Hello community, here is the log from the commit of package yast2-security for openSUSE:12.3 checked in at 2013-02-11 15:14:49 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.3/yast2-security (Old) and /work/SRC/openSUSE:12.3/.yast2-security.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "yast2-security", Maintainer is "[email protected]" Changes: -------- --- /work/SRC/openSUSE:12.3/yast2-security/yast2-security.changes 2013-02-05 11:23:12.000000000 +0100 +++ /work/SRC/openSUSE:12.3/.yast2-security.new/yast2-security.changes 2013-02-11 15:14:51.000000000 +0100 @@ -1,0 +2,7 @@ +Wed Feb 6 15:46:02 CET 2013 - [email protected] + +- /etc/default/useradd is dropped (bnc#802006) +- adapted to changes of /etc/login.defs (bnc#802006) +- 2.23.2 + +------------------------------------------------------------------- Old: ---- yast2-security-2.23.1.tar.bz2 New: ---- yast2-security-2.23.2.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ yast2-security.spec ++++++ --- /var/tmp/diff_new_pack.iSURET/_old 2013-02-11 15:14:51.000000000 +0100 +++ /var/tmp/diff_new_pack.iSURET/_new 2013-02-11 15:14:51.000000000 +0100 @@ -17,7 +17,7 @@ Name: yast2-security -Version: 2.23.1 +Version: 2.23.2 Release: 0 BuildRoot: %{_tmppath}/%{name}-%{version}-build ++++++ yast2-security-2.23.1.tar.bz2 -> yast2-security-2.23.2.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-security-2.23.1/VERSION new/yast2-security-2.23.2/VERSION --- old/yast2-security-2.23.1/VERSION 2013-02-04 15:11:34.000000000 +0100 +++ new/yast2-security-2.23.2/VERSION 2013-02-06 16:31:40.000000000 +0100 @@ -1 +1 @@ -2.23.1 +2.23.2 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-security-2.23.1/configure new/yast2-security-2.23.2/configure --- old/yast2-security-2.23.1/configure 2013-02-04 15:11:45.000000000 +0100 +++ new/yast2-security-2.23.2/configure 2013-02-06 16:31:52.000000000 +0100 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for yast2-security 2.23.1. +# Generated by GNU Autoconf 2.69 for yast2-security 2.23.2. # # Report bugs to <http://bugs.opensuse.org/>. # @@ -579,8 +579,8 @@ # Identity of this package. PACKAGE_NAME='yast2-security' PACKAGE_TARNAME='yast2-security' -PACKAGE_VERSION='2.23.1' -PACKAGE_STRING='yast2-security 2.23.1' +PACKAGE_VERSION='2.23.2' +PACKAGE_STRING='yast2-security 2.23.2' PACKAGE_BUGREPORT='http://bugs.opensuse.org/' PACKAGE_URL='' @@ -1247,7 +1247,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures yast2-security 2.23.1 to adapt to many kinds of systems. +\`configure' configures yast2-security 2.23.2 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1318,7 +1318,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of yast2-security 2.23.1:";; + short | recursive ) echo "Configuration of yast2-security 2.23.2:";; esac cat <<\_ACEOF @@ -1398,7 +1398,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -yast2-security configure 2.23.1 +yast2-security configure 2.23.2 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -1415,7 +1415,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by yast2-security $as_me 2.23.1, which was +It was created by yast2-security $as_me 2.23.2, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -2354,7 +2354,7 @@ # Define the identity of the package. PACKAGE='yast2-security' - VERSION='2.23.1' + VERSION='2.23.2' cat >>confdefs.h <<_ACEOF @@ -2477,7 +2477,7 @@ -VERSION="2.23.1" +VERSION="2.23.2" RPMNAME="yast2-security" MAINTAINER="Jiri Suchomel <[email protected]>" @@ -3403,7 +3403,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by