Hello community, here is the log from the commit of package yast2-security for openSUSE:Factory checked in at Fri Sep 9 12:28:53 CEST 2011.
-------- --- yast2-security/yast2-security.changes 2011-07-20 11:05:17.000000000 +0200 +++ /mounts/work_src_done/STABLE/yast2-security/yast2-security.changes 2011-09-08 16:50:59.000000000 +0200 @@ -1,0 +2,11 @@ +Thu Sep 8 15:43:35 CEST 2011 - [email protected] + +- sysctl settings now in /etc/sysctl.conf (bnc#714405) +- 2.21.2 + +------------------------------------------------------------------- +Fri Aug 5 12:35:05 CEST 2011 - [email protected] + +- fixed .desktop file (bnc #681249) + +------------------------------------------------------------------- calling whatdependson for head-i586 Old: ---- yast2-security-2.21.1.tar.bz2 New: ---- yast2-security-2.21.2.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ yast2-security.spec ++++++ --- /var/tmp/diff_new_pack.OHdnjq/_old 2011-09-09 12:28:48.000000000 +0200 +++ /var/tmp/diff_new_pack.OHdnjq/_new 2011-09-09 12:28:48.000000000 +0200 @@ -19,11 +19,11 @@ Name: yast2-security -Version: 2.21.1 +Version: 2.21.2 Release: 1 BuildRoot: %{_tmppath}/%{name}-%{version}-build -Source0: yast2-security-2.21.1.tar.bz2 +Source0: yast2-security-2.21.2.tar.bz2 Prefix: /usr @@ -34,8 +34,8 @@ # new Pam.ycp API Requires: yast2-pam >= 2.14.0 -# Service::EnabledServices() -Requires: yast2 >= 2.17.25 +# etc_sysctl_conf.scr +Requires: yast2 >= yast2-2.21.17 Provides: y2c_sec yast2-config-security Obsoletes: y2c_sec yast2-config-security @@ -50,7 +50,7 @@ The YaST2 component for security settings configuration. %prep -%setup -n yast2-security-2.21.1 +%setup -n yast2-security-2.21.2 %build %{prefix}/bin/y2tool y2autoconf @@ -87,4 +87,5 @@ /usr/share/YaST2/scrconf/*.scr /usr/share/YaST2/schema/autoyast/rnc/security.rnc %doc %{prefix}/share/doc/packages/yast2-security + %changelog ++++++ yast2-security-2.21.1.tar.bz2 -> yast2-security-2.21.2.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-security-2.21.1/VERSION new/yast2-security-2.21.2/VERSION --- old/yast2-security-2.21.1/VERSION 2011-07-20 11:04:33.000000000 +0200 +++ new/yast2-security-2.21.2/VERSION 2011-09-08 15:44:13.000000000 +0200 @@ -1 +1 @@ -2.21.1 +2.21.2 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-security-2.21.1/src/Security.ycp new/yast2-security-2.21.2/src/Security.ycp --- old/yast2-security-2.21.1/src/Security.ycp 2011-07-20 11:02:31.000000000 +0200 +++ new/yast2-security-2.21.2/src/Security.ycp 2011-09-08 15:41:27.000000000 +0200 @@ -4,7 +4,7 @@ * Summary: Data for the security configuration * Authors: Michal Svec <[email protected]> * - * $Id: Security.ycp 63710 2011-04-05 09:05:11Z jsuchome $ + * $Id: Security.ycp 64909 2011-07-20 09:04:52Z jsuchome $ */ { @@ -113,10 +113,10 @@ "CWD_IN_ROOT_PATH" : "yes", "CWD_IN_USER_PATH" : "yes", "DISPLAYMANAGER_REMOTE_ACCESS" : "no", - "ENABLE_SYSRQ" : "no", - "IP_TCP_SYNCOOKIES" : "yes", - "IP_FORWARD" : "no", - "IPV6_FORWARD" : "no", + "kernel.sysrq" : "0", + "net.ipv4.tcp_syncookies" : "1", + "net.ipv4.ip_forward" : "0", + "net.ipv6.conf.all.forwarding" : "0", "FAIL_DELAY" : "3", "GID_MAX" : "60000", "GID_MIN" : "1000", @@ -207,12 +207,6 @@ ".sysconfig.locate" : [ "RUN_UPDATEDB_AS", ], - ".sysconfig.sysctl" : [ - "ENABLE_SYSRQ", - "IP_TCP_SYNCOOKIES", - "IP_FORWARD", - "IPV6_FORWARD", - ], ".sysconfig.clock" : [ "SYSTOHC", ], @@ -224,6 +218,23 @@ ], ]; +/** + * Default values for /etc/sysctl.conf keys + */ +map<string,string> sysctl = $[ + "kernel.sysrq" : "0", + "net.ipv4.tcp_syncookies" : "1", + "net.ipv4.ip_forward" : "0", + "net.ipv6.conf.all.forwarding" : "0" +]; + +map<string,string> sysctl2sysconfig = $[ + "kernel.sysrq" : "ENABLE_SYSRQ", + "net.ipv4.tcp_syncookies" : "IP_TCP_SYNCOOKIES", + "net.ipv4.ip_forward" : "IP_FORWARD", + "net.ipv6.conf.all.forwarding" : "IPV6_FORWARD" +]; + /* * Remaining settings: * - CONSOLE_SHUTDOWN (/etc/inittab) @@ -427,6 +438,15 @@ Settings["PERMISSION_SECURITY"] = perm; y2debug("Settings=%1", Settings); + // read sysctl.conf + foreach (string key, string default_value, sysctl, { + string val = (string) SCR::Read (add (.etc.sysctl_conf, key)); + if (val == nil || val == "") + val = default_value; + Settings[key] = val; + }); + y2debug ("Settings=%1", Settings); + // remeber the read values Settings_bak = Settings; return true; @@ -439,9 +459,9 @@ "DHCPD_RUN_AS" : "/etc/init.d/dhcpd restart", // restart sendmail or postfix - whatever is installed "SMTPD_LISTEN_REMOTE" : "(test -e /etc/init.d/sendmail && /sbin/SuSEconfig --module sendmail && /etc/init.d/sendmail restart) || (test -e /etc/init.d/postfix && /sbin/SuSEconfig --module postfix && /etc/init.d/postfix restart)", - "IP_TCP_SYNCOOKIES" : "/etc/init.d/boot.ipconfig start", - "IP_FORWARD" : "/etc/init.d/boot.ipconfig start", - "IPV6_FORWARD" : "/etc/init.d/boot.ipconfig start", + "net.ipv4.tcp_syncookies" : "/etc/init.d/boot.ipconfig start", + "net.ipv4.ip_forward" : "/etc/init.d/boot.ipconfig start", + "net.ipv6.conf.all.forwarding" : "/etc/init.d/boot.ipconfig start", ]; /** @@ -560,12 +580,25 @@ PamSettings::Write (false); + // write sysctl.conf + foreach (string key, string default_value, sysctl, { + string val = Settings[key]:default_value; + if (tointeger (val) == nil) + { + y2error ("value %1 for %2 is not integer, not writing", val, key); + } + else if (val != SCR::Read (add (.etc.sysctl_conf, key))) + { + SCR::Write (add (.etc.sysctl_conf, key), val); + } + }); + /* enable sysrq? */ - boolean sysrq = Settings["ENABLE_SYSRQ"]:"no" == "yes"; - if(sysrq) - SCR::Execute(.target.bash, "echo 1 > /proc/sys/kernel/sysrq"); - else - SCR::Execute(.target.bash, "echo 0 > /proc/sys/kernel/sysrq"); + integer sysrq = tointeger (Settings["kernel.sysrq"]:"0"); + if(sysrq != nil) + { + SCR::Execute (.target.bash, sformat ("echo %1 > /proc/sys/kernel/sysrq", sysrq)); + } /* Finish him: SuSEconfig */ if(Abort()) return false; @@ -621,9 +654,26 @@ map tmpSettings = $[]; foreach(string k, string v, Settings, { if (!haskey(settings, k)) - tmpSettings[k] = v; + { + if (haskey (sysctl, k) && haskey (settings, sysctl2sysconfig[k]:"")) + { + string val = settings[sysctl2sysconfig[k]:""]:""; + if (val == "yes") + tmpSettings[k] = "1"; + else if (val == "no") + tmpSettings[k] = "0"; + else + tmpSettings[k] = val; + } + else + { + tmpSettings[k] = v; + } + } else + { tmpSettings[k] = settings[k]:""; + } }); Settings = (map<string,string>) eval(tmpSettings); return true; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-security-2.21.1/src/dialogs.ycp new/yast2-security-2.21.2/src/dialogs.ycp --- old/yast2-security-2.21.1/src/dialogs.ycp 2010-08-16 13:31:54.000000000 +0200 +++ new/yast2-security-2.21.2/src/dialogs.ycp 2011-09-08 15:05:07.000000000 +0200 @@ -22,7 +22,8 @@ list tree_dialogs = [ "main", "overview", "password", "boot", "login", "users", "misc", `wizardTree ]; const list<string> configurable_options = [ "PERMISSION_SECURITY", "RUNLEVEL3_MANDATORY_SERVICES", - "RUNLEVEL5_MANDATORY_SERVICES", "RUNLEVEL3_EXTRA_SERVICES", "RUNLEVEL5_EXTRA_SERVICES" ]; + "RUNLEVEL5_MANDATORY_SERVICES", "RUNLEVEL3_EXTRA_SERVICES", "RUNLEVEL5_EXTRA_SERVICES", + "kernel.sysrq" ]; const string UNKNOWN_STATUS = _("Unknown"); @@ -63,7 +64,7 @@ } map<string,string> label_mapping = $[ - "ENABLE_SYSRQ" : _("Use magic SysRq keys"), + "kernel.sysrq" : _("Use magic SysRq keys"), "PERMISSION_SECURITY" : _("Use secure file permissions"), "DISPLAYMANAGER_REMOTE_ACCESS" : _("Remote access to the display manager"), "CWD_IN_ROOT_PATH" : _("Use current directory in root's path"), @@ -77,9 +78,9 @@ "SMTPD_LISTEN_REMOTE" : _("Remote access to the email delivery subsystem"), "DISABLE_RESTART_ON_UPDATE" : _("Restart services on update"), "DISABLE_STOP_ON_REMOVAL" : _("Stop services on removal"), - "IP_TCP_SYNCOOKIES" : _("Enable TCP syncookies"), - "IP_FORWARD" : _("IPv4 forwarding"), - "IPV6_FORWARD" : _("IPv6 forwarding"), + "net.ipv4.tcp_syncookies" : _("Enable TCP syncookies"), + "net.ipv4.ip_forward" : _("IPv4 forwarding"), + "net.ipv6.conf.all.forwarding" : _("IPv6 forwarding"), "RUNLEVEL3_MANDATORY_SERVICES" : _("Enable basic system services in runlevel 3\n (multiuser with network)"), "RUNLEVEL5_MANDATORY_SERVICES" : _("Enable basic system services in runlevel 5\n (multiuser with network and graphical login)"), "RUNLEVEL3_EXTRA_SERVICES" : _("Enable extra services in runlevel 3"), @@ -106,8 +107,8 @@ list<map> security_mapping = [ $[ - "id" : "ENABLE_SYSRQ", - "is_secure" : (Security::Settings["ENABLE_SYSRQ"]:"" == "no") + "id" : "kernel.sysrq", + "is_secure" : (Security::Settings["kernel.sysrq"]:"0" == "0") ], $[ "id" : "PERMISSION_SECURITY", @@ -163,16 +164,16 @@ "is_secure" : (Security::Settings["DISABLE_STOP_ON_REMOVAL"]:"" == "no"), ], $[ - "id" : "IP_TCP_SYNCOOKIES", - "is_secure" : (Security::Settings["IP_TCP_SYNCOOKIES"]:"" == "yes"), + "id" : "net.ipv4.tcp_syncookies", + "is_secure" : (Security::Settings["net.ipv4.tcp_syncookies"]:"" == "1"), ], $[ - "id" : "IP_FORWARD", - "is_secure" : (Security::Settings["IP_FORWARD"]:"" == "no"), + "id" : "net.ipv4.ip_forward", + "is_secure" : (Security::Settings["net.ipv4.ip_forward"]:"" == "0"), ], $[ - "id" : "IPV6_FORWARD", - "is_secure" : (Security::Settings["IPV6_FORWARD"]:"" == "no"), + "id" : "net.ipv6.conf.all.forwarding", + "is_secure" : (Security::Settings["net.ipv6.conf.all.forwarding"]:"" == "0"), ], $[ "id" : "RUNLEVEL3_MANDATORY_SERVICES", @@ -219,7 +220,7 @@ if (type == `table) { - y2milestone("Overview table: %1", ret_table); + y2debug("Overview table: %1", ret_table); return ret_table; } else if (type == `richtext) @@ -227,7 +228,7 @@ // close the table ret = ret + "</TABLE>"; - y2milestone("Overview text: %1", ret); + y2debug("Overview text: %1", ret); return ret; } @@ -246,7 +247,8 @@ // mapping for "Configure" links // config name -> dialog name map link_config_mapping = $[ - "PERMISSION_SECURITY" : "misc" + "PERMISSION_SECURITY" : "misc", + "kernel.sysrq" : "misc" ]; // mapping for "Configure" links @@ -600,7 +602,7 @@ VSeparator(), settings2widget("CWD_IN_USER_PATH"), `VSpacing(1.0), - settings2widget("ENABLE_SYSRQ"), + settings2widget("kernel.sysrq"), `VSpacing(1.8) ); contents = `HVCenter(`HVSquash(`HBox(`HSpacing(5),`VBox(`VSpacing(2),`ReplacePoint(`id(`rp_main),contents),`VSpacing(2)),`HSpacing(5)))); @@ -653,7 +655,7 @@ widget2settings("CWD_IN_ROOT_PATH"); widget2settings("CWD_IN_USER_PATH"); widget2settings("RUN_UPDATEDB_AS"); - widget2settings("ENABLE_SYSRQ"); + widget2settings("kernel.sysrq"); } return ret; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-security-2.21.1/src/helps.ycp new/yast2-security-2.21.2/src/helps.ycp --- old/yast2-security-2.21.1/src/helps.ycp 2011-07-19 15:52:39.000000000 +0200 +++ new/yast2-security-2.21.2/src/helps.ycp 2011-09-08 15:05:13.000000000 +0200 @@ -4,7 +4,7 @@ * Summary: Helps definition * Authors: Michal Svec <[email protected]> * - * $Id: helps.ycp 60705 2010-02-05 11:39:47Z jsuchome $ + * $Id: helps.ycp 64909 2011-07-20 09:04:52Z jsuchome $ * * This file contains all helps for the security module screens. * They are in one huge map called HELPS. @@ -257,13 +257,13 @@ "DISABLE_STOP_ON_REMOVAL" : _("<P>If a package containing a service that is currently running is being uninstalled, then the service is stopped before the files of the package are removed.</P><P>This makes sense in most cases, and it is safe to do, considering that many services either need their binaries accessible in the filesystem or their configuration files. These services would just continue to run until the services are stopped, e.g. running daemons are killed.</P><P>This setting should only be changed if there is a specific reason to do so.</P>"), - "IP_TCP_SYNCOOKIES" : _("<P>A system can be overwhelmed with numerous connection attempts so that the system runs out of memory, leading to a Denial of Service (DoS) vulnerability.</P><P>The use of syncookies is a method that can help in such situations, but in configurations with a very large number of legitimate connection attempts from one source the <EM>Enabled</EM> setting can bring problems with denied TCP connections under high load.</P><P>Still, for most environments, the syncookies are the first line of defense against SYN flood DoS attacks, so the secure setting is <EM>Enabled</EM>.</P>"), + "net.ipv4.tcp_syncookies" : _("<P>A system can be overwhelmed with numerous connection attempts so that the system runs out of memory, leading to a Denial of Service (DoS) vulnerability.</P><P>The use of syncookies is a method that can help in such situations, but in configurations with a very large number of legitimate connection attempts from one source the <EM>Enabled</EM> setting can bring problems with denied TCP connections under high load.</P><P>Still, for most environments, the syncookies are the first line of defense against SYN flood DoS attacks, so the secure setting is <EM>Enabled</EM>.</P>"), - "IP_FORWARD" : _("<P>IP forwarding means to pass on network packets that have been received, but that are not destined for one of the system's configured network interfaces, e.g. network interface addresses.</P><P>If a system forwards network traffic on ISO/OSI layer 3, it is called a router. If you do not need that routing functionality, then disable this option.</P>") + _("<P>This setting applies to <EM>IPv4</EM> only.</P>"), + "net.ipv4.ip_forward" : _("<P>IP forwarding means to pass on network packets that have been received, but that are not destined for one of the system's configured network interfaces, e.g. network interface addresses.</P><P>If a system forwards network traffic on ISO/OSI layer 3, it is called a router. If you do not need that routing functionality, then disable this option.</P>") + _("<P>This setting applies to <EM>IPv4</EM> only.