py index 6c1d8b9..e39f8a8 100755 --- a/src/msec/libmsec.py +++ b/src/msec/libmsec.py @@ -826,7 +826,7 @@ class MSEC: pass def create_server_link(self, param): - ''' Creates the symlink /etc/security/msec/server to point to /etc/security/msec/server.SERVER_LEVEL. The /etc/security/msec/server is used by chkconfig --add to decide to add a service if it is present in the file during the installation of packages.''' + ''' Creates the symlink /etc/security/msec/server to point to /etc/security/msec/server.SERVER_LEVEL. The /etc/security/msec/server is used by chkconfig --add to decide to add a service if it is present in the file during the installation of packages. By default, two presets are provided: local (which only enables local services) and remote (which also enables some remote services considered safe). Note that the allowed services must be placed manually into the server.SERVER_LEVEL files when necessary.''' server = self.configfiles.get_config_file(SERVER) if param == "no": |