Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

msec-0.49.1-0.1.20060mdk RPM for x86_64

From Mandriva devel 2006.0 for x86_64 / media / main

Name: msec Distribution: Mandriva Linux
Version: 0.49.1 Vendor: Mandriva
Release: 0.1.20060mdk Build date: Thu Dec 22 18:03:26 2005
Group: System/Base Build host: atlas.mandriva.com
Size: 385450 Source RPM: msec-0.49.1-0.1.20060mdk.src.rpm
Packager: Mandriva Security Team <security@mandriva.com>
Url: http://www.mandrivalinux.com/
Summary: Security Level management for the Mandriva Linux distribution
The Mandriva Linux Security package is designed to provide generic
secure level to the Mandriva Linux users...  It will permit you to
choose between level 0 to 5 for a less -> more secured distribution.
This packages includes several programs that will be run periodically
in order to test the security of your system and alert you if needed.

Provides

Requires

License

GPL

Changelog

* Fri Dec 23 2005 Vincent Danen <vdanen@mandriva.com> 0.49.1-0.1.20060mdk
  - build for updates
* Sat Nov 19 2005 Frederic Lepied <flepied@mandriva.com> 0.49.1-1mdk
  - fix bug #17921
* Tue Nov 15 2005 Frederic Lepied <flepied@mandriva.com> 0.49-1mdk
  - scripts in /etc/profile.d no more config files
  - fix bug #19206 by really generating /var/lib/msec/security.conf
* Tue Sep 20 2005 Frederic Lepied <flepied@mandriva.com> 0.48-1mdk
  - enable_pam_root_from_wheel: fixed too laxist config in level 2 (bug #18403).
* Sat Sep 10 2005 Frederic Lepied <flepied@mandriva.com> 0.47.5-1mdk
  - remove debugging output
* Fri Sep 09 2005 Frederic Lepied <flepied@mandriva.com> 0.47.4-1mdk
  - fixed security.conf path (bug #18271).
  - security.sh fix parsing of rpm -Va (bug #18326 , Michael Reinsch).
  - security.sh: don't check sysfs and usbfs file system (bug #14359).
  - make msec.sh bourne shell compatible.
  - allow_xserver_to_listen: adapt to new way of specifying X server
  arguments for kdm (bug #15759).
* Fri Sep 02 2005 Frederic Lepied <flepied@mandriva.com> 0.47.3-1mdk
  - make /etc/rc.d/init.d/functions always readable (bug #18080)
* Thu Aug 18 2005 Frederic Lepied <flepied@mandriva.com> 0.47.2-1mdk
  - another fix for bug #17477
* Wed Aug 17 2005 Frederic Lepied <flepied@mandriva.com> 0.47.1-1mdk
  - really fix bug #17477
* Sat Aug 13 2005 Frederic Lepied <flepied@mandriva.com> 0.47-1mdk
  - security_check.sh: fix user or homedir with spaces in
    (bug #16237).
  - perm.*: o /etc/rc.d/init.d/xprint exception
            o  manage apache files (Guillaume Rousse) (bug #12183)
  - allow_user_list: fixed kdmrc settings.
  - support new inittab syntax for single user mode.
  - fix parsing of new chage output (bug #17477).
  - Perms.py: more robust parsing
  - fixed wrong kdmrc values (bug #16268).
  - follow new Single user need in inittab.
* Sat Jun 18 2005 Frederic Lepied <flepied@mandriva.com> 0.46-1mdk
  - Mandriva
  - new function enable_pam_root_from_wheel to allow transparent root
    access for the wheel group members.
* Tue Mar 22 2005 Frederic Lepied <flepied@mandrakesoft.com> 0.45.1-1mdk
  - allow to use the variable CHKROOTKIT_OPTION as an argument to
  chkrootkit (Michael, bug #12687).
  - fixed documentation of the use of the current keyword (bug #12866).
  - fixed password_history.
* Tue Feb 22 2005 Frederic Lepied <flepied@mandrakesoft.com> 0.45-1mdk
  - requires mailx (bug #13497).
  - fixed the permissions of sendmail symlinks (bug #13515).
  - allow to put an EXCLUDE_REGEXP variable in
  /etc/security/msec/security.conf to be used in msec_find (bug #508).
* Fri Oct 01 2004 Frederic Lepied <flepied@mandrakesoft.com> 0.44.2-1mdk
  - fix allow_reboot
* Sat Jul 31 2004 Frederic Lepied <flepied@mandrakesoft.com> 0.44.1-1mdk
  - fix directory creation code
* Sat Jul 31 2004 Frederic Lepied <flepied@mandrakesoft.com> 0.44-1mdk
  - new function allow_xauth_from_root
  - the perm.local config file is now forcing permissions even if it's lowering the security.
