2000-10-10 Yoann Vandoorselaere * Applied Warly patch to fix user list problem under kdm. * User list option for gdm to. * Restart init after inittab change 2000-10-09 Yoann Vandoorselaere * conf/perm.0 : fix a typo * fix for #760 (kdm should not display the list of users for high security levels) * conf/server.[45]: add pcmcia 2000-10-03 Yoann Vandoorselaere * init-sh/*.sh : instead of modifying Xsession, create the /etc/X11/xinit.d/msec file which can contain eventual rules appended by msec. 2000-10-02 Yoann Vandoorselaere * init-sh/*.sh : modify /etc/X11/Xsession, not /etc/X11/xdm/Xsession nor /etc/X11/xinit/xinitrc anymore, as they all load /etc/X11/Xsession. 2000-07-18 Yoann Vandoorselaere * cron-sh/security_check.sh : use -L in ls, to dereference symbolic link Chris Green * conf/perm.*: /var/log/squid must be owned by squid.squid. * cron-sh/security.sh: * init-sh/custom.sh: added patch from AG , if no user to mail security report to is availlable, send to root. 2000-05-03 Yoann Vandoorselaere LoaderUpdate() make a difference between an empty variable, and a non existing one. 2000-04-25 Yoann Vandoorselaere - Fix a bug with comment removed pointed out by Konrad Bernloehr. 2000-04-24 Pixel * conf/perm.[0-4]: fix ugly disgusting fucking bloody buggy bug! (remove bloody /usr/{bin,sbin}/* entries) 2000-04-19 Yoann Vandoorselaere - Support grub as well as lilo... - bugfix. - Loaders bugfix 2000-04-17 Yoann Vandoorselaere * file_perm.sh : removed a check to see if file exist because it block * entry. * updated perm.5 * Updated the doc. * perm.[0-5] : /var/tmp : 1777 * file_perm.sh : output to /dev/null * Included patch to msec_find from Thomas Poindessous. 2000-04-14 Yoann Vandoorselaere * Modify zprofile. * use libsafe-1.3 2000-03-22 Yoann Vandoorselaere * Added many of the proposed feature from Bryan Paxton. 2000-03-19 Yoann Vandoorselaere * security.sh : added patch from Thomas Poindessous. * find.c : many modification :) 2000-03-16 Yoann Vandoorselaere * security.sh : export *_TODAY variable to be used by msec_find. * find.c : removed a debuging printf. 2000-03-09 Yoann Vandoorselaere * custom.sh : added a patch from Havard Bell. 2000-03-08 Yoann Vandoorselaere * Added msec_find utility, written by Thierry Vignaud which will avoid us to find / 5 times :) * Heavilly modified msec_find. * custom.sh : check if libsafe is installed before asking if the user want to use it. 2000-03-07 Yoann Vandoorselaere * Added support for libsafe stack overflow protection in level 4 / 5 / custom * trap the sigint signal * use /etc/security/msec for config file only. * Renamed init.sh to msec, and install it in /usr/sbin. * The other shell scripts are located in /usr/share/msec 2000-03-07 Yoann Vandoorselaere * Included patch from Stefan Siegel which fix these item : * Files that should not be owned by someone else or readable: -> added ".gnupg/secring.gpg" as Mandrake uses GNUPG as default * Files that should not be owned by someone else or writeable: -> replaced "-" by "." in awk-script beause ".ssh" is a directory * Check home directories. Directories should not be owned by=20 someone else or writeable: -> replaced "-" by "d" in awk-script beause "~" is a directory -> replaced username-check by uid-check (avoids false output=20 by usernames > 8 char, e.g. "fetchmail" !=3D "fetchmai" ) -> removed "~lp" and "~mail" from group-check as their homedirs are group writeable 2000-02-17 Yoann Vandoorselaere * level 4 - 5 /var/log in mode 711 for daemon spawned as non root user. * /etc/printcap is 644 in mode 4 & 5 2000-01-13 Yoann Vandoorselaere * custom.sh : ( thanks to Thomas Poindessous ) for pointing out that : * s'/tmp\/msec.XXXXXX/\/tmp\/msec.XXXXXX/' * fix two typo 2000-01-06 Yoann Vandoorselaere * security.sh : find are niced to (+19) * Camille updated the documentation. * Removed the "spawn a shell on boot" feature of level0 cause of a tty problem 2000-01-04 Yoann Vandoorselaere * shutdown.allow is 600 in level 4/5; 644 else. * updated doc/security.txt * updated init-sh/custom.sh 2000-01-03 Yoann Vandoorselaere * level 0-3 -> ctrl-alt-del allowed. * level 4-5 -> ctrl-alt-del allowed for root. 1999-12-29 Yoann Vandoorselaere * Removing grpuser manpage, because : 1 - grpuser is not to be used by user, ( and should not have a manpage ). 