diff options
Diffstat (limited to 'man/C/mseclib.3')
| -rw-r--r-- | man/C/mseclib.3 | 228 |
1 files changed, 0 insertions, 228 deletions
diff --git a/man/C/mseclib.3 b/man/C/mseclib.3 deleted file mode 100644 index d5999a5..0000000 --- a/man/C/mseclib.3 +++ /dev/null @@ -1,228 +0,0 @@ -.ds q \N'34' -.TH mseclib 3 V0 msec "Mandriva Linux" -.SH NAME -mseclib -.SH SYNOPSIS -.nf -.B from mseclib import * -.B function1(yes) -.B function2(ignore) -.fi -.SH DESCRIPTION -.B mseclib -is a python library to access the function used by the msec program. This functions can be used -in /etc/security/msec/level.local to override the behaviour of the msec program or in standalone -scripts. The first argument of the functions takes a value of 1 or 0 or -1 (or yes/no/ignore) -except when specified otherwise. - -.TP 4 -.B \fIaccept_bogus_error_responses(arg)\fP -Accept/Refuse bogus IPv4 error messages. - -.TP 4 -.B \fIaccept_broadcasted_icmp_echo(arg)\fP - Accept/Refuse broadcasted icmp echo. - -.TP 4 -.B \fIaccept_icmp_echo(arg)\fP - Accept/Refuse icmp echo. - -.TP 4 -.B \fIallow_autologin(arg)\fP -Allow/Forbid autologin. - -.TP 4 -.B \fIallow_issues(arg)\fP -If \fIarg\fP = ALL allow /etc/issue and /etc/issue.net to exist. If \fIarg\fP = NONE no issues are -allowed else only /etc/issue is allowed. - -.TP 4 -.B \fIallow_reboot(arg)\fP -Allow/Forbid reboot by the console user. - -.TP 4 -.B \fIallow_remote_root_login(arg)\fP -Allow/Forbid remote root login via sshd. You can specify -yes, no and without-password. See sshd_config(5) man page for more -information. - -.TP 4 -.B \fIallow_root_login(arg)\fP -Allow/Forbid direct root login. - -.TP 4 -.B \fIallow_user_list(arg)\fP -Allow/Forbid the list of users on the system on display managers (kdm and gdm). - -.TP 4 -.B \fIallow_x_connections(arg, listen_tcp=None)\fP -Allow/Forbid X connections. First arg specifies what is done -on the client side: ALL (all connections are allowed), LOCAL (only -local connection) and NONE (no connection). - -.TP 4 -.B \fIallow_xauth_from_root(arg)\fP -llow/forbid to export display when passing from the root account -to the other users. See pam_xauth(8) for more details. - -.TP 4 -.B \fIallow_xserver_to_listen(arg)\fP -The argument specifies if clients are authorized to connect -to the X server on the tcp port 6000 or not. - -.TP 4 -.B \fIauthorize_services(arg)\fP -Authorize all services controlled by tcp_wrappers (see hosts.deny(5)) if \fIarg\fP = ALL. Only local ones -if \fIarg\fP = LOCAL and none if \fIarg\fP = NONE. To authorize the services you need, use /etc/hosts.allow -(see hosts.allow(5)). - -.TP 4 -.B \fIcreate_server_link()\fP -If SERVER_LEVEL (or SECURE_LEVEL if absent) is greater than 3 -in /etc/security/msec/security.conf, creates the symlink /etc/security/msec/server -to point to /etc/security/msec/server.<SERVER_LEVEL>. The /etc/security/msec/server -is used by chkconfig --add to decide to add a service if it is present in the file -during the installation of packages. - -.TP 4 -.B \fIenable_at_crontab(arg)\fP -Enable/Disable crontab and at for users. Put allowed users in /etc/cron.allow and /etc/at.allow -(see man at(1) and crontab(1)). - -.TP 4 -.B \fIenable_console_log(arg, expr='*.