From e291d07638bc0756c8bd91d42c336abd6a034d7e Mon Sep 17 00:00:00 2001
From: Eugeni Dodonov <eugeni@mandriva.org>
Date: Wed, 24 Feb 2010 11:59:07 +0000
Subject: Added support for audit_daily and audit_weekly profiles.

---
 conf/level.audit_daily  | 105 ++++++++++++++++++++++++++++++++++++++++++++++++
 conf/level.audit_weekly | 105 ++++++++++++++++++++++++++++++++++++++++++++++++
 conf/perm.audit_daily   |   3 ++
 conf/perm.audit_weekly  |   3 ++
 src/msec/msecgui.py     |   2 +
 5 files changed, 218 insertions(+)
 create mode 100644 conf/level.audit_daily
 create mode 100644 conf/level.audit_weekly
 create mode 100644 conf/perm.audit_daily
 create mode 100644 conf/perm.audit_weekly

diff --git a/conf/level.audit_daily b/conf/level.audit_daily
new file mode 100644
index 0000000..330ef3a
--- /dev/null
+++ b/conf/level.audit_daily
@@ -0,0 +1,105 @@
+BASE_LEVEL=audit_daily
+CHECK_WRITABLE=daily
+MAIL_EMPTY_CONTENT=no
+CHECK_PERMS=no
+CHECK_PERMS_ENFORCE=no
+CHECK_SECTOOL=daily
+CHECK_SECTOOL_LEVEL=3
+CHECK_USER_FILES=daily
+CHECK_CHKROOTKIT=daily
+CHECK_SUID_ROOT=daily
+SYSLOG_WARN=yes
+ENABLE_AT_CRONTAB=
+CHECK_PASSWD=daily
+CHECK_SUID_MD5=daily
+CHECK_SHOSTS=daily
+MAIL_USER=root
+CHECK_SHADOW=daily
+CHECK_UNOWNED=daily
+CHECK_USERS=daily
+CHECK_GROUPS=daily
+NOTIFY_WARN=yes
+CHECK_OPEN_PORT=daily
+CHECK_FIREWALL=daily
+CHECK_RPM_PACKAGES=daily
+CHECK_RPM_INTEGRITY=daily
+MAIL_WARN=yes
+CHECK_SECURITY=yes
+TTY_WARN=yes
+CHECK_SGID=daily
+CHECK_PROMISC=daily
+CHECK_ON_BATTERY=yes
+ACCEPT_BOGUS_ERROR_RESPONSES=
+ACCEPT_BROADCASTED_ICMP_ECHO=
+ACCEPT_ICMP_ECHO=
+ALLOW_AUTOLOGIN=
+ALLOW_CURDIR_IN_PATH=
+ALLOW_REBOOT=
+ALLOW_REMOTE_ROOT_LOGIN=
+ALLOW_ROOT_LOGIN=
+ALLOW_SUDO_TO_WHEEL=
+ALLOW_USER_LIST=
+ALLOW_XAUTH_FROM_ROOT=
+ALLOW_XSERVER_TO_LISTEN=
+ALLOW_X_CONNECTIONS=
+AUTHORIZE_SERVICES=
+CREATE_SERVER_LINK=
+ENABLE_CONSOLE_LOG=
+ENABLE_DNS_SPOOFING_PROTECTION=
+ENABLE_IP_SPOOFING_PROTECTION=
+ENABLE_LOG_STRANGE_PACKETS=
+ENABLE_MSEC_CRON=
+ENABLE_PAM_ROOT_FROM_WHEEL=
+ENABLE_PAM_WHEEL_FOR_SU=
+ENABLE_PASSWORD=
+ENABLE_STARTUP_MSEC=
+ENABLE_STARTUP_PERMS=
+ENABLE_SULOGIN=
+EXCLUDE_REGEXP=
+FIX_UNOWNED=
+LOG_RETENTION=
+PASSWORD_HISTORY=
+PASSWORD_LENGTH=
+ROOT_UMASK=
+SECURE_TMP=
+SHELL_HISTORY_SIZE=
+SHELL_TIMEOUT=
+USER_UMASK=
+WIN_PARTS_UMASK=
+ACCEPT_BOGUS_ERROR_RESPONSES=
