Author: jsuchome
Date: Thu Sep 8 15:45:23 2011
New Revision: 65613
URL: http://svn.opensuse.org/viewcvs/yast?rev=65613&view=rev
Log:
- sysctl settings now in /etc/sysctl.conf (bnc#714405)
- 2.21.2
Added:
trunk/security/testsuite/tests/Import.err
trunk/security/testsuite/tests/Import.out
trunk/security/testsuite/tests/Import.ycp (with props)
Modified:
trunk/security/VERSION
trunk/security/package/yast2-security.changes
trunk/security/src/Security.ycp
trunk/security/src/dialogs.ycp
trunk/security/src/helps.ycp
trunk/security/src/levels.ycp
trunk/security/src/routines.ycp
trunk/security/src/widgets.ycp
trunk/security/testsuite/tests/Level1.out
trunk/security/testsuite/tests/Level2.out
trunk/security/testsuite/tests/Level3.out
trunk/security/testsuite/tests/Read.out
trunk/security/testsuite/tests/Read.ycp
trunk/security/testsuite/tests/Write.out
trunk/security/testsuite/tests/Write.ycp
trunk/security/yast2-security.spec.in
Modified: trunk/security/VERSION
URL: http://svn.opensuse.org/viewcvs/yast/trunk/security/VERSION?rev=65613&r1=65612&r2=65613&view=diff
==============================================================================
--- trunk/security/VERSION (original)
+++ trunk/security/VERSION Thu Sep 8 15:45:23 2011
@@ -1 +1 @@
-2.21.1
+2.21.2
Modified: trunk/security/package/yast2-security.changes
URL: http://svn.opensuse.org/viewcvs/yast/trunk/security/package/yast2-security.changes?rev=65613&r1=65612&r2=65613&view=diff
==============================================================================
--- trunk/security/package/yast2-security.changes (original)
+++ trunk/security/package/yast2-security.changes Thu Sep 8 15:45:23 2011
@@ -1,4 +1,10 @@
-------------------------------------------------------------------
+Thu Sep 8 15:43:35 CEST 2011 - jsuchome@suse.cz
+
+- sysctl settings now in /etc/sysctl.conf (bnc#714405)
+- 2.21.2
+
+-------------------------------------------------------------------
Fri Aug 5 12:35:05 CEST 2011 - tgoettlicher@suse.de
- fixed .desktop file (bnc #681249)
Modified: trunk/security/src/Security.ycp
URL: http://svn.opensuse.org/viewcvs/yast/trunk/security/src/Security.ycp?rev=65613&r1=65612&r2=65613&view=diff
==============================================================================
--- trunk/security/src/Security.ycp (original)
+++ trunk/security/src/Security.ycp Thu Sep 8 15:45:23 2011
@@ -113,10 +113,10 @@
"CWD_IN_ROOT_PATH" : "yes",
"CWD_IN_USER_PATH" : "yes",
"DISPLAYMANAGER_REMOTE_ACCESS" : "no",
- "ENABLE_SYSRQ" : "no",
- "IP_TCP_SYNCOOKIES" : "yes",
- "IP_FORWARD" : "no",
- "IPV6_FORWARD" : "no",
+ "kernel.sysrq" : "0",
+ "net.ipv4.tcp_syncookies" : "1",
+ "net.ipv4.ip_forward" : "0",
+ "net.ipv6.conf.all.forwarding" : "0",
"FAIL_DELAY" : "3",
"GID_MAX" : "60000",
"GID_MIN" : "1000",
@@ -207,12 +207,6 @@
".sysconfig.locate" : [
"RUN_UPDATEDB_AS",
],
- ".sysconfig.sysctl" : [
- "ENABLE_SYSRQ",
- "IP_TCP_SYNCOOKIES",
- "IP_FORWARD",
- "IPV6_FORWARD",
- ],
".sysconfig.clock" : [
"SYSTOHC",
],
@@ -224,6 +218,23 @@
],
];
+/**
+ * Default values for /etc/sysctl.conf keys
+ */
+map sysctl = $[
+ "kernel.sysrq" : "0",
+ "net.ipv4.tcp_syncookies" : "1",
+ "net.ipv4.ip_forward" : "0",
+ "net.ipv6.conf.all.forwarding" : "0"
+];
+
+map sysctl2sysconfig = $[
+ "kernel.sysrq" : "ENABLE_SYSRQ",
+ "net.ipv4.tcp_syncookies" : "IP_TCP_SYNCOOKIES",
+ "net.ipv4.ip_forward" : "IP_FORWARD",
+ "net.ipv6.conf.all.forwarding" : "IPV6_FORWARD"
+];
+
/*
* Remaining settings:
* - CONSOLE_SHUTDOWN (/etc/inittab)
@@ -427,6 +438,15 @@
Settings["PERMISSION_SECURITY"] = perm;
y2debug("Settings=%1", Settings);
+ // read sysctl.conf
+ foreach (string key, string default_value, sysctl, {
+ string val = (string) SCR::Read (add (.etc.sysctl_conf, key));
+ if (val == nil || val == "")
+ val = default_value;
+ Settings[key] = val;
+ });
+ y2debug ("Settings=%1", Settings);
+
// remeber the read values
Settings_bak = Settings;
return true;
@@ -439,9 +459,9 @@
"DHCPD_RUN_AS" : "/etc/init.d/dhcpd restart",
// restart sendmail or postfix - whatever is installed
"SMTPD_LISTEN_REMOTE" : "(test -e /etc/init.d/sendmail && /sbin/SuSEconfig --module sendmail && /etc/init.d/sendmail restart) || (test -e /etc/init.d/postfix && /sbin/SuSEconfig --module postfix && /etc/init.d/postfix restart)",
- "IP_TCP_SYNCOOKIES" : "/etc/init.d/boot.ipconfig start",
- "IP_FORWARD" : "/etc/init.d/boot.ipconfig start",
- "IPV6_FORWARD" : "/etc/init.d/boot.ipconfig start",