*', dev='tty12')\fP -Enable/Disable syslog reports to console 12. \fIexpr\fP is the -expression describing what to log (see syslog.conf(5) for more details) and -dev the device to report the log. - -.TP 4 -.B \fIenable_dns_spoofing_protection(arg, alert=1)\fP -Enable/Disable name resolution spoofing protection. If -\fIalert\fP is true, also reports to syslog. - -.TP 4 -.B \fIenable_ip_spoofing_protection(arg, alert=1)\fP -Enable/Disable IP spoofing protection. - -.TP 4 -.B \fIenable_libsafe(arg)\fP -Enable/Disable libsafe if libsafe is found on the system. - -.TP 4 -.B \fIenable_log_strange_packets(arg)\fP -Enable/Disable the logging of IPv4 strange packets. - -.TP 4 -.B \fIenable_msec_cron(arg)\fP -Enable/Disable msec hourly security check. - -.TP 4 -.B \fIenable_pam_root_from_wheel(arg)\fP - Allow root access without password for the members of the wheel group. - -.TP 4 -.B \fIenable_pam_wheel_for_su(arg)\fP - Enabling su only from members of the wheel group or allow su from any user. - -.TP 4 -.B \fIenable_password(arg)\fP -Use password to authenticate users. - -.TP 4 -.B \fIenable_promisc_check(arg)\fP -Activate/Disable ethernet cards promiscuity check. - -.TP 4 -.B \fIenable_security_check(arg)\fP - Activate/Disable daily security check. - -.TP 4 -.B \fIenable_sulogin(arg)\fP - Enable/Disable sulogin(8) in single user level. - -.TP 4 -.B \fIno_password_aging_for(name)\fP -Add the name as an exception to the handling of password aging by msec. -Name must be put between '. Msec will then no more manage password aging for -name so you have to use chage(1) to manage it by hand. - -.TP 4 -.B \fIpassword_aging(max, inactive=-1)\fP -Set password aging to \fImax\fP days and delay to change to \fIinactive\fP. - -.TP 4 -.B \fIpassword_history(arg)\fP -Set the password history length to prevent password reuse. - -.TP 4 -.B \fIpassword_length(length, ndigits=0, nupper=0)\fP -Set the password minimum length and minimum number of digit and minimum number of capitalized letters. - -.TP 4 -.B \fIset_root_umask(umask)\fP -Set the root umask. - -.TP 4 -.B \fIset_security_conf(var, value)\fP -Set the variable \fIvar\fP to the value \fIvalue\fP in /var/lib/msec/security.conf. -The best way to override the default setting is to create /etc/security/msec/security.conf -with the value you want. These settings are used to configure the daily check run each night. - -The following variables are currentrly recognized by msec: - -CHECK_UNOWNED if set to yes, report unowned files. - -CHECK_SHADOW if set to yes, check empty password in /etc/shadow. - -CHECK_SUID_MD5 if set to yes, verify checksum of the suid/sgid files. - -CHECK_SECURITY if set to yes, run the daily security checks. - -CHECK_PASSWD if set to yes, check for empty passwords, for no password in /etc/shadow and for users with the 0 id other than root. - -SYSLOG_WARN if set to yes, report check result to syslog. - -CHECK_SUID_ROOT if set to yes, check additions/removals of suid root files. - -CHECK_PERMS if set to yes, check permissions of files in the users' home. - -CHKROOTKIT_CHECK if set to yes, run chkrootkit checks. - -CHECK_PROMISC if set to yes, check if the network devices are in promiscuous mode. - -RPM_CHECK if set to yes, run some checks against the rpm database. - -TTY_WARN if set to yes, reports check result to tty. - -CHECK_WRITABLE if set to yes, check files/directories writable by everybody. - -MAIL_WARN if set to yes, report check result by mail. - -MAIL_USER if set, send the mail report to this email address else send it to root. - -CHECK_OPEN_PORT if set to yes, check open ports. - -CHECK_SGID if set to yes, check additions/removals of sgid files. - -EXCLUDE_REGEXP is used to exclude files from consideration by msec. - -.TP 4 -.B \fIset_shell_history_size(size)\fP -Set shell commands history size. A value of -1 means unlimited. - -.TP 4 -.B \fIset_shell_timeout(val)\fP -Set the shell timeout. A value of zero means no timeout. - -.TP 4 -.B \fIset_user_umask(umask)\fP -Set the user umask. - -.TP 4 -.B \fIset_win_parts_umask(umask)\fP -Set umask option for mounting vfat and ntfs partitions. A value of None means default umask. -.RE -.SH "SEE ALSO" -msec(8) -.SH AUTHORS -Frederic Lepied <flepied@mandriva.com> |