+ACCEPT_BROADCASTED_ICMP_ECHO=
+ACCEPT_ICMP_ECHO=
+ALLOW_AUTOLOGIN=
+ALLOW_CURDIR_IN_PATH=
+ALLOW_REBOOT=
+ALLOW_REMOTE_ROOT_LOGIN=
+ALLOW_ROOT_LOGIN=
+ALLOW_SUDO_TO_WHEEL=
+ALLOW_USER_LIST=
+ALLOW_XAUTH_FROM_ROOT=
+ALLOW_XSERVER_TO_LISTEN=
+ALLOW_X_CONNECTIONS=
+AUTHORIZE_SERVICES=
+CREATE_SERVER_LINK=
+ENABLE_CONSOLE_LOG=
+ENABLE_DNS_SPOOFING_PROTECTION=
+ENABLE_IP_SPOOFING_PROTECTION=
+ENABLE_LOG_STRANGE_PACKETS=
+ENABLE_MSEC_CRON=
+ENABLE_PAM_ROOT_FROM_WHEEL=
+ENABLE_PAM_WHEEL_FOR_SU=
+ENABLE_PASSWORD=
+ENABLE_STARTUP_MSEC=
+ENABLE_STARTUP_PERMS=
+ENABLE_SULOGIN=
+EXCLUDE_REGEXP=
+FIX_UNOWNED=
+LOG_RETENTION=
+PASSWORD_HISTORY=
+PASSWORD_LENGTH=
+ROOT_UMASK=
+SECURE_TMP=
+SHELL_HISTORY_SIZE=
+SHELL_TIMEOUT=
+USER_UMASK=
+WIN_PARTS_UMASK=
diff --git a/conf/level.audit_weekly b/conf/level.audit_weekly
new file mode 100644
index 0000000..a9e8090
--- /dev/null
+++ b/conf/level.audit_weekly
@@ -0,0 +1,105 @@
+BASE_LEVEL=audit_weekly
+CHECK_WRITABLE=weekly
+MAIL_EMPTY_CONTENT=no
+CHECK_PERMS=no
+CHECK_PERMS_ENFORCE=no
+CHECK_SECTOOL=weekly
+CHECK_SECTOOL_LEVEL=3
+CHECK_USER_FILES=weekly
+CHECK_CHKROOTKIT=weekly
+CHECK_SUID_ROOT=weekly
+SYSLOG_WARN=yes
+ENABLE_AT_CRONTAB=
+CHECK_PASSWD=weekly
+CHECK_SUID_MD5=weekly
+CHECK_SHOSTS=weekly
+MAIL_USER=root
+CHECK_SHADOW=weekly
+CHECK_UNOWNED=weekly
+CHECK_USERS=weekly
+CHECK_GROUPS=weekly
+NOTIFY_WARN=yes
+CHECK_OPEN_PORT=weekly
+CHECK_FIREWALL=weekly
+CHECK_RPM_PACKAGES=weekly
+CHECK_RPM_INTEGRITY=weekly
+MAIL_WARN=yes
+CHECK_SECURITY=yes
+TTY_WARN=yes
+CHECK_SGID=weekly
+CHECK_PROMISC=weekly
+CHECK_ON_BATTERY=yes
+ACCEPT_BOGUS_ERROR_RESPONSES=
+ACCEPT_BROADCASTED_ICMP_ECHO=
+ACCEPT_ICMP_ECHO=
+ALLOW_AUTOLOGIN=
+ALLOW_CURDIR_IN_PATH=
+ALLOW_REBOOT=
+ALLOW_REMOTE_ROOT_LOGIN=
+ALLOW_ROOT_LOGIN=
+ALLOW_SUDO_TO_WHEEL=
+ALLOW_USER_LIST=
+ALLOW_XAUTH_FROM_ROOT=
+ALLOW_XSERVER_TO_LISTEN=
+ALLOW_X_CONNECTIONS=
+AUTHORIZE_SERVICES=
+CREATE_SERVER_LINK=
+ENABLE_CONSOLE_LOG=
+ENABLE_DNS_SPOOFING_PROTECTION=
+ENABLE_IP_SPOOFING_PROTECTION=
+ENABLE_LOG_STRANGE_PACKETS=
+ENABLE_MSEC_CRON=
+ENABLE_PAM_ROOT_FROM_WHEEL=
+ENABLE_PAM_WHEEL_FOR_SU=
+ENABLE_PASSWORD=
+ENABLE_STARTUP_MSEC=
+ENABLE_STARTUP_PERMS=
+ENABLE_SULOGIN=
+EXCLUDE_REGEXP=
+FIX_UNOWNED=
+LOG_RETENTION=
+PASSWORD_HISTORY=
+PASSWORD_LENGTH=
+ROOT_UMASK=
+SECURE_TMP=
+SHELL_HISTORY_SIZE=
+SHELL_TIMEOUT=