+ "net.ipv4.tcp_syncookies" : "/etc/init.d/boot.ipconfig start",
+ "net.ipv4.ip_forward" : "/etc/init.d/boot.ipconfig start",
+ "net.ipv6.conf.all.forwarding" : "/etc/init.d/boot.ipconfig start",
];
/**
@@ -560,12 +580,25 @@
PamSettings::Write (false);
+ // write sysctl.conf
+ foreach (string key, string default_value, sysctl, {
+ string val = Settings[key]:default_value;
+ if (tointeger (val) == nil)
+ {
+ y2error ("value %1 for %2 is not integer, not writing", val, key);
+ }
+ else if (val != SCR::Read (add (.etc.sysctl_conf, key)))
+ {
+ SCR::Write (add (.etc.sysctl_conf, key), val);
+ }
+ });
+
/* enable sysrq? */
- boolean sysrq = Settings["ENABLE_SYSRQ"]:"no" == "yes";
- if(sysrq)
- SCR::Execute(.target.bash, "echo 1 > /proc/sys/kernel/sysrq");
- else
- SCR::Execute(.target.bash, "echo 0 > /proc/sys/kernel/sysrq");
+ integer sysrq = tointeger (Settings["kernel.sysrq"]:"0");
+ if(sysrq != nil)
+ {
+ SCR::Execute (.target.bash, sformat ("echo %1 > /proc/sys/kernel/sysrq", sysrq));
+ }
/* Finish him: SuSEconfig */
if(Abort()) return false;
@@ -621,9 +654,26 @@
map tmpSettings = $[];
foreach(string k, string v, Settings, {
if (!haskey(settings, k))
- tmpSettings[k] = v;
+ {
+ if (haskey (sysctl, k) && haskey (settings, sysctl2sysconfig[k]:""))
+ {
+ string val = settings[sysctl2sysconfig[k]:""]:"";
+ if (val == "yes")
+ tmpSettings[k] = "1";
+ else if (val == "no")
+ tmpSettings[k] = "0";
+ else
+ tmpSettings[k] = val;
+ }
+ else
+ {
+ tmpSettings[k] = v;
+ }
+ }
else
+ {
tmpSettings[k] = settings[k]:"";
+ }
});
Settings = (map) eval(tmpSettings);
return true;
Modified: trunk/security/src/dialogs.ycp
URL: http://svn.opensuse.org/viewcvs/yast/trunk/security/src/dialogs.ycp?rev=65613&r1=65612&r2=65613&view=diff
==============================================================================
--- trunk/security/src/dialogs.ycp (original)
+++ trunk/security/src/dialogs.ycp Thu Sep 8 15:45:23 2011
@@ -22,7 +22,8 @@
list tree_dialogs = [ "main", "overview", "password", "boot", "login", "users", "misc", `wizardTree ];
const list<string> configurable_options = [ "PERMISSION_SECURITY", "RUNLEVEL3_MANDATORY_SERVICES",
- "RUNLEVEL5_MANDATORY_SERVICES", "RUNLEVEL3_EXTRA_SERVICES", "RUNLEVEL5_EXTRA_SERVICES" ];
+ "RUNLEVEL5_MANDATORY_SERVICES", "RUNLEVEL3_EXTRA_SERVICES", "RUNLEVEL5_EXTRA_SERVICES",
+ "kernel.sysrq" ];
const string UNKNOWN_STATUS = _("Unknown");
@@ -63,7 +64,7 @@
}
map label_mapping = $[
- "ENABLE_SYSRQ" : _("Use magic SysRq keys"),
+ "kernel.sysrq" : _("Use magic SysRq keys"),
"PERMISSION_SECURITY" : _("Use secure file permissions"),
"DISPLAYMANAGER_REMOTE_ACCESS" : _("Remote access to the display manager"),
"CWD_IN_ROOT_PATH" : _("Use current directory in root's path"),
@@ -77,9 +78,9 @@
"SMTPD_LISTEN_REMOTE" : _("Remote access to the email delivery subsystem"),
"DISABLE_RESTART_ON_UPDATE" : _("Restart services on update"),
"DISABLE_STOP_ON_REMOVAL" : _("Stop services on removal"),
- "IP_TCP_SYNCOOKIES" : _("Enable TCP syncookies"),
- "IP_FORWARD" : _("IPv4 forwarding"),
- "IPV6_FORWARD" : _("IPv6 forwarding"),
+ "net.ipv4.tcp_syncookies" : _("Enable TCP syncookies"),
+ "net.ipv4.ip_forward" : _("IPv4 forwarding"),
+ "net.ipv6.conf.all.forwarding" : _("IPv6 forwarding"),
"RUNLEVEL3_MANDATORY_SERVICES" : _("Enable basic system services in runlevel 3\n (multiuser with network)"),
"RUNLEVEL5_MANDATORY_SERVICES" : _("Enable basic system services in runlevel 5\n (multiuser with network and graphical login)"),
"RUNLEVEL3_EXTRA_SERVICES" : _("Enable extra services in runlevel 3"),
@@ -106,8 +107,8 @@
list<map> security_mapping = [
$[
- "id" : "ENABLE_SYSRQ",
- "is_secure" : (Security::Settings["ENABLE_SYSRQ"]:"" == "no")
+ "id" : "kernel.sysrq",
+ "is_secure" : (Security::Settings["kernel.sysrq"]:"0" == "0")
],
$[
"id" : "PERMISSION_SECURITY",
@@ -163,16 +164,16 @@
"is_secure" : (Security::Settings["DISABLE_STOP_ON_REMOVAL"]:"" == "no"),
],
$[
- "id" : "IP_TCP_SYNCOOKIES",
- "is_secure" : (Security::Settings["IP_TCP_SYNCOOKIES"]:"" == "yes"),
+ "id" : "net.ipv4.tcp_syncookies",
+ "is_secure" : (Security::Settings["net.ipv4.tcp_syncookies"]:"" == "1"),
],
$[
- "id" : "IP_FORWARD",
- "is_secure" : (Security::Settings["IP_FORWARD"]:"" == "no"),
+ "id" : "net.ipv4.ip_forward",
+ "is_secure" : (Security::Settings["net.ipv4.ip_forward"]:"" == "0"),
],
$[
- "id" : "IPV6_FORWARD",
- "is_secure" : (Security::Settings["IPV6_FORWARD"]:"" == "no"),
+ "id" : "net.ipv6.conf.all.forwarding",
