SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for msec-0.49.1-0.1.20060mdk.i586.rpm :
Fri Dec 23 03:00:00 2005 Vincent Danen 0.49.1-0.1.20060mdk
- build for updates

Sat Nov 19 03:00:00 2005 Frederic Lepied 0.49.1-1mdk
- fix bug #17921

Tue Nov 15 03:00:00 2005 Frederic Lepied 0.49-1mdk
- scripts in /etc/profile.d no more config files
- fix bug #19206 by really generating /var/lib/msec/security.conf

Tue Sep 20 04:00:00 2005 Frederic Lepied 0.48-1mdk
- enable_pam_root_from_wheel: fixed too laxist config in level 2 (bug #18403).

Sat Sep 10 04:00:00 2005 Frederic Lepied 0.47.5-1mdk
- remove debugging output

Fri Sep 9 04:00:00 2005 Frederic Lepied 0.47.4-1mdk
- fixed security.conf path (bug #18271).
- security.sh fix parsing of rpm -Va (bug #18326 , Michael Reinsch).
- security.sh: don\'t check sysfs and usbfs file system (bug #14359).
- make msec.sh bourne shell compatible.
- allow_xserver_to_listen: adapt to new way of specifying X server
arguments for kdm (bug #15759).

Fri Sep 2 04:00:00 2005 Frederic Lepied 0.47.3-1mdk
- make /etc/rc.d/init.d/functions always readable (bug #18080)

Thu Aug 18 04:00:00 2005 Frederic Lepied 0.47.2-1mdk
- another fix for bug #17477

Wed Aug 17 04:00:00 2005 Frederic Lepied 0.47.1-1mdk
- really fix bug #17477

Sat Aug 13 04:00:00 2005 Frederic Lepied 0.47-1mdk
- security_check.sh: fix user or homedir with spaces in
(bug #16237).
- perm.
*: o /etc/rc.d/init.d/xprint exception
o manage apache files (Guillaume Rousse) (bug #12183)
- allow_user_list: fixed kdmrc settings.
- support new inittab syntax for single user mode.
- fix parsing of new chage output (bug #17477).
- Perms.py: more robust parsing
- fixed wrong kdmrc values (bug #16268).
- follow new Single user need in inittab.

Sat Jun 18 04:00:00 2005 Frederic Lepied 0.46-1mdk
- Mandriva
- new function enable_pam_root_from_wheel to allow transparent root
access for the wheel group members.

Tue Mar 22 03:00:00 2005 Frederic Lepied 0.45.1-1mdk
- allow to use the variable CHKROOTKIT_OPTION as an argument to
chkrootkit (Michael, bug #12687).
- fixed documentation of the use of the current keyword (bug #12866).
- fixed password_history.

Tue Feb 22 03:00:00 2005 Frederic Lepied 0.45-1mdk
- requires mailx (bug #13497).
- fixed the permissions of sendmail symlinks (bug #13515).
- allow to put an EXCLUDE_REGEXP variable in
/etc/security/msec/security.conf to be used in msec_find (bug #508).

Fri Oct 1 04:00:00 2004 Frederic Lepied 0.44.2-1mdk
- fix allow_reboot

Sat Jul 31 04:00:00 2004 Frederic Lepied 0.44.1-1mdk
- fix directory creation code

Sat Jul 31 04:00:00 2004 Frederic Lepied 0.44-1mdk
- new function allow_xauth_from_root
- the perm.local config file is now forcing permissions even if it\'s lowering the security.
- install translated man pages
- Mandrakelinux/Mandrakesoft

Thu Jul 8 04:00:00 2004 Frederic Lepied 0.43-1mdk
- fixed again mailman permissions for mailman in level 3 (bug #9319)
- use getent to parse the passwd database (bug #9904)
- fix msec.csh (Pixel)
- more servers in level 4 (Florin)

Sat Apr 24 04:00:00 2004 Frederic Lepied 0.42.2-1mdk
- corrected mailman log permissions (Guillaume Rousse bug #9319)

Mon Mar 22 03:00:00 2004 Frederic Lepied 0.42.1-1mdk
- check files on / in the daily check (workaround strange ntfw bug #9121)

Sat Feb 28 03:00:00 2004 Frederic Lepied 0.42-1mdk
- fix mailman log perm (Guillaume Rousse) [bug #8158]
- allow to specify only group or user in perm files (Bill Shirley)
- allow the force keyword in perm files to be able to lower security (Bill Shirley)
- document perl files syntax in README

