RE: [Cooker] msec, security.conf
Borsenkow Andrej [EMAIL PROTECTED] wrote: I presume, creating file /usr/security/msec/level.local and putting there set_security_conf('RPM_CHECK', 'no') should do the trick. It needs from mseclib import * set_security_conf('RPM_CHECK', 'no') now, THAT becomes ridiculous :( What was the outcome of this discussion? Frederic? For 8.2 there really needs to be an easy way to turn a feature like RPM_CHECK off. Because otherwise we risk that people will choose security level 'low' while installing Mandrake Linux, just to avoid having rpmv running. And that wouldn't be very desirable. Regards, Mattias
Re: [Cooker] msec, security.conf
Mattias Dahlberg [EMAIL PROTECTED] writes: Borsenkow Andrej [EMAIL PROTECTED] wrote: I presume, creating file /usr/security/msec/level.local and putting there set_security_conf('RPM_CHECK', 'no') should do the trick. It needs from mseclib import * set_security_conf('RPM_CHECK', 'no') now, THAT becomes ridiculous :( What was the outcome of this discussion? Frederic? For 8.2 there really needs to be an easy way to turn a feature like RPM_CHECK off. Because otherwise we risk that people will choose security level 'low' while installing Mandrake Linux, just to avoid having rpmv running. And that wouldn't be very desirable. The final word about this is that you can change any setting in /etc/security/msec/security.conf which overrides the settings in /var/lib/msec/security.conf. In fact now, all the files in /etc/security/msec will not be changed by msec. -- Fred - May the source be with you
Re: [Cooker] msec, security.conf
On 23 Feb 2002, Frederic Lepied wrote: The final word about this is that you can change any setting in /etc/security/msec/security.conf which overrides the settings in /var/lib/msec/security.conf. In fact now, all the files in /etc/security/msec will not be changed by msec. Nice. So I simply create a security.conf in /etc/security/msec (there doesn't seem to be one by default) and follow the syntax from /var/lib/msec/security.conf. Ok, that's easy enough to tell my friends. ;) Maybe there even could be a graphical tool in the future (not for 8.2) where the user can customise his/her own msec settings, with a checkbox for each action. Regards, Mattias
Re: [Cooker] msec, security.conf
Mattias Dahlberg [EMAIL PROTECTED] writes: On 23 Feb 2002, Frederic Lepied wrote: The final word about this is that you can change any setting in /etc/security/msec/security.conf which overrides the settings in /var/lib/msec/security.conf. In fact now, all the files in /etc/security/msec will not be changed by msec. Nice. So I simply create a security.conf in /etc/security/msec (there doesn't seem to be one by default) and follow the syntax from /var/lib/msec/security.conf. Ok, that's easy enough to tell my friends. ;) yes that's it. Maybe there even could be a graphical tool in the future (not for 8.2) where the user can customise his/her own msec settings, with a checkbox for each action. Exact draksec needs to be improved. -- Fred - May the source be with you
RE: [Cooker] msec, security.conf
You are right. In the next release, msec will not change the settings in /etc/security/msec/security.conf except if the secure level is changed. I do not think it is the correct way. Files that are managed by msec must be managed by msec. It must always be possible to use plain msec to make sure all settings correspond to current level. What I meant was, we need either good documentation how to customize configuration or use simple file, not Python script (who is going to learn Python just to customize msec)? Please, do not do it. -andrej
Re: [Cooker] msec, security.conf
What I meant was, we need either good documentation how to customize configuration or use simple file, not Python script (who is going to learn Python just to customize msec)? Please, do not do it. -andrej Couldnt agree more. I think the level.local file should take the same syntax as the security.conf file. At the moment, in order to write a level.local file you need to use python syntax, whereas it would be *much* easier to be able to just write FEATURE=yes FEATURE_2=no etc. In the documentation there is a table (page 6 of the .pdf file) of the various features (ie user in audiopath or . in $PATH or only root can ctrl-alt-del etc) There needs to be in that table a correlation between these feature and the variable name to use in level.local in order to override the setting for that feature at your chosen security level. Am I making sense? To illustrate by example, in level 3, the default setting for . in $PATH is set to no, but if I want to override that, I have no idea the syntax for that particular feature. H
