- Sat Nov 5 2011 Nicolas L?cureuil <nlecureuil@mandriva.com> 0.80.10-5
+ Revision: 717720
- Enable networkmanager service during install - Wed Aug 10 2011 Alexander Barakin <abarakin@mandriva.org> 0.80.10-4
+ Revision: 693863
- remove check of /var/lib/svn
bug: https://qa.mandriva.com/show_bug.cgi?id=63875 - Wed May 25 2011 Per ?yvind Karlsen <peroyvind@mandriva.org> 0.80.10-3
+ Revision: 678992
- don't pass '--noscripts' to 'rpm -Va' (#62644) - Wed May 4 2011 Oden Eriksson <oeriksson@mandriva.com> 0.80.10-2
+ Revision: 666496
- mass rebuild - Mon Jun 28 2010 Eugeni Dodonov <eugeni@mandriva.com> 0.80.10-1mdv2010.1
+ Revision: 549330
- 0.80.10:
- localization fixes - Wed Jun 23 2010 Eugeni Dodonov <eugeni@mandriva.com> 0.80.9-1mdv2010.1
+ Revision: 548737
- 0.80.9:
- fix gdm/consolekit interaction (#59100)
- use 'none' level as base when no BASE_LEVEL is defined (#59683) - Wed May 26 2010 Eugeni Dodonov <eugeni@mandriva.com> 0.80.8-1mdv2010.1
+ Revision: 546167
- 0.80.8:
- do not set gdm variables which are not used by new gdm
- filter out trailing whitespace for open port checks (#59457) - Tue May 25 2010 Eugeni Dodonov <eugeni@mandriva.com> 0.80.7-1mdv2010.1
+ Revision: 545912
- 0.80.7:
- Translation updates - Tue Apr 27 2010 Eugeni Dodonov <eugeni@mandriva.com> 0.80.6-1mdv2010.1
+ Revision: 539654
- 0.80.6:
- support merging legacy perm.local into main perms.conf
- add support for displaying periodic checks results
- add support for running periodic checks manually
- add support for merging legacy perm.local file if exists
- add support for ACL (based on patch from Tiago Marques, #58640)
- add support for IGNORE_PID_CHANGES (#56744)
- properly filter chkrootkit checks (#58076).
- do not notify when no changes were found by a diff run
- properly checking if we are run within security script
- properly handle changes in password history when pam_unix is used (#58018).
CCBUG: 58640
CCBUG: 56744
CCBUG: 58076
CCBUG: 58018
- 0.80.5:
- added sudo plugin
- do not check inside entries excluded by EXCLUDE_REGEXP
- allow setting the EXCLUDE_REGEXP value in msecgui
- added security levels 'audit_daily' and 'audit_weekly'
- correctly check for changes in groups
- save mail reports for each check period (daily, weekly, monthly and manual)
- implemented security summary screen - Thu Feb 18 2010 Eugeni Dodonov <eugeni@mandriva.com> 0.80.4-1mdv2010.1
+ Revision: 507864
- 0.80.4:
- simplified UI for msecgui
- added custom security levels: fileserver, webserver, netbook
- added support for custom levels in gui
- ignore 'vmblock' filesystem during periodic checks (#57669)
- properly separate logs for different type of checks (daily, weekly, monthly and manual)
- xguest user does not have a password, so silence report about it
- added plugin to define log file retention period. - Mon Feb 8 2010 Eugeni Dodonov <eugeni@mandriva.com> 0.80.3-1mdv2010.1
+ Revision: 502269
- 0.80.3:
- added upgrade script to simplify upgrading from previous msec version
- cleaned up spec to use upgrade script instead of doing all the work
manually
- improved log message when unowned or world-writable files are found
- running file-related periodic checks weekly on standard security level
to easy disk I/O load
- improved error message when the wheel group is empty (#57463).