Sun Feb 15 03:00:00 2004 Frederic Lepied 0.41.1-1mdk
- allow % in file names [bug #6144] (Sven Hoexter)
- fixed system-auth growing line forever [bug #7853] (Michael Scherer)

Fri Feb 13 03:00:00 2004 Frederic Lepied 0.41-1mdk
- make it lib64 aware wrt pam files rewriting
- more csh-ish msec.csh (Pixel)
- msec.csh: only set SECURE_LEVEL whenever it already exists
locally
- conf/: perm.0, perm.1, perm.2, perm.3, perm.4, perm.5: fixed typo
rpp => rpm
- share/libmsec.py: allow_xserver_to_listen: corrected startx
modifications (Gavin Porter)
- cron-sh/security.sh: removed xfs from remote filesystems and
added hfs in foreign filesystems (Stefaan Simoens)
- conf/: perm.0, perm.1, perm.2, perm.3, perm.4, perm.5: handle
/var/lib/rpm/Packages
- AUTHORS, README, TODO: fix #6145 (list current maintainer instead
of old one) (Thierry)
- share/shadow.py: Added local_config to say that the calls are now
coming from the config file. Call force_val in indirect to store
that the arguments of the function need to be used even if the
security is lowered.
- share/libmsec.py: Rework same_level to be able to put the
priority on the config file. This is realized by inspecting the
stack trace and using a global associative array.
- man/cs/msec.8: updated Czech man page (Pablo)

Thu Sep 4 04:00:00 2003 Frederic Lepied 0.40-1mdk
- corrected strange permission settings in /var/log (bug #4854)
- allow set_shell_history_size(-1) in level.local (bug #4392)

Sat Aug 23 04:00:00 2003 Frederic Lepied 0.39-1mdk
- don\'t write True or False in sysctl.conf (bug #4629)
- don\'t use apply anymore (Olivier Blin) (bug #4632)
- better documentation for no_password_aging_for (bug #1629)
- support passing arg as a number in set_root_umask, set_user_umask (bug #3640)
- better support for symlinks

Fri Jul 25 04:00:00 2003 Thierry Vignaud 0.38-5mdk
- fix upgrade

Sat Jun 7 04:00:00 2003 Per �yvind Karlsen 0.38-4mdk
- use double %\'s in changelog

Sat Mar 8 03:00:00 2003 Frederic Lepied 0.38-3mdk
- report correct message in log (bug #748)

Mon Feb 3 03:00:00 2003 Thierry Vignaud 0.38-2mdk
- move security::help from msec to drakxtools so that it get
translated

Tue Jan 21 03:00:00 2003 Thierry Vignaud 0.38-1mdk
- generate help for draksec

Thu Nov 21 03:00:00 2002 Frederic Lepied 0.37-1mdk
- chage is l10n now so use LC_ALL=C before calling it

Fri Nov 8 03:00:00 2002 Thierry Vignaud 0.36-2mdk
- requires s/(sh-|text|file)utils/coreutils/

Wed Sep 18 04:00:00 2002 Frederic Lepied 0.36-1mdk
- allow_user_list handles Selected in X-
*-Greeter section of kdmrc
when not changing security level.
- allow_reboot handles Root in X-:
*-Core section of kdmrc when not
changing security level.

Mon Sep 9 04:00:00 2002 Frederic Lepied 0.35-1mdk
- when changing the aging expiry, change the date of last password
change to today to avoid having accounts already expired.

Sat Sep 7 04:00:00 2002 Frederic Lepied 0.34.5-2mdk
- fixed bad file name in find.c (David Relson)

Fri Sep 6 04:00:00 2002 Frederic Lepied 0.34.5-1mdk
- correct allow_user_list with the new place for kdm3

Fri Sep 6 04:00:00 2002 Frederic Lepied 0.34.4-2mdk
- removed debug message
- corrected credit in the changelog for sgid to David Walser

Wed Sep 4 04:00:00 2002 Frederic Lepied 0.34.4-1mdk
- more spelling errors fixes thx to David Walser:
o CHECK_SUID_GROUP => CHECK_SGID

Sat Aug 31 04:00:00 2002 Frederic Lepied 0.34.3-1mdk
- fixed server symlink creation
- corrected spelling errors thx to David Relson

Wed Aug 28 04:00:00 2002 Frederic Lepied 0.34.2-1mdk
- fixed /boot as suggested by Guillaume Rousse.