  - install translated man pages
  - Mandrakelinux/Mandrakesoft
* Thu Jul 08 2004 Frederic Lepied <flepied@mandrakesoft.com> 0.43-1mdk
  - fixed again mailman permissions for mailman in level 3 (bug #9319)
  - use getent to parse the passwd database (bug #9904)
  - fix msec.csh (Pixel)
  - more servers in level 4 (Florin)
* Sat Apr 24 2004 Frederic Lepied <flepied@mandrakesoft.com> 0.42.2-1mdk
  - corrected mailman log permissions (Guillaume Rousse bug #9319)
* Mon Mar 22 2004 Frederic Lepied <flepied@mandrakesoft.com> 0.42.1-1mdk
  - check files on / in the daily check (workaround strange ntfw bug #9121)
* Sat Feb 28 2004 Frederic Lepied <flepied@mandrakesoft.com> 0.42-1mdk
  - fix mailman log perm (Guillaume Rousse) [bug #8158]
  - allow to specify only group or user in perm files (Bill Shirley)
  - allow the force keyword in perm files to be able to lower security (Bill Shirley)
  - document perl files syntax in README
* Sun Feb 15 2004 Frederic Lepied <flepied@mandrakesoft.com> 0.41.1-1mdk
  - allow % in file names [bug #6144] (Sven Hoexter)
  - fixed system-auth growing line forever [bug #7853] (Michael Scherer)
* Fri Feb 13 2004 Frederic Lepied <flepied@mandrakesoft.com> 0.41-1mdk
  - make it lib64 aware wrt pam files rewriting
  - more csh-ish msec.csh (Pixel)
  - msec.csh: only set SECURE_LEVEL whenever it already exists
    locally
  - conf/: perm.0, perm.1, perm.2, perm.3, perm.4, perm.5: fixed typo
    rpp => rpm
  - share/libmsec.py: allow_xserver_to_listen: corrected startx
    modifications (Gavin Porter)
  - cron-sh/security.sh: removed xfs from remote filesystems and
    added hfs in foreign filesystems (Stefaan Simoens)
  - conf/: perm.0, perm.1, perm.2, perm.3, perm.4, perm.5: handle
    /var/lib/rpm/Packages
  - AUTHORS, README, TODO: fix #6145 (list current maintainer instead
    of old one) (Thierry)
  - share/shadow.py: Added local_config to say that the calls are now
    coming from the config file.	Call force_val in indirect to store
    that the arguments of the function need to be used even if the
    security is lowered.
  - share/libmsec.py: Rework same_level to be able to put the
    priority on the config file.	This is realized by inspecting the
    stack trace and using a global associative array.
  - man/cs/msec.8: updated Czech man page (Pablo)
* Thu Sep 04 2003 Frederic Lepied <flepied@mandrakesoft.com> 0.40-1mdk
  - corrected strange permission settings in /var/log (bug #4854)
  - allow set_shell_history_size(-1) in level.local (bug #4392)
* Sat Aug 23 2003 Frederic Lepied <flepied@mandrakesoft.com> 0.39-1mdk
  - don't write True or False in sysctl.conf (bug #4629)
  - don't use apply anymore (Olivier Blin) (bug #4632)
  - better documentation for no_password_aging_for (bug #1629)
  - support passing arg as a number in set_root_umask, set_user_umask (bug #3640)
  - better support for symlinks
* Fri Jul 25 2003 Thierry Vignaud <tvignaud@mandrakesoft.com> 0.38-5mdk
  - fix upgrade
* Sat Jun 07 2003 Per Øyvind Karlsen <peroyvind@sintrax.net> 0.38-4mdk
  - use double %'s in changelog
* Sat Mar 08 2003 Frederic Lepied <flepied@mandrakesoft.com> 0.38-3mdk
  - report correct message in log (bug #748)
* Mon Feb 03 2003 Thierry Vignaud <tvignaud@mandrakesoft.com> 0.38-2mdk
  - move security::help from msec to drakxtools so that it get
    translated
* Tue Jan 21 2003 Thierry Vignaud <tvignaud@mandrakesoft.com> 0.38-1mdk
  - generate help for draksec
* Thu Nov 21 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.37-1mdk
  - chage is l10n now so use LC_ALL=C before calling it
* Fri Nov 08 2002 Thierry Vignaud <tvignaud@mandrakesoft.com> 0.36-2mdk
  - requires s/(sh-|text|file)utils/coreutils/
* Wed Sep 18 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.36-1mdk
  - allow_user_list handles Selected in X-*-Greeter section of kdmrc
    when not changing security level.
  - allow_reboot handles Root in X-:*-Core section of kdmrc when not
    changing security level.
* Mon Sep 09 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.35-1mdk
  - when changing the aging expiry, change the date of last password
    change to today to avoid having accounts already expired.
* Sat Sep 07 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.34.5-2mdk
  - fixed bad file name in find.c (David Relson)
* Fri Sep 06 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.34.5-1mdk
  - correct allow_user_list with the new place for kdm3
* Fri Sep 06 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.34.4-2mdk
  - removed debug message
  - corrected credit in the changelog for sgid to David Walser
* Wed Sep 04 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.34.4-1mdk
  - more spelling errors fixes thx to David Walser:
  	o CHECK_SUID_GROUP => CHECK_SGID
* Sat Aug 31 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.34.3-1mdk
  - fixed server symlink creation
  - corrected spelling errors thx to David Relson
* Wed Aug 28 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.34.2-1mdk
  - fixed /boot as suggested by Guillaume Rousse.
* Wed Aug 28 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.34.1-1mdk
  - corrected permissions for /boot/kernel.h*
  - corrected syntax error in cron (David Relson)
* Mon Aug 26 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.34-1mdk
  - let hosts.{allow,deny} be readable by everyone (to allow all the
    daemons to access them).
