aboutsummaryrefslogtreecommitdiffstats
path: root/NEWS
blob: b982131fe3c10a9750980cfc48bf759ff18125b3 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
- use /etc/sysctl.d/51-drakx.conf instead of /etc/sysctl.conf

Version 2.7 - May 20, 2019 Thomas Backlund

- translation updates

Version 2.6 - March 15, 2018 Papoteur
-  Manage allow_Xserver_to_listen for SDDM, to be included in X11 section (mga#19612)    
-  Manage allow_user_list for SDDM to be included in Users section
    
Version 2.5 - September 3, 2017 Papoteur
- suppress KDM management (mga#21648)
- suppress DNS_SPOOFING_PROTECTION (mga#21621). This cann't no more be disabled.

Version 2.4 - June 5, 2017, Rémi Verschelde

- translations updates

Version 2.3 - March 13, 2017, Rémi Verschelde

- manage allow_xserver_to_listen also for sddm.conf (mga#19612)
- set common messages to GDM, KDM and SDDM in allow_user_list function
- manage RememberLastUser in sddm.conf according to allow_user_list
  (mga#19188)
- use journald instead of syslog to get log on tty12 (mga#10034)
- translations updates

Version 2.2 - September 25, 2016, Papoteur

- set permission on just created MAIL_LOG_TODAY mga#19335
- clean unused code in msec.py
- update man page correcting Mandriva with Mageia

Version 2.1 - April 16 2016, Papoteur

- correction of displaying the update status (mga#18159)
- updating translations

Version 2.0 - August 29 2015, Thierry Vignaud

- fix unable to add an exception (mga#16574)
- switch to python3 (mga#16524)
- use systemctl instead of consolehelper (mga#16084)

Version 1.13 - July 30 2015, Marja van Waes

- Add Narg import in libmsec (Papoteur, mga#13837)

Version 1.12 - July 25 2015, Thierry Vignaud

- msecgui: fix gtk3 regression (mga#13837)

Version 1.11 - May 20 2015, Nicolas Lécureuil

- msecgui: Fix use of main_iteration() (mga#15985)

Version 1.10 - May 19 2015, Rémi Verschelde

- msecgui: fix use of get_iter_root (mga#15981)

Version 1.9 - May 18 2015, Thierry Vignaud

- updated translations

Version 1.8 - April 30 2015, Thierry Vignaud

- msecgui: fix broken config buttons after migration to gtk3
  (Philippe Makowski, mga#14777)

Version 1.7 - April 30 2015, Rémi Verschelde

- msecgui: Fix broken saving feature after migration to gtk3
  by adding "label=" arguments for Gtk.Expander calls
  (Thierry Vignaud, mga#14586)
- updated translations

Version 1.6 - February 9 2015, Anne Nicolas

- updated translations

Version 1.5 - January 2 2015, Thierry Vignaud

- s/Mandriva/Mageia/
- updated translations

Version 1.4 - February 16 2014, Thierry Vignaud

- fix some gettext calls broken by auto migration to gtk3

Version 1.3 - February 11 2014, Thierry Vignaud

- fix menu accelerators after conversion to gtk3

Version 1.2 - February 11 2014, Thierry Vignaud

- revert "don't pass '--noscripts' to 'rpm -Va' (#62644)"

Version 1.1 - February 10 2014, Thierry Vignaud

- fix embedding in mcc (bgo#721226)
- fix treating UTF-8 strings as ascii

Version 1.0 - February 9 2014, Thierry Vignaud

- convert from gtk2 to gtk3
- don't pass '--noscripts' to 'rpm -Va' (#62644)
- rotate /var/log/msec.log together with /var/log/security.log
- properly handle cases when /etc/sysconfig/i18n is not there
- properly handling startx parsing (#60440)

Version 0.80.10 - June 28 2010, Eugeni Dodonov
- localization fix

Version 0.80.9 - June 23 2010, Eugeni Dodonov
- fix gdm/consolekit interaction (#59100)
- use 'none' level as base when no BASE_LEVEL is defined (#59683)

Version 0.80.8 - May 26 2010, Eugeni Dodonov
- do not set gdm variables which are not used by new gdm
- filter out trailing whitespace for open port checks (#59457)

Version 0.80.7 - May 25 2010, Eugeni Dodonov
- updated translations

Version 0.80.6 - Apr 27 2010, Eugeni Dodonov
- support merging legacy perm.local into main perms.conf
- add support for displaying periodic checks results
- add support for running periodic checks manually
- add support for merging legacy perm.local file if exists
- add support for ACL (based on patch from Tiago Marques <tiago.marques@caixamagica.pt>, #58640)
- add support for IGNORE_PID_CHANGES (#56744)
- properly filter chkrootkit checks (#58076).
- do not notify when no changes were found by a diff run
- properly checking if we are run within security script
- properly handle changes in password history when pam_unix is used (#58018).