Wed Aug 28 04:00:00 2002 Frederic Lepied 0.34.1-1mdk
- corrected permissions for /boot/kernel.h
*
- corrected syntax error in cron (David Relson)

Mon Aug 26 04:00:00 2002 Frederic Lepied 0.34-1mdk
- let hosts.{allow,deny} be readable by everyone (to allow all the
daemons to access them).
- doc/security.txt: documented daily mailing of security checks
- allow_reboot: used section X-:0-Core instead of X-:
*-Greeter for
kdmrc.
- password_history: create /etc/security/opasswd if it doesn\'t exist.

Tue Aug 20 04:00:00 2002 Frederic Lepied 0.33-1mdk
- reworked wording of mails

Sat Aug 10 04:00:00 2002 Frederic Lepied 0.32-1mdk
- do not change permissions/groups/owners of remote files/directories.
- documented the command line options in the man page
- added password_history function (level 5)
- password_length uses system-auth pam file instead of passwd pam file
(added Conflicts with the old passwd package)
- allow_remote_root_login handles the without_password argument (level 4)

Thu Aug 1 04:00:00 2002 Frederic Lepied 0.31.1-1mdk
- handle again level.local

Wed Jul 31 04:00:00 2002 Frederic Lepied 0.31-1mdk
- added level.
* for draksec
- add needed groups in %pre

Tue Jul 30 04:00:00 2002 Frederic Lepied 0.30.2-1mdk
- fixed allow_root_login

Mon Jul 29 04:00:00 2002 Frederic Lepied 0.30.1-1mdk
- corrected a bug when the variable doesn\'t exist before setting it.

Sun Jul 28 04:00:00 2002 Frederic Lepied 0.30-1mdk
- integrated fixes and requests from David Harris.
- documentation fixes.
- don\'t lower the security when called without argument (by the hourly cron for example).
- splitted functions that worked at multiple levels:

* splitted accept_broadcasted_icmp_echo from from accept_icmp_echo.

* splitted enable_dns_spoofing_protection from enable_ip_spoofing_protection.

* splitted allow_remote_root_login from allow_root_login.

* splitted allow_xserver_to_listen from from allow_x_connections.

Fri Jul 5 04:00:00 2002 Frederic Lepied 0.25-1mdk
- insert the change at the end of the file if no match is found for
PermitRootLogin and logindefs.
- updated server.4 with MNF needs

Fri Jun 28 04:00:00 2002 Frederic Lepied 0.24-1mdk
- don\'t lower access rights when not changing security level

Fri May 31 04:00:00 2002 Frederic Lepied 0.23-1mdk
- check that only root can run msec
- added more complete error messages

Thu May 30 04:00:00 2002 Frederic Lepied 0.22-1mdk
- corrected alias files loop (J�r�me UZEL).
- added no_password_aging_for function to mseclib
- server.4, server.5: added shorewall

Wed Apr 17 04:00:00 2002 Frederic Lepied 0.21-1mdk
- applied patch from John Ehresman to exec the config file in the
context of mseclib.

Thu Mar 28 03:00:00 2002 Frederic Lepied 0.20-2mdk
- allow_reboot: only touch the shutdown, poweroff, reboot and halt
files if they don\'t exist (reported by Jason Baker).

Tue Mar 26 03:00:00 2002 Frederic Lepied 0.20-1mdk
- Maximum password aging can be -1 (David Relson)
- allow to pass ignore in function calls in
/etc/security/msec/level.local to ask msec to do nothing with this
feature.

Sat Mar 9 03:00:00 2002 Frederic Lepied 0.19-8mdk
- /var/log/lp-errs must always be 600

Sat Mar 9 03:00:00 2002 Frederic Lepied 0.19-7mdk
- fix permissions of /var/log/lp-errs for LPRng (Till)
- add yes and no as good values for mseclib
- some doc updates

Wed Mar 6 03:00:00 2002 Frederic Lepied 0.19-6mdk
- protect scripts from beeing run twice

Fri Mar 1 03:00:00 2002 Frederic Lepied 0.19-5mdk
- use 127.0.0.1 instead of localhost in hosts.deny
- msec.csh: \"unhash\" workaround for /usr/bin non-readable (msec 5)
applied after modifying PATH (eurk!)

Tue Feb 26 03:00:00 2002 Frederic Lepied 0.19-4mdk
- separate config files and other files in the rpmv check (idea of
Michael Reinsch)
- don\'t restart network on sysctl.conf change
- doc/security.txt: resync with code.

