1 files changed, 217 insertions, 0 deletions

diff --git a/man/C/mseclib.3 b/man/C/mseclib.3
new file mode 100644
index 0000000..d86d9fd
--- /dev/null
+++ b/man/C/mseclib.3
@@ -0,0 +1,217 @@
+.ds q \N'34'
+.TH mseclib 3 V0 msec "Mandrakelinux"
+.SH NAME
+mseclib
+.SH SYNOPSIS
+.nf
+.B from mseclib import *
+.B function1(yes)
+.B function2(ignore)
+.fi
+.SH DESCRIPTION
+.B mseclib
+is a python library to access the function used by the msec program. This functions can be used
+in /etc/security/msec/level.local to override the behaviour of the msec program or in standalone
+scripts. The first argument of the functions takes a value of 1 or 0 or -1 (or yes/no/ignore)
+except when specified otherwise.
+
+.TP 4
+.B \fIaccept_bogus_error_responses(arg)\fP
+Accept/Refuse bogus IPv4 error messages.
+
+.TP 4
+.B \fIaccept_broadcasted_icmp_echo(arg)\fP
+ Accept/Refuse broadcasted icmp echo.
+
+.TP 4
+.B \fIaccept_icmp_echo(arg)\fP
+ Accept/Refuse icmp echo.
+
+.TP 4
+.B \fIallow_autologin(arg)\fP
+Allow/Forbid autologin.
+
+.TP 4
+.B \fIallow_issues(arg)\fP
+If \fIarg\fP = ALL allow /etc/issue and /etc/issue.net to exist. If \fIarg\fP = NONE no issues are
+allowed else only /etc/issue is allowed.
+
+.TP 4
+.B \fIallow_reboot(arg)\fP
+Allow/Forbid reboot by the console user.
+
+.TP 4
+.B \fIallow_remote_root_login(arg)\fP
+Allow/Forbid remote root login.
+
+.TP 4
+.B \fIallow_root_login(arg)\fP
+Allow/Forbid direct root login.
+
+.TP 4
+.B \fIallow_user_list(arg)\fP
+Allow/Forbid the list of users on the system on display managers (kdm and gdm).
+
+.TP 4
+.B \fIallow_x_connections(arg, listen_tcp=None)\fP
+Allow/Forbid X connections. First arg specifies what is done
+on the client side: ALL (all connections are allowed), LOCAL (only
+local connection) and NONE (no connection).
+
+.TP 4
+.B \fIallow_xauth_from_root(arg)\fP
+llow/forbid to export display when passing from the root account
+to the other users. See pam_xauth(8) for more details.
+
+.TP 4
+.B \fIallow_xserver_to_listen(arg)\fP
+The argument specifies if clients are authorized to connect
+to the X server on the tcp port 6000 or not.
+
+.TP 4
+.B \fIauthorize_services(arg)\fP
+Authorize all services controlled by tcp_wrappers (see hosts.deny(5)) if \fIarg\fP = ALL. Only local ones
+if \fIarg\fP = LOCAL and none if \fIarg\fP = NONE. To authorize the services you need, use /etc/hosts.allow
+(see hosts.allow(5)).
+
+.TP 4
+.B \fIcreate_server_link()\fP
+If SERVER_LEVEL (or SECURE_LEVEL if absent) is greater than 3
+in /etc/security/msec/security.conf, creates the symlink /etc/security/msec/server
+to point to /etc/security/msec/server.<SERVER_LEVEL>. The /etc/security/msec/serverDiffstat (limited to 'perl-install/detect_devices.pm')-rw-r--r--perl-install/detect_devices.pm12
1 files changed, 7 insertions, 5 deletionsdiff --git a/perl-install/detect_devices.pm b/perl-install/detect_devices.pmindex bbc2186f0..483d7d44c 100644--- a/perl-install/detect_devices.pm+++ b/perl-install/detect_devices.pm@@ -772,20 +772,22 @@ sub hasSMP() { } sub hasPCMCIA() { $::o->{pcmcia} } #- because /proc/pcmcia seems not to be present on 2.4 at least (or use /var/run/stab) +my @dmis;+ sub dmidecode() {-	my @l;+	return @dmis if @dmis;  	foreach (run_program::get_stdout('dmidecode')) { 	    if (/^\t\t(.*)/) {-		$l[-1]{string} .= "$1\n";-		$l[-1]{$1} = $2 if /^\t\t(.*): (.*)$/;+		$dmis[-1]{string} .= "$1\n";+		$dmis[-1]{$1} = $2 if /^\t\t(.*): (.*)$/; 	    } elsif (my ($s) = /^\t(.*)/) { 		next if $s =~ /^DMI type /; 		$s =~ s/ Information$//;-		push @l, { name => $s };+		push @dmis, { name => $s }; 	    } 	}-    @l;+    @dmis; }  sub computer_info() {
Diffstat (limited to 'perl-install/detect_devices.pm')
1 files changed, 7 insertions, 5 deletions
diff --git a/perl-install/detect_devices.pm b/perl-install/detect_devices.pm
index bbc2186f0..483d7d44c 100644
--- a/perl-install/detect_devices.pm
+++ b/perl-install/detect_devices.pm
@@ -772,20 +772,22 @@ sub hasSMP() {
 }
 sub hasPCMCIA() { $::o->{pcmcia} } #- because /proc/pcmcia seems not to be present on 2.4 at least (or use /var/run/stab)
 