Version 0.80.5 - Feb 26 2010, Eugeni Dodonov
- added security levels 'audit_daily' and 'audit_weekly'
- added sudo plugin
- do not check inside entries excluded by EXCLUDE_REGEXP
- allow setting the EXCLUDE_REGEXP value in msecgui
- correctly check for changes in groups
- save mail reports for each check period (daily, weekly, monthly and manual)
- implemented security summary screen

Version 0.80.4 - Feb 18 2010, Eugeni Dodonov
- simplified UI for msecgui
- added custom security levels: fileserver, webserver, netbook
- added support for custom levels in gui
- ignore 'vmblock' filesystem during periodic checks (#57669)
- properly separate logs for different type of checks (daily, weekly, monthly and manual)
- xguest user does not have a password, so silence report about it
- added plugin to define log file retention period.

Version 0.80.3 - Feb 08 2010, Eugeni Dodonov
- improved log message when unowned or world-writable files are found
- running file-related periodic checks weekly on standard security level
  to easy disk I/O load
- improved error message when the wheel group is empty (#57463).
- added support for defining periodicity for individual security checks
- added support for sectool checks
- handle level-switching and saving in msec, using msecperms only for checking
  and settings file permissions
- do not duplicate variables present in BASE_LEVEL in security.conf and
  perms.conf files
- properly check if chkrootkit is present (#51309)

Version 0.80.2 - Jan 14 2010, Eugeni Dodonov
- save the entire log that is sent by email in /var/log/security to allow
  consulting it without relying on email messages
- do not show toolbar, as it leads to confusion

Version 0.80.1 - Nov 30 2009, Eugeni Dodonov
- updated list of allowed services
- fix error which prevents 'msec save' from working correctly
- fix error message when checking non-local files (#55869,#56088)

Version 0.70.8 - Nov 05 2009, Eugeni Dodonov
- update translations

Version 0.70.7 - Oct 13 2009, Eugeni Dodonov
- fix issue which prevents msec from exiting correctly in some cases (#54470)

Version 0.70.6 - Oct 07 2009, Eugeni Dodonov
- use users' home directory for temporary files (SECURE_TMP) by default
- improved startup script
- added option to skip security checks when running on battery power (CHECK_ON_BATTERY)

Version 0.70.5 - September 23 2009, Eugeni Dodonov
- do not show error messages for non-existent audit files
- man page entries are now sorted according to plugin
- split libmsec functionality into different plugins: audit (for periodic checks),
  msec (for local security settings) and network (for network-related settings)
- support excluding path from all checks

Version 0.70.4 - September 08 2009, Eugeni Dodonov
- implemented GUI for exception editing
- implemented exceptions for all msec checks (#51277)
- do not check for permission changes in block/character devices (#53424)
- create a summary for msec reports
- simplified permissions policy for standard level
- support enforcing file permissions in periodic msec runs
- allow configuring inclusion of current directory into path
- do not crash if config files have empty lines (#53031)

Version 0.70.3 - August 18 2009, Eugeni Dodonov
- give proper permissions to diff check files.
- Properly log promisc messages.
- msecgui: Added toolbar for msecgui.
- msecgui: Showing logo when running inside MCC.

Version 0.70.2 - July 15 2009, Eugeni Dodonov
- Correctly enforcing permissions on startup when required (#52268).
- Added new variable SECURE_TMP to configure location of temporary files.
- Improve description for changes in packages check.
- Properly handle promisc_check when running standalone (#51903)

Version 0.70.1 - June 26 2009, Eugeni Dodonov
- Improved rpm check, splitted into CHECK_RPM_PACKAGES and CHECK_RPM_INTEGRITY.
- Supporting check for changes in system users and groups.
- Reworked auditing code, improved logging format, added support for
  custom auditing plugins, simplified checks.
- Added support for firewall configuration checks via CHECK_FIREWALL.
- Add support for FIX_UNOWNED to change unowned files to nobody/nogroup (#51791).
- Using WIN_PARTS_UMASK=-1 value instead of '0' when umask should not be set to
  prevent users and diskdrake confusion.
- Correctly handling empty NOTIFY_WARN variables (#51364, #51464).
- Correctly handling unicode messages (#50869).

Version 0.60.22 - April 22 2009, Eugeni Dodonov
- Changed default WIN_PARTS_UMASK to be with sync with diskdrake.

Version 0.60.21 - April 22 2009, Eugeni Dodonov
- Properly handle WIN_PARTS_UMASK parameters.
- Fixed command inversion between DNS_SPOOFING_PROTECTION and
  IP_SPOOFING_PROTECTION.