Sat Feb 23 03:00:00 2002 Frederic Lepied 0.19-3mdk
- security_check.sh: check uid and not gid ! (change of meaning of the
-g option of ls).
- perm.
*: do not manage lilo.conf.
- corrected missing security.conf migration from /etc/security/msec/
to /var/lib/msec.
- don\'t handle libsafe (let the package do it\'s job)

Thu Feb 21 03:00:00 2002 Frederic Lepied 0.19-2mdk
- implement no password in level 0
- X listens to tcp connections in level 3

Wed Feb 20 03:00:00 2002 Frederic Lepied 0.19-1mdk
- corrected msec.sh and msec.csh problems.
- security.conf is now read from /var/lib/msec and can be overridden
from /etc/security/msec/security.conf.
- enhanced mseclib man page.
- perm files are now in /usr/share/msec but the custom file stays in
/etc/security/msec/perm.local.

Sat Feb 16 03:00:00 2002 Frederic Lepied 0.18-6mdk
- promisc_check.sh: use complete path to the ip command
- correct upgrade when secure level isn\'t set
- enable_console_log support an arg to specify what to log

Thu Feb 14 03:00:00 2002 Frederic Lepied 0.18-5mdk
- perm.5: /etc/sendmail.cf 640 for sendmail to work.
- set umask and . in path according to the secure level
- use the ip command to detect promiscuous mode with 2.4 kernel

Wed Feb 6 03:00:00 2002 Frederic Lepied 0.18-4mdk
- password aging also enable delay to change
- correct gdm.conf modifications

Tue Feb 5 03:00:00 2002 Frederic Lepied 0.18-3mdk
- in level > 2 X server doesn\'t listen on tcp connection.
- in level > 3 /etc/hosts.{allow,deny,equiv} readable by daemon group.
- don\'t report /tmp and /var/tmp as bogus world writable directories.
- security_check.sh: added .ssh/id_dsa .ssh/id_rsa to the list of files to check.
- corrected /etc/issue
* moving.
- permissions settings part processes options like the rules part.
- add a man page for the mseclib python library.

Tue Jan 29 03:00:00 2002 Frederic Lepied 0.18-2mdk
- do the daily cron through /etc/cron.daily to avoid heavy loads
- clean crontabs when removing the package (Dadou)
- 644 for /etc/rc.d/init.d/mandrake_consmap (Andrej)
- fix sendmail perms (Florin)
- symlink /etc/security/msec/server. to
/etc/security/msec/server for secure levels > 3 (used by chkconfig).
- password aging for the root account too.

Sun Jan 27 03:00:00 2002 Frederic Lepied 0.18-1mdk
- corrected upgrade from 0.16 and older versions
- allow customization of level through /etc/security/msec/level.local

Wed Jan 23 03:00:00 2002 Frederic Lepied 0.17-15mdk
- change Requires: from perl to perl-base.
- perm.
*: corrected errors reported by Pierre Fortin\'s script.

Tue Jan 22 03:00:00 2002 Frederic Lepied 0.17-14mdk
- perm.
*: make mandrake_consmap 755 because it needs to be readable by everyone

Mon Jan 21 03:00:00 2002 Frederic Lepied 0.17-13mdk
- diff_check.sh: mail even if the report is empty to show that the
check was fine.
- the string \"current\" signifies to not change the permissions.
- perm.
*: corrected mandrake_consmap permissions and ping path/permissions.
- /home is 711 in level 3.

Fri Jan 18 03:00:00 2002 Frederic Lepied 0.17-12mdk
- report cron log to tty only on root ttys.
- better layout of rpm modified files report.

Thu Jan 10 03:00:00 2002 Frederic Lepied 0.17-11mdk
- added hostname to the subject of the mail report for better
information when you receive multiple reports
- really added rpm-va check to the mail report
- fix handling of the owner/group of subdirectories of /var/log in a
generic manner.
- oops put back periodic filesystems check

Tue Jan 8 03:00:00 2002 Frederic Lepied 0.17-10mdk
- corrected first invocation.

Mon Jan 7 03:00:00 2002 Frederic Lepied 0.17-9mdk
- oops: corrected broken security.sh script

Sat Jan 5 03:00:00 2002 Frederic Lepied 0.17-8mdk
- TMOUT is now a read only variable
- allow/forbid reboot/shutdown by [kg]dm

Fri Jan 4 03:00:00 2002 Frederic Lepied 0.17-7mdk
- rpm -qa check now logs install time too
- corrected the way we install the byte compiled python files to avoid
false rpm -V warnings.
- added a CHANGES file to document what has changed between 0.16 and 0.17
- send complete rpm -va check to the main mail
- perm.
*: added handling of /etc/rc.d/init.d/
*
- changed the way /etc/security/msec/perm.local is used to avoid flip/flap changes
- reworked output in diff rpm check to be more coherent

Sun Dec 30 03:00:00 2001 Frederic Lepied 0.17-6mdk
- added doc of the features of the msec utility
- corrected enable_at_crontab

- password_aging only takes care of /etc/shadow users and avoid the
users with a deactivated password.

