From e76cb515ee0f26d9009f2a5561629dbbb4502741 Mon Sep 17 00:00:00 2001
From: Eugeni Dodonov <eugeni@mandriva.org>
Date: Wed, 11 Mar 2009 23:16:48 +0000
Subject: Changed server files to support remote/local services.

---
 conf/level.secure    |  2 +-
 conf/level.standard  |  2 +-
 conf/server.local    | 22 ++++++++++++++++++++
 conf/server.remote   | 59 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 conf/server.secure   | 22 --------------------
 conf/server.standard | 58 ---------------------------------------------------
 src/msec/config.py   |  2 +-
 src/msec/libmsec.py  |  2 +-
 8 files changed, 85 insertions(+), 84 deletions(-)
 create mode 100644 conf/server.local
 create mode 100644 conf/server.remote
 delete mode 100644 conf/server.secure
 delete mode 100644 conf/server.standard

diff --git a/conf/level.secure b/conf/level.secure
index aa34490..366679f 100644
--- a/conf/level.secure
+++ b/conf/level.secure
@@ -29,7 +29,7 @@ CHECK_UNOWNED=yes
 ENABLE_CONSOLE_LOG=no
 ALLOW_USER_LIST=no
 ENABLE_DNS_SPOOFING_PROTECTION=yes
-CREATE_SERVER_LINK=secure
+CREATE_SERVER_LINK=remote
 ENABLE_PASSWORD=yes
 NOTIFY_WARN=no
 WIN_PARTS_UMASK=027
diff --git a/conf/level.standard b/conf/level.standard
index 496fd21..b85879c 100644
--- a/conf/level.standard
+++ b/conf/level.standard
@@ -29,7 +29,7 @@ CHECK_UNOWNED=no
 ENABLE_CONSOLE_LOG=yes
 ALLOW_USER_LIST=yes
 ENABLE_DNS_SPOOFING_PROTECTION=yes
-CREATE_SERVER_LINK=standard
+CREATE_SERVER_LINK=no
 ENABLE_PASSWORD=yes
 NOTIFY_WARN=yes
 WIN_PARTS_UMASK=002
diff --git a/conf/server.local b/conf/server.local
new file mode 100644
index 0000000..de3617a
--- /dev/null
+++ b/conf/server.local
@@ -0,0 +1,22 @@
+acpid
+alsa
+apparmor
+bastille-firewall
+crond
+dm
+gpm
+haldaemon
+iptables
+ip6tables
+irqbalance
+keytable
+msec
+network
+pcmcia
+prelude
+resolvconf
+shorewall
+snortd
+syslog
+usb
+xfs
diff --git a/conf/server.remote b/conf/server.remote
new file mode 100644
index 0000000..4192e49
--- /dev/null
+++ b/conf/server.remote
@@ -0,0 +1,59 @@
+acpid
+adsl
+alsa
+apparmor
+bgpd
+bluetooth
+bridge
+cpufreq
+crond
+cups
+dansguardian
+dhcpd
+diald
+dm
+ez-ipupdate
+ftwall
+fwlogwatch
+gpm
+haldaemon
+httpd
+httpd-naat
+httpd2-naat
+ipsec
+iptables
+ip6tables
+iptoip
+irqbalance
+isdn4linux
+keytable
+messagebus
+mandi
+msec
+named
+network
+netfs
+numlock
+ntpd
+openvpn
+ospfd
+ospf6d
+partmon
+pcmcia
+portreserve
+pptp
+pptpd
+preload
+prelude-manager
+resolvconf
+ripd
+ripngd
+shorewall
+snortd
+squid
+sshd
+syslog
+usb
+xfs
+xinetd
+zebra
diff --git a/conf/server.secure b/conf/server.secure
deleted file mode 100644
index de3617a..0000000
--- a/conf/server.secure
+++ /dev/null
@@ -1,22 +0,0 @@
-acpid
-alsa
-apparmor
-bastille-firewall
-crond
-dm
-gpm
-haldaemon
-iptables
-ip6tables
-irqbalance
-keytable
-msec
-network
-pcmcia
-prelude
-resolvconf
-shorewall
-snortd
-syslog
-usb
-xfs
diff --git a/conf/server.standard b/conf/server.standard
deleted file mode 100644
index be61a6e..0000000
--- a/conf/server.standard
+++ /dev/null
@@ -1,58 +0,0 @@
-acpid
-adsl
-alsa
-apparmor
-bgpd
-bluetooth
-bridge
-cpufreq
-crond
-cups
-dansguardian
-dhcpd
-diald
-dm
-ez-ipupdate
-ftwall
-fwlogwatch
-gpm
-haldaemon
-httpd
-httpd-naat
-httpd2-naat
-ipsec
-iptables
-ip6tables
-iptoip
-irqbalance
-isdn4linux
-keytable
-messagebus
-mandi
-msec
-named
-network
-netfs
-numlock
-ntpd
-openvpn
-ospfd
-ospf6d
-partmon
-pcmcia
-pptp
-pptpd
-preload
-prelude-manager
-resolvconf
-ripd
-ripngd
-shorewall
-snortd
-squid
-sshd
-syslog
-usb
-xfs
-xinetd
-zebra
diff --git a/src/msec/config.py b/src/msec/config.py
index c79910e..1402c59 100644
--- a/src/msec/config.py
+++ b/src/msec/config.py
@@ -91,7 +91,7 @@ SETTINGS =    {'BASE_LEVEL':                    ("libmsec.base_level",
                'ALLOW_XAUTH_FROM_ROOT':         ("libmsec.allow_xauth_from_root",           ['yes', 'no']),
                'ALLOW_XSERVER_TO_LISTEN':       ("libmsec.allow_xserver_to_listen",         ['yes', 'no']),
                'AUTHORIZE_SERVICES':            ("libmsec.authorize_services",              ['yes', 'no', 'local']),
-               'CREATE_SERVER_LINK':            ("libmsec.create_server_link",              ['no', 'standard', 'secure']),
+               'CREATE_SERVER_LINK':            ("libmsec.create_server_link",              ['no', 'remote', 'local']),
                'ENABLE_AT_CRONTAB':             ("libmsec.enable_at_crontab",               ['yes', 'no']),
                'ENABLE_CONSOLE_LOG':            ("libmsec.enable_console_log",              ['yes', 'no']),
                'ENABLE_DNS_SPOOFING_PROTECTION':("libmsec.enable_ip_spoofing_protection",   ['yes', 'no']),
diff --git a/src/msec/libmsec.py b/src/msec/libmsec.py
index 6c1d8b9..e39f8a8 100755
--- a/src/msec/libmsec.py
+++ b/src/msec/libmsec.py
@@ -826,7 +826,7 @@ class MSEC:
         pass
 
     def create_server_link(self, param):
-        '''  Creates the symlink /etc/security/msec/server to point to /etc/security/msec/server.SERVER_LEVEL. The /etc/security/msec/server is used by chkconfig --add to decide to add a service if it is present in the file during the installation of packages.'''
+        '''  Creates the symlink /etc/security/msec/server to point to /etc/security/msec/server.SERVER_LEVEL. The /etc/security/msec/server is used by chkconfig --add to decide to add a service if it is present in the file during the installation of packages. By default, two presets are provided: local (which only enables local services) and remote (which also enables some remote services considered safe). Note that the allowed services must be placed manually into the server.SERVER_LEVEL files when necessary.'''
         server = self.configfiles.get_config_file(SERVER)
 
         if param == "no":
-- 
cgit v1.2.1