  - doc/security.txt: documented daily mailing of security checks
  - allow_reboot: used section X-:0-Core instead of X-:*-Greeter for
    kdmrc.
  - password_history: create /etc/security/opasswd if it doesn't exist.
* Tue Aug 20 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.33-1mdk
  - reworked wording of mails
* Sat Aug 10 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.32-1mdk
  - do not change permissions/groups/owners of remote files/directories.
  - documented the command line options in the man page
  - added password_history function (level 5)
  - password_length uses system-auth pam file instead of passwd pam file
    (added Conflicts with the old passwd package)
  - allow_remote_root_login handles the without_password argument (level 4)
* Thu Aug 01 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.31.1-1mdk
  - handle again level.local
* Wed Jul 31 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.31-1mdk
  - added level.* for draksec
  - add needed groups in %pre
* Tue Jul 30 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.30.2-1mdk
  - fixed allow_root_login
* Mon Jul 29 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.30.1-1mdk
  - corrected a bug when the variable doesn't exist before setting it.
* Sun Jul 28 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.30-1mdk
  - integrated fixes and requests from David Harris.
  - documentation fixes.
  - don't lower the security when called without argument (by the hourly cron for example).
  - splitted functions that worked at multiple levels:
    * splitted accept_broadcasted_icmp_echo from from accept_icmp_echo.
    * splitted enable_dns_spoofing_protection from enable_ip_spoofing_protection.
    * splitted allow_remote_root_login from allow_root_login.
    * splitted allow_xserver_to_listen from from allow_x_connections.
* Fri Jul 05 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.25-1mdk
  - insert the change at the end of the file if no match is found for
    PermitRootLogin and logindefs.
  - updated server.4 with MNF needs
* Fri Jun 28 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.24-1mdk
  - don't lower access rights when not changing security level
* Fri May 31 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.23-1mdk
  - check that only root can run msec
  - added more complete error messages
* Thu May 30 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.22-1mdk
  - corrected alias files loop (Jérôme UZEL).
  - added no_password_aging_for function to mseclib
  - server.4, server.5: added shorewall
* Wed Apr 17 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.21-1mdk
  - applied patch from John Ehresman to exec the config file in the
    context of mseclib.
* Thu Mar 28 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.20-2mdk
  - allow_reboot: only touch the shutdown, poweroff, reboot and halt
    files if they don't exist (reported by Jason Baker).
* Tue Mar 26 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.20-1mdk
  - Maximum password aging can be -1 (David Relson)
  - allow to pass ignore in function calls in
    /etc/security/msec/level.local to ask msec to do nothing with this
    feature.
* Sat Mar 09 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.19-8mdk
  - /var/log/lp-errs must always be 600
* Sat Mar 09 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.19-7mdk
  - fix permissions of /var/log/lp-errs for LPRng (Till)
  - add yes and no as good values for mseclib
  - some doc updates
* Wed Mar 06 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.19-6mdk
  - protect scripts from beeing run twice
* Fri Mar 01 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.19-5mdk
  - use 127.0.0.1 instead of localhost in hosts.deny
  - msec.csh: "unhash" workaround for /usr/bin non-readable (msec 5)
    applied after modifying PATH (eurk!)
* Tue Feb 26 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.19-4mdk
  - separate config files and other files in the rpmv check (idea of
    Michael Reinsch)
  - don't restart network on sysctl.conf change
  - doc/security.txt: resync with code.
* Sat Feb 23 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.19-3mdk
  - security_check.sh: check uid and not gid ! (change of meaning of the
    -g option of ls).
  - perm.*: do not manage lilo.conf.
  - corrected missing security.conf migration from /etc/security/msec/
    to /var/lib/msec.
  - don't handle libsafe (let the package do it's job)
* Thu Feb 21 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.19-2mdk
  - implement no password in level 0
  - X listens to tcp connections in level 3
* Wed Feb 20 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.19-1mdk
  - corrected msec.sh and msec.csh problems.
  - security.conf is now read from /var/lib/msec and can be overridden
    from /etc/security/msec/security.conf.
  - enhanced mseclib man page.
  - perm files are now in /usr/share/msec but the custom file stays in
    /etc/security/msec/perm.local.
* Sat Feb 16 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.18-6mdk
  - promisc_check.sh: use complete path to the ip command
  - correct upgrade when secure level isn't set
  - enable_console_log support an arg to specify what to log
* Thu Feb 14 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.18-5mdk
  - perm.5: /etc/sendmail.cf 640 for sendmail to work.
  - set umask and . in path according to the secure level
  - use the ip command to detect promiscuous mode with 2.4 kernel
* Wed Feb 06 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.18-4mdk
  - password aging also enable delay to change
  - correct gdm.conf modifications
* Tue Feb 05 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.18-3mdk
  - in level > 2 X server doesn't listen on tcp connection.
  - in level > 3 /etc/hosts.{allow,deny,equiv} readable by daemon group.
  - don't report /tmp and /var/tmp as bogus world writable directories.
  - security_check.sh: added .ssh/id_dsa .ssh/id_rsa to the list of files to check.
  - corrected /etc/issue* moving.
  - permissions settings part processes options like the rules part.