Sat Dec 29 03:00:00 2001 Frederic Lepied 0.17-5mdk
- added rpm database checks
- added check of accounts with the 0 id that aren\'t root.

Fri Dec 28 03:00:00 2001 Frederic Lepied 0.17-4mdk
- disable root login in xdm,kdm,gdm the same way as in Bastille (via pam).
- manage password aging.
- manage crontab and at authorization.

Fri Dec 28 03:00:00 2001 Frederic Lepied 0.17-3mdk
- avoid changing permissions twice in the same run (to avoid unneeded logging).
- when run in non-interactive mode, the output goes to the auth facility.

Sat Dec 15 03:00:00 2001 Frederic Lepied 0.17-2mdk
- fixed sysctl.conf handling

Fri Dec 14 03:00:00 2001 Frederic Lepied 0.17-1mdk
- rewritten file modifications part in python

Thu Dec 6 03:00:00 2001 Florin 0.16-4mdk
- oups, use %{_sysconfdir}/sysconfig/%{name} instead of %{_sysconfdir}/%{name}
- fix the msec.csh file (thks again to Konrad Bernlohr)

Fri Nov 30 03:00:00 2001 Florin 0.16-3mdk
- remove the redundance related to umask and /etc/bashrc
- add the %{_sysconfdir}/%{name} file
- allow the ssh connexions in the snf security level
- sort of update the ChangeLog
- updated msec.csh to read %{_sysconfdir}/%{name} with sed black magic (Fred)
- added console timeout support (Fred)
- added command history disabling (Fred)
- added sysctl settings (Fred)
- changed perms of rpm progs in high security levels to prevent
exposing what is installed (and access to /usr/share/doc too). (Fred)
- spoof protection for name resoluton (Fred)
- remove /etc/issue and /etc/issue.net according to level (Fred)

Fri Nov 9 03:00:00 2001 Florin 0.16-2mdk
- oups forgot to create the needed links in post:
- create the /etc/security/msec/server
- the /usr/share/msec/current-level.sh and
- /etc/security/msec/current.perm files

Fri Nov 9 03:00:00 2001 Florin 0.16-1mdk
- 0.16
- add requires on chkconfig >= 1.2.24-3mdk
- add the new link /etc/security/msec/server
- fix permissions for monitoring in snf level
- deny root ssh access in snf level

Thu Nov 8 03:00:00 2001 Florin 0.15-31mdk
- bring back the squid.squid permissions
- add some permissions for the naat servers
- add some authorized servers for naat-snf, cooker version
- add the snf security level
- make rpmlint happy with the distribution name
- add Url tag

Thu Oct 4 04:00:00 2001 Florin 0.15-30mdk
- more things from /etc/profile to /etc/profile.d/msec.{sh|csh}
- update the doc path in the man pages
- add the msec
*sh sources
- libsafe.so.2 in levels 4/5

Fri Sep 21 04:00:00 2001 Florin 0.15-29mdk
- fix the /etc/profile.d/msec.{sh|csh} entries
- get rid of /etc/profile entries

Fri Sep 21 04:00:00 2001 Florin 0.15-28mdk
- authorize the usb service in the 4/5 levels of security

Thu Sep 20 04:00:00 2001 Yoann Vandoorselaere 0.15-27mdk
- Require /bin/touch.

Thu Sep 20 04:00:00 2001 Yoann Vandoorselaere 0.15-26mdk
- Output in /etc/profile.d/msec.sh as only .sh extenssion files are read.
- Keep the output of the SECURE_LEVEL in /etc/profile and /etc/zprofile.

Thu Sep 20 04:00:00 2001 florin 0.15-25mdk
- RootSshLogin in levels 4/5
- squidGuard entries

Thu Sep 20 04:00:00 2001 Yoann Vandoorselaere 0.15-24mdk
- Fix manpages installation.
- Fix logrotate config installation.
- Fix issue with SECURE_LEVEL not updated if not exiting the console
(this is a workaround for problems in several terminal programs).