- added support for defining periodicity for individual security checks
- added support for sectool checks
- handle level-switching and saving in msec, using msecperms only for checking
and settings file permissions
- do not duplicate variables present in BASE_LEVEL in security.conf and
perms.conf files
- properly check if chkrootkit is present (#51309) - Thu Jan 14 2010 Eugeni Dodonov <eugeni@mandriva.com> 0.80.2-1mdv2010.1
+ Revision: 491429
- 0.80.2:
- save the entire log that is sent by email in /var/log/security to allow
consulting it without relying on email messages
- do not show toolbar, as it leads to confusion - Mon Nov 30 2009 Eugeni Dodonov <eugeni@mandriva.com> 0.80.1-1mdv2010.1
+ Revision: 471750
- 0.80.1:
- updated list of allowed services
- fix error which prevents 'msec save' from working correctly
- fix error message when checking non-local files (#55869,#56088) - Thu Nov 5 2009 Eugeni Dodonov <eugeni@mandriva.com> 0.70.8-1mdv2010.1
+ Revision: 460503
- 0.70.8:
- updated translations. - Tue Oct 13 2009 Eugeni Dodonov <eugeni@mandriva.com> 0.70.7-1mdv2010.0
+ Revision: 457190
- 0.70.7:
- fix issue which prevents msec from exiting correctly in some cases (#54470) - Wed Oct 7 2009 Eugeni Dodonov <eugeni@mandriva.com> 0.70.6-1mdv2010.0
+ Revision: 455562
- 0.70.6:
- use users' home directory for temporary files (SECURE_TMP) by default to be
backward-compatible with previous distro versions
- improved startup script
- added option to skip security checks when running on battery power
(CHECK_ON_BATTERY) - Wed Sep 23 2009 Eugeni Dodonov <eugeni@mandriva.com> 0.70.5-1mdv2010.0
+ Revision: 447873
- 0.70.5:
- do not show error messages for non-existent audit files
- man page entries are now sorted according to plugin
- split libmsec functionality into different plugins: audit (for periodic checks),
msec (for local security settings) and network (for network-related settings)
- support excluding path from all checks
- Remove suggests on s2u - it will be pulled by xinit to reduce basesystem size. - Wed Sep 9 2009 Eugeni Dodonov <eugeni@mandriva.com> 0.70.4-1mdv2010.0
+ Revision: 434451
- 0.70.4
- implemented GUI for exception editing
- implemented exceptions for all msec checks (#51277)
- do not check for permission changes in block/character devices (#53424)
- create a summary for msec reports
- simplified permissions policy for standard level
- support enforcing file permissions in periodic msec runs
- allow configuring inclusion of current directory into path
- do not crash if config files have empty lines (#53031) - Tue Aug 18 2009 Eugeni Dodonov <eugeni@mandriva.com> 0.70.3-1mdv2010.0
+ Revision: 417721
- 0.70.3:
- give proper permissions to diff check files.
- Properly log promisc messages.
- msecgui: Added toolbar for msecgui.
- msecgui: Showing logo when running inside MCC. - Wed Jul 15 2009 Eugeni Dodonov <eugeni@mandriva.com> 0.70.2-1mdv2010.0
+ Revision: 396304
- 0.70.2:
- Correctly enforcing permissions on startup when required (#52268).
- Added new variable SECURE_TMP to configure location of temporary files.
- Improve description of changes in periodic packages integrity check.
- Properly handle promisc_check when running standalone (#51903) - Fri Jun 26 2009 Eugeni Dodonov <eugeni@mandriva.com> 0.70.1-1mdv2010.0
+ Revision: 389546
- 0.70.1
- Improved rpm check, splitted into CHECK_RPM_PACKAGES and CHECK_RPM_INTEGRITY.
- Supporting check for changes in system users and groups.
- Reworked auditing code, improved logging format, added support for
custom auditing plugins, simplified checks.
- Added support for firewall configuration checks via CHECK_FIREWALL.
- Add support for FIX_UNOWNED to change unowned files to nobody/nogroup (#51791).
- Using WIN_PARTS_UMASK=-1 value instead of '0' when umask should not be set to
prevent users and diskdrake confusion.
- Correctly handling empty NOTIFY_WARN variables (#51364, #51464).