+ "is_secure" : (Security::Settings["net.ipv6.conf.all.forwarding"]:"" == "0"),
],
$[
"id" : "RUNLEVEL3_MANDATORY_SERVICES",
@@ -219,7 +220,7 @@
if (type == `table)
{
- y2milestone("Overview table: %1", ret_table);
+ y2debug("Overview table: %1", ret_table);
return ret_table;
}
else if (type == `richtext)
@@ -227,7 +228,7 @@
// close the table
ret = ret + "</TABLE>";
- y2milestone("Overview text: %1", ret);
+ y2debug("Overview text: %1", ret);
return ret;
}
@@ -246,7 +247,8 @@
// mapping for "Configure" links
// config name -> dialog name
map link_config_mapping = $[
- "PERMISSION_SECURITY" : "misc"
+ "PERMISSION_SECURITY" : "misc",
+ "kernel.sysrq" : "misc"
];
// mapping for "Configure" links
@@ -600,7 +602,7 @@
VSeparator(),
settings2widget("CWD_IN_USER_PATH"),
`VSpacing(1.0),
- settings2widget("ENABLE_SYSRQ"),
+ settings2widget("kernel.sysrq"),
`VSpacing(1.8)
);
contents = `HVCenter(`HVSquash(`HBox(`HSpacing(5),`VBox(`VSpacing(2),`ReplacePoint(`id(`rp_main),contents),`VSpacing(2)),`HSpacing(5))));
@@ -653,7 +655,7 @@
widget2settings("CWD_IN_ROOT_PATH");
widget2settings("CWD_IN_USER_PATH");
widget2settings("RUN_UPDATEDB_AS");
- widget2settings("ENABLE_SYSRQ");
+ widget2settings("kernel.sysrq");
}
return ret;
Modified: trunk/security/src/helps.ycp
URL: http://svn.opensuse.org/viewcvs/yast/trunk/security/src/helps.ycp?rev=65613&r1=65612&r2=65613&view=diff
==============================================================================
--- trunk/security/src/helps.ycp (original)
+++ trunk/security/src/helps.ycp Thu Sep 8 15:45:23 2011
@@ -257,13 +257,13 @@
"DISABLE_STOP_ON_REMOVAL" : _("<P>If a package containing a service that is currently running is being uninstalled, then the service is stopped before the files of the package are removed.</P><P>This makes sense in most cases, and it is safe to do, considering that many services either need their binaries accessible in the filesystem or their configuration files. These services would just continue to run until the services are stopped, e.g. running daemons are killed.</P><P>This setting should only be changed if there is a specific reason to do so.</P>"),
- "IP_TCP_SYNCOOKIES" : _("<P>A system can be overwhelmed with numerous connection attempts so that the system runs out of memory, leading to a Denial of Service (DoS) vulnerability.</P><P>The use of syncookies is a method that can help in such situations, but in configurations with a very large number of legitimate connection attempts from one source the <EM>Enabled</EM> setting can bring problems with denied TCP connections under high load.</P><P>Still, for most environments, the syncookies are the first line of defense against SYN flood DoS attacks, so the secure setting is <EM>Enabled</EM>.</P>"),
+ "net.ipv4.tcp_syncookies" : _("<P>A system can be overwhelmed with numerous connection attempts so that the system runs out of memory, leading to a Denial of Service (DoS) vulnerability.</P><P>The use of syncookies is a method that can help in such situations, but in configurations with a very large number of legitimate connection attempts from one source the <EM>Enabled</EM> setting can bring problems with denied TCP connections under high load.</P><P>Still, for most environments, the syncookies are the first line of defense against SYN flood DoS attacks, so the secure setting is <EM>Enabled</EM>.</P>"),
- "IP_FORWARD" : _("<P>IP forwarding means to pass on network packets that have been received, but that are not destined for one of the system's configured network interfaces, e.g. network interface addresses.</P><P>If a system forwards network traffic on ISO/OSI layer 3, it is called a router. If you do not need that routing functionality, then disable this option.</P>") + _("<P>This setting applies to <EM>IPv4</EM> only.</P>"),
+ "net.ipv4.ip_forward" : _("<P>IP forwarding means to pass on network packets that have been received, but that are not destined for one of the system's configured network interfaces, e.g. network interface addresses.</P><P>If a system forwards network traffic on ISO/OSI layer 3, it is called a router. If you do not need that routing functionality, then disable this option.</P>") + _("<P>This setting applies to <EM>IPv4</EM> only.</P>"),
- "IPV6_FORWARD" : _("<P>IP forwarding means to pass on network packets that have been received, but that are not destined for one of the system's configured network interfaces, e.g. network interface addresses.</P><P>If a system forwards network traffic on ISO/OSI layer 3, it is called a router. If you do not need that routing functionality, then disable this option.</P>") + _("<P>This setting applies to <EM>IPv6</EM> only.</P>"),