Tue Sep 18 04:00:00 2001 Daouda LO 0.15-23mdk
- Resync with cvs (yoann sucks)
- real fix for kdm is in lib.sh (msec sux)

Sat Sep 15 04:00:00 2001 Florin 0.15-21mdk
- conf/perm.
*: /var/log/squid must be owned by nobody.nobody.
- add the %post section for the ghost file

Tue Sep 4 04:00:00 2001 Yoann Vandoorselaere 0.15-20mdk
- logrotate entry in %install, not %post

Tue Sep 4 04:00:00 2001 Yoann Vandoorselaere 0.15-19mdk
- add logrotate entry

Fri Aug 10 04:00:00 2001 Frederic Lepied 0.15-18mdk
- added vc/[1-6] to securetty (devfs)
- merged back in cvs

Tue Jul 10 04:00:00 2001 Frederic Crozat 0.15-17mdk
- Patch 0: add suppport for usermode halt/reboot

Fri May 11 04:00:00 2001 Stew Benedict 0.15-16mdk
- Check for drakx install environment before running \"telinit u\" - PPC hang

Wed May 2 04:00:00 2001 David BAUDENS 0.15-15mdk
- Use %_tmppath for BuildRoot

Wed Oct 11 04:00:00 2000 Yoann Vandoorselaere 0.15-14mdk
- call telinit after modifying inittab

Wed Oct 11 04:00:00 2000 Yoann Vandoorselaere 0.15-13mdk
- Applied Warly patch to fix user list problem under kdm.
- User list option for gdm too.

Wed Oct 11 04:00:00 2000 Warly 0.15-12mdk
- change the UserList method to not append at the end of kdmrc (in the wrong section)

Tue Oct 10 04:00:00 2000 Pixel 0.15-11mdk
- remove the fix for #760 (it needs real fixing!)

Tue Oct 10 04:00:00 2000 Yoann Vandoorselaere 0.15-10mdk
- conf/server.[45]: add pcmcia

Tue Oct 10 04:00:00 2000 Yoann Vandoorselaere 0.15-9mdk
- fix for #760 (kdm should not display the list of users for high security
levels)

Tue Oct 10 04:00:00 2000 Yoann Vandoorselaere 0.15-8mdk
- fix a typo in conf/perm.0

Thu Oct 5 04:00:00 2000 Yoann Vandoorselaere 0.15-7mdk
- Autologin allowed in level 0, 1, 2.... I\'m against this... but...

Thu Oct 5 04:00:00 2000 Yoann Vandoorselaere 0.15-6mdk
- fix some entry in perm.
*
- Autologin will only work in level 0

Wed Oct 4 04:00:00 2000 Yoann Vandoorselaere 0.15-5mdk

* init-sh/
*.sh : instead of modifying Xsession,
create the /etc/X11/xinit.d/msec file which can contain eventual
rules appended by msec.

Tue Oct 3 04:00:00 2000 Yoann Vandoorselaere 0.15-4mdk
- some fix.

Tue Oct 3 04:00:00 2000 Yoann Vandoorselaere 0.15-3mdk
- init-sh/
*.sh : modify /etc/X11/Xsession, not /etc/X11/xdm/Xsession
nor /etc/X11/xinit/xinitrc anymore, as they all load
/etc/X11/Xsession.

Sat Sep 2 04:00:00 2000 Yoann Vandoorselaere 0.15-2mdk
- install manually
- use %{_mandir} macros
- use %config(noreplace) for /etc/msec and for logfile

Wed Jul 19 04:00:00 2000 Yoann Vandoorselaere 0.15-1mdk
- cron-sh/security_check.sh : use -L in ls,
to dereference symbolic link Chris Green
- conf/perm.
*: /var/log/squid must be owned by squid.squid.
- cron-sh/security.sh:
- init-sh/custom.sh: added patch from AG ,
if no user to mail security report to is availlable, send to root.

Thu May 18 04:00:00 2000 Yoann Vandoorselaere 0.14-6mdk
- Handle new libsafe path.

Thu May 18 04:00:00 2000 Yoann Vandoorselaere 0.14-5mdk
- corrected a wrong path.

Thu May 4 04:00:00 2000 Yoann Vandoorselaere 0.14-4mdk
- LoaderUpdate() make a difference between an empty
variable, and a non existing one.

Wed Apr 26 04:00:00 2000 Yoann Vandoorselaere 0.14-3mdk
- Fix a bug with comment removed pointed out by Konrad Bernloehr.

Tue Apr 25 04:00:00 2000 Pixel 0.14-2mdk
- conf/perm.[0-4]: fix ugly disgusting fucking bloody buggy bug!
(remove bloody /usr/{bin,sbin}/
* entries)

Thu Apr 20 04:00:00 2000 Yoann Vandoorselaere 0.14-1mdk
- Bug fix.
- Support Grub as well as Lilo.