  - add a man page for the mseclib python library.
* Tue Jan 29 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.18-2mdk
  - do the daily cron through /etc/cron.daily to avoid heavy loads
  - clean crontabs when removing the package (Dadou)
  - 644 for /etc/rc.d/init.d/mandrake_consmap (Andrej)
  - fix sendmail perms (Florin)
  - symlink /etc/security/msec/server.<level> to
    /etc/security/msec/server for secure levels > 3 (used by chkconfig).
  - password aging for the root account too.
* Sun Jan 27 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.18-1mdk
  - corrected upgrade from 0.16 and older versions
  - allow customization of level through /etc/security/msec/level.local
* Wed Jan 23 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.17-15mdk
  - change Requires: from perl to perl-base.
  - perm.*: corrected errors reported by Pierre Fortin's script.
* Tue Jan 22 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.17-14mdk
  - perm.*: make mandrake_consmap 755 because it needs to be readable by everyone
* Mon Jan 21 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.17-13mdk
  - diff_check.sh: mail even if the report is empty to show that the
    check was fine.
  - the string "current" signifies to not change the permissions.
  - perm.*: corrected mandrake_consmap permissions and ping path/permissions.
  - /home is 711 in level 3.
* Fri Jan 18 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.17-12mdk
  - report cron log to tty only on root ttys.
  - better layout of rpm modified files report.
* Thu Jan 10 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.17-11mdk
  - added hostname to the subject of the mail report for better
    information when you receive multiple reports
  - really added rpm-va check to the mail report
  - fix handling of the owner/group of subdirectories of /var/log in a
    generic manner.
  - oops put back periodic filesystems check
* Tue Jan 08 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.17-10mdk
  - corrected first invocation.
* Mon Jan 07 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.17-9mdk
  - oops: corrected broken security.sh script
* Sat Jan 05 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.17-8mdk
  - TMOUT is now a read only variable
  - allow/forbid reboot/shutdown by [kg]dm
* Fri Jan 04 2002 Frederic Lepied <flepied@mandrakesoft.com> 0.17-7mdk
  - rpm -qa check now logs install time too
  - corrected the way we install the byte compiled python files to avoid
    false rpm -V warnings.
  - added a CHANGES file to document what has changed between 0.16 and 0.17
  - send complete rpm -va check to the main mail
  - perm.*: added handling of /etc/rc.d/init.d/*
  - changed the way /etc/security/msec/perm.local is used to avoid flip/flap changes
  - reworked output in diff rpm check to be more coherent
* Sun Dec 30 2001 Frederic Lepied <flepied@mandrakesoft.com> 0.17-6mdk
  - added doc of the features of the msec utility
  - corrected enable_at_crontab
  
  - password_aging only takes care of /etc/shadow users and avoid the
    users with a deactivated password.
* Sat Dec 29 2001 Frederic Lepied <flepied@mandrakesoft.com> 0.17-5mdk
  - added rpm database checks
  - added check of accounts with the 0 id that aren't root.
* Fri Dec 28 2001 Frederic Lepied <flepied@mandrakesoft.com> 0.17-4mdk
  - disable root login in xdm,kdm,gdm the same way as in Bastille (via pam).
  - manage password aging.
  - manage crontab and at authorization.
* Fri Dec 28 2001 Frederic Lepied <flepied@mandrakesoft.com> 0.17-3mdk
  - avoid changing permissions twice in the same run (to avoid unneeded logging).
  - when run in non-interactive mode, the output goes to the auth facility.
* Sat Dec 15 2001 Frederic Lepied <flepied@mandrakesoft.com> 0.17-2mdk
  - fixed sysctl.conf handling
* Fri Dec 14 2001 Frederic Lepied <flepied@mandrakesoft.com> 0.17-1mdk
  - rewritten file modifications part in python
* Thu Dec 06 2001 Florin <florin@mandrakesoft.com> 0.16-4mdk
  - oups, use %{_sysconfdir}/sysconfig/%{name} instead of %{_sysconfdir}/%{name}
  - fix the msec.csh file (thks again to Konrad Bernlohr)
* Fri Nov 30 2001 Florin <florin@mandrakesoft.com> 0.16-3mdk
  - remove the redundance related to umask and /etc/bashrc
  - add the %{_sysconfdir}/%{name} file
  - allow the ssh connexions in the snf security level
  - sort of update the ChangeLog
  - updated msec.csh to read %{_sysconfdir}/%{name} with sed black magic (Fred)
  - added console timeout support (Fred)
  - added command history disabling (Fred)
  - added sysctl settings (Fred)
  - changed perms of rpm progs in high security levels to prevent
    exposing what is installed (and access to /usr/share/doc too). (Fred)
  - spoof protection for name resoluton (Fred)
  - remove /etc/issue and /etc/issue.net according to level (Fred)
* Fri Nov 09 2001 Florin <florin@mandrakesoft.com> 0.16-2mdk
  - oups forgot to create the needed links in post:
  - create the /etc/security/msec/server
  - the /usr/share/msec/current-level.sh and
  - /etc/security/msec/current.perm files
* Fri Nov 09 2001 Florin <florin@mandrakesoft.com> 0.16-1mdk
  - 0.16
  - add requires on chkconfig >= 1.2.24-3mdk
  - add the new link /etc/security/msec/server 
  - fix permissions for monitoring in snf level
  - deny root ssh access in snf level
* Thu Nov 08 2001 Florin <florin@mandrakesoft.com> 0.15-31mdk
  - bring back the squid.squid permissions
  - add some permissions for the naat servers
  - add some authorized servers for naat-snf, cooker version
  - add the snf security level
  - make rpmlint happy with the distribution name
  - add Url tag
* Thu Oct 04 2001 Florin <florin@mandrakesoft.com> 0.15-30mdk
  - more things from /etc/profile to /etc/profile.d/msec.{sh|csh}
  - update the doc path in the man pages
  - add the msec*sh sources
  - libsafe.so.2 in levels 4/5
* Fri Sep 21 2001 Florin <florin@mandrakesoft.com> 0.15-29mdk
  - fix the /etc/profile.d/msec.{sh|csh} entries
  - get rid of /etc/profile entries
* Fri Sep 21 2001 Florin <florin@mandrakesoft.com> 0.15-28mdk
  - authorize the usb service in the 4/5 levels of security
* Thu Sep 20 2001 Yoann Vandoorselaere <yoann@mandrakesoft.com> 0.15-27mdk
  - Require /bin/touch.