2 - manpage is obsolete 1999-12-28 Chmouel Boudjnah * doc/*8: add man-pages from camille. 1999-12-24 Yoann Vandoorselaere * level[35]: also do a mail report. * moved Syslog(), Ttylog(), Maillog() to security.sh * security_check.sh & diff_check.sh now sourced from security.sh 1999-12-22 Yoann Vandoorselaere * init-sh/perm[15]: files should be constant in their content. all entry should be in each perm file 1999-12-21 Pixel * init-sh/perm.4: changed /etc/lilo.conf to 600 to make lilo quiet * init-sh/lib.sh (LiloUpdate): replace the -z ${LILO_PASSWORD} by ${LILO_PASSWORD+set} != set * init-sh/lib.sh (LiloUpdate): replace the call to AddRules to AddBegRules (password= must in the beginning of lilo.conf) * init-sh/lib.sh (AddBegRules): 1 \n instead of 2 1999-12-20 Yoann Vandoorselaere * We are ok. 1999-12-20 Yoann Vandoorselaere * init-sh/perm.[05]: Oops, /var/spool/mail is 771 not 755. 1999-12-20 Yoann Vandoorselaere * init-sh/perm.[15]: /var/spool/mail is 755 1999-12-19 Pixel * init-sh/lib.sh: removed the failsafe for not a tty stdin (not efficient) * init-sh/lib.sh: rewrote the perl script (now a one-liner :) 1999-12-19 Yoann Vandoorselaere * Big cleanup. * All work properly now. 1999-12-19 Pixel * msec.spec: modify to take into account the Makefile modifying the .spec * Makefile (VERSION): make it the same as the .spec 1999-12-18 Pixel * init-sh/lib.sh: added failsafe for not a tty stdin 1999-12-17 Yoann Vandoorselaere * security_check.sh: Bugfix * diff_check.sh: dito * Added security.conf 1999-12-16 Yoann Vandoorselaere * Don't use msec parsing routine to hack inittab. * Indentation problem should be corrected * All debug finished, changing secure.tmp to a mktemp allocated tmpfile for symlink security. 1999-12-16 Chmouel Boudjnah * msec.lyx: add new file from camille. 1999-12-15 Yoann Vandoorselaere * grpuser.sh take only one opt ( --refresh ), take group name from /etc/security/msec/group.conf and add user from /etc/security/msec/user.conf if secure level > 2 * level0.sh fixed inittab entry * fix a typo * As requested, direct shell access for level 0 * Fixed a little problem with the DRAKX_USERS variable * removed chattr +a because of the problem it can cause to other system automated system task 1999-12-13 Yoann Vandoorselaere * Documentation * diff_check.sh : Fix a typo. 1999-12-10 Yoann Vandoorselaere * custom.sh : Fix a typo & forgot to export path & secure level 1999-12-09 Yoann Vandoorselaere * More bug fix. * xhost + localhost for lower level, xhost + for level0. * Many bugfix, just trying to get a bugfree release * Renamed some variable, added consistencie. * security_check.sh: print header at begining of the log. * diff_check.sh: typo. 1999-12-08 Yoann Vandoorselaere * security_check.sh: remove /tmp stuff. * security_check.sh: typo * level[1-3].sh: Changed crontab call to file_check.sh from every hour to every midnight ( bug reported by axalon ). * file_check.sh: clean up. * moved file_check.sh to diff_check.sh and changed what is related to cron call in level[15].sh * Added missing configurations question in level custom. * bug fix. 1999-12-08 Chmouel Boudjnah * Makefile (rpm): target for rpm. (dis): Add a make dis to easy switch from cvs to dis. * msec.spec: use bzip2 sources, clean up %install to use Makefile. move msec.spec on the top to allow rpm -ta (in fact rpm -ta don't support currently bzip2 sources) * cron-sh/promisc_check.sh (LogPromisc): add a missing quote. * ChangeLog: first entry. 1999-12-07 Axalon Bloodstone * Fix call to security_check.sh * Handle usernames longer than 8 chars in file_check