Wed Apr 19 04:00:00 2000 Yoann Vandoorselaere 0.12-5mdk
- cron job at 4:00am, msec_find fix.

Tue Apr 18 04:00:00 2000 Yoann Vandoorselaere 0.12-4mdk
- perm.5 : -e s\'/ntool/ntools/\' -e s\'/ctool/ctools/\'
- updated documentation.
- file_perm.sh : bug fix + output to /dev/null.
- include /var/tmp in perm.[0-5].
- Patch to msec_find from Thomas Poindessous.

Sat Apr 15 04:00:00 2000 Yoann Vandoorselaere 0.12-1mdk
- Modify zprofile.
- use libsafe-1.3

Fri Mar 17 03:00:00 2000 Yoann Vandoorselaere
- security.sh : export
*_TODAY variable to be used by msec_find.
- find.c : removed a debuging printf.

Fri Mar 10 03:00:00 2000 Yoann Vandoorselaere 0.10-1mdk
- custom.sh : added a patch from Havard Bell.
- custom.sh : check if libsafe is installed before asking if the user want to use it.
- Heavily modified msec_find.
- Added msec_find utility, written by Thierry Vignaud which will avoid us to
find / 5 times :)
- Added support for libsafe stack overflow protection in level 4 / 5 /
custom
- trap the sigint signal.
- use %config for config file ( thanks to Frederic Lepied ).
- use /etc/security/msec for config file only.
- Renamed init.sh to msec, and install it in /usr/sbin.
- The other shell scripts are located in /usr/share/msec
- Included patch from Stefan Siegel.

Wed Jan 19 03:00:00 2000 Yoann Vandoorselaere
- custom.sh : fix a nasty typo.

Fri Jan 7 03:00:00 2000 Yoann Vandoorselaere
- security.sh : find are niced to (+19)
- Camille updated the documentation.
- Removed the \"spawn a shell on boot\" feature of level0 cause of a tty problem.
- shutdown.allow is 600 in level 4/5; 644 else.
- updated doc/security.txt
- updated init-sh/custom.sh
- level 0-3 -> ctrl-alt-del allowed for any local user.
- level 4-5 -> ctrl-alt-del allowed for root.

Thu Dec 30 03:00:00 1999 Yoann Vandoorselaere
- Removing grpuser manpage, because :
1 - grpuser is not to be used by any user, ( and should not have a manpage so ).
2 - manpage is obsolete

Wed Dec 29 03:00:00 1999 Chmouel Boudjnah
- add man-pages from camille.

Sat Dec 25 03:00:00 1999 Yoann Vandoorselaere
- Use the mail user variable.
- level[35]: also do a mail report.
- moved Syslog(), Ttylog(), Maillog() to security.sh
- security_check.sh & diff_check.sh now sourced from security.sh
- Typo / bug fix
- init-sh/perm[15]: files should be constant in their content.
all entry should be in each perm file

Wed Dec 22 03:00:00 1999 Pixel
- init-sh/lib.sh (LiloUpdate): replace the -z ${LILO_PASSWORD} by
${LILO_PASSWORD+set} != set
- init-sh/lib.sh (LiloUpdate): replace the call to AddRules to
AddBegRules (password= must in the beginning of lilo.conf)
- init-sh/lib.sh (AddBegRules): 1 \
instead of 2

Tue Dec 21 03:00:00 1999 Yoann Vandoorselaere
- Use grpconv after modifying /etc/group.
- Add a message for level 5 saying that user who want X access
should be in the xgrp group.

Tue Dec 21 03:00:00 1999 Yoann Vandoorselaere
- fixed a typo / variable pb.

Tue Dec 21 03:00:00 1999 Yoann Vandoorselaere
- init-sh/perm.[05]: Oops, /var/spool/mail is 771 not 755.
- init-sh/lib.sh: removed the failsafe for not a tty stdin (not efficient)
- init-sh/lib.sh: rewrote the perl script (now a one-liner :)
- Big cleanup.
- All work properly now.
- msec.spec: modify to take into account the Makefile modifying the .spec
- Makefile (VERSION): make it the same as the .spec

Sun Dec 19 03:00:00 1999 Pixel
- init-sh/lib.sh: added failsafe for not a tty stdin

Sun Dec 19 03:00:00 1999 Pixel
- no interactive questions if not a tty

Fri Dec 17 03:00:00 1999 Yoann Vandoorselaere
- Don\'t use msec parsing routine to hack inittab

