David Guntner writes:
> Well, I finally managed to get ML 9.0 installed on my box, thanks to lots of
> help from everyone here.
>
> However, it looks like a number of things have changed (I'm not entirely sure
> that they're all for the better, but that's just me :), and I'm having a
> number of problems. The most pressing, currently, is with msec. I was able
> to save my /etc directory to the Windows machine before doing the update that
> turned into an install, and I'm now trying to bring my configurations back
> across to the Linux machine.
>
> In /etc/security/msec, I have two files I'm bringing across: level.local and
> perm.local. In my level.local file, I have the following entries:
>
>
> from mseclib import *
>
> allow_reboot(1)
> allow_user_list(1)
> authorize_services(ALL)
> enable_at_crontab(1)
> password_aging(-1)
> set_shell_timeout(0)
> set_user_umask(22)
>
>
> This worked in 8.2. However, something seems to have been changed WRT the
> syntax that it wants to see. When I run msec to apply the changes, I get
> this:
>
> # msec
> Traceback (most recent call last):
> File "/usr/share/msec/msec.py", line 266, in ?
> commit_changes()
> File "/usr/share/msec/mseclib.py", line 24, in commit_changes
> apply(f[0], f[1])
> File "/usr/share/msec/libmsec.py", line 197, in set_user_umask
> set_umask('UMASK_USER', umask, 'users')
> File "/usr/share/msec/libmsec.py", line 184, in set_umask
> octal = int(umask, 8) | int(val, 8)
> TypeError: int() can't convert non-string with explicit base
Hint: can't convert non-string.
So you need a string:
set_user_umask('022')
> Can someone please let me know what this thing wants, so that I can have it
> actually apply the security condistions that I want to have on my machine?
> This thing is really killing me because I can't connect to the Linux box from
> other machine on the local network, because msec (set for level 4) isn't
> allowing connections from anywhere other than 127.0.0.1, and it keeps
> setting/changing file permissions and ownerships and so on to values that I
> don't want. And what's in my perm.local file doesn't come into play because
> it doesn't like what's in my level.local file. Any help would be
> appreciated!
Apparently, level 4 is too restrictive for you. Why don't you just
msec 3 or even 2, and then add some more secure modifications into
level.local instead of being annoyed by the perms and ownerships of
level 4.
HTH,
--KhoGuan Phuann
Want to buy your Pack or Services from MandrakeSoft?
Go to http://www.mandrakestore.com