Re: [Cooker] msec, security.conf
Borsenkow Andrej [EMAIL PROTECTED] writes: I presume, creating file /usr/security/msec/level.local and putting there set_security_conf('RPM_CHECK', 'no') should do the trick. It needs from mseclib import * set_security_conf('RPM_CHECK', 'no') now, THAT becomes ridiculous :( You are right. In the next release, msec will not change the settings in /etc/security/msec/security.conf except if the secure level is changed. -- Fred - May the source be with you
[Cooker] msec, security.conf
Hi, Could someone explain me the current state of msec? The documentation obviously does not reflect the current state of this package. I'm running my laptop with security level 3 but I don't want to run the RPM_CHECK. I tought that this was easy; I changed RPM_CHECK=yes to RPM_CHECK=no in /etc/security/msec/security.conf. But this file gets rewritten on every reboot! I tried to understand what is going on by reading the /usr/sbin/msec script. Do I really need to learn python to configure msec? I don't like the idea of automatically rewritting files in /etc behind the user's back. Denis ___ Denis Pelletier Étudiant au doctorat sciences économiques, Université de Montréal
Re: [Cooker] msec, security.conf
I think you need to create a file called level.local in /etc/security/msec In the file just add the line RPM_CHECK=no and you should be cooking with gas. Hamster Hi, Could someone explain me the current state of msec? The documentation obviously does not reflect the current state of this package. I'm running my laptop with security level 3 but I don't want to run the RPM_CHECK. I tought that this was easy; I changed RPM_CHECK=yes to RPM_CHECK=no in /etc/security/msec/security.conf. But this file gets rewritten on every reboot!
RE: [Cooker] msec, security.conf
Could someone explain me the current state of msec? The documentation obviously does not reflect the current state of this package. I'm running my laptop with security level 3 but I don't want to run the RPM_CHECK. I tought that this was easy; I changed RPM_CHECK=yes to RPM_CHECK=no in /etc/security/msec/security.conf. But this file gets rewritten on every reboot! I tried to understand what is going on by reading the /usr/sbin/msec script. Do I really need to learn python to configure msec? Looks like that :( But actually any script language is like any other. Lisp is different matter :) I presume, creating file /usr/security/msec/level.local and putting there set_security_conf('RPM_CHECK', 'no') should do the trick. For all levels :( But yes, it needs more user-friendly configuration or at least good documentation how to set these basic variables. -andrej I don't like the idea of automatically rewritting files in /etc behind the user's back. Denis ___ Denis Pelletier Étudiant au doctorat sciences économiques, Université de Montréal
RE: [Cooker] msec, security.conf
I think you need to create a file called level.local in /etc/security/msec In the file just add the line RPM_CHECK=no and you should be cooking with gas. Oh, you think so? Have you tried it? -andrej
RE: [Cooker] msec, security.conf
I presume, creating file /usr/security/msec/level.local and putting there set_security_conf('RPM_CHECK', 'no') should do the trick. It needs from mseclib import * set_security_conf('RPM_CHECK', 'no') now, THAT becomes ridiculous :( -andrej
RE: [Cooker] msec, security.conf
On Fri, 15 Feb 2002, Borsenkow Andrej wrote: { I presume, creating file { { /usr/security/msec/level.local { { and putting there { { set_security_conf('RPM_CHECK', 'no') { { should do the trick. { { It needs { { from mseclib import * { set_security_conf('RPM_CHECK', 'no') { { now, THAT becomes ridiculous :( Thanks Andrej! I hope that the msec documentation will be updated before 8.2 comes out. Denis ___ Denis Pelletier Étudiant au doctorat sciences économiques, Université de Montréal