- Correctly handling unicode messages (#50869). - Thu Apr 23 2009 Eugeni Dodonov <eugeni@mandriva.com> 0.60.22-1mdv2009.1
+ Revision: 368833
- 0.60.22
- Changed default WIN_PARTS_UMASK to be with sync with diskdrake. - Wed Apr 22 2009 Eugeni Dodonov <eugeni@mandriva.com> 0.60.21-1mdv2009.1
+ Revision: 368763
- 0.60.21
- Properly handle invalid WIN_PARTS_UMASK parameters.
- Fixed command inversion between DNS_SPOOFING_PROTECTION and
IP_SPOOFING_PROTECTION.
- Cleaning up duplicated variables on upgrade. - Tue Apr 21 2009 Eugeni Dodonov <eugeni@mandriva.com> 0.60.20-1mdv2009.1
+ Revision: 368520
- 0.60.20:
Using correct locale when available (#44561). - Mon Apr 20 2009 Eugeni Dodonov <eugeni@mandriva.com> 0.60.19-1mdv2009.1
+ Revision: 368440
- 0.60.19
- Properly support NTFS-3G partitions permissions (#50125). - Wed Apr 15 2009 Thierry Vignaud <tv@mandriva.org> 0.60.18-2mdv2009.1
+ Revision: 367538
- translation updates
+ Eugeni Dodonov
- Do not create duplicate entries.
- Use right file when upgrading configuration. - Wed Apr 1 2009 Eugeni Dodonov <eugeni@mandriva.com> 0.60.17-2mdv2009.1
+ Revision: 363410
- Installing with right permissions on /etc/X11/xinit.d/msec - Mon Mar 30 2009 Thierry Vignaud <tv@mandriva.org> 0.60.17-1mdv2009.1
+ Revision: 362419
- translation updates - Tue Mar 24 2009 Eugeni Dodonov <eugeni@mandriva.com> 0.60.16-1mdv2009.1
+ Revision: 360832
- 0.60.16:
- Added support for desktop notifications on msec periodic checks.
- Using correct logger for syslog messages.
- Updated gui layout to better fit on small displays (netbooks). - Thu Mar 12 2009 Eugeni Dodonov <eugeni@mandriva.com> 0.60.15-1mdv2009.1
+ Revision: 354242
- 0.60.15
- Added specific permission for /var/log/btmp and wtmp (#48604)
- Do not run chkrootkit on NFS partitions (#37753).
- Changed CREATE_SERVER_LINK functionality to allow/deny presets of local and
remote services, enabling it on secure level only by default.
- Added portreserve to list of safe remote services.
- Updated list of files that should not be world-writable or not user-owned.
- Running rpm database check with "--noscripts" (#42849). - Thu Mar 5 2009 Eugeni Dodonov <eugeni@mandriva.com> 0.60.14-1mdv2009.1
+ Revision: 349059
- 0.60.14
- Modularization: moved pam-related functionality to pam plugin.
- Updated list of safe services (#47460). - Tue Mar 3 2009 Eugeni Dodonov <eugeni@mandriva.com> 0.60.13-1mdv2009.1
+ Revision: 347875
- 0.60.13
- Added banner for msecgui.
- Moved PolicyKit code to plugin.
- Changed default ENABLE_STARTUP parameters to be in sync with
crontab settings.
- Correctly handling parameter name changes on upgrade. - Wed Feb 25 2009 Eugeni Dodonov <eugeni@mandriva.com> 0.60.12-1mdv2009.1
+ Revision: 344963
- 0.60.12
- Correctly handle wheel group authentication (#19091)
- Correctly handling CHECK_RPM and CHECK_CHKROOTKIT parameters.
- Updating permissions on logs changed by logrotate (#47997).
- Added support for plugins.
- Added sample plugin.
- Added MSEC init script (#21270), controlled by ENABLE_STARTUP_MSEC and
ENABLE_STARTUP_PERMS variables, and enabled by default on 'secure' level. - Thu Feb 5 2009 Eugeni Dodonov <eugeni@mandriva.com> 0.60.11-1mdv2009.1
+ Revision: 337983
- 0.60.11
- Added quiet mode (for use within installer). - Thu Feb 5 2009 Eugeni Dodonov <eugeni@mandriva.com> 0.60.10-1mdv2009.1
+ Revision: 337809
- 0.6.10
- Updated spec file to better work with Mandriva installer.