</P>"), - "IPV6_FORWARD" : _("<P>IP forwarding means to pass on network packets that have been received, but that are not destined for one of the system's configured network interfaces, e.g. network interface addresses.</P><P>If a system forwards network traffic on ISO/OSI layer 3, it is called a router. If you do not need that routing functionality, then disable this option.</P>") + _("<P>This setting applies to <EM>IPv6</EM> only.</P>"), + "net.ipv6.conf.all.forwarding" : _("<P>IP forwarding means to pass on network packets that have been received, but that are not destined for one of the system's configured network interfaces, e.g. network interface addresses.</P><P>If a system forwards network traffic on ISO/OSI layer 3, it is called a router. If you do not need that routing functionality, then disable this option.</P>") + _("<P>This setting applies to <EM>IPv6</EM> only.</P>"), - "ENABLE_SYSRQ": _("<P>Magic SysRq Keys enable some control over the system even if it crashes (e.g. during kernel debugging) or if the system does not respond.</P>"), + "kernel.sysrq": _("<P>Magic SysRq Keys enable some control over the system even if it crashes (e.g. during kernel debugging) or if the system does not respond.</P>"), "PERMISSION_SECURITY" : _("<P>There are predefined file permissions in /etc/permissions.* files. The most restrictive file permissions are defined 'secure' or 'paranoid' file.</P>"), diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-security-2.21.1/src/levels.ycp new/yast2-security-2.21.2/src/levels.ycp --- old/yast2-security-2.21.1/src/levels.ycp 2011-07-19 15:26:37.000000000 +0200 +++ new/yast2-security-2.21.2/src/levels.ycp 2011-09-08 15:05:40.000000000 +0200 @@ -4,7 +4,7 @@ * Summary: Security settings definitions * Authors: Michal Svec <[email protected]> * - * $Id: levels.ycp 57402 2009-06-02 20:40:08Z jsuchome $ + * $Id: levels.ycp 64909 2011-07-20 09:04:52Z jsuchome $ * * This file contains definitions of all security settings. * They are in one huge list. @@ -60,7 +60,7 @@ "CWD_IN_ROOT_PATH" : "no", "CWD_IN_USER_PATH" : "no", "DISPLAYMANAGER_REMOTE_ACCESS" : "no", - "ENABLE_SYSRQ" : "yes", + "kernel.sysrq" : "1", "FAIL_DELAY" : "1", "GID_MAX" : "60000", "GID_MIN" : "1000", @@ -91,9 +91,9 @@ "SMTPD_LISTEN_REMOTE" : "no", "DISABLE_STOP_ON_REMOVAL" : "no", "DISABLE_RESTART_ON_UPDATE" : "no", - "IP_TCP_SYNCOOKIES" : "yes", - "IP_FORWARD" : "no", - "IPV6_FORWARD" : "no", + "net.ipv4.tcp_syncookies" : "1", + "net.ipv4.ip_forward" : "0", + "net.ipv6.conf.all.forwarding" : "0", ], "Level2" : $[ @@ -102,7 +102,7 @@ "CWD_IN_ROOT_PATH" : "no", "CWD_IN_USER_PATH" : "no", "DISPLAYMANAGER_REMOTE_ACCESS" : "no", - "ENABLE_SYSRQ" : "no", + "kernel.sysrq" : "0", "FAIL_DELAY" : "6", "GID_MAX" : "60000", "GID_MIN" : "1000", @@ -133,9 +133,9 @@ "SMTPD_LISTEN_REMOTE" : "no", "DISABLE_STOP_ON_REMOVAL" : "no", "DISABLE_RESTART_ON_UPDATE" : "no", - "IP_TCP_SYNCOOKIES" : "yes", - "IP_FORWARD" : "no", - "IPV6_FORWARD" : "no", + "net.ipv4.tcp_syncookies" : "1", + "net.ipv4.ip_forward" : "0", + "net.ipv6.conf.all.forwarding" : "0", ], "Level3" : $[ @@ -144,7 +144,7 @@ "CWD_IN_ROOT_PATH" : "no", "CWD_IN_USER_PATH" : "no", "DISPLAYMANAGER_REMOTE_ACCESS" : "no", - "ENABLE_SYSRQ" : "no", + "kernel.sysrq" : "0", "FAIL_DELAY" : "3", "GID_MAX" : "60000", "GID_MIN" : "1000", @@ -175,9 +175,9 @@ "SMTPD_LISTEN_REMOTE" : "no", "DISABLE_STOP_ON_REMOVAL" : "no", "DISABLE_RESTART_ON_UPDATE" : "no", - "IP_TCP_SYNCOOKIES" : "yes", - "IP_FORWARD" : "no", - "IPV6_FORWARD" : "no", + "net.ipv4.tcp_syncookies" : "1", + "net.ipv4.ip_forward" : "0", + "net.ipv6.conf.all.forwarding" : "0", ], /* end of Levels */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-security-2.21.1/src/routines.ycp new/yast2-security-2.21.2/src/routines.ycp --- old/yast2-security-2.21.1/src/routines.ycp 2009-06-02 22:40:39.000000000 +0200 +++ new/yast2-security-2.21.2/src/routines.ycp 2011-09-08 13:27:43.000000000 +0200 @@ -97,6 +97,7 @@ list li = m["Options"]:[]; list combo = []; integer i = 0; + boolean selected = false; while(i < size(li)) { // string|list it @@ -117,15 +118,27 @@ id_s = it_list[1]:""; } if(value == id_t) + { combo = add(combo,`item(`id(id_t), id_s, true)); + selected = true; + } else combo = add(combo,`item(`id(id_t), id_s)); i = i + 1; } + if (!selected && m["Editable"]:"no" == "yes") + { + combo = add (combo,`item(`id(value), value, true)); + } term combobox = nil; + term opt_t = nil; + if(m["Editable"]:"no" == "yes") + opt_t = `opt (`editable); if(m["Notify"]:"no" == "yes") - combobox = `ComboBox(`id(ID), `opt(`notify), label, combo); + opt_t = add (opt_t, `notify); + if (opt_t != nil) + combobox = `ComboBox(`id(ID), opt_t, label, combo); else combobox = `ComboBox(`id(ID), label, combo); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-security-2.21.1/src/security.desktop new/yast2-security-2.21.2/src/security.desktop --- old/yast2-security-2.21.1/src/security.desktop 2010-03-16 22:07:10.000000000 +0100 +++ new/yast2-security-2.21.2/src/security.desktop 2011-08-05 15:40:59.000000000 +0200 @@ -3,7 +3,6 @@ Categories=Settings;System;Qt;X-SuSE-YaST;X-SuSE-YaST-Security; X-KDE-ModuleType=Library -X-KDE-RootOnly=true X-KDE-HasReadOnlyMode=true X-KDE-Library=yast2 X-SuSE-YaST-Call=security diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-security-2.21.1/src/security.ycp new/yast2-security-2.21.2/src/security.ycp --- old/yast2-security-2.21.1/src/security.ycp 2011-07-19 15:26:54.000000000 +0200 +++ new/yast2-security-2.21.2/src/security.ycp 2011-07-20 11:04:53.000000000 +0200 @@ -4,7 +4,7 @@ * Summary: Main file * Authors: Michal Svec <[email protected]> * - * $Id: security.ycp 63710 2011-04-05 09:05:11Z jsuchome $ + * $Id: security.ycp 64909 2011-07-20 09:04:52Z jsuchome $ * * This is a main file of the module. There is in the file * only some calls to the basic functions. The settings are diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-security-2.21.1/src/widgets.ycp new/yast2-security-2.21.2/src/widgets.ycp --- old/yast2-security-2.21.1/src/widgets.ycp 2011-07-19 15:28:32.000000000 +0200 +++ new/yast2-security-2.21.2/src/widgets.ycp 2011-09-08 13:24:13.000000000 +0200 @@ -4,7 +4,7 @@ * Summary: Security widgets definitions * Authors: Michal Svec <[email protected]> * - * $Id: widgets.ycp 63710 2011-04-05 09:05:11Z jsuchome $ + * $Id: widgets.ycp 64909 2011-07-20 09:04:52Z jsuchome $ * * This file contains the definitions of all widgets used by the * security module. They are all in one map (function) called @@ -107,11 +107,17 @@ "Value" : "no" ], - "ENABLE_SYSRQ" : $[ - "Widget" : "CheckBox", + "kernel.sysrq" : $[ + "Widget" : "ComboBox", /* CheckBox label */ - "Label" : _("Enable &Magic SysRq Keys"), - "Value" : "no" + "Label" : _("&Magic SysRq Keys"), + "Options" : [ + /* ComboBox value */ + ["0",_("Disable")], + /* ComboBox value */ + ["1",_("Enable All Functions")], + ], + "Editable" : "yes" ], "FAIL_DELAY" : $[ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-security-2.21.1/testsuite/tests/Import.out new/yast2-security-2.21.2/testsuite/tests/Import.out --- old/yast2-security-2.21.1/testsuite/tests/Import.out 1970-01-01 01:00:00.000000000 +0100 +++ new/yast2-security-2.21.2/testsuite/tests/Import.out 2011-09-08 15:42:25.000000000 +0200 @@ -0,0 +1,2 @@ +Return true +Dump $["CONSOLE_SHUTDOWN":"reboot", "CRACKLIB_DICT_PATH":"/usr/lib/cracklib_dict", "CWD_IN_ROOT_PATH":"r2", "CWD_IN_USER_PATH":"r2s", "DISABLE_RESTART_ON_UPDATE":"r13", "DISABLE_STOP_ON_REMOVAL":"r14", "DISPLAYMANAGER_REMOTE_ACCESS":"r4", "DISPLAYMANAGER_ROOT_LOGIN_REMOTE":"r16", "DISPLAYMANAGER_SHUTDOWN":"r3", "DISPLAYMANAGER_XSERVER_TCP_PORT_6000_OPEN":"r17", "FAIL_DELAY":"l2", "GID_MAX":"l3", "GID_MIN":"l4", "GROUP_ENCRYPTION":"md5", "LASTLOG_ENAB":"l5", "PASSWD_ENCRYPTION":"sha512", "PASSWD_REMEMBER_HISTORY":"0", "PASSWD_USE_CRACKLIB":"yes", "PASS_MAX_DAYS":"l7", "PASS_MIN_DAYS":"l9", "PASS_MIN_LEN":"l10", "PASS_WARN_AGE":"l11", "PERMISSION_SECURITY":"r5", "RUNLEVEL3_EXTRA_SERVICES":"no", "RUNLEVEL3_MANDATORY_SERVICES":"yes", "RUNLEVEL5_EXTRA_SERVICES":"no", "RUNLEVEL5_MANDATORY_SERVICES":"yes", "RUN_UPDATEDB_AS":"r7", "SMTPD_LISTEN_REMOTE":"no", "SYSLOG_ON_NO_ERROR":"yes", "SYSTEM_GID_MAX":"l16", "SYSTEM_GID_MIN":"l17", "SYSTEM_UID_MAX":"l14", "SYSTEM_UID_MIN":"l15", "SYSTOHC":"yes", "UID_MAX":"l12", "UID_MIN":"l13", "USERADD_CMD":"l18", "USERDEL_POSTCMD":"l20", "USERDEL_PRECMD":"l19", "kernel.sysrq":"1", "net.ipv4.ip_forward":"0", "net.ipv4.tcp_syncookies":"1", "net.ipv6.conf.all.forwarding":"1"] diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-security-2.21.1/testsuite/tests/Import.ycp new/yast2-security-2.21.2/testsuite/tests/Import.ycp --- old/yast2-security-2.21.1/testsuite/tests/Import.ycp 1970-01-01 01:00:00.000000000 +0100 +++ new/yast2-security-2.21.2/testsuite/tests/Import.ycp 2011-09-08 15:39:47.000000000 +0200 @@ -0,0 +1,75 @@ +/* + * YaST2: Modules testsuite + * + * Description: + * Testsuite for the security module + * + * Authors: + * Michal Svec <[email protected]> + * + * $Id: Write.ycp 57402 2009-06-02 20:40:08Z jsuchome $ + * + * testedfiles: Security.ycp PamSettings.ycp Pam.ycp + */ + +{ + +include "testsuite.ycp"; + +import "Security"; + +map<string,string> import_map = $[ + "CONSOLE_SHUTDOWN" : "reboot", + "CWD_IN_ROOT_PATH" : "r2", + "CWD_IN_USER_PATH" : "r2s", + "DISPLAYMANAGER_REMOTE_ACCESS": "r4", + "ENCRYPTION" : "md5", + "ENABLE_SYSRQ" : "yes", + "FAIL_DELAY" : "l2", + "GID_MAX" : "l3", + "GID_MIN" : "l4", + "DISPLAYMANAGER_SHUTDOWN" : "r3", + "LASTLOG_ENAB" : "l5", + "PASS_MAX_DAYS" : "l7", + "PASS_MIN_DAYS" : "l9", + "PASS_MIN_LEN" : "l10", + "PASS_WARN_AGE" : "l11", + "PERMISSION_SECURITY" : "r5", + "ROOT_LOGIN_REMOTE" : "r6", + "RUN_UPDATEDB_AS" : "r7", + "UID_MAX" : "l12", + "UID_MIN" : "l13", + "SYSTEM_UID_MAX" : "l14", + "SYSTEM_UID_MIN" : "l15", + "SYSTEM_GID_MAX" : "l16", + "SYSTEM_GID_MIN" : "l17", + "USERADD_CMD" : "l18", + "USERDEL_PRECMD" : "l19", + "USERDEL_POSTCMD" : "l20", + "DISABLE_RESTART_ON_UPDATE" : "r13", + "DISABLE_STOP_ON_REMOVAL" : "r14", + "DISPLAYMANAGER_ROOT_LOGIN_REMOTE" : "r16", + "DISPLAYMANAGER_XSERVER_TCP_PORT_6000_OPEN" : "r17", + "IP_TCP_SYNCOOKIES" : "yes", + "IP_FORWARD" : "0", + "IPV6_FORWARD" : "yes", +]; + +map E = $[ + "target" : $[ + "bash_output" : $[] + ] +]; +map R = $[ + "sysconfig" : $[ + "displaymanager" : $[ + "DISPLAYMANAGER" : "", + ] + ] +]; + +TEST(``(Security::Import(import_map)),[R,$[],E],nil); + +DUMP(Security::Settings); + +} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-security-2.21.1/testsuite/tests/Level1.out new/yast2-security-2.21.2/testsuite/tests/Level1.out --- old/yast2-security-2.21.1/testsuite/tests/Level1.out 2011-07-20 10:55:29.000000000 +0200 +++ new/yast2-security-2.21.2/testsuite/tests/Level1.out 2011-09-08 15:27:43.000000000 +0200 @@ -56,14 +56,6 @@ Write .sysconfig.suseconfig.CWD_IN_ROOT_PATH "no" true Read .sysconfig.suseconfig.CWD_IN_USER_PATH nil Write .sysconfig.suseconfig.CWD_IN_USER_PATH "no" true -Read .sysconfig.sysctl.ENABLE_SYSRQ nil -Write .sysconfig.sysctl.ENABLE_SYSRQ "yes" true -Read .sysconfig.sysctl.IP_TCP_SYNCOOKIES nil -Write .sysconfig.sysctl.IP_TCP_SYNCOOKIES "yes" true -Read .sysconfig.sysctl.IP_FORWARD nil -Write .sysconfig.sysctl.IP_FORWARD "no" true -Read .sysconfig.sysctl.IPV6_FORWARD nil -Write .sysconfig.sysctl.IPV6_FORWARD "no" true Write .etc.login_defs nil true Write .sysconfig.clock nil true Write .sysconfig.cron nil true @@ -73,7 +65,6 @@ Write .sysconfig.security nil true Write .sysconfig.services nil true Write .sysconfig.suseconfig nil true -Write .sysconfig.sysctl nil true Write .etc.inittab.ca ":ctrlaltdel:/sbin/shutdown -r -t 4 now" true Write .etc.inittab nil true Execute .target.bash "/sbin/telinit q" 0 @@ -83,6 +74,14 @@ Execute .target.bash_output "/usr/sbin/pam-config -d --cracklib-minlen" $[] Execute .target.bash_output "/usr/sbin/pam-config -d --pwhistory-remember" $[] Write .etc.default.passwd nil true +Read .etc.sysctl_conf."kernel.sysrq" nil +Write .etc.sysctl_conf."kernel.sysrq" "1" true +Read .etc.sysctl_conf."net.ipv4.ip_forward" nil +Write .etc.sysctl_conf."net.ipv4.ip_forward" "0" true +Read .etc.sysctl_conf."net.ipv4.tcp_syncookies" nil +Write .etc.sysctl_conf."net.ipv4.tcp_syncookies" "1" true +Read .etc.sysctl_conf."net.ipv6.conf.all.forwarding" nil +Write .etc.sysctl_conf."net.ipv6.conf.all.forwarding" "0" true Execute .target.bash "echo 1 > /proc/sys/kernel/sysrq" 0 Read .sysconfig.displaymanager.DISPLAYMANAGER "" Execute .target.bash "/sbin/SuSEconfig --module kde3" 0 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-security-2.21.1/testsuite/tests/Level2.out new/yast2-security-2.21.2/testsuite/tests/Level2.out --- old/yast2-security-2.21.1/testsuite/tests/Level2.out 2011-07-20 10:55:42.000000000 +0200 +++ new/yast2-security-2.21.2/testsuite/tests/Level2.out 2011-09-08 15:27:59.000000000 +0200 @@ -56,14 +56,6 @@ Write .sysconfig.suseconfig.CWD_IN_ROOT_PATH "no" true Read .sysconfig.suseconfig.CWD_IN_USER_PATH nil Write .sysconfig.suseconfig.CWD_IN_USER_PATH "no" true -Read .sysconfig.sysctl.ENABLE_SYSRQ nil -Write .sysconfig.sysctl.ENABLE_SYSRQ "no" true -Read .sysconfig.sysctl.IP_TCP_SYNCOOKIES nil -Write .sysconfig.sysctl.IP_TCP_SYNCOOKIES "yes" true -Read .sysconfig.sysctl.IP_FORWARD nil -Write .sysconfig.sysctl.IP_FORWARD "no" true -Read .sysconfig.sysctl.IPV6_FORWARD nil -Write .sysconfig.sysctl.IPV6_FORWARD "no" true Write .etc.login_defs nil true Write .sysconfig.clock nil true Write .sysconfig.cron nil true @@ -73,7 +65,6 @@ Write .sysconfig.security nil true Write .sysconfig.services nil true Write .sysconfig.suseconfig nil true -Write .sysconfig.sysctl nil true Write .etc.inittab.ca ":ctrlaltdel:/bin/true" true Write .etc.inittab nil true Execute .target.bash "/sbin/telinit q" 0 @@ -83,6 +74,14 @@ Execute .target.bash_output "/usr/sbin/pam-config -d --cracklib-minlen" $[] Execute .target.bash_output "/usr/sbin/pam-config -d --pwhistory-remember" $[] Write .etc.default.passwd nil true +Read .etc.sysctl_conf."kernel.sysrq" nil +Write .etc.sysctl_conf."kernel.sysrq" "0" true +Read .etc.sysctl_conf."net.ipv4.ip_forward" nil +Write .etc.sysctl_conf."net.ipv4.ip_forward" "0" true +Read .etc.sysctl_conf."net.ipv4.tcp_syncookies" nil +Write .etc.sysctl_conf."net.ipv4.tcp_syncookies" "1" true +Read .etc.sysctl_conf."net.ipv6.conf.all.forwarding" nil +Write .etc.sysctl_conf."net.ipv6.conf.all.forwarding" "0" true Execute .target.bash "echo 0 > /proc/sys/kernel/sysrq" 0 Read .sysconfig.displaymanager.DISPLAYMANAGER "" Execute .target.bash "/sbin/SuSEconfig --module kde3" 0 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-security-2.21.1/testsuite/tests/Level3.out new/yast2-security-2.21.2/testsuite/tests/Level3.out --- old/yast2-security-2.21.1/testsuite/tests/Level3.out 2011-07-20 10:55:35.000000000 +0200 +++ new/yast2-security-2.21.2/testsuite/tests/Level3.out 2011-09-08 15:28:12.000000000 +0200 @@ -56,14 +56,6 @@ Write .sysconfig.suseconfig.CWD_IN_ROOT_PATH "no" true Read .sysconfig.suseconfig.CWD_IN_USER_PATH nil Write .sysconfig.suseconfig.CWD_IN_USER_PATH "no" true -Read .sysconfig.sysctl.ENABLE_SYSRQ nil -Write .sysconfig.sysctl.ENABLE_SYSRQ "no" true -Read .sysconfig.sysctl.IP_TCP_SYNCOOKIES nil -Write .sysconfig.sysctl.IP_TCP_SYNCOOKIES "yes" true -Read .sysconfig.sysctl.IP_FORWARD nil -Write .sysconfig.sysctl.IP_FORWARD "no" true -Read .sysconfig.sysctl.IPV6_FORWARD nil -Write .sysconfig.sysctl.IPV6_FORWARD "no" true Write .etc.login_defs nil true Write .sysconfig.clock nil true Write .sysconfig.cron nil true @@ -73,7 +65,6 @@ Write .sysconfig.security nil true Write .sysconfig.services nil true Write .sysconfig.suseconfig nil true -Write .sysconfig.sysctl nil true Write .etc.inittab.ca ":ctrlaltdel:/bin/true" true Write .etc.inittab nil true Execute .target.bash "/sbin/telinit q" 0 @@ -84,6 +75,14 @@ Execute .target.bash_output "/usr/sbin/pam-config -a --cracklib-minlen=6" $[] Execute .target.bash_output "/usr/sbin/pam-config -d --pwhistory-remember" $[] Write .etc.default.passwd nil true +Read .etc.sysctl_conf."kernel.sysrq" nil +Write .etc.sysctl_conf."kernel.sysrq" "0" true +Read .etc.sysctl_conf."net.ipv4.ip_forward" nil +Write .etc.sysctl_conf."net.ipv4.ip_forward" "0" true +Read .etc.sysctl_conf."net.ipv4.tcp_syncookies" nil +Write .etc.sysctl_conf."net.ipv4.tcp_syncookies" "1" true +Read .etc.sysctl_conf."net.ipv6.conf.all.forwarding" nil +Write .etc.sysctl_conf."net.ipv6.conf.all.forwarding" "0" true Execute .target.bash "echo 0 > /proc/sys/kernel/sysrq" 0 Read .sysconfig.displaymanager.DISPLAYMANAGER "" Execute .target.bash "/sbin/SuSEconfig --module kde3" 0 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-security-2.21.1/testsuite/tests/Read.out new/yast2-security-2.21.2/testsuite/tests/Read.out --- old/yast2-security-2.21.1/testsuite/tests/Read.out 2011-07-20 10:59:24.000000000 +0200 +++ new/yast2-security-2.21.2/testsuite/tests/Read.out 2011-09-08 15:33:39.000000000 +0200 @@ -40,14 +40,6 @@ Read .sysconfig.suseconfig.CWD_IN_ROOT_PATH "r2" Read .target.size "/etc/sysconfig/suseconfig" 1 Read .sysconfig.suseconfig.CWD_IN_USER_PATH "r3" -Read .target.size "/etc/sysconfig/sysctl" 1 -Read .sysconfig.sysctl.ENABLE_SYSRQ "r8" -Read .target.size "/etc/sysconfig/sysctl" 1 -Read .sysconfig.sysctl.IP_TCP_SYNCOOKIES "r9" -Read .target.size "/etc/sysconfig/sysctl" 1 -Read .sysconfig.sysctl.IP_FORWARD "r10" -Read .target.size "/etc/sysconfig/sysctl" 1 -Read .sysconfig.sysctl.IPV6_FORWARD "r11" Dir .etc.inittab: ["ca"] Read .etc.inittab.ca ":ctrlaltdel:/sbin/shutdown -r -t 4 now" Read .etc.default.passwd."CRYPT_FILES" "blowfish" @@ -55,5 +47,9 @@ Read .etc.default.passwd.crypt "md5" Execute .target.bash_output "/usr/sbin/pam-config -q --cracklib" $[] Execute .target.bash_output "/usr/sbin/pam-config -q --pwhistory" $[] +Read .etc.sysctl_conf."kernel.sysrq" "r8" +Read .etc.sysctl_conf."net.ipv4.ip_forward" "r10" +Read .etc.sysctl_conf."net.ipv4.tcp_syncookies" "r9" +Read .etc.sysctl_conf."net.ipv6.conf.all.forwarding" "r11" Return true Dump sha512 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-security-2.21.1/testsuite/tests/Read.ycp new/yast2-security-2.21.2/testsuite/tests/Read.ycp --- old/yast2-security-2.21.1/testsuite/tests/Read.ycp 2011-07-20 10:59:17.000000000 +0200 +++ new/yast2-security-2.21.2/testsuite/tests/Read.ycp 2011-09-08 15:30:10.000000000 +0200 @@ -7,7 +7,7 @@ * Authors: * Michal Svec <[email protected]> * - * $Id: Read.ycp 57402 2009-06-02 20:40:08Z jsuchome $ + * $Id: Read.ycp 