+ "net.ipv6.conf.all.forwarding" : _("<P>IP forwarding means to pass on network packets that have been received, but that are not destined for one of the system's configured network interfaces, e.g. network interface addresses.</P><P>If a system forwards network traffic on ISO/OSI layer 3, it is called a router. If you do not need that routing functionality, then disable this option.</P>") + _("<P>This setting applies to <EM>IPv6</EM> only.</P>"),
- "ENABLE_SYSRQ": _("<P>Magic SysRq Keys enable some control over the system even if it crashes (e.g. during kernel debugging) or if the system does not respond.</P>"),
+ "kernel.sysrq": _("<P>Magic SysRq Keys enable some control over the system even if it crashes (e.g. during kernel debugging) or if the system does not respond.</P>"),
"PERMISSION_SECURITY" : _("<P>There are predefined file permissions in /etc/permissions.* files. The most restrictive file permissions are defined 'secure' or 'paranoid' file.</P>"),
Modified: trunk/security/src/levels.ycp
URL: http://svn.opensuse.org/viewcvs/yast/trunk/security/src/levels.ycp?rev=65613&r1=65612&r2=65613&view=diff
==============================================================================
--- trunk/security/src/levels.ycp (original)
+++ trunk/security/src/levels.ycp Thu Sep 8 15:45:23 2011
@@ -60,7 +60,7 @@
"CWD_IN_ROOT_PATH" : "no",
"CWD_IN_USER_PATH" : "no",
"DISPLAYMANAGER_REMOTE_ACCESS" : "no",
- "ENABLE_SYSRQ" : "yes",
+ "kernel.sysrq" : "1",
"FAIL_DELAY" : "1",
"GID_MAX" : "60000",
"GID_MIN" : "1000",
@@ -91,9 +91,9 @@
"SMTPD_LISTEN_REMOTE" : "no",
"DISABLE_STOP_ON_REMOVAL" : "no",
"DISABLE_RESTART_ON_UPDATE" : "no",
- "IP_TCP_SYNCOOKIES" : "yes",
- "IP_FORWARD" : "no",
- "IPV6_FORWARD" : "no",
+ "net.ipv4.tcp_syncookies" : "1",
+ "net.ipv4.ip_forward" : "0",
+ "net.ipv6.conf.all.forwarding" : "0",
],
"Level2" : $[
@@ -102,7 +102,7 @@
"CWD_IN_ROOT_PATH" : "no",
"CWD_IN_USER_PATH" : "no",
"DISPLAYMANAGER_REMOTE_ACCESS" : "no",
- "ENABLE_SYSRQ" : "no",
+ "kernel.sysrq" : "0",
"FAIL_DELAY" : "6",
"GID_MAX" : "60000",
"GID_MIN" : "1000",
@@ -133,9 +133,9 @@
"SMTPD_LISTEN_REMOTE" : "no",
"DISABLE_STOP_ON_REMOVAL" : "no",
"DISABLE_RESTART_ON_UPDATE" : "no",
- "IP_TCP_SYNCOOKIES" : "yes",
- "IP_FORWARD" : "no",
- "IPV6_FORWARD" : "no",
+ "net.ipv4.tcp_syncookies" : "1",
+ "net.ipv4.ip_forward" : "0",
+ "net.ipv6.conf.all.forwarding" : "0",
],
"Level3" : $[
@@ -144,7 +144,7 @@
"CWD_IN_ROOT_PATH" : "no",
"CWD_IN_USER_PATH" : "no",
"DISPLAYMANAGER_REMOTE_ACCESS" : "no",
- "ENABLE_SYSRQ" : "no",
+ "kernel.sysrq" : "0",
"FAIL_DELAY" : "3",
"GID_MAX" : "60000",
"GID_MIN" : "1000",
@@ -175,9 +175,9 @@
"SMTPD_LISTEN_REMOTE" : "no",
"DISABLE_STOP_ON_REMOVAL" : "no",
"DISABLE_RESTART_ON_UPDATE" : "no",
- "IP_TCP_SYNCOOKIES" : "yes",
- "IP_FORWARD" : "no",
- "IPV6_FORWARD" : "no",
+ "net.ipv4.tcp_syncookies" : "1",
+ "net.ipv4.ip_forward" : "0",
+ "net.ipv6.conf.all.forwarding" : "0",
],
/* end of Levels */
Modified: trunk/security/src/routines.ycp
URL: http://svn.opensuse.org/viewcvs/yast/trunk/security/src/routines.ycp?rev=65613&r1=65612&r2=65613&view=diff
==============================================================================
--- trunk/security/src/routines.ycp (original)
+++ trunk/security/src/routines.ycp Thu Sep 8 15:45:23 2011
@@ -97,6 +97,7 @@
list li = m["Options"]:[];
list combo = [];
integer i = 0;
+ boolean selected = false;
while(i < size(li)) {
// string|list it
@@ -117,15 +118,27 @@
id_s = it_list[1]:"";
}
if(value == id_t)
+ {
combo = add(combo,`item(`id(id_t), id_s, true));
+ selected = true;
+ }
else
combo = add(combo,`item(`id(id_t), id_s));
i = i + 1;
}
+ if (!selected && m["Editable"]:"no" == "yes")
+ {
+ combo = add (combo,`item(`id(value), value, true));
+ }
term combobox = nil;
+ term opt_t = nil;
+ if(m["Editable"]:"no" == "yes")
+ opt_t = `opt (`editable);
if(m["Notify"]:"no" == "yes")
- combobox = `ComboBox(`id(ID), `opt(`notify), label, combo);
+ opt_t = add (opt_t, `notify);
+ if (opt_t != nil)
+ combobox = `ComboBox(`id(ID), opt_t, label, combo);
else
combobox = `ComboBox(`id(ID), label, combo);
Modified: trunk/security/src/widgets.ycp
URL: http://svn.opensuse.org/viewcvs/yast/trunk/security/src/widgets.ycp?rev=65613&r1=65612&r2=65613&view=diff
