- filter out trailing whitespace for open port checks (#59457) Version 0.80.7 - May 25 2010, Eugeni Dodonov - updated translations Version 0.80.6 - Apr 27 2010, Eugeni Dodonov - support merging legacy perm.local into main perms.conf - add support for displaying periodic checks results - add support for running periodic checks manually - add support for merging legacy perm.local file if exists - add support for ACL (based on patch from Tiago Marques , #58640) - add support for IGNORE_PID_CHANGES (#56744) - properly filter chkrootkit checks (#58076). - do not notify when no changes were found by a diff run - properly checking if we are run within security script - properly handle changes in password history when pam_unix is used (#58018). Version 0.80.5 - Feb 26 2010, Eugeni Dodonov - added security levels 'audit_daily' and 'audit_weekly' - added sudo plugin - do not check inside entries excluded by EXCLUDE_REGEXP - allow setting the EXCLUDE_REGEXP value in msecgui - correctly check for changes in groups - save mail reports for each check period (daily, weekly, monthly and manual) - implemented security summary screen Version 0.80.4 - Feb 18 2010, Eugeni Dodonov - simplified UI for msecgui - added custom security levels: fileserver, webserver, netbook - added support for custom levels in gui - ignore 'vmblock' filesystem during periodic checks (#57669) - properly separate logs for different type of checks (daily, weekly, monthly and manual) - xguest user does not have a password, so silence report about it - added plugin to define log file retention period. Version 0.80.3 - Feb 08 2010, Eugeni Dodonov - improved log message when unowned or world-writable files are found - running file-related periodic checks weekly on standard security level to easy disk I/O load - improved error message when the wheel group is empty (#57463). - added support for defining periodicity for individual security checks - added support for sectool checks - handle level-switching and saving in msec, using msecperms only for checking and settings file permissions - do not duplicate variables present in BASE_LEVEL in security.conf and perms.conf files - properly check if chkrootkit is present (#51309) Version 0.80.2 - Jan 14 2010, Eugeni Dodonov - save the entire log that is sent by email in /var/log/security to allow consulting it without relying on email messages - do not show toolbar, as it leads to confusion Version 0.80.1 - Nov 30 2009, Eugeni Dodonov - updated list of allowed services - fix error which prevents 'msec save' from working correctly - fix error message when checking non-local files (#55869,#56088) Version 0.70.8 - Nov 05 2009, Eugeni Dodonov - update translations Version 0.70.7 - Oct 13 2009, Eugeni Dodonov - fix issue which prevents msec from exiting correctly in some cases (#54470) Version 0.70.6 - Oct 07 2009, Eugeni Dodonov - use users' home directory for temporary files (SECURE_TMP) by default - improved startup script - added option to skip security checks when running on battery power (CHECK_ON_BATTERY) Version 0.70.5 - September 23 2009, Eugeni Dodonov - do not show error messages for non-existent audit files - man page entries are now sorted according to plugin - split libmsec functionality into different plugins: audit (for periodic checks), msec (for local security settings) and network (for network-related settings) - support excluding path from all checks Version 0.70.4 - September 08 2009, Eugeni Dodonov - implemented GUI for exception editing - implemented exceptions for all msec checks (#51277) - do not check for permission changes in block/character devices (#53424) - create a summary for msec reports - simplified permissions policy for standard level - support enforcing file permissions in periodic msec runs - allow configuring inclusion of current directory into path - do not crash if config files have empty lines (#53031) Version 0.70.3 - August 18 2009, Eugeni Dodonov - give proper permissions to diff check files. - Properly log promisc messages. - msecgui: Added toolbar for msecgui. - msecgui: Showing logo when running inside MCC. Version 0.70.2 - July 15 2009, Eugeni Dodonov - Correctly enforcing permissions on startup when required (#52268). - Added new variable SECURE_TMP to configure location of temporary files. - Improve description for changes in packages check. - Properly handle promisc_check when running standalone (#51903) Version 0.70.1 - June 26 2009, Eugeni Dodonov - Improved rpm check, splitted into CHECK_RPM_PACKAGES and CHECK_RPM_INTEGRITY. - Supporting check for changes in system users and groups. - Reworked auditing code, improved logging format, added support for custom auditing plugins, simplified checks. - Added support for firewall configuration checks via CHECK_FIREWALL. - Add support for FIX_UNOWNED to change unowned files to nobody/nogroup (#51791). - Using WIN_PARTS_UMASK=-1 