perl-embperl mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Carlos Kassab <ckas...@eplsite.org>
Subject Re: Mandrake msec disables Embperl
Date Tue, 04 May 2004 03:27:46 GMT
Hi:

I am using Embperl With Mandrake 10 and i donot have any problem, you can run 
level 5 without starting X, but you need to remove S30dm from rc's 
directories.

I hope this helps to you.

Carlos Kassab

El Lun 03 May 2004 15:48, Brian Schoenhofer escribió:
> Does anyone use Mandrake and Embperl?  I'm using Embperl 2.0b9, Apache
> 2.0.47 and mod_perl 1.99_09.
>
> Mandrake has a tool called msec that takes a security level from 1 to 5
> (5 being the most secure) and changes file permissions and running
> services etc. to make the system more or less secure.  When I am set at
> level 3 Embperl works fine.  When set to level 4 I have a problem.  I've
> got base.epl including header.html, content (Execute('*')) and
> footer.html.  All works correctly except a one liner in footer.html that
> shows the system uptime like so:
>
> [- @uptime = split /,/, `uptime`; -]
>
> and then
>
> [+ $uptime[0] +] [+ $uptime[1] +]
>
> in the body.  It seems the `uptime` call doesn't work.  I looked in
> various logs but couldn't find any clues.
>
> Can anyone point me in the right direction?  I've pasted a couple of
> tables from Mandrakes website describing the type of security changes
> for the different levels.  You may get some idea of what changes just by
> the names below.  Again, my problem shows up when switching from level 3
> to 4.
>
> Thanks.
> 		      Level 0       1       2         3         4    5
> root umask
>        002
>        002
>        022
>        022
>        022
>        077
> User umask
>        002
>        002
>        022
>        022
>        077
>        077
> Shell
> timeout
>          0
>          0
>          0
>          0
>       3600
>        900
> Deny
> Services
>       none
>       none
>       none
>       none
>      local
>        all
> su Only
> For wheel
> Group
>         no
>         no
>         no
>         no
>         no
>        yes
> Shell
> History
> Size
>    default
>    default
>    default
>    default
>         10
>         10
> Direct
> root Login
>        yes
>        yes
>        yes
>        yes
>         no
>         no
> sulogin
> For Single
> User
>         no
>         no
>         no
>         no
>        yes
>        yes
> User List
> in [kg]dm
>        yes
>        yes
>        yes
>        yes
>         no
>         no
> Ignore
> ICMP Echo
>         no
>         no
>         no
>         no
>        yes
>        yes
> Ignore
> Bogus
> Error
> Responses
>         no
>         no
>         no
>         no
>        yes
>        yes
> Allow
> Reboot by
> User
>        yes
>        yes
>        yes
>        yes
>         no
>         no
> Allow
> crontab/at
>        yes
>        yes
>        yes
>        yes
>         no
>         no
> Password
> Aging
>         no
>         no
>         no
>         no
>    60 days
>    30 days
> Password
> Required
>         no
>        yes
>        yes
>        yes
>        yes
>        yes
> Allow
> Autologin
>        yes
>        yes
>        yes
>         no
>         no
>         no
> Console
> Log
>         no
>         no
>         no
>        yes
>        yes
>        yes
> Warnings
> in syslog
>         no
>         no
>        yes
>        yes
>        yes
>        yes
> Warnings
> in
> security.log
>         no
>        yes
>        yes
>        yes
>        yes
>        yes
> Issues
>        yes
>        yes
>        yes
>      local
>      local
>         no
> IP
> Spoofing
> Protection
>         no
>         no
>         no
>        yes
>        yes
>        yes
> Log
> Strange IP
> Packets
>         no
>         no
>         no
>        yes
>        yes
>        yes
> Periodic
> Security
> Check
>         no
>        yes
>        yes
>        yes
>        yes
>        yes
> Allow X
> TCP
> Connections
>        yes
>      local
>      local
>      local
>         no
>         no
> Connect to
> X Display
>        all
>  localhost
>  localhost
>  localhost
>  localhost
>         no
> "." in
> $PATH
>        yes
>        yes
>         no
>         no
>         no
>         no
> Run msec
> tests via
> cron
>         no
>         no
>         no
>       some
>        yes
>        yes
>
> The following table shows the periodic checks that msec performs for the
> various security levels:
>
>
>    Level 0
>    Level 1
>    Level 2
>    Level 3
>    Level 4
>    Level 5
> CHECK_SECURITY
>         no
>        yes
>        yes
>        yes
>        yes
>        yes
> CHECK_PERMS
>         no
>         no
>         no
>        yes
>        yes
>        yes
> CHECK_SUID_ROOT
>         no
>         no
>        yes
>        yes
>        yes
>        yes
> CHECK_SUID_MD5
>         no
>         no
>        yes
>        yes
>        yes
>        yes
> CHECK_SUID_GROUP
>         no
>         no
>         no
>        yes
>        yes
>        yes
> CHECK_WRITEABLE
>         no
>         no
>        yes
>        yes
>        yes
>        yes
> CHECK_UNOWNED
>         no
>         no
>         no
>        yes
>        yes
>        yes
> CHECK_PROMISC
>         no
>         no
>         no
>        yes
>        yes
>        yes
> CHECK_OPEN_PORT
>         no
>         no
>         no
>        yes
>        yes
>        yes
> CHECK_PASSWD
>         no
>         no
>         no
>        yes
>        yes
>        yes
> CHECK_SHADOW
>         no
>         no
>         no
>        yes
>        yes
>        yes
> TTY_WARN
>         no
>         no
>         no
>         no
>        yes
>        yes
> MAIL_WARN
>         no
>         no
>         no
>        yes
>        yes
>        yes
> SYSLOG_WARN
>         no
>         no
>        yes
>        yes
>        yes
>        yes
> RPM_CHECK
>         no
>         no
>         no
>        yes
>        yes
>        yes
> CHKROOTKIT_CHECK
>         no
>         no
>         no
>        yes
>        yes
>        yes

---------------------------------------------------------------------
To unsubscribe, e-mail: embperl-unsubscribe@perl.apache.org
For additional commands, e-mail: embperl-help@perl.apache.org


Mime
View raw message