==============================================================================
--- trunk/security/src/widgets.ycp (original)
+++ trunk/security/src/widgets.ycp Thu Sep 8 15:45:23 2011
@@ -107,11 +107,17 @@
"Value" : "no"
],
- "ENABLE_SYSRQ" : $[
- "Widget" : "CheckBox",
+ "kernel.sysrq" : $[
+ "Widget" : "ComboBox",
/* CheckBox label */
- "Label" : _("Enable &Magic SysRq Keys"),
- "Value" : "no"
+ "Label" : _("&Magic SysRq Keys"),
+ "Options" : [
+ /* ComboBox value */
+ ["0",_("Disable")],
+ /* ComboBox value */
+ ["1",_("Enable All Functions")],
+ ],
+ "Editable" : "yes"
],
"FAIL_DELAY" : $[
Added: trunk/security/testsuite/tests/Import.err
URL: http://svn.opensuse.org/viewcvs/yast/trunk/security/testsuite/tests/Import.err?rev=65613&view=auto
==============================================================================
(empty)
Added: trunk/security/testsuite/tests/Import.out
URL: http://svn.opensuse.org/viewcvs/yast/trunk/security/testsuite/tests/Import.out?rev=65613&view=auto
==============================================================================
--- trunk/security/testsuite/tests/Import.out (added)
+++ trunk/security/testsuite/tests/Import.out Thu Sep 8 15:45:23 2011
@@ -0,0 +1,2 @@
+Return true
+Dump $["CONSOLE_SHUTDOWN":"reboot", "CRACKLIB_DICT_PATH":"/usr/lib/cracklib_dict", "CWD_IN_ROOT_PATH":"r2", "CWD_IN_USER_PATH":"r2s", "DISABLE_RESTART_ON_UPDATE":"r13", "DISABLE_STOP_ON_REMOVAL":"r14", "DISPLAYMANAGER_REMOTE_ACCESS":"r4", "DISPLAYMANAGER_ROOT_LOGIN_REMOTE":"r16", "DISPLAYMANAGER_SHUTDOWN":"r3", "DISPLAYMANAGER_XSERVER_TCP_PORT_6000_OPEN":"r17", "FAIL_DELAY":"l2", "GID_MAX":"l3", "GID_MIN":"l4", "GROUP_ENCRYPTION":"md5", "LASTLOG_ENAB":"l5", "PASSWD_ENCRYPTION":"sha512", "PASSWD_REMEMBER_HISTORY":"0", "PASSWD_USE_CRACKLIB":"yes", "PASS_MAX_DAYS":"l7", "PASS_MIN_DAYS":"l9", "PASS_MIN_LEN":"l10", "PASS_WARN_AGE":"l11", "PERMISSION_SECURITY":"r5", "RUNLEVEL3_EXTRA_SERVICES":"no", "RUNLEVEL3_MANDATORY_SERVICES":"yes", "RUNLEVEL5_EXTRA_SERVICES":"no", "RUNLEVEL5_MANDATORY_SERVICES":"yes", "RUN_UPDATEDB_AS":"r7", "SMTPD_LISTEN_REMOTE":"no", "SYSLOG_ON_NO_ERROR":"yes", "SYSTEM_GID_MAX":"l16", "SYSTEM_GID_MIN":"l17", "SYSTEM_UID_MAX":"l14", "SYSTEM_UID_MIN":"l15", "S
YSTOHC":"yes", "UID_MAX":"l12", "UID_MIN":"l13", "USERADD_CMD":"l18", "USERDEL_POSTCMD":"l20", "USERDEL_PRECMD":"l19", "kernel.sysrq":"1", "net.ipv4.ip_forward":"0", "net.ipv4.tcp_syncookies":"1", "net.ipv6.conf.all.forwarding":"1"]
Added: trunk/security/testsuite/tests/Import.ycp
URL: http://svn.opensuse.org/viewcvs/yast/trunk/security/testsuite/tests/Import.ycp?rev=65613&view=auto
==============================================================================
--- trunk/security/testsuite/tests/Import.ycp (added)
+++ trunk/security/testsuite/tests/Import.ycp Thu Sep 8 15:45:23 2011
@@ -0,0 +1,75 @@
+/*
+ * YaST2: Modules testsuite
+ *
+ * Description:
+ * Testsuite for the security module
+ *
+ * Authors:
+ * Michal Svec
+ *
+ * $Id$
+ *
+ * testedfiles: Security.ycp PamSettings.ycp Pam.ycp
+ */
+
+{
+
+include "testsuite.ycp";
+
+import "Security";
+
+map import_map = $[
+ "CONSOLE_SHUTDOWN" : "reboot",
+ "CWD_IN_ROOT_PATH" : "r2",
+ "CWD_IN_USER_PATH" : "r2s",
+ "DISPLAYMANAGER_REMOTE_ACCESS": "r4",
+ "ENCRYPTION" : "md5",
+ "ENABLE_SYSRQ" : "yes",
+ "FAIL_DELAY" : "l2",
+ "GID_MAX" : "l3",
+ "GID_MIN" : "l4",
+ "DISPLAYMANAGER_SHUTDOWN" : "r3",
+ "LASTLOG_ENAB" : "l5",
+ "PASS_MAX_DAYS" : "l7",
+ "PASS_MIN_DAYS" : "l9",
+ "PASS_MIN_LEN" : "l10",
+ "PASS_WARN_AGE" : "l11",
+ "PERMISSION_SECURITY" : "r5",
+ "ROOT_LOGIN_REMOTE" : "r6",
+ "RUN_UPDATEDB_AS" : "r7",
+ "UID_MAX" : "l12",
+ "UID_MIN" : "l13",
+ "SYSTEM_UID_MAX" : "l14",
+ "SYSTEM_UID_MIN" : "l15",
+ "SYSTEM_GID_MAX" : "l16",
+ "SYSTEM_GID_MIN" : "l17",
+ "USERADD_CMD" : "l18",
+ "USERDEL_PRECMD" : "l19",
+ "USERDEL_POSTCMD" : "l20",
+ "DISABLE_RESTART_ON_UPDATE" : "r13",
+ "DISABLE_STOP_ON_REMOVAL" : "r14",
+ "DISPLAYMANAGER_ROOT_LOGIN_REMOTE" : "r16",
+ "DISPLAYMANAGER_XSERVER_TCP_PORT_6000_OPEN" : "r17",
+ "IP_TCP_SYNCOOKIES" : "yes",
+ "IP_FORWARD" : "0",
+ "IPV6_FORWARD" : "yes",
+];
+
+map E = $[
+ "target" : $[
+ "bash_output" : $[]
+ ]
+];
+map R = $[
+ "sysconfig" : $[
+ "displaymanager" : $[
+ "DISPLAYMANAGER" : "",
+ ]
+ ]
+];
+
+TEST(``(Security::Import(import_map)),[R,$[],E],nil);
+
+DUMP(Security::Settings);
+
+}
Modified: trunk/security/testsuite/tests/Level1.out