yast2-security $as_me 2.23.1, which was +This file was extended by yast2-security $as_me 2.23.2, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -3456,7 +3456,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -yast2-security config.status 2.23.1 +yast2-security config.status 2.23.2 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-security-2.23.1/configure.in new/yast2-security-2.23.2/configure.in --- old/yast2-security-2.23.1/configure.in 2013-02-04 15:11:42.000000000 +0100 +++ new/yast2-security-2.23.2/configure.in 2013-02-06 16:31:49.000000000 +0100 @@ -3,7 +3,7 @@ dnl -- This file is generated by y2autoconf 2.23.2 - DO NOT EDIT! -- dnl (edit configure.in.in instead) -AC_INIT(yast2-security, 2.23.1, http://bugs.opensuse.org/, yast2-security) +AC_INIT(yast2-security, 2.23.2, http://bugs.opensuse.org/, yast2-security) dnl Check for presence of file 'RPMNAME' AC_CONFIG_SRCDIR([RPMNAME]) @@ -18,7 +18,7 @@ AM_INIT_AUTOMAKE(tar-ustar -Wno-portability) dnl Important YaST2 variables -VERSION="2.23.1" +VERSION="2.23.2" RPMNAME="yast2-security" MAINTAINER="Jiri Suchomel <[email protected]>" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-security-2.23.1/src/Security.ycp new/yast2-security-2.23.2/src/Security.ycp --- old/yast2-security-2.23.1/src/Security.ycp 2013-02-04 15:11:34.000000000 +0100 +++ new/yast2-security-2.23.2/src/Security.ycp 2013-02-06 16:31:40.000000000 +0100 @@ -35,7 +35,6 @@ import "FileUtils"; import "Package"; import "Pam"; -import "PamSettings"; import "Progress"; import "Service"; @@ -56,7 +55,10 @@ // All other services should be turned off // systemd target, defining ctrl-alt-del behavior -string ctrl_alt_del_file = "/etc/systemd/system/ctrl-alt-del.target"; +const string ctrl_alt_del_file = "/etc/systemd/system/ctrl-alt-del.target"; + +// encryption methods supported by pam_unix (bnc#802006) +const list<string> encryption_methods = [ "des", "md5", "sha256", "sha512" ]; // return list of missing mandatory services in a runlevel global list<list<string> > MissingMandatoryServices(integer runlevel) @@ -159,10 +161,10 @@ "RUN_UPDATEDB_AS" : "nobody", "UID_MAX" : "60000", "UID_MIN" : "500", - "SYSTEM_UID_MAX" : "499", - "SYSTEM_UID_MIN" : "100", - "SYSTEM_GID_MAX" : "499", - "SYSTEM_GID_MIN" : "100", + "SYS_UID_MAX" : "499", + "SYS_UID_MIN" : "100", + "SYS_GID_MAX" : "499", + "SYS_GID_MIN" : "100", "USERADD_CMD" : "/usr/sbin/useradd.local", "USERDEL_PRECMD" : "/usr/sbin/userdel-pre.local", "USERDEL_POSTCMD" : "/usr/sbin/userdel-post.local", @@ -203,10 +205,10 @@ "PASS_WARN_AGE", "UID_MAX", "UID_MIN", - "SYSTEM_UID_MAX", - "SYSTEM_UID_MIN", - "SYSTEM_GID_MAX", - "SYSTEM_GID_MIN", + "SYS_UID_MAX", + "SYS_UID_MIN", + "SYS_GID_MAX", + "SYS_GID_MIN", "USERADD_CMD", "USERDEL_PRECMD", "USERDEL_POSTCMD", @@ -245,7 +247,7 @@ /** * Default values for /etc/sysctl.conf keys */ -map<string,string> sysctl = $[ +const map<string,string> sysctl = $[ "kernel.sysrq" : "0", "net.ipv4.tcp_syncookies" : "1", "net.ipv4.ip_forward" : "0", @@ -256,7 +258,7 @@ * Mapping of /etc/sysctl.conf keys to old (obsoleted) sysconfig ones * (used during autoYaST import */ -map<string,string> sysctl2sysconfig = $[ +const map<string,string> sysctl2sysconfig = $[ "kernel.sysrq" : "ENABLE_SYSRQ", "net.ipv4.tcp_syncookies" : "IP_TCP_SYNCOOKIES", "net.ipv4.ip_forward" : "IP_FORWARD", @@ -264,10 +266,21 @@ ]; /** + * Mapping of /etc/login.defs keys to old (obsoleted) ones + * (used during autoYaST import) + */ +const map<string,string> obsolete_login_defs = $[ + "SYS_UID_MAX" : "SYSTEM_UID_MAX", + "SYS_UID_MIN" : "SYSTEM_UID_MIN", + "SYS_GID_MAX" : "SYSTEM_GID_MAX", + "SYS_GID_MIN" : "SYSTEM_GID_MIN", +]; + +/** * mapping of internal YaST values to values needed for * org.freedesktop.upower.hibernate privilege */ -map<string,string> ycp2polkit = $[ +const map<string,string> ycp2polkit = $[ "active_console" : "auth_admin:auth_admin:yes", "auth_admin" : "auth_admin:auth_admin:auth_admin", "anyone" : "yes:yes:yes" @@ -277,7 +290,6 @@ * Remaining settings: * - CONSOLE_SHUTDOWN (/etc/inittab) * - PASSWD_ENCRYPTION (/etc/pam?) - * - GROUP_ENCRYPTION FIXME cannot be set * - RUNLEVEL3_MANDATORY_SERVICES * - RUNLEVEL5_MANDATORY_SERVICES * - RUNLEVEL3_EXTRA_SERVICES @@ -451,27 +463,12 @@ /* Read pam settings */ - // read the password hash settings - string method = PamSettings::GetDefaultValue ("CRYPT_FILES"); - // change old default to new default automatically - if (method == "blowfish") - { - y2milestone ("found 'blowfish', changing to new default 'sha512'"); - method = "sha512"; - modified = true; - } - if (method == nil || method == "" || - !contains (["des","md5","sha256","sha512"],method)) + string method = (string) SCR::Read (.etc.login_defs.ENCRYPT_METHOD); + if (method == nil || !contains (encryption_methods, tolower (method))) { - method = PamSettings::GetHashMethod (); - } - if (method == "" || !contains (["des","md5","sha256","sha512"],method)) - { - method = "sha512"; - modified = true; + method = "des"; } Settings["PASSWD_ENCRYPTION"] = method; - Settings["GROUP_ENCRYPTION"] = PamSettings::GetGroupHashMethod (); // cracklib and pwhistory settings Settings ["PASS_MIN_LEN"] = "5"; @@ -662,7 +659,10 @@ /* pam stuff */ string encr = Settings["PASSWD_ENCRYPTION"]:"sha512"; - PamSettings::SetDefaultValue ("CRYPT_FILES", encr); + if (encr != Settings_bak["PASSWD_ENCRYPTION"]:"") + { + SCR::Write (.etc.login_defs.ENCRYPT_METHOD, encr); + } // use cracklib? if(Settings["PASSWD_USE_CRACKLIB"]:"no" == "yes") { @@ -693,8 +693,6 @@ else Pam::Remove ("pwhistory-remember"); - PamSettings::Write (false); - // write local polkit settings if (Settings["HIBERNATE_SYSTEM"]:"" != Settings_bak["HIBERNATE_SYSTEM"]:"") { @@ -784,6 +782,10 @@ else tmpSettings[k] = val; } + else if (haskey (settings, obsolete_login_defs[k]:"")) + { + tmpSettings[k] = settings[obsolete_login_defs[k]:""]:""; + } else { tmpSettings[k] = v; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-security-2.23.1/src/levels.ycp new/yast2-security-2.23.2/src/levels.ycp --- old/yast2-security-2.23.1/src/levels.ycp 2013-01-22 11:59:45.000000000 +0100 +++ new/yast2-security-2.23.2/src/levels.ycp 2013-02-06 16:31:40.000000000 +0100 @@ -97,10 +97,10 @@ "RUN_UPDATEDB_AS" : "nobody", "UID_MAX" : "60000", "UID_MIN" : "1000", - "SYSTEM_UID_MAX" : "499", - "SYSTEM_UID_MIN" : "100", - "SYSTEM_GID_MAX" : "499", - "SYSTEM_GID_MIN" : "100", + "SYS_UID_MAX" : "499", + "SYS_UID_MIN" : "100", + "SYS_GID_MAX" : "499", + "SYS_GID_MIN" : "100", "USERADD_CMD" : "/usr/sbin/useradd.local", "USERDEL_PRECMD" : "/usr/sbin/userdel-pre.local", "USERDEL_POSTCMD" : "/usr/sbin/userdel-post.local", @@ -140,10 +140,10 @@ "RUN_UPDATEDB_AS" : "nobody", "UID_MAX" : "60000", "UID_MIN" : "1000", - "SYSTEM_UID_MAX" : "499", - "SYSTEM_UID_MIN" : "100", - "SYSTEM_GID_MAX" : "499", - "SYSTEM_GID_MIN" : "100", + "SYS_UID_MAX" : "499", + "SYS_UID_MIN" : "100", + "SYS_GID_MAX" : "499", + "SYS_GID_MIN" : "100", "USERADD_CMD" : "/usr/sbin/useradd.local", "USERDEL_PRECMD" : "/usr/sbin/userdel-pre.local", "USERDEL_POSTCMD" : "/usr/sbin/userdel-post.local", @@ -183,10 +183,10 @@ "RUN_UPDATEDB_AS" : "nobody", "UID_MAX" : "60000", "UID_MIN" : "1000", - "SYSTEM_UID_MAX" : "499", - "SYSTEM_UID_MIN" : "100", - "SYSTEM_GID_MAX" : "499", - "SYSTEM_GID_MIN" : "100", + "SYS_UID_MAX" : "499", + "SYS_UID_MIN" : "100", + "SYS_GID_MAX" : "499", + "SYS_GID_MIN" : "100", "USERADD_CMD" : "/usr/sbin/useradd.local", "USERDEL_PRECMD" : "/usr/sbin/userdel-pre.local", "USERDEL_POSTCMD" : "/usr/sbin/userdel-post.local", diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-security-2.23.1/testsuite/tests/Import.out new/yast2-security-2.23.2/testsuite/tests/Import.out --- old/yast2-security-2.23.1/testsuite/tests/Import.out 2013-01-22 11:59:45.000000000 +0100 +++ new/yast2-security-2.23.2/testsuite/tests/Import.out 2013-02-06 16:31:40.000000000 +0100 @@ -1,2 +1,6 @@ Return true -Dump $["CONSOLE_SHUTDOWN":"reboot", "CRACKLIB_DICT_PATH":"/usr/lib/cracklib_dict", "CWD_IN_ROOT_PATH":"r2", "CWD_IN_USER_PATH":"r2s", "DISABLE_RESTART_ON_UPDATE":"r13", "DISABLE_STOP_ON_REMOVAL":"r14", "DISPLAYMANAGER_REMOTE_ACCESS":"r4", "DISPLAYMANAGER_ROOT_LOGIN_REMOTE":"r16", "DISPLAYMANAGER_SHUTDOWN":"r3", "DISPLAYMANAGER_XSERVER_TCP_PORT_6000_OPEN":"r17", "FAIL_DELAY":"l2", "GID_MAX":"l3", "GID_MIN":"l4", "GROUP_ENCRYPTION":"md5", "HIBERNATE_SYSTEM":"active_console", "LASTLOG_ENAB":"l5", "PASSWD_ENCRYPTION":"sha512", "PASSWD_REMEMBER_HISTORY":"0", "PASSWD_USE_CRACKLIB":"yes", "PASS_MAX_DAYS":"l7", "PASS_MIN_DAYS":"l9", "PASS_MIN_LEN":"l10", "PASS_WARN_AGE":"l11", "PERMISSION_SECURITY":"r5", "RUNLEVEL3_EXTRA_SERVICES":"no", "RUNLEVEL3_MANDATORY_SERVICES":"yes", "RUNLEVEL5_EXTRA_SERVICES":"no", "RUNLEVEL5_MANDATORY_SERVICES":"yes", "RUN_UPDATEDB_AS":"r7", "SMTPD_LISTEN_REMOTE":"no", "SYSLOG_ON_NO_ERROR":"yes", "SYSTEM_GID_MAX":"l16", "SYSTEM_GID_MIN":"l17", "SYSTEM_UID_MAX":"l14", "SYSTEM_UID_MIN":"l15", "SYSTOHC":"yes", "UID_MAX":"l12", "UID_MIN":"l13", "USERADD_CMD":"l18", "USERDEL_POSTCMD":"l20", "USERDEL_PRECMD":"l19", "kernel.sysrq":"1", "net.ipv4.ip_forward":"0", "net.ipv4.tcp_syncookies":"1", "net.ipv6.conf.all.forwarding":"1"] +Dump $["CONSOLE_SHUTDOWN":"reboot", "CRACKLIB_DICT_PATH":"/usr/lib/cracklib_dict", "CWD_IN_ROOT_PATH":"r2", "CWD_IN_USER_PATH":"r2s", "DISABLE_RESTART_ON_UPDATE":"r13", "DISABLE_STOP_ON_REMOVAL":"r14", "DISPLAYMANAGER_REMOTE_ACCESS":"r4", "DISPLAYMANAGER_ROOT_LOGIN_REMOTE":"r16", "DISPLAYMANAGER_SHUTDOWN":"r3", "DISPLAYMANAGER_XSERVER_TCP_PORT_6000_OPEN":"r17", "FAIL_DELAY":"l2", "GID_MAX":"l3", "GID_MIN":"l4", "GROUP_ENCRYPTION":"md5", "HIBERNATE_SYSTEM":"active_console", "LASTLOG_ENAB":"l5", "PASSWD_ENCRYPTION":"sha512", "PASSWD_REMEMBER_HISTORY":"0", "PASSWD_USE_CRACKLIB":"yes", "PASS_MAX_DAYS":"l7", "PASS_MIN_DAYS":"l9", "PASS_MIN_LEN":"l10", "PASS_WARN_AGE":"l11", "PERMISSION_SECURITY":"r5", "RUNLEVEL3_EXTRA_SERVICES":"no", "RUNLEVEL3_MANDATORY_SERVICES":"yes", "RUNLEVEL5_EXTRA_SERVICES":"no", "RUNLEVEL5_MANDATORY_SERVICES":"yes", "RUN_UPDATEDB_AS":"r7", "SMTPD_LISTEN_REMOTE":"no", "SYSLOG_ON_NO_ERROR":"yes", "SYSTOHC":"yes", "SYS_GID_MAX":"l16", "SYS_GID_MIN":"l17", "SYS_UID_MAX":"l14", "SYS_UID_MIN":"l15", "UID_MAX":"l12", "UID_MIN":"l13", "USERADD_CMD":"l18", "USERDEL_POSTCMD":"l20", "USERDEL_PRECMD":"l19", "kernel.sysrq":"1", "net.ipv4.ip_forward":"0", "net.ipv4.tcp_syncookies":"1", "net.ipv6.conf.all.forwarding":"1"] +Dump l15 +Dump l14 +Dump l17 +Dump l16 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-security-2.23.1/testsuite/tests/Import.ycp