+USER_UMASK=
+WIN_PARTS_UMASK=
+ACCEPT_BOGUS_ERROR_RESPONSES=
+ACCEPT_BROADCASTED_ICMP_ECHO=
+ACCEPT_ICMP_ECHO=
+ALLOW_AUTOLOGIN=
+ALLOW_CURDIR_IN_PATH=
+ALLOW_REBOOT=
+ALLOW_REMOTE_ROOT_LOGIN=
+ALLOW_ROOT_LOGIN=
+ALLOW_SUDO_TO_WHEEL=
+ALLOW_USER_LIST=
+ALLOW_XAUTH_FROM_ROOT=
+ALLOW_XSERVER_TO_LISTEN=
+ALLOW_X_CONNECTIONS=
+AUTHORIZE_SERVICES=
+CREATE_SERVER_LINK=
+ENABLE_CONSOLE_LOG=
+ENABLE_DNS_SPOOFING_PROTECTION=
+ENABLE_IP_SPOOFING_PROTECTION=
+ENABLE_LOG_STRANGE_PACKETS=
+ENABLE_MSEC_CRON=
+ENABLE_PAM_ROOT_FROM_WHEEL=
+ENABLE_PAM_WHEEL_FOR_SU=
+ENABLE_PASSWORD=
+ENABLE_STARTUP_MSEC=
+ENABLE_STARTUP_PERMS=
+ENABLE_SULOGIN=
+EXCLUDE_REGEXP=
+FIX_UNOWNED=
+LOG_RETENTION=
+PASSWORD_HISTORY=
+PASSWORD_LENGTH=
+ROOT_UMASK=
+SECURE_TMP=
+SHELL_HISTORY_SIZE=
+SHELL_TIMEOUT=
+USER_UMASK=
+WIN_PARTS_UMASK=
diff --git a/conf/perm.audit_daily b/conf/perm.audit_daily
new file mode 100644
index 0000000..c95a594
--- /dev/null
+++ b/conf/perm.audit_daily
@@ -0,0 +1,3 @@
+# msec not enabled, so let's user handle the permissions
+###
+/						current.current		current
diff --git a/conf/perm.audit_weekly b/conf/perm.audit_weekly
new file mode 100644
index 0000000..c95a594
--- /dev/null
+++ b/conf/perm.audit_weekly
@@ -0,0 +1,3 @@
+# msec not enabled, so let's user handle the permissions
+###
+/						current.current		current
diff --git a/src/msec/msecgui.py b/src/msec/msecgui.py
index 4b32067..820a8fa 100755
--- a/src/msec/msecgui.py
+++ b/src/msec/msecgui.py
@@ -64,6 +64,8 @@ level_descriptions = {
         "fileserver": _("""This profile is targeted on storage-oriented servers, such as FTP, SAMBA or NFS servers, or database servers, which do not receive accesses from unauthorized Internet users."""),
 
         "webserver": _("""This profile is similar to the 'Fileserver', but it assumes that the server receives connection from unauthorized Internet users."""),
+        "audit_daily": _("""This profile is intended for the users who do not rely on msec to change system settings, and use it for periodic checks only. It configures all periodic checks to run once a day."""),
+        "audit_weekly": _("""This profile is similar to the 'audit_daily' profile, but it runs all checks weekly."""),
 }
 
 # level order. Levels will appear in this order, the unspecified levels will appear last
-- 
cgit v1.2.1