URL: http://svn.opensuse.org/viewcvs/yast/trunk/security/testsuite/tests/Level1.out?rev=65613&r1=65612&r2=65613&view=diff
==============================================================================
--- trunk/security/testsuite/tests/Level1.out (original)
+++ trunk/security/testsuite/tests/Level1.out Thu Sep 8 15:45:23 2011
@@ -56,14 +56,6 @@
Write .sysconfig.suseconfig.CWD_IN_ROOT_PATH "no" true
Read .sysconfig.suseconfig.CWD_IN_USER_PATH nil
Write .sysconfig.suseconfig.CWD_IN_USER_PATH "no" true
-Read .sysconfig.sysctl.ENABLE_SYSRQ nil
-Write .sysconfig.sysctl.ENABLE_SYSRQ "yes" true
-Read .sysconfig.sysctl.IP_TCP_SYNCOOKIES nil
-Write .sysconfig.sysctl.IP_TCP_SYNCOOKIES "yes" true
-Read .sysconfig.sysctl.IP_FORWARD nil
-Write .sysconfig.sysctl.IP_FORWARD "no" true
-Read .sysconfig.sysctl.IPV6_FORWARD nil
-Write .sysconfig.sysctl.IPV6_FORWARD "no" true
Write .etc.login_defs nil true
Write .sysconfig.clock nil true
Write .sysconfig.cron nil true
@@ -73,7 +65,6 @@
Write .sysconfig.security nil true
Write .sysconfig.services nil true
Write .sysconfig.suseconfig nil true
-Write .sysconfig.sysctl nil true
Write .etc.inittab.ca ":ctrlaltdel:/sbin/shutdown -r -t 4 now" true
Write .etc.inittab nil true
Execute .target.bash "/sbin/telinit q" 0
@@ -83,6 +74,14 @@
Execute .target.bash_output "/usr/sbin/pam-config -d --cracklib-minlen" $[]
Execute .target.bash_output "/usr/sbin/pam-config -d --pwhistory-remember" $[]
Write .etc.default.passwd nil true
+Read .etc.sysctl_conf."kernel.sysrq" nil
+Write .etc.sysctl_conf."kernel.sysrq" "1" true
+Read .etc.sysctl_conf."net.ipv4.ip_forward" nil
+Write .etc.sysctl_conf."net.ipv4.ip_forward" "0" true
+Read .etc.sysctl_conf."net.ipv4.tcp_syncookies" nil
+Write .etc.sysctl_conf."net.ipv4.tcp_syncookies" "1" true
+Read .etc.sysctl_conf."net.ipv6.conf.all.forwarding" nil
+Write .etc.sysctl_conf."net.ipv6.conf.all.forwarding" "0" true
Execute .target.bash "echo 1 > /proc/sys/kernel/sysrq" 0
Read .sysconfig.displaymanager.DISPLAYMANAGER ""
Execute .target.bash "/sbin/SuSEconfig --module kde3" 0
Modified: trunk/security/testsuite/tests/Level2.out
URL: http://svn.opensuse.org/viewcvs/yast/trunk/security/testsuite/tests/Level2.out?rev=65613&r1=65612&r2=65613&view=diff
==============================================================================
--- trunk/security/testsuite/tests/Level2.out (original)
+++ trunk/security/testsuite/tests/Level2.out Thu Sep 8 15:45:23 2011
@@ -56,14 +56,6 @@
Write .sysconfig.suseconfig.CWD_IN_ROOT_PATH "no" true
Read .sysconfig.suseconfig.CWD_IN_USER_PATH nil
Write .sysconfig.suseconfig.CWD_IN_USER_PATH "no" true
-Read .sysconfig.sysctl.ENABLE_SYSRQ nil
-Write .sysconfig.sysctl.ENABLE_SYSRQ "no" true
-Read .sysconfig.sysctl.IP_TCP_SYNCOOKIES nil
-Write .sysconfig.sysctl.IP_TCP_SYNCOOKIES "yes" true
-Read .sysconfig.sysctl.IP_FORWARD nil
-Write .sysconfig.sysctl.IP_FORWARD "no" true
-Read .sysconfig.sysctl.IPV6_FORWARD nil
-Write .sysconfig.sysctl.IPV6_FORWARD "no" true
Write .etc.login_defs nil true
Write .sysconfig.clock nil true
Write .sysconfig.cron nil true
@@ -73,7 +65,6 @@
Write .sysconfig.security nil true
Write .sysconfig.services nil true
Write .sysconfig.suseconfig nil true
-Write .sysconfig.sysctl nil true
Write .etc.inittab.ca ":ctrlaltdel:/bin/true" true
Write .etc.inittab nil true
Execute .target.bash "/sbin/telinit q" 0
@@ -83,6 +74,14 @@
Execute .target.bash_output "/usr/sbin/pam-config -d --cracklib-minlen" $[]
Execute .target.bash_output "/usr/sbin/pam-config -d --pwhistory-remember" $[]
Write .etc.default.passwd nil true
+Read .etc.sysctl_conf."kernel.sysrq" nil
+Write .etc.sysctl_conf."kernel.sysrq" "0" true
+Read .etc.sysctl_conf."net.ipv4.ip_forward" nil
+Write .etc.sysctl_conf."net.ipv4.ip_forward" "0" true
+Read .etc.sysctl_conf."net.ipv4.tcp_syncookies" nil
+Write .etc.sysctl_conf."net.ipv4.tcp_syncookies" "1" true
+Read .etc.sysctl_conf."net.ipv6.conf.all.forwarding" nil
+Write .etc.sysctl_conf."net.ipv6.conf.all.forwarding" "0" true
Execute .target.bash "echo 0 > /proc/sys/kernel/sysrq" 0
Read .sysconfig.displaymanager.DISPLAYMANAGER ""
Execute .target.bash "/sbin/SuSEconfig --module kde3" 0
Modified: trunk/security/testsuite/tests/Level3.out
URL: http://svn.opensuse.org/viewcvs/yast/trunk/security/testsuite/tests/Level3.out?rev=65613&r1=65612&r2=65613&view=diff
==============================================================================
--- trunk/security/testsuite/tests/Level3.out (original)
+++ trunk/security/testsuite/tests/Level3.out Thu Sep 8 15:45:23 2011