* Thu Sep 20 2001 Yoann Vandoorselaere <yoann@mandrakesoft.com> 0.15-26mdk
  - Output in /etc/profile.d/msec.sh as only .sh extenssion files are read.
  - Keep the output of the SECURE_LEVEL in /etc/profile and /etc/zprofile.
* Thu Sep 20 2001 florin <florin@mandrakesoft.com> 0.15-25mdk
  - RootSshLogin in levels 4/5
  - squidGuard entries
* Thu Sep 20 2001 Yoann Vandoorselaere <yoann@mandrakesoft.com> 0.15-24mdk
  - Fix manpages installation.
  - Fix logrotate config installation.
  - Fix issue with SECURE_LEVEL not updated if not exiting the console
    (this is a workaround for problems in several terminal programs).
* Tue Sep 18 2001 Daouda LO <daouda@mandrakesoft.com> 0.15-23mdk
  - Resync with cvs (yoann sucks)
  - real fix for kdm is in lib.sh (msec sux)
* Sat Sep 15 2001 Florin <florin@mandrakesoft.com> 0.15-21mdk
  - conf/perm.*: /var/log/squid must be owned by nobody.nobody.
  - add the %post section for the ghost file
* Tue Sep 04 2001 Yoann Vandoorselaere <yoann@mandrakesoft.com> 0.15-20mdk
  - logrotate entry in %install, not %post
* Tue Sep 04 2001 Yoann Vandoorselaere <yoann@mandrakesoft.com> 0.15-19mdk
  - add logrotate entry
* Fri Aug 10 2001 Frederic Lepied <flepied@mandrakesoft.com> 0.15-18mdk
  - added vc/[1-6] to securetty (devfs)
  - merged back in cvs
* Tue Jul 10 2001 Frederic Crozat <fcrozat@mandrakesoft.com> 0.15-17mdk
  - Patch 0: add suppport for usermode halt/reboot
* Fri May 11 2001 Stew Benedict <sbendict@mandrakesoft.com> 0.15-16mdk
  - Check for drakx install environment before running "telinit u" - PPC hang
* Wed May 02 2001 David BAUDENS <baudens@mandrakesoft.com> 0.15-15mdk
  - Use %_tmppath for BuildRoot
* Wed Oct 11 2000 Yoann Vandoorselaere  <yoann@mandrakesoft.com> 0.15-14mdk
  - call telinit after modifying inittab
* Wed Oct 11 2000 Yoann Vandoorselaere  <yoann@mandrakesoft.com> 0.15-13mdk
  - Applied Warly patch to fix user list problem under kdm.
  - User list option for gdm too.
* Wed Oct 11 2000 Warly <warly@mandrakesoft.com> 0.15-12mdk
  - change the UserList method to not append at the end of kdmrc (in the wrong section)
* Tue Oct 10 2000 Pixel <pixel@mandrakesoft.com> 0.15-11mdk
  - remove the fix for #760 (it needs real fixing!)
* Tue Oct 10 2000 Yoann Vandoorselaere  <yoann@mandrakesoft.com> 0.15-10mdk
  - conf/server.[45]: add pcmcia
* Tue Oct 10 2000 Yoann Vandoorselaere  <yoann@mandrakesoft.com> 0.15-9mdk
  - fix for #760 (kdm should not display the list of users for high security
    levels)
* Tue Oct 10 2000 Yoann Vandoorselaere  <yoann@mandrakesoft.com> 0.15-8mdk
  - fix a typo in conf/perm.0
* Thu Oct 05 2000 Yoann Vandoorselaere  <yoann@mandrakesoft.com> 0.15-7mdk
  - Autologin allowed in level 0, 1, 2.... I'm against this... but...
* Thu Oct 05 2000 Yoann Vandoorselaere  <yoann@mandrakesoft.com> 0.15-6mdk
  - fix some entry in perm.*
  - Autologin will only work in level 0
* Wed Oct 04 2000 Yoann Vandoorselaere  <yoann@mandrakesoft.com> 0.15-5mdk
  * init-sh/*.sh : instead of modifying Xsession,
      create the /etc/X11/xinit.d/msec file which can contain eventual
      rules appended by msec.