value instead of '0' when umask should not be set to prevent users and diskdrake confusion. - Correctly handling empty NOTIFY_WARN variables (#51364, #51464). - Correctly handling unicode messages (#50869). Version 0.60.22 - April 22 2009, Eugeni Dodonov - Changed default WIN_PARTS_UMASK to be with sync with diskdrake. Version 0.60.21 - April 22 2009, Eugeni Dodonov - Properly handle WIN_PARTS_UMASK parameters. - Fixed command inversion between DNS_SPOOFING_PROTECTION and IP_SPOOFING_PROTECTION. Version 0.60.20 - April 21 2009, Eugeni Dodonov - Using correct locale when available (#44561). Version 0.60.19 - April 20 2009, Eugeni Dodonov - Properly support NTFS-3G partitions permissions (#50125). Version 0.60.18 - April 15 2009, Thierry Vignaud - Updated translations Version 0.60.17 - March 30 2009, Thierry Vignaud - Updated translations Version 0.60.16 - March 24 2009, Eugeni Dodonov - Added support for desktop notifications on msec periodic checks. - Using correct logger for syslog messages. - Updated gui layout to better support small displays (or netbooks). Version 0.60.15 - March 12 2009, Eugeni Dodonov - Added specific permission for /var/log/btmp and wtmp (#48604) - Do not run chkrootkit on NFS partitions (#37753). - Changed CREATE_SERVER_LINK functionality to allow/deny local and remote services, enabling it on secure level only. - Updated list of files that should not be world-writable or not user-owned. - Running rpm database check with "--noscripts" (#42849). Version 0.60.14 - March 05 2009, Eugeni Dodonov - Modularization: moved pam-related functionality to pam plugin. - Updated list of safe services. Version 0.60.13 - March 02 2009, Eugeni Dodonov - Added banner for msecgui. - Moved PolicyKit code to plugin. - Changed default ENABLE_STARTUP parameters to be in sync with crontab settings. Version 0.60.12 - February 25 2009, Eugeni Dodonov - Correctly handle wheel group authentication (#19091) - Correctly handling CHECK_RPM and CHECK_CHKROOTKIT parameters. - Updating permissions on logs changed by logrotate (#47997). - Added support for plugins. - Added sample plugin. - Added MSEC init script (#21270), controlled by ENABLE_STARTUP_MSEC and ENABLE_STARTUP_PERMS variables. Version 0.60.11 - February 05 2009, Eugeni Dodonov - Added quiet mode. Version 0.60.10 - February 05 2009, Eugeni Dodonov - Level name change: 'default' to 'standard'. - Added support for running in chroot. - Added initial support for plugins. Version 0.60.9 - January 29 2009, Eugeni Dodonov - Reviewed description text for options (#47240) - Added localization. Version 0.60.8 - January 26 2009, Eugeni Dodonov - Changed without_password to without-password to prevent bogus errors. - Running expensive msec_find only when required. - Fixing permissions on msec-created files (#27820 #47059) - Handling network settings as in previous msec versions (#47240). - Added default response to msecgui Save dialog. - Implemented support for custom paths checks in msecperms. Version 0.60.7 - January 21 2009, Eugeni Dodonov - Now correctly integrating with MCC. Version 0.60.6 - January 20 2009, Eugeni Dodonov - Removed Authentication tab (now handled by a separate application) - Now it is possible to save settings without quitting. - Better detection for file modifications (such as symlinks, moves, etc) - Now asking to save changes before quitting when necessary. - Highlighting default option value according to current level. - Level selection improvements. - Checking for $DISPLAY variable. - Added HAL to list of save services. - Now highlighting options which are different from default values for level. - Improved GUI spacing between options. - Removed Notifications tab (merged with initial screen and periodic checks screen). - Better handling of non-existent files (inittab and sysctl). Version 0.60.5 - January 14 2009, Eugeni Dodonov - Fixed msecperms -e (setting default permissions to files). Version 0.60.4 - January 13 2009, Eugeni Dodonov - Updated gui to allow immediate preview of options on level change. - New permissions control GUI. - Added support for custom security levels. Version 0.60.3 - January 07 2009, Eugeni Dodonov - Bugfixes for gdm config handling. - Implemented authentication gui. - Added support for --embedded. - Now using /etc/security/shell instead of /etc/sysconfig/msec. Version 0.60.2 - January 07 2009, Eugeni Dodonov - Bugfixes for kdmrc handling. Version 0.60.1 - January 07 2009, Eugeni Dodonov - Complete msec redesign for Mandriva 2009.1. Version 0.50.11 - 16 December 2008, Eugeni Dodonov - Correctly handle permit_root_login in sshd_config on level change (#19726). - Handle multibyte characters in msec reports (#26773). Version 0.50.10 - 01 October 2008, Thierry Vignaud - cron entry: o blacklist cifs instead of only smbfs for samba o exclude /media from searching like /mnt is o run with idle IOnice priority (#42795)