@@ -56,14 +56,6 @@
Write .sysconfig.suseconfig.CWD_IN_ROOT_PATH "no" true
Read .sysconfig.suseconfig.CWD_IN_USER_PATH nil
Write .sysconfig.suseconfig.CWD_IN_USER_PATH "no" true
-Read .sysconfig.sysctl.ENABLE_SYSRQ nil
-Write .sysconfig.sysctl.ENABLE_SYSRQ "no" true
-Read .sysconfig.sysctl.IP_TCP_SYNCOOKIES nil
-Write .sysconfig.sysctl.IP_TCP_SYNCOOKIES "yes" true
-Read .sysconfig.sysctl.IP_FORWARD nil
-Write .sysconfig.sysctl.IP_FORWARD "no" true
-Read .sysconfig.sysctl.IPV6_FORWARD nil
-Write .sysconfig.sysctl.IPV6_FORWARD "no" true
Write .etc.login_defs nil true
Write .sysconfig.clock nil true
Write .sysconfig.cron nil true
@@ -73,7 +65,6 @@
Write .sysconfig.security nil true
Write .sysconfig.services nil true
Write .sysconfig.suseconfig nil true
-Write .sysconfig.sysctl nil true
Write .etc.inittab.ca ":ctrlaltdel:/bin/true" true
Write .etc.inittab nil true
Execute .target.bash "/sbin/telinit q" 0
@@ -84,6 +75,14 @@
Execute .target.bash_output "/usr/sbin/pam-config -a --cracklib-minlen=6" $[]
Execute .target.bash_output "/usr/sbin/pam-config -d --pwhistory-remember" $[]
Write .etc.default.passwd nil true
+Read .etc.sysctl_conf."kernel.sysrq" nil
+Write .etc.sysctl_conf."kernel.sysrq" "0" true
+Read .etc.sysctl_conf."net.ipv4.ip_forward" nil
+Write .etc.sysctl_conf."net.ipv4.ip_forward" "0" true
+Read .etc.sysctl_conf."net.ipv4.tcp_syncookies" nil
+Write .etc.sysctl_conf."net.ipv4.tcp_syncookies" "1" true
+Read .etc.sysctl_conf."net.ipv6.conf.all.forwarding" nil
+Write .etc.sysctl_conf."net.ipv6.conf.all.forwarding" "0" true
Execute .target.bash "echo 0 > /proc/sys/kernel/sysrq" 0
Read .sysconfig.displaymanager.DISPLAYMANAGER ""
Execute .target.bash "/sbin/SuSEconfig --module kde3" 0
Modified: trunk/security/testsuite/tests/Read.out
URL: http://svn.opensuse.org/viewcvs/yast/trunk/security/testsuite/tests/Read.out?rev=65613&r1=65612&r2=65613&view=diff
==============================================================================
--- trunk/security/testsuite/tests/Read.out (original)
+++ trunk/security/testsuite/tests/Read.out Thu Sep 8 15:45:23 2011
@@ -40,14 +40,6 @@
Read .sysconfig.suseconfig.CWD_IN_ROOT_PATH "r2"
Read .target.size "/etc/sysconfig/suseconfig" 1
Read .sysconfig.suseconfig.CWD_IN_USER_PATH "r3"
-Read .target.size "/etc/sysconfig/sysctl" 1
-Read .sysconfig.sysctl.ENABLE_SYSRQ "r8"
-Read .target.size "/etc/sysconfig/sysctl" 1
-Read .sysconfig.sysctl.IP_TCP_SYNCOOKIES "r9"
-Read .target.size "/etc/sysconfig/sysctl" 1
-Read .sysconfig.sysctl.IP_FORWARD "r10"
-Read .target.size "/etc/sysconfig/sysctl" 1
-Read .sysconfig.sysctl.IPV6_FORWARD "r11"
Dir .etc.inittab: ["ca"]
Read .etc.inittab.ca ":ctrlaltdel:/sbin/shutdown -r -t 4 now"
Read .etc.default.passwd."CRYPT_FILES" "blowfish"
@@ -55,5 +47,9 @@
Read .etc.default.passwd.crypt "md5"
Execute .target.bash_output "/usr/sbin/pam-config -q --cracklib" $[]
Execute .target.bash_output "/usr/sbin/pam-config -q --pwhistory" $[]
+Read .etc.sysctl_conf."kernel.sysrq" "r8"
+Read .etc.sysctl_conf."net.ipv4.ip_forward" "r10"
+Read .etc.sysctl_conf."net.ipv4.tcp_syncookies" "r9"
+Read .etc.sysctl_conf."net.ipv6.conf.all.forwarding" "r11"
Return true
Dump sha512
Modified: trunk/security/testsuite/tests/Read.ycp
URL: http://svn.opensuse.org/viewcvs/yast/trunk/security/testsuite/tests/Read.ycp?rev=65613&r1=65612&r2=65613&view=diff
==============================================================================
--- trunk/security/testsuite/tests/Read.ycp (original)
+++ trunk/security/testsuite/tests/Read.ycp Thu Sep 8 15:45:23 2011
@@ -37,12 +37,6 @@
"locate" : $[
"RUN_UPDATEDB_AS" : "r7",
],
- "sysctl" : $[
- "ENABLE_SYSRQ" : "r8",
- "IP_TCP_SYNCOOKIES" : "r9",
- "IP_FORWARD" : "r10",
- "IPV6_FORWARD" : "r11",
- ],
"clock" : $[
"SYSTOHC" : "r12",
],
@@ -82,6 +76,12 @@
"CRYPT_FILES" : "blowfish",
],
],
+ "sysctl_conf" : $[
+ "kernel.sysrq" : "r8",
+ "net.ipv4.tcp_syncookies" : "r9",
+ "net.ipv4.ip_forward" : "r10",
+ "net.ipv6.conf.all.forwarding" : "r11",
+ ],
],
"target" : $[ "size" : 1 ],
"pam" : $[ "passwd" : $[ "password" : $[
Modified: trunk/security/testsuite/tests/Write.out
URL: http://svn.opensuse.org/viewcvs/yast/trunk/security/testsuite/tests/Write.out?rev=65613&r1=65612&r2=65613&view=diff
==============================================================================
--- trunk/security/testsuite/tests/Write.out (original)
+++ trunk/security/testsuite/tests/Write.out Thu Sep 8 15:45:23 2011