64909 2011-07-20 09:04:52Z jsuchome $ * * testedfiles: Security.ycp PamSettings.ycp Pam.ycp */ @@ -37,12 +37,6 @@ "locate" : $[ "RUN_UPDATEDB_AS" : "r7", ], - "sysctl" : $[ - "ENABLE_SYSRQ" : "r8", - "IP_TCP_SYNCOOKIES" : "r9", - "IP_FORWARD" : "r10", - "IPV6_FORWARD" : "r11", - ], "clock" : $[ "SYSTOHC" : "r12", ], @@ -82,6 +76,12 @@ "CRYPT_FILES" : "blowfish", ], ], + "sysctl_conf" : $[ + "kernel.sysrq" : "r8", + "net.ipv4.tcp_syncookies" : "r9", + "net.ipv4.ip_forward" : "r10", + "net.ipv6.conf.all.forwarding" : "r11", + ], ], "target" : $[ "size" : 1 ], "pam" : $[ "passwd" : $[ "password" : $[ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-security-2.21.1/testsuite/tests/Write.out new/yast2-security-2.21.2/testsuite/tests/Write.out --- old/yast2-security-2.21.1/testsuite/tests/Write.out 2011-07-20 10:55:16.000000000 +0200 +++ new/yast2-security-2.21.2/testsuite/tests/Write.out 2011-09-08 15:33:46.000000000 +0200 @@ -56,14 +56,6 @@ Write .sysconfig.suseconfig.CWD_IN_ROOT_PATH "r2" true Read .sysconfig.suseconfig.CWD_IN_USER_PATH nil Write .sysconfig.suseconfig.CWD_IN_USER_PATH "r2s" true -Read .sysconfig.sysctl.ENABLE_SYSRQ nil -Write .sysconfig.sysctl.ENABLE_SYSRQ "yes" true -Read .sysconfig.sysctl.IP_TCP_SYNCOOKIES nil -Write .sysconfig.sysctl.IP_TCP_SYNCOOKIES "r9" true -Read .sysconfig.sysctl.IP_FORWARD nil -Write .sysconfig.sysctl.IP_FORWARD "r10" true -Read .sysconfig.sysctl.IPV6_FORWARD nil -Write .sysconfig.sysctl.IPV6_FORWARD "r11" true Write .etc.login_defs nil true Write .sysconfig.clock nil true Write .sysconfig.cron nil true @@ -73,7 +65,6 @@ Write .sysconfig.security nil true Write .sysconfig.services nil true Write .sysconfig.suseconfig nil true -Write .sysconfig.sysctl nil true Write .etc.inittab.ca ":ctrlaltdel:/sbin/shutdown -r -t 4 now" true Write .etc.inittab nil true Execute .target.bash "/sbin/telinit q" 0 @@ -83,6 +74,14 @@ Execute .target.bash_output "/usr/sbin/pam-config -d --cracklib-minlen" $[] Execute .target.bash_output "/usr/sbin/pam-config -d --pwhistory-remember" $[] Write .etc.default.passwd nil true +Read .etc.sysctl_conf."kernel.sysrq" nil +Write .etc.sysctl_conf."kernel.sysrq" "1" true +Read .etc.sysctl_conf."net.ipv4.ip_forward" nil +Write .etc.sysctl_conf."net.ipv4.ip_forward" "10" true +Read .etc.sysctl_conf."net.ipv4.tcp_syncookies" nil +Write .etc.sysctl_conf."net.ipv4.tcp_syncookies" "9" true +Read .etc.sysctl_conf."net.ipv6.conf.all.forwarding" nil +Write .etc.sysctl_conf."net.ipv6.conf.all.forwarding" "11" true Execute .target.bash "echo 1 > /proc/sys/kernel/sysrq" 0 Read .sysconfig.displaymanager.DISPLAYMANAGER "" Execute .target.bash "/sbin/SuSEconfig --module kde3" 0 @@ -92,9 +91,9 @@ Execute .target.bash "/sbin/SuSEconfig --module profiles" 0 Execute .target.bash "/etc/init.d/dhcpd restart" 0 Execute .target.bash "/etc/init.d/dhcpd restart" 0 +Execute .target.bash "(test -e /etc/init.d/sendmail && /sbin/SuSEconfig --module sendmail && /etc/init.d/sendmail restart) || (test -e /etc/init.d/postfix && /sbin/SuSEconfig --module postfix && /etc/init.d/postfix restart)" 0 +Execute .target.bash "/etc/init.d/boot.clock start" 0 Execute .target.bash "/etc/init.d/boot.ipconfig start" 0 Execute .target.bash "/etc/init.d/boot.ipconfig start" 0 Execute .target.bash "/etc/init.d/boot.ipconfig start" 0 -Execute .target.bash "(test -e /etc/init.d/sendmail && /sbin/SuSEconfig --module sendmail && /etc/init.d/sendmail restart) || (test -e /etc/init.d/postfix && /sbin/SuSEconfig --module postfix && /etc/init.d/postfix restart)" 0 -Execute .target.bash "/etc/init.d/boot.clock start" 0 Return true diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-security-2.21.1/testsuite/tests/Write.ycp new/yast2-security-2.21.2/testsuite/tests/Write.ycp --- old/yast2-security-2.21.1/testsuite/tests/Write.ycp 2009-06-02 22:40:39.000000000 +0200 +++ new/yast2-security-2.21.2/testsuite/tests/Write.ycp 2011-09-08 15:32:07.000000000 +0200 @@ -24,7 +24,7 @@ "CWD_IN_USER_PATH" : "r2s", "DISPLAYMANAGER_REMOTE_ACCESS": "r4", "ENCRYPTION" : "md5", - "ENABLE_SYSRQ" : "yes", + "kernel.sysrq" : "1", "FAIL_DELAY" : "l2", "GID_MAX" : "l3", "GID_MIN" : "l4", @@ -50,9 +50,9 @@ "DISABLE_STOP_ON_REMOVAL" : "r14", "DISPLAYMANAGER_ROOT_LOGIN_REMOTE" : "r16", "DISPLAYMANAGER_XSERVER_TCP_PORT_6000_OPEN" : "r17", - "IP_TCP_SYNCOOKIES" : "r9", - "IP_FORWARD" : "r10", - "IPV6_FORWARD" : "r11", + "net.ipv4.tcp_syncookies" : "9", + "net.ipv4.ip_forward" : "10", + "net.ipv6.conf.all.forwarding" : "11", "SYSTOHC" : "r12", "SYSLOG_ON_NO_ERROR" : "r15", "SMTPD_LISTEN_REMOTE" : "r18", ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