* Tue Oct 03 2000 Yoann Vandoorselaere <yoann@mandrakesoft.com> 0.15-4mdk
  - some fix.
* Tue Oct 03 2000 Yoann Vandoorselaere <yoann@mandrakesoft.com> 0.15-3mdk
  - init-sh/*.sh : modify /etc/X11/Xsession, not /etc/X11/xdm/Xsession
                   nor /etc/X11/xinit/xinitrc anymore, as they all load
                   /etc/X11/Xsession.
* Sat Sep 02 2000 Yoann Vandoorselaere <yoann@mandrakesoft.com> 0.15-2mdk
  - install manually
  - use %{_mandir} macros
  - use %config(noreplace) for /etc/msec and for logfile
* Wed Jul 19 2000 Yoann Vandoorselaere <yoann@mandrakesoft.com> 0.15-1mdk
  - cron-sh/security_check.sh : use -L in ls, 
    to dereference symbolic link  Chris Green <cmg@dok.org>
  - conf/perm.*: /var/log/squid must be owned by squid.squid.
  - cron-sh/security.sh: 
  - init-sh/custom.sh: added patch from AG <darkimage@bigfoot.com>,
    if no user to mail security report to is availlable, send to root.
* Thu May 18 2000 Yoann Vandoorselaere <yoann@mandrakesoft.com> 0.14-6mdk
  - Handle new libsafe path.
* Thu May 18 2000 Yoann Vandoorselaere <yoann@mandrakesoft.com> 0.14-5mdk
  - corrected a wrong path.
* Thu May 04 2000 Yoann Vandoorselaere <yoann@mandrakesoft.com> 0.14-4mdk
  - LoaderUpdate() make a difference between an empty
    variable, and a non existing one.
* Wed Apr 26 2000 Yoann Vandoorselaere <yoann@mandrakesoft.com> 0.14-3mdk
  - Fix a bug with comment removed pointed out by Konrad Bernloehr.
* Tue Apr 25 2000 Pixel <pixel@mandrakesoft.com> 0.14-2mdk
  - conf/perm.[0-4]: fix ugly disgusting fucking bloody buggy bug!
  (remove bloody /usr/{bin,sbin}/* entries)
* Thu Apr 20 2000 Yoann Vandoorselaere <yoann@mandrakesoft.com> 0.14-1mdk
  - Bug fix.
  - Support Grub as well as Lilo.
* Wed Apr 19 2000 Yoann Vandoorselaere <yoann@mandrakesoft.com> 0.12-5mdk
  - cron job at 4:00am, msec_find fix.
* Tue Apr 18 2000 Yoann Vandoorselaere <yoann@mandrakesoft.com> 0.12-4mdk
  - perm.5 : -e s'/ntool/ntools/' -e s'/ctool/ctools/'
  - updated documentation.
  - file_perm.sh : bug fix + output to /dev/null.
  - include /var/tmp in perm.[0-5].
  - Patch to msec_find from Thomas Poindessous.
* Sat Apr 15 2000 Yoann Vandoorselaere <yoann@mandrakesoft.com> 0.12-1mdk
  - Modify zprofile.
  - use libsafe-1.3
* Fri Mar 17 2000 Yoann Vandoorselaere <yoann@mandrakesoft.com>
  - security.sh : export *_TODAY variable to be used by msec_find.
  - find.c      : removed a debuging printf.
* Fri Mar 10 2000 Yoann Vandoorselaere <yoann@mandrakesoft.com> 0.10-1mdk
  - custom.sh : added a patch from Havard Bell.
  - custom.sh : check if libsafe is installed before asking if the user want to use it.
  - Heavily modified msec_find.
  - Added msec_find utility, written by Thierry Vignaud which will avoid us to
    find / 5 times :)
  - Added support for libsafe stack overflow protection in level 4 / 5 /
    custom
  - trap the sigint signal.
  - use %config for config file ( thanks to Frederic Lepied ).
  - use /etc/security/msec for config file only.
  - Renamed init.sh to msec, and install it in /usr/sbin.
  - The other shell scripts are located in /usr/share/msec
  - Included patch from Stefan Siegel.
* Wed Jan 19 2000 Yoann Vandoorselaere <yoann@mandrakesoft.com>
  - custom.sh : fix a nasty typo.
* Fri Jan 07 2000 Yoann Vandoorselaere <yoann@mandrakesoft.com>
  - security.sh : find are niced to (+19)
  - Camille updated the documentation.
  - Removed the "spawn a shell on boot" feature of level0 cause of a tty problem.
  - shutdown.allow is 600 in level 4/5; 644 else.
  - updated doc/security.txt
  - updated init-sh/custom.sh
  - level 0-3 -> ctrl-alt-del allowed for any local user.
  - level 4-5 -> ctrl-alt-del allowed for root.
* Thu Dec 30 1999 Yoann Vandoorselaere <yoann@mandrakesoft.com>
  - Removing grpuser manpage, because : 
    1 - grpuser is not to be used by any user, ( and should not have a manpage so ).