@@ -56,14 +56,6 @@
Write .sysconfig.suseconfig.CWD_IN_ROOT_PATH "r2" true
Read .sysconfig.suseconfig.CWD_IN_USER_PATH nil
Write .sysconfig.suseconfig.CWD_IN_USER_PATH "r2s" true
-Read .sysconfig.sysctl.ENABLE_SYSRQ nil
-Write .sysconfig.sysctl.ENABLE_SYSRQ "yes" true
-Read .sysconfig.sysctl.IP_TCP_SYNCOOKIES nil
-Write .sysconfig.sysctl.IP_TCP_SYNCOOKIES "r9" true
-Read .sysconfig.sysctl.IP_FORWARD nil
-Write .sysconfig.sysctl.IP_FORWARD "r10" true
-Read .sysconfig.sysctl.IPV6_FORWARD nil
-Write .sysconfig.sysctl.IPV6_FORWARD "r11" true
Write .etc.login_defs nil true
Write .sysconfig.clock nil true
Write .sysconfig.cron nil true
@@ -73,7 +65,6 @@
Write .sysconfig.security nil true
Write .sysconfig.services nil true
Write .sysconfig.suseconfig nil true
-Write .sysconfig.sysctl nil true
Write .etc.inittab.ca ":ctrlaltdel:/sbin/shutdown -r -t 4 now" true
Write .etc.inittab nil true
Execute .target.bash "/sbin/telinit q" 0
@@ -83,6 +74,14 @@
Execute .target.bash_output "/usr/sbin/pam-config -d --cracklib-minlen" $[]
Execute .target.bash_output "/usr/sbin/pam-config -d --pwhistory-remember" $[]
Write .etc.default.passwd nil true
+Read .etc.sysctl_conf."kernel.sysrq" nil
+Write .etc.sysctl_conf."kernel.sysrq" "1" true
+Read .etc.sysctl_conf."net.ipv4.ip_forward" nil
+Write .etc.sysctl_conf."net.ipv4.ip_forward" "10" true
+Read .etc.sysctl_conf."net.ipv4.tcp_syncookies" nil
+Write .etc.sysctl_conf."net.ipv4.tcp_syncookies" "9" true
+Read .etc.sysctl_conf."net.ipv6.conf.all.forwarding" nil
+Write .etc.sysctl_conf."net.ipv6.conf.all.forwarding" "11" true
Execute .target.bash "echo 1 > /proc/sys/kernel/sysrq" 0
Read .sysconfig.displaymanager.DISPLAYMANAGER ""
Execute .target.bash "/sbin/SuSEconfig --module kde3" 0
@@ -92,9 +91,9 @@
Execute .target.bash "/sbin/SuSEconfig --module profiles" 0
Execute .target.bash "/etc/init.d/dhcpd restart" 0
Execute .target.bash "/etc/init.d/dhcpd restart" 0
+Execute .target.bash "(test -e /etc/init.d/sendmail && /sbin/SuSEconfig --module sendmail && /etc/init.d/sendmail restart) || (test -e /etc/init.d/postfix && /sbin/SuSEconfig --module postfix && /etc/init.d/postfix restart)" 0
+Execute .target.bash "/etc/init.d/boot.clock start" 0
Execute .target.bash "/etc/init.d/boot.ipconfig start" 0
Execute .target.bash "/etc/init.d/boot.ipconfig start" 0
Execute .target.bash "/etc/init.d/boot.ipconfig start" 0
-Execute .target.bash "(test -e /etc/init.d/sendmail && /sbin/SuSEconfig --module sendmail && /etc/init.d/sendmail restart) || (test -e /etc/init.d/postfix && /sbin/SuSEconfig --module postfix && /etc/init.d/postfix restart)" 0
-Execute .target.bash "/etc/init.d/boot.clock start" 0
Return true
Modified: trunk/security/testsuite/tests/Write.ycp
URL: http://svn.opensuse.org/viewcvs/yast/trunk/security/testsuite/tests/Write.ycp?rev=65613&r1=65612&r2=65613&view=diff
==============================================================================
--- trunk/security/testsuite/tests/Write.ycp (original)
+++ trunk/security/testsuite/tests/Write.ycp Thu Sep 8 15:45:23 2011
@@ -24,7 +24,7 @@
"CWD_IN_USER_PATH" : "r2s",
"DISPLAYMANAGER_REMOTE_ACCESS": "r4",
"ENCRYPTION" : "md5",
- "ENABLE_SYSRQ" : "yes",
+ "kernel.sysrq" : "1",
"FAIL_DELAY" : "l2",
"GID_MAX" : "l3",
"GID_MIN" : "l4",
@@ -50,9 +50,9 @@
"DISABLE_STOP_ON_REMOVAL" : "r14",
"DISPLAYMANAGER_ROOT_LOGIN_REMOTE" : "r16",
"DISPLAYMANAGER_XSERVER_TCP_PORT_6000_OPEN" : "r17",
- "IP_TCP_SYNCOOKIES" : "r9",
- "IP_FORWARD" : "r10",
- "IPV6_FORWARD" : "r11",
+ "net.ipv4.tcp_syncookies" : "9",
+ "net.ipv4.ip_forward" : "10",
+ "net.ipv6.conf.all.forwarding" : "11",
"SYSTOHC" : "r12",
"SYSLOG_ON_NO_ERROR" : "r15",
"SMTPD_LISTEN_REMOTE" : "r18",
Modified: trunk/security/yast2-security.spec.in
URL: http://svn.opensuse.org/viewcvs/yast/trunk/security/yast2-security.spec.in?rev=65613&r1=65612&r2=65613&view=diff
==============================================================================
--- trunk/security/yast2-security.spec.in (original)
+++ trunk/security/yast2-security.spec.in Thu Sep 8 15:45:23 2011
@@ -8,8 +8,8 @@
# new Pam.ycp API
Requires: yast2-pam >= 2.14.0
-# Service::EnabledServices()
-Requires: yast2 >= 2.17.25
+# etc_sysctl_conf.scr
+Requires: yast2 >= yast2-2.21.17
Provides: y2c_sec yast2-config-security
Obsoletes: y2c_sec yast2-config-security
--
To unsubscribe, e-mail: yast-commit+unsubscribe@opensuse.org
For additional commands, e-mail: yast-commit+help@opensuse.org
jsuchome@svn2.opensuse.org