Version 0.60.20 - April 21 2009, Eugeni Dodonov
- Using correct locale when available (#44561).

Version 0.60.19 - April 20 2009, Eugeni Dodonov
- Properly support NTFS-3G partitions permissions (#50125).

Version 0.60.18 - April 15 2009, Thierry Vignaud
- Updated translations

Version 0.60.17 - March 30 2009, Thierry Vignaud
- Updated translations

Version 0.60.16 - March 24 2009, Eugeni Dodonov
- Added support for desktop notifications on msec periodic checks.
- Using correct logger for syslog messages.
- Updated gui layout to better support small displays (or netbooks).

Version 0.60.15 - March 12 2009, Eugeni Dodonov
- Added specific permission for /var/log/btmp and wtmp (#48604)
- Do not run chkrootkit on NFS partitions (#37753).
- Changed CREATE_SERVER_LINK functionality to allow/deny local and remote
  services, enabling it on secure level only.
- Updated list of files that should not be world-writable or not user-owned.
- Running rpm database check with "--noscripts" (#42849).

Version 0.60.14 - March 05 2009, Eugeni Dodonov
- Modularization: moved pam-related functionality to pam plugin.
- Updated list of safe services.

Version 0.60.13 - March 02 2009, Eugeni Dodonov
- Added banner for msecgui.
- Moved PolicyKit code to plugin.
- Changed default ENABLE_STARTUP parameters to be in sync with
  crontab settings.

Version 0.60.12 - February 25 2009, Eugeni Dodonov
- Correctly handle wheel group authentication (#19091)
- Correctly handling CHECK_RPM and CHECK_CHKROOTKIT parameters.
- Updating permissions on logs changed by logrotate (#47997).
- Added support for plugins.
- Added sample plugin.
- Added MSEC init script (#21270), controlled by ENABLE_STARTUP_MSEC and
  ENABLE_STARTUP_PERMS variables.

Version 0.60.11 - February 05 2009, Eugeni Dodonov
- Added quiet mode.

Version 0.60.10 - February 05 2009, Eugeni Dodonov
- Level name change: 'default' to 'standard'.
- Added support for running in chroot.
- Added initial support for plugins.

Version 0.60.9 - January 29 2009, Eugeni Dodonov
- Reviewed description text for options (#47240)
- Added localization.

Version 0.60.8 - January 26 2009, Eugeni Dodonov
- Changed without_password to without-password to prevent bogus errors.
- Running expensive msec_find only when required.
- Fixing permissions on msec-created files (#27820 #47059)
- Handling network settings as in previous msec versions (#47240).
- Added default response to msecgui Save dialog.
- Implemented support for custom paths checks in msecperms.

Version 0.60.7 - January 21 2009, Eugeni Dodonov
- Now correctly integrating with MCC.

Version 0.60.6 - January 20 2009, Eugeni Dodonov
- Removed Authentication tab (now handled by a separate application)
- Now it is possible to save settings without quitting.
- Better detection for file modifications (such as symlinks, moves, etc)
- Now asking to save changes before quitting when necessary.
- Highlighting default option value according to current level.
- Level selection improvements.
- Checking for $DISPLAY variable.
- Added HAL to list of save services.
- Now highlighting options which are different from default values for level.
- Improved GUI spacing between options.
- Removed Notifications tab (merged with initial screen and periodic
  checks screen).
- Better handling of non-existent files (inittab and sysctl).

Version 0.60.5 - January 14 2009, Eugeni Dodonov
- Fixed msecperms -e (setting default permissions to files).

Version 0.60.4 - January 13 2009, Eugeni Dodonov
- Updated gui to allow immediate preview of options on level change.
- New permissions control GUI.
- Added support for custom security levels.

Version 0.60.3 - January 07 2009, Eugeni Dodonov
- Bugfixes for gdm config handling.
- Implemented authentication gui.
- Added support for --embedded.
- Now using /etc/security/shell instead of /etc/sysconfig/msec.

Version 0.60.2 - January 07 2009, Eugeni Dodonov
- Bugfixes for kdmrc handling.

Version 0.60.1 - January 07 2009, Eugeni Dodonov

- Complete msec redesign for Mandriva 2009.1.

Version 0.50.11 - 16 December 2008, Eugeni Dodonov

- Correctly handle permit_root_login in sshd_config on level change
  (#19726).
- Handle multibyte characters in msec reports (#26773).

Version 0.50.10 - 01 October 2008, Thierry Vignaud

- cron entry:
  o blacklist cifs instead of only smbfs for samba
  o exclude /media from searching like /mnt is
  o run with idle IOnice priority (#42795)