    2 - manpage is obsolete
* Wed Dec 29 1999 Chmouel Boudjnah <chmouel@mandrakesoft.com>
  - add man-pages from camille.
* Sat Dec 25 1999 Yoann Vandoorselaere <yoann@mandrakesoft.com>
  - Use the mail user variable.
  - level[35]: also do a mail report.
  - moved Syslog(), Ttylog(), Maillog() to security.sh
  - security_check.sh & diff_check.sh now sourced from security.sh
  - Typo / bug fix
  - init-sh/perm[15]: files should be constant in their content.
    all entry should be in each perm file
* Wed Dec 22 1999 Pixel <pixel@mandrakesoft.com>
  - init-sh/lib.sh (LiloUpdate): replace the -z ${LILO_PASSWORD} by
  ${LILO_PASSWORD+set} != set 
  - init-sh/lib.sh (LiloUpdate): replace the call to AddRules to
  AddBegRules (password= must in the beginning of lilo.conf)
  - init-sh/lib.sh (AddBegRules): 1 \n instead of 2
* Tue Dec 21 1999 Yoann Vandoorselaere <yoann@mandrakesoft.com>
  - Use grpconv after modifying /etc/group.
  - Add a message for level 5 saying that user who want X access
    should be in the xgrp group.
* Tue Dec 21 1999 Yoann Vandoorselaere <yoann@mandrakesoft.com>
  - fixed a typo / variable pb.
* Tue Dec 21 1999 Yoann Vandoorselaere <yoann@mandrakesoft.com>
  - init-sh/perm.[05]: Oops, /var/spool/mail is 771 not 755.
  - init-sh/lib.sh: removed the failsafe for not a tty stdin (not efficient)
  - init-sh/lib.sh: rewrote the perl script (now a one-liner :)
  - Big cleanup.
  - All work properly now.
  - msec.spec: modify to take into account the Makefile modifying the .spec
  - Makefile (VERSION): make it the same as the .spec
* Sun Dec 19 1999 Pixel  <pixel@mandrakesoft.com>
  - init-sh/lib.sh: added failsafe for not a tty stdin
* Sun Dec 19 1999 Pixel <pixel@mandrakesoft.com>
  - no interactive questions if not a tty
* Fri Dec 17 1999 Yoann Vandoorselaere <yoann@mandrakesoft.com>
  - Don't use msec parsing routine to hack inittab
* Fri Dec 17 1999 Yoann Vandoorselaere <yoann@mandrakesoft.com>
  - Fixed the last AddBegRules() problem.
  - Indentation problem should be fixed.
  - All debug finished, changing secure.tmp to a mktemp
    allocated tmpfile for symlink security.
  - DRAKX_USER variable no longer needed.
  - grpuser.sh take only one opt ( --refresh ),
    take group name from /etc/security/msec/group.conf
    and add user from /etc/security/msec/user.conf if secure level > 2
  - level0.sh fixed inittab entry
  - fix a typo
  - As requested, direct shell access for level 0
  - Fixed a little problem with the DRAKX_USERS variable
  - removed chattr +a because of the problem it can cause to
    other system automated system task.
* Tue Dec 14 1999 Yoann Vandoorselaere <yoann@mandrakesoft.com>
  - diff_check.sh : fix a typo.
* Sat Dec 11 1999 Yoann Vandoorselaere <yoann@mandrakesoft.com>
  - custom.sh : Fix a typo & forgot to export path & secure level
* Fri Dec 10 1999 Yoann Vandoorselaere <yoann@mandrakesoft.com>
  - More bugfix.
  - Many bugfix, always trying to get a bugfree release :).
  - Renamed some variable, added consistencie.
  - security_cjheck.sh: print header at begining of the log.
  - diff_check.sh: typo.
* Thu Dec 09 1999 Yoann Vandoorselaere <yoann@mandrakesoft.com>
  - security_check.sh: remove /tmp stuff.
  - security_check.sh: typo
  - level[1-3].sh: Changed crontab call to file_check.sh
    from every hour to every midnight ( bug reported by axalon ).
  - diff_check.sh: clean up.
  - moved file_check.sh to diff_check.sh and changed
    what is related to cron call in level[15].sh
  - Added missing configurations question in level custom.
  - bug fix.
* Thu Dec 09 1999 Chmouel Boudjnah <chmouel@mandrakesoft.com>
  - Various (Makefile|specfiles) clean-up.
  - insert doc.
* Tue Dec 07 1999 Yoann Vandoorselaere <yoann@mandrakesoft.com>
  - Released 0.5
  - Divided security check into 2 files :
    security_check.sh & file_check.sh, 
    the first do normal security check, the other watch at anormal change
    on the system...
  - Bug fix again & again
  - Updated perm files & fix a security problem ( thanks Axalon ).
* Thu Dec 02 1999 Yoann Vandoorselaere <yoann@mandrakesoft.com>
  - DrakX compatibility.
* Thu Dec 02 1999 Yoann Vandoorselaere <yoann@mandrakesoft.com>
  - Add & delete of userlist from audio group ( level 1 & 2 ).
  - Minor fix
* Thu Dec 02 1999 Yoann Vandoorselaere <yoann@mandrakesoft.com>
  - We now preserve config file implementation.
  - Minor fix to lib.sh
  - export profile variable...