- Updated spec file to show urpmi notice.
- Level name changes: 'default' to 'standard'.
- Added support for running in chroot.
- Added initial support for plugins. - Thu Jan 29 2009 Eugeni Dodonov <eugeni@mandriva.com> 0.60.9-1mdv2009.1
+ Revision: 335395
- 0.60.9
- Reviewed description text for options (#47240)
- Added localization for msec. - Mon Jan 26 2009 Eugeni Dodonov <eugeni@mandriva.com> 0.60.8-1mdv2009.1
+ Revision: 333777
- 0.60.8
- Changed without_password to without-password to prevent bogus errors.
- Running expensive msec_find only when required.
- Fixing permissions on msec-created files (#27820 #47059)
- Handling network settings as in previous msec versions (#47240).
- Added default response to msecgui 'Save' dialog.
- Implemented support for custom paths checks in msecperms. - Wed Jan 21 2009 Eugeni Dodonov <eugeni@mandriva.com> 0.60.7-1mdv2009.1
+ Revision: 332291
- 0.60.7
- Now correctly integrating with MCC. - Tue Jan 20 2009 Eugeni Dodonov <eugeni@mandriva.com> 0.60.6-2mdv2009.1
+ Revision: 331887
- Fixed a typo in upgrade check.
- 0.60.6
- Removed Authentication tab (now handled by a separate application)
- Now it is possible to save settings without quitting.
- Better detection for file modifications (such as symlinks, moves, etc)
- Now asking to save changes before quitting when necessary.
- Highlighting default option value according to current level.
- Level selection improvements.
- Checking for $DISPLAY variable.
- Added HAL to list of safe services.
- Now highlighting options which are different from default values for level.
- Improved GUI spacing between options.
- Removed Notifications tab (merged with initial screen and periodic
checks screen).
- Better handling of non-existent files (inittab and sysctl).
(SPEC file improvements)
- Added an URPMI note for msec.
- Do not run msec after upgrade anymore, as it could break the install.
- Change the way the old files are upgraded. - Mon Jan 19 2009 Frederic Crozat <fcrozat@mandriva.com> 0.60.5-3mdv2009.1
+ Revision: 331178
- Do not limit services by default, was preventing hal to be started - Fri Jan 16 2009 Frederic Crozat <fcrozat@mandriva.com> 0.60.5-2mdv2009.1
+ Revision: 330251
- Workaround msec creating sysctl.conf / inittab files too early at install time - Wed Jan 14 2009 Eugeni Dodonov <eugeni@mandriva.com> 0.60.5-1mdv2009.1
+ Revision: 329458
- 0.60.5
- Fix for wrong msec permission enforcing (msecperms -e), which would
enforce all permissions when changing to a different level. - Wed Jan 14 2009 Eugeni Dodonov <eugeni@mandriva.com> 0.60.4-1mdv2009.1
+ Revision: 329241
- 0.60.4
- Updated gui to allow immediate preview of options on level change.
- New permissions control GUI.
- Added support for custom security levels. - Thu Jan 8 2009 Eugeni Dodonov <eugeni@mandriva.com> 0.60.3-1mdv2009.1
+ Revision: 327003
- 0.60.3
- Fixed gdm X permissions checking.
- Now using /etc/security/shell instead of /etc/sysconfig/msec for
shell variables.
- Implemented authentication tab in msecgui.
- More verbose screen on security level selection. - Wed Jan 7 2009 Eugeni Dodonov <eugeni@mandriva.com> 0.60.2-1mdv2009.1
+ Revision: 326499
- 0.60.2
- Correctly handling kdmrc X server permissions.
- Updated documentation. - Wed Jan 7 2009 Eugeni Dodonov <eugeni@mandriva.com> 0.60.1-1mdv2009.1
+ Revision: 326453
- Complete msec redesign for Mandriva 2009.1. - Tue Dec 16 2008 Eugeni Dodonov <eugeni@mandriva.com> 0.50.11-1mdv2009.1
+ Revision: 314809
- 0.50.10
- Correctly handle permit_root_login in sshd_config on level change
(#19726).
- Handle multibyte characters in msec reports (#26773).