Hi:
I am using Embperl With Mandrake 10 and i donot have any problem, you can run
level 5 without starting X, but you need to remove S30dm from rc's
directories.
I hope this helps to you.
Carlos Kassab
El Lun 03 May 2004 15:48, Brian Schoenhofer escribió:
> Does anyone use Mandrake and Embperl? I'm using Embperl 2.0b9, Apache
> 2.0.47 and mod_perl 1.99_09.
>
> Mandrake has a tool called msec that takes a security level from 1 to 5
> (5 being the most secure) and changes file permissions and running
> services etc. to make the system more or less secure. When I am set at
> level 3 Embperl works fine. When set to level 4 I have a problem. I've
> got base.epl including header.html, content (Execute('*')) and
> footer.html. All works correctly except a one liner in footer.html that
> shows the system uptime like so:
>
> [- @uptime = split /,/, `uptime`; -]
>
> and then
>
> [+ $uptime[0] +] [+ $uptime[1] +]
>
> in the body. It seems the `uptime` call doesn't work. I looked in
> various logs but couldn't find any clues.
>
> Can anyone point me in the right direction? I've pasted a couple of
> tables from Mandrakes website describing the type of security changes
> for the different levels. You may get some idea of what changes just by
> the names below. Again, my problem shows up when switching from level 3
> to 4.
>
> Thanks.
> Level 0 1 2 3 4 5
> root umask
> 002
> 002
> 022
> 022
> 022
> 077
> User umask
> 002
> 002
> 022
> 022
> 077
> 077
> Shell
> timeout
> 0
> 0
> 0
> 0
> 3600
> 900
> Deny
> Services
> none
> none
> none
> none
> local
> all
> su Only
> For wheel
> Group
> no
> no
> no
> no
> no
> yes
> Shell
> History
> Size
> default
> default
> default
> default
> 10
> 10
> Direct
> root Login
> yes
> yes
> yes
> yes
> no
> no
> sulogin
> For Single
> User
> no
> no
> no
> no
> yes
> yes
> User List
> in [kg]dm
> yes
> yes
> yes
> yes
> no
> no
> Ignore
> ICMP Echo
> no
> no
> no
> no
> yes
> yes
> Ignore
> Bogus
> Error
> Responses
> no
> no
> no
> no
> yes
> yes
> Allow
> Reboot by
> User
> yes
> yes
> yes
> yes
> no
> no
> Allow
> crontab/at
> yes
> yes
> yes
> yes
> no
> no
> Password
> Aging
> no
> no
> no
> no
> 60 days
> 30 days
> Password
> Required
> no
> yes
> yes
> yes
> yes
> yes
> Allow
> Autologin
> yes
> yes
> yes
> no
> no
> no
> Console
> Log
> no
> no
> no
> yes
> yes
> yes
> Warnings
> in syslog
> no
> no
> yes
> yes
> yes
> yes
> Warnings
> in
> security.log
> no
> yes
> yes
> yes
> yes
> yes
> Issues
> yes
> yes
> yes
> local
> local
> no
> IP
> Spoofing
> Protection
> no
> no
> no
> yes
> yes
> yes
> Log
> Strange IP
> Packets
> no
> no
> no
> yes
> yes
> yes
> Periodic
> Security
> Check
> no
> yes
> yes
> yes
> yes
> yes
> Allow X
> TCP
> Connections
> yes
> local
> local
> local
> no
> no
> Connect to
> X Display
> all
> localhost
> localhost
> localhost
> localhost
> no
> "." in
> $PATH
> yes
> yes
> no
> no
> no
> no
> Run msec
> tests via
> cron
> no
> no
> no
> some
> yes
> yes
>
> The following table shows the periodic checks that msec performs for the
> various security levels:
>
>
> Level 0
> Level 1
> Level 2
> Level 3
> Level 4
> Level 5
> CHECK_SECURITY
> no
> yes
> yes
> yes
> yes
> yes
> CHECK_PERMS
> no
> no
> no
> yes
> yes
> yes
> CHECK_SUID_ROOT
> no
> no
> yes
> yes
> yes
> yes
> CHECK_SUID_MD5
> no
> no
> yes
> yes
> yes
> yes
> CHECK_SUID_GROUP
> no
> no
> no
> yes
> yes
> yes
> CHECK_WRITEABLE
> no
> no
> yes
> yes
> yes
> yes
> CHECK_UNOWNED
> no
> no
> no
> yes
> yes
> yes
> CHECK_PROMISC
> no
> no
> no
> yes
> yes
> yes
> CHECK_OPEN_PORT
> no
> no
> no
> yes
> yes
> yes
> CHECK_PASSWD
> no
> no
> no
> yes
> yes
> yes
> CHECK_SHADOW
> no
> no
> no
> yes
> yes
> yes
> TTY_WARN
> no
> no
> no
> no
> yes
> yes
> MAIL_WARN
> no
> no
> no
> yes
> yes
> yes
> SYSLOG_WARN
> no
> no
> yes
> yes
> yes
> yes
> RPM_CHECK
> no
> no
> no
> yes
> yes
> yes
> CHKROOTKIT_CHECK
> no
> no
> no
> yes
> yes
> yes
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