new/yast2-security-2.23.2/testsuite/tests/Import.ycp --- old/yast2-security-2.23.1/testsuite/tests/Import.ycp 2013-01-22 11:59:45.000000000 +0100 +++ new/yast2-security-2.23.2/testsuite/tests/Import.ycp 2013-02-06 16:31:40.000000000 +0100 @@ -39,10 +39,10 @@ "RUN_UPDATEDB_AS" : "r7", "UID_MAX" : "l12", "UID_MIN" : "l13", - "SYSTEM_UID_MAX" : "l14", + "SYSTEM_UID_MAX" : "l14",// old syntax "SYSTEM_UID_MIN" : "l15", - "SYSTEM_GID_MAX" : "l16", - "SYSTEM_GID_MIN" : "l17", + "SYS_GID_MAX" : "l16", + "SYS_GID_MIN" : "l17", "USERADD_CMD" : "l18", "USERDEL_PRECMD" : "l19", "USERDEL_POSTCMD" : "l20", @@ -72,4 +72,9 @@ DUMP(Security::Settings); +DUMP(Security::Settings["SYS_UID_MIN"]:""); +DUMP(Security::Settings["SYS_UID_MAX"]:""); +DUMP(Security::Settings["SYS_GID_MIN"]:""); +DUMP(Security::Settings["SYS_GID_MAX"]:""); + } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-security-2.23.1/testsuite/tests/Level1.out new/yast2-security-2.23.2/testsuite/tests/Level1.out --- old/yast2-security-2.23.1/testsuite/tests/Level1.out 2013-02-04 15:11:34.000000000 +0100 +++ new/yast2-security-2.23.2/testsuite/tests/Level1.out 2013-02-06 16:31:40.000000000 +0100 @@ -16,14 +16,14 @@ Write .etc.login_defs.UID_MAX "60000" true Read .etc.login_defs.UID_MIN nil Write .etc.login_defs.UID_MIN "1000" true -Read .etc.login_defs.SYSTEM_UID_MAX nil -Write .etc.login_defs.SYSTEM_UID_MAX "499" true -Read .etc.login_defs.SYSTEM_UID_MIN nil -Write .etc.login_defs.SYSTEM_UID_MIN "100" true -Read .etc.login_defs.SYSTEM_GID_MAX nil -Write .etc.login_defs.SYSTEM_GID_MAX "499" true -Read .etc.login_defs.SYSTEM_GID_MIN nil -Write .etc.login_defs.SYSTEM_GID_MIN "100" true +Read .etc.login_defs.SYS_UID_MAX nil +Write .etc.login_defs.SYS_UID_MAX "499" true +Read .etc.login_defs.SYS_UID_MIN nil +Write .etc.login_defs.SYS_UID_MIN "100" true +Read .etc.login_defs.SYS_GID_MAX nil +Write .etc.login_defs.SYS_GID_MAX "499" true +Read .etc.login_defs.SYS_GID_MIN nil +Write .etc.login_defs.SYS_GID_MIN "100" true Read .etc.login_defs.USERADD_CMD nil Write .etc.login_defs.USERADD_CMD "/usr/sbin/useradd.local" true Read .etc.login_defs.USERDEL_PRECMD nil @@ -66,12 +66,9 @@ Write .sysconfig.services nil true Write .sysconfig.suseconfig nil true Execute .target.remove "/etc/systemd/system/ctrl-alt-del.target" 0 -Read .etc.default.passwd."CRYPT_FILES" nil -Write .etc.default.passwd."CRYPT_FILES" "sha512" true Execute .target.bash_output "/usr/sbin/pam-config -a --cracklib" $[] Execute .target.bash_output "/usr/sbin/pam-config -d --cracklib-minlen" $[] Execute .target.bash_output "/usr/sbin/pam-config -d --pwhistory-remember" $[] -Write .etc.default.passwd nil true Read .etc.sysctl_conf."kernel.sysrq" nil Write .etc.sysctl_conf."kernel.sysrq" "1" true Read .etc.sysctl_conf."net.ipv4.ip_forward" nil diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-security-2.23.1/testsuite/tests/Level2.out new/yast2-security-2.23.2/testsuite/tests/Level2.out --- old/yast2-security-2.23.1/testsuite/tests/Level2.out 2013-02-04 15:11:34.000000000 +0100 +++ new/yast2-security-2.23.2/testsuite/tests/Level2.out 2013-02-06 16:31:40.000000000 +0100 @@ -16,14 +16,14 @@ Write .etc.login_defs.UID_MAX "60000" true Read .etc.login_defs.UID_MIN nil Write .etc.login_defs.UID_MIN "1000" true -Read .etc.login_defs.SYSTEM_UID_MAX nil -Write .etc.login_defs.SYSTEM_UID_MAX "499" true -Read .etc.login_defs.SYSTEM_UID_MIN nil -Write .etc.login_defs.SYSTEM_UID_MIN "100" true -Read .etc.login_defs.SYSTEM_GID_MAX nil -Write .etc.login_defs.SYSTEM_GID_MAX "499" true -Read .etc.login_defs.SYSTEM_GID_MIN nil -Write .etc.login_defs.SYSTEM_GID_MIN "100" true +Read .etc.login_defs.SYS_UID_MAX nil +Write .etc.login_defs.SYS_UID_MAX "499" true +Read .etc.login_defs.SYS_UID_MIN nil +Write .etc.login_defs.SYS_UID_MIN "100" true +Read .etc.login_defs.SYS_GID_MAX nil +Write .etc.login_defs.SYS_GID_MAX "499" true +Read .etc.login_defs.SYS_GID_MIN nil +Write .etc.login_defs.SYS_GID_MIN "100" true Read .etc.login_defs.USERADD_CMD nil Write .etc.login_defs.USERADD_CMD "/usr/sbin/useradd.local" true Read .etc.login_defs.USERDEL_PRECMD nil @@ -66,12 +66,9 @@ Write .sysconfig.services nil true Write .sysconfig.suseconfig nil true Execute .target.bash "ln -s -f /dev/null /etc/systemd/system/ctrl-alt-del.target" 0 -Read .etc.default.passwd."CRYPT_FILES" nil -Write .etc.default.passwd."CRYPT_FILES" "sha512" true Execute .target.bash_output "/usr/sbin/pam-config -a --cracklib" $[] Execute .target.bash_output "/usr/sbin/pam-config -d --cracklib-minlen" $[] Execute .target.bash_output "/usr/sbin/pam-config -d --pwhistory-remember" $[] -Write .etc.default.passwd nil true Read .etc.sysctl_conf."kernel.sysrq" nil Write .etc.sysctl_conf."kernel.sysrq" "0" true Read .etc.sysctl_conf."net.ipv4.ip_forward" nil diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-security-2.23.1/testsuite/tests/Level3.out new/yast2-security-2.23.2/testsuite/tests/Level3.out --- old/yast2-security-2.23.1/testsuite/tests/Level3.out 2013-02-04 15:11:34.000000000 +0100 +++ new/yast2-security-2.23.2/testsuite/tests/Level3.out 2013-02-06 16:31:40.000000000 +0100 @@ -16,14 +16,14 @@ Write .etc.login_defs.UID_MAX "60000" true Read .etc.login_defs.UID_MIN nil Write .etc.login_defs.UID_MIN "1000" true -Read .etc.login_defs.SYSTEM_UID_MAX nil -Write .etc.login_defs.SYSTEM_UID_MAX "499" true -Read .etc.login_defs.SYSTEM_UID_MIN nil -Write .etc.login_defs.SYSTEM_UID_MIN "100" true -Read .etc.login_defs.SYSTEM_GID_MAX nil -Write .etc.login_defs.SYSTEM_GID_MAX "499" true -Read .etc.login_defs.SYSTEM_GID_MIN nil -Write .etc.login_defs.SYSTEM_GID_MIN "100" true +Read .etc.login_defs.SYS_UID_MAX nil +Write .etc.login_defs.SYS_UID_MAX "499" true +Read .etc.login_defs.SYS_UID_MIN nil +Write .etc.login_defs.SYS_UID_MIN "100" true +Read .etc.login_defs.SYS_GID_MAX nil +Write .etc.login_defs.SYS_GID_MAX "499" true +Read .etc.login_defs.SYS_GID_MIN nil +Write .etc.login_defs.SYS_GID_MIN "100" true Read .etc.login_defs.USERADD_CMD nil Write .etc.login_defs.USERADD_CMD "/usr/sbin/useradd.local" true Read .etc.login_defs.USERDEL_PRECMD nil @@ -66,13 +66,10 @@ Write .sysconfig.services nil true Write .sysconfig.suseconfig nil true Execute .target.bash "ln -s -f /dev/null /etc/systemd/system/ctrl-alt-del.target" 0 -Read .etc.default.passwd."CRYPT_FILES" nil -Write .etc.default.passwd."CRYPT_FILES" "sha512" true Execute .target.bash_output "/usr/sbin/pam-config -a --cracklib" $[] Execute .target.bash_output "/usr/sbin/pam-config -a --cracklib" $[] Execute .target.bash_output "/usr/sbin/pam-config -a --cracklib-minlen=6" $[] Execute .target.bash_output "/usr/sbin/pam-config -d --pwhistory-remember" $[] -Write .etc.default.passwd nil true Read .etc.sysctl_conf."kernel.sysrq" nil Write .etc.sysctl_conf."kernel.sysrq" "0" true Read .etc.sysctl_conf."net.ipv4.ip_forward" nil diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-security-2.23.1/testsuite/tests/Read.out new/yast2-security-2.23.2/testsuite/tests/Read.out --- old/yast2-security-2.23.1/testsuite/tests/Read.out 2013-01-22 11:59:45.000000000 +0100 +++ new/yast2-security-2.23.2/testsuite/tests/Read.out 2013-02-06 16:31:40.000000000 +0100 @@ -7,10 +7,10 @@ Read .etc.login_defs.PASS_WARN_AGE "l11" Read .etc.login_defs.UID_MAX "l12" Read .etc.login_defs.UID_MIN "l13" -Read .etc.login_defs.SYSTEM_UID_MAX "l14" -Read .etc.login_defs.SYSTEM_UID_MIN "l15" -Read .etc.login_defs.SYSTEM_GID_MAX "l16" -Read .etc.login_defs.SYSTEM_GID_MIN "l17" +Read .etc.login_defs.SYS_UID_MAX nil +Read .etc.login_defs.SYS_UID_MIN nil +Read .etc.login_defs.SYS_GID_MAX nil +Read .etc.login_defs.SYS_GID_MIN nil Read .etc.login_defs.USERADD_CMD "l18" Read .etc.login_defs.USERDEL_PRECMD "l19" Read .etc.login_defs.USERDEL_POSTCMD "l20" @@ -41,9 +41,60 @@ Read .target.size "/etc/sysconfig/suseconfig" 1 Read .sysconfig.suseconfig.CWD_IN_USER_PATH "r3" Read .target.symlink "/etc/systemd/system/ctrl-alt-del.target" nil -Read .etc.default.passwd."CRYPT_FILES" "blowfish" -Read .etc.default.passwd.group_crypt nil -Read .etc.default.passwd.crypt "md5" +Read .etc.login_defs.ENCRYPT_METHOD "garbage" +Execute .target.bash_output "/usr/sbin/pam-config -q --cracklib" $[] +Execute .target.bash_output "/usr/sbin/pam-config -q --pwhistory" $[] +Read .etc.polkit-default-privs_local."org.freedesktop.upower.hibernate" "r12" +Read .etc.sysctl_conf."kernel.sysrq" "r8" +Read .etc.sysctl_conf."net.ipv4.ip_forward" "r10" +Read .etc.sysctl_conf."net.ipv4.tcp_syncookies" "r9" +Read .etc.sysctl_conf."net.ipv6.conf.all.forwarding" "r11" +Return true +Dump des +Read .etc.login_defs.FAIL_DELAY "l2" +Read .etc.login_defs.GID_MAX "l3" +Read .etc.login_defs.GID_MIN "l4" +Read .etc.login_defs.LASTLOG_ENAB "l5" +Read .etc.login_defs.PASS_MAX_DAYS "l7" +Read .etc.login_defs.PASS_MIN_DAYS "l9" +Read .etc.login_defs.PASS_WARN_AGE "l11" +Read .etc.login_defs.UID_MAX "l12" +Read .etc.login_defs.UID_MIN "l13" +Read .etc.login_defs.SYS_UID_MAX nil +Read .etc.login_defs.SYS_UID_MIN nil +Read .etc.login_defs.SYS_GID_MAX nil +Read .etc.login_defs.SYS_GID_MIN nil +Read .etc.login_defs.USERADD_CMD "l18" +Read .etc.login_defs.USERDEL_PRECMD "l19" +Read .etc.login_defs.USERDEL_POSTCMD "l20" +Read .target.size "/etc/sysconfig/clock" 1 +Read .sysconfig.clock.SYSTOHC "r12" +Read .target.size "/etc/sysconfig/cron" 1 +Read .sysconfig.cron.SYSLOG_ON_NO_ERROR "r15" +Read .target.size "/etc/sysconfig/displaymanager" 1 +Read .sysconfig.displaymanager.DISPLAYMANAGER_REMOTE_ACCESS "r9" +Read .target.size "/etc/sysconfig/displaymanager" 1 +Read .sysconfig.displaymanager.DISPLAYMANAGER_ROOT_LOGIN_REMOTE "r16" +Read .target.size "/etc/sysconfig/displaymanager" 1 +Read .sysconfig.displaymanager.DISPLAYMANAGER_XSERVER_TCP_PORT_6000_OPEN "r17" +Read .target.size "/etc/sysconfig/displaymanager" 1 +Read .sysconfig.displaymanager.DISPLAYMANAGER_SHUTDOWN "r3" +Read .target.size "/etc/sysconfig/locate" 1 +Read .sysconfig.locate.RUN_UPDATEDB_AS "r7" +Read .target.size "/etc/sysconfig/mail" 1 +Read .sysconfig.mail.SMTPD_LISTEN_REMOTE "r18" +Read .target.size "/etc/sysconfig/security" 1 +Read .sysconfig.security.PERMISSION_SECURITY "paranoid" +Read .target.size "/etc/sysconfig/services" 1 +Read .sysconfig.services.DISABLE_RESTART_ON_UPDATE nil +Read .target.size "/etc/sysconfig/services" 1 +Read .sysconfig.services.DISABLE_STOP_ON_REMOVAL nil +Read .target.size "/etc/sysconfig/suseconfig" 1 +Read .sysconfig.suseconfig.CWD_IN_ROOT_PATH "r2" +Read .target.size "/etc/sysconfig/suseconfig" 1 +Read .sysconfig.suseconfig.CWD_IN_USER_PATH "r3" +Read .target.symlink "/etc/systemd/system/ctrl-alt-del.target" nil +Read .etc.login_defs.ENCRYPT_METHOD "sha512" Execute .target.bash_output "/usr/sbin/pam-config -q --cracklib" $[] Execute .target.bash_output "/usr/sbin/pam-config -q --pwhistory" $[] Read .etc.polkit-default-privs_local."org.freedesktop.upower.hibernate" "r12" @@ -52,4 +103,3 @@ Read .etc.sysctl_conf."net.ipv4.tcp_syncookies" "r9" Read .etc.sysctl_conf."net.ipv6.conf.all.forwarding" "r11" Return true -Dump sha512 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-security-2.23.1/testsuite/tests/Read.ycp new/yast2-security-2.23.2/testsuite/tests/Read.ycp --- old/yast2-security-2.23.1/testsuite/tests/Read.ycp 2013-01-22 11:59:45.000000000 +0100 +++ new/yast2-security-2.23.2/testsuite/tests/Read.ycp 2013-02-06 16:31:40.000000000 +0100 @@ -66,16 +66,11 @@ "USERADD_CMD" : "l18", "USERDEL_PRECMD" : "l19", "USERDEL_POSTCMD" : "l20", + "ENCRYPT_METHOD" : "garbage", ], "inittab" : $[ "ca" : ":ctrlaltdel:/sbin/shutdown -r -t 4 now" ], - "default" : $[ - "passwd" : $[ - "crypt" : "md5", - "CRYPT_FILES" : "blowfish", - ], - ], "sysctl_conf" : $[ "kernel.sysrq" : "r8", "net.ipv4.tcp_syncookies" : "r9", @@ -105,7 +100,10 @@ ]; Testsuite::Test (``(Security::Read()),[scr_info,$[],E],nil); -// read blowfish, changed to sha512 +// read garbage, changed to des Testsuite::Dump (Security::Settings["PASSWD_ENCRYPTION"]:nil); +scr_info["etc","login_defs","ENCRYPT_METHOD"] = "sha512"; +Testsuite::Test (``(Security::Read()),[scr_info,$[],E],nil); + } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-security-2.23.1/testsuite/tests/Write.out new/yast2-security-2.23.2/testsuite/tests/Write.out --- old/yast2-security-2.23.1/testsuite/tests/Write.out 2013-02-04 15:11:34.000000000 +0100 +++ new/yast2-security-2.23.2/testsuite/tests/Write.out 2013-02-06 16:31:40.000000000 +0100 @@ -16,14 +16,14 @@ Write .etc.login_defs.UID_MAX "l12" true Read .etc.login_defs.UID_MIN nil Write .etc.login_defs.UID_MIN "l13" true -Read .etc.login_defs.SYSTEM_UID_MAX nil -Write .etc.login_defs.SYSTEM_UID_MAX "l14" true -Read .etc.login_defs.SYSTEM_UID_MIN nil -Write .etc.login_defs.SYSTEM_UID_MIN "l15" true -Read .etc.login_defs.SYSTEM_GID_MAX nil -Write .etc.login_defs.SYSTEM_GID_MAX "l16" true -Read .etc.login_defs.SYSTEM_GID_MIN nil -Write .etc.login_defs.SYSTEM_GID_MIN "l17" true +Read .etc.login_defs.SYS_UID_MAX nil +Write .etc.login_defs.SYS_UID_MAX "" true +Read .etc.login_defs.SYS_UID_MIN nil +Write .etc.login_defs.SYS_UID_MIN "" true +Read .etc.login_defs.SYS_GID_MAX nil +Write .etc.login_defs.SYS_GID_MAX "" true +Read .etc.login_defs.SYS_GID_MIN nil +Write .etc.login_defs.SYS_GID_MIN "" true Read .etc.login_defs.USERADD_CMD nil Write .etc.login_defs.USERADD_CMD "l18" true Read .etc.login_defs.USERDEL_PRECMD nil @@ -66,12 +66,9 @@ Write .sysconfig.services nil true Write .sysconfig.suseconfig nil true Execute .target.bash "ln -s -f /lib/systemd/system/poweroff.target /etc/systemd/system/ctrl-alt-del.target" 0 -Read .etc.default.passwd."CRYPT_FILES" nil -Write .etc.default.passwd."CRYPT_FILES" "sha512" true Execute .target.bash_output "/usr/sbin/pam-config -d --cracklib" $[] Execute .target.bash_output "/usr/sbin/pam-config -d --cracklib-minlen" $[] Execute .target.bash_output "/usr/sbin/pam-config -d --pwhistory-remember" $[] -Write .etc.default.passwd nil true Write .etc.polkit-default-privs_local."org.freedesktop.upower.hibernate" "r21" true Read .etc.sysctl_conf."kernel.sysrq" nil Write .etc.sysctl_conf."kernel.sysrq" "1" true -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