+my @dmis;
+
 sub dmidecode() {
-	my @l;
+	return @dmis if @dmis;
 
 	foreach (run_program::get_stdout('dmidecode')) {
 	    if (/^\t\t(.*)/) {
-		$l[-1]{string} .= "$1\n";
-		$l[-1]{$1} = $2 if /^\t\t(.*): (.*)$/;
+		$dmis[-1]{string} .= "$1\n";
+		$dmis[-1]{$1} = $2 if /^\t\t(.*): (.*)$/;
 	    } elsif (my ($s) = /^\t(.*)/) {
 		next if $s =~ /^DMI type /;
 		$s =~ s/ Information$//;
-		push @l, { name => $s };
+		push @dmis, { name => $s };
 	    }
 	}
-    @l;
+    @dmis;
 }
 
 sub computer_info() {
generated by cgit v1.2.1 (git 2.21.0) at 2026-03-23 16:56:27 +0000
+Add the name as an exception to the handling of password aging by msec.
+Name must be put between '. Msec will then no more manage password aging for
+name so you have to use chage(1) to manage it by hand.
+
+.TP 4
+.B \fIpassword_aging(max, inactive=-1)\fP
+Set password aging to \fImax\fP days and delay to change to \fIinactive\fP.
+
+.TP 4
+.B \fIpassword_history(arg)\fP
+Set the password history length to prevent password reuse.
+
+.TP 4
+.B \fIpassword_length(length, ndigits=0, nupper=0)\fP
+Set the password minimum length and minimum number of digit and minimum number of capitalized letters.
+
+.TP 4
+.B \fIset_root_umask(umask)\fP
+Set the root umask.
+
+.TP 4
+.B \fIset_security_conf(var, value)\fP
+Set the variable \fIvar\fP to the value \fIvalue\fP in /var/lib/msec/security.conf.
+The best way to override the default setting is to use create /etc/security/msec/security.conf
+with the value you want. These settings are used to configure the daily check run each night.
+
+The following variables are currentrly recognized by msec:
+
+CHECK_UNOWNED if set to yes, report unowned files.
+
+CHECK_SHADOW if set to yes, check empty password in /etc/shadow.
+
+CHECK_SUID_MD5 if set to yes, verify checksum of the suid/sgid files.
+
+CHECK_SECURITY if set to yes, run the daily security checks.
+
+CHECK_PASSWD if set to yes, check for empty passwords, for no password in /etc/shadow and for users with the 0 id other than root.
+
+SYSLOG_WARN if set to yes, report check result to syslog.
+
+CHECK_SUID_ROOT if set to yes, check additions/removals of suid root files.
+
+CHECK_PERMS if set to yes, check permissions of files in the users' home.
+
+CHKROOTKIT_CHECK if set to yes, run chkrootkit checks.
+
+CHECK_PROMISC if set to yes, check if the network devices are in promiscuous mode.
+
+RPM_CHECK if set to yes, run some checks against the rpm database.
+
+TTY_WARN if set to yes, reports check result to tty.
+
+CHECK_WRITABLE if set to yes, check files/directories writable by everybody.
+
+MAIL_WARN if set to yes, report check result by mail.
+
+MAIL_USER if set, send the mail report to this email address else send it to root.
+
+CHECK_OPEN_PORT if set to yes, check open ports.
+
+CHECK_SGID if set to yes, check additions/removals of sgid files.
+
+
+.TP 4
+.B \fIset_shell_history_size(size)\fP
+Set shell commands history size. A value of -1 means unlimited.
+
+.TP 4
+.B \fIset_shell_timeout(val)\fP
+Set the shell timeout. A value of zero means no timeout.
+
+.TP 4
+.B \fIset_user_umask(umask)\fP
+Set the user umask.
+.RE
+.SH "SEE ALSO"
+msec(8)
+.SH AUTHORS
+Frederic Lepied <flepied@mandrakesoft.com>