* Wed Dec 01 1999 Yoann Vandoorselaere <yoann@mandrakesoft.com>
  - Many cron security check added.
  - Print more infos.
* Tue Nov 30 1999 Yoann Vandoorselaere <yoann@mandrakesoft.com>
  - Released 0.4 :
  - Now have a custom mode, just answer the question.
  - Msec print what it does.
  - Bug fix in LiloUpdate().
* Tue Nov 30 1999 Yoann Vandoorselaere <yoann@mandrakesoft.com>
  - Fixed a few bugs in msec.
* Sat Nov 27 1999 Yoann Vandoorselaere <yoann@mandrakesoft.com>
  - grpuser was not installed.
* Sat Nov 27 1999 Yoann Vandoorselaere <yoann@mandrakesoft.com>
  - Fix a bug in level3.sh
  - level[12].sh Removed some unused code
* Fri Nov 26 1999 Yoann Vandoorselaere <yoann@mandrakesoft.com>
  - Call chkconfig with the new --msec option.
* Fri Nov 26 1999 Yoann Vandoorselaere <yoann@mandrakesoft.com>
  - Cleaned up tree.
* Fri Nov 26 1999 Yoann Vandoorselaere <yoann@mandrakesoft.com>
  - Removed touched file /-i
* Fri Nov 26 1999 Yoann Vandoorselaere <yoann@mandrakesoft.com>
  - Create rc.firewall to avoid error,
  - Call grpuser with the good path,
  - Call groupadd before usermod.
* Wed Nov 24 1999 Yoann Vandoorselaere <yoann@mandrakesoft.com>
  - New release (0.3) :
    Now each security level has it's own set of permissions.
    Add "." at the end of $PATH for level 1.
    Corrected some grave bug, it should work properly now.
* Fri Nov 19 1999 Yoann Vandoorselaere <yoann@mandrakesoft.com>
  - New release (0.2) :
    Fixed the path for promisc_check.sh :
    now /etc/security/msec/cron-sh/promisc_check.sh
    In level 1 & 2, user is now automagically added to the audio group.
* Wed Nov 17 1999 Yoann Vandoorselaere <yoann@mandrakesoft.com>
  - First packaging attempt :-).

Files

/etc/logrotate.d/msec
/etc/profile.d/msec.csh
/etc/profile.d/msec.sh
/etc/security/msec
/etc/security/msec/server.4
/etc/security/msec/server.5
/etc/sysconfig/msec
/usr/bin/msec_find
/usr/bin/promisc_check
/usr/sbin/msec
/usr/share/doc/msec-0.49.1
/usr/share/doc/msec-0.49.1/AUTHORS
/usr/share/doc/msec-0.49.1/CHANGES
/usr/share/doc/msec-0.49.1/COPYING
/usr/share/doc/msec-0.49.1/ChangeLog
/usr/share/doc/msec-0.49.1/README
/usr/share/doc/msec-0.49.1/security.txt
/usr/share/man/cs/man8/msec.8.bz2
/usr/share/man/et/man8/msec.8.bz2
/usr/share/man/eu/man8/msec.8.bz2
/usr/share/man/fi/man8/msec.8.bz2
/usr/share/man/fr/man8/msec.8.bz2
/usr/share/man/it/man8/msec.8.bz2
/usr/share/man/man3/mseclib.3.bz2
/usr/share/man/man8/msec.8.bz2
/usr/share/man/nl/man8/msec.8.bz2
/usr/share/man/pl/man8/msec.8.bz2
/usr/share/man/ru/man8/msec.8.bz2
/usr/share/man/uk/man8/msec.8.bz2
/usr/share/msec
/usr/share/msec/Config.py
/usr/share/msec/Config.pyo
/usr/share/msec/ConfigFile.py
/usr/share/msec/ConfigFile.pyo
/usr/share/msec/Log.py
/usr/share/msec/Log.pyo
/usr/share/msec/Perms.py
/usr/share/msec/Perms.pyo
/usr/share/msec/cleanold.sh
/usr/share/msec/compile.py
/usr/share/msec/compile.pyo
/usr/share/msec/diff_check.sh
/usr/share/msec/draksec_help.py
/usr/share/msec/draksec_help.pyo
/usr/share/msec/level.0
/usr/share/msec/level.1
/usr/share/msec/level.2
/usr/share/msec/level.3
/usr/share/msec/level.4
/usr/share/msec/level.5
/usr/share/msec/libmsec.py
/usr/share/msec/libmsec.pyo
/usr/share/msec/man.py
/usr/share/msec/man.pyo
/usr/share/msec/msec.py
/usr/share/msec/mseclib.py
/usr/share/msec/mseclib.pyo
/usr/share/msec/perm.0
/usr/share/msec/perm.1
/usr/share/msec/perm.2
/usr/share/msec/perm.3
/usr/share/msec/perm.4
/usr/share/msec/perm.5
/usr/share/msec/promisc_check.sh
/usr/share/msec/security.sh
/usr/share/msec/security_check.sh
/usr/share/msec/shadow.py
/usr/share/msec/shadow.pyo
/var/lib/msec
/var/log/security
/var/log/security.log


Generated by rpm2html 1.8.1

Fabrice Bellet, Mon Nov 10 11:21:37 2014