Fri Dec 17 03:00:00 1999 Yoann Vandoorselaere
- Fixed the last AddBegRules() problem.
- Indentation problem should be fixed.
- All debug finished, changing secure.tmp to a mktemp
allocated tmpfile for symlink security.
- DRAKX_USER variable no longer needed.
- grpuser.sh take only one opt ( --refresh ),
take group name from /etc/security/msec/group.conf
and add user from /etc/security/msec/user.conf if secure level > 2
- level0.sh fixed inittab entry
- fix a typo
- As requested, direct shell access for level 0
- Fixed a little problem with the DRAKX_USERS variable
- removed chattr +a because of the problem it can cause to
other system automated system task.

Tue Dec 14 03:00:00 1999 Yoann Vandoorselaere
- diff_check.sh : fix a typo.

Sat Dec 11 03:00:00 1999 Yoann Vandoorselaere
- custom.sh : Fix a typo & forgot to export path & secure level

Fri Dec 10 03:00:00 1999 Yoann Vandoorselaere
- More bugfix.
- Many bugfix, always trying to get a bugfree release :).
- Renamed some variable, added consistencie.
- security_cjheck.sh: print header at begining of the log.
- diff_check.sh: typo.

Thu Dec 9 03:00:00 1999 Yoann Vandoorselaere
- security_check.sh: remove /tmp stuff.
- security_check.sh: typo
- level[1-3].sh: Changed crontab call to file_check.sh
from every hour to every midnight ( bug reported by axalon ).
- diff_check.sh: clean up.
- moved file_check.sh to diff_check.sh and changed
what is related to cron call in level[15].sh
- Added missing configurations question in level custom.
- bug fix.

Thu Dec 9 03:00:00 1999 Chmouel Boudjnah
- Various (Makefile|specfiles) clean-up.
- insert doc.

Tue Dec 7 03:00:00 1999 Yoann Vandoorselaere
- Released 0.5
- Divided security check into 2 files :
security_check.sh & file_check.sh,
the first do normal security check, the other watch at anormal change
on the system...
- Bug fix again & again
- Updated perm files & fix a security problem ( thanks Axalon ).

Thu Dec 2 03:00:00 1999 Yoann Vandoorselaere
- DrakX compatibility.

Thu Dec 2 03:00:00 1999 Yoann Vandoorselaere
- Add & delete of userlist from audio group ( level 1 & 2 ).
- Minor fix

Thu Dec 2 03:00:00 1999 Yoann Vandoorselaere
- We now preserve config file implementation.
- Minor fix to lib.sh
- export profile variable...

Wed Dec 1 03:00:00 1999 Yoann Vandoorselaere
- Many cron security check added.
- Print more infos.

Tue Nov 30 03:00:00 1999 Yoann Vandoorselaere
- Released 0.4 :
- Now have a custom mode, just answer the question.
- Msec print what it does.
- Bug fix in LiloUpdate().

Tue Nov 30 03:00:00 1999 Yoann Vandoorselaere
- Fixed a few bugs in msec.

Sat Nov 27 03:00:00 1999 Yoann Vandoorselaere
- grpuser was not installed.

Sat Nov 27 03:00:00 1999 Yoann Vandoorselaere
- Fix a bug in level3.sh
- level[12].sh Removed some unused code

Fri Nov 26 03:00:00 1999 Yoann Vandoorselaere
- Call chkconfig with the new --msec option.

Fri Nov 26 03:00:00 1999 Yoann Vandoorselaere
- Cleaned up tree.

Fri Nov 26 03:00:00 1999 Yoann Vandoorselaere
- Removed touched file /-i

Fri Nov 26 03:00:00 1999 Yoann Vandoorselaere
- Create rc.firewall to avoid error,
- Call grpuser with the good path,
- Call groupadd before usermod.

Wed Nov 24 03:00:00 1999 Yoann Vandoorselaere
- New release (0.3) :
Now each security level has it\'s own set of permissions.
Add \".\" at the end of $PATH for level 1.
Corrected some grave bug, it should work properly now.

Fri Nov 19 03:00:00 1999 Yoann Vandoorselaere
- New release (0.2) :
Fixed the path for promisc_check.sh :
now /etc/security/msec/cron-sh/promisc_check.sh
In level 1 & 2, user is now automagically added to the audio group.

Wed Nov 17 03:00:00 1999 Yoann Vandoorselaere
- First packaging attempt :-).


  
ICM