You are viewing a plain text version of this content. The canonical link for it is here.
Posted to embperl@perl.apache.org by Brian Schoenhofer <br...@schoenhofer.ca> on 2004/05/03 22:48:12 UTC
Mandrake msec disables Embperl
Does anyone use Mandrake and Embperl? I'm using Embperl 2.0b9, Apache
2.0.47 and mod_perl 1.99_09.
Mandrake has a tool called msec that takes a security level from 1 to 5
(5 being the most secure) and changes file permissions and running
services etc. to make the system more or less secure. When I am set at
level 3 Embperl works fine. When set to level 4 I have a problem. I've
got base.epl including header.html, content (Execute('*')) and
footer.html. All works correctly except a one liner in footer.html that
shows the system uptime like so:
[- @uptime = split /,/, `uptime`; -]
and then
[+ $uptime[0] +] [+ $uptime[1] +]
in the body. It seems the `uptime` call doesn't work. I looked in
various logs but couldn't find any clues.
Can anyone point me in the right direction? I've pasted a couple of
tables from Mandrakes website describing the type of security changes
for the different levels. You may get some idea of what changes just by
the names below. Again, my problem shows up when switching from level 3
to 4.
Thanks.
Level 0 1 2 3 4 5
root umask
002
002
022
022
022
077
User umask
002
002
022
022
077
077
Shell
timeout
0
0
0
0
3600
900
Deny
Services
none
none
none
none
local
all
su Only
For wheel
Group
no
no
no
no
no
yes
Shell
History
Size
default
default
default
default
10
10
Direct
root Login
yes
yes
yes
yes
no
no
sulogin
For Single
User
no
no
no
no
yes
yes
User List
in [kg]dm
yes
yes
yes
yes
no
no
Ignore
ICMP Echo
no
no
no
no
yes
yes
Ignore
Bogus
Error
Responses
no
no
no
no
yes
yes
Allow
Reboot by
User
yes
yes
yes
yes
no
no
Allow
crontab/at
yes
yes
yes
yes
no
no
Password
Aging
no
no
no
no
60 days
30 days
Password
Required
no
yes
yes
yes
yes
yes
Allow
Autologin
yes
yes
yes
no
no
no
Console
Log
no
no
no
yes
yes
yes
Warnings
in syslog
no
no
yes
yes
yes
yes
Warnings
in
security.log
no
yes
yes
yes
yes
yes
Issues
yes
yes
yes
local
local
no
IP
Spoofing
Protection
no
no
no
yes
yes
yes
Log
Strange IP
Packets
no
no
no
yes
yes
yes
Periodic
Security
Check
no
yes
yes
yes
yes
yes
Allow X
TCP
Connections
yes
local
local
local
no
no
Connect to
X Display
all
localhost
localhost
localhost
localhost
no
"." in
$PATH
yes
yes
no
no
no
no
Run msec
tests via
cron
no
no
no
some
yes
yes
The following table shows the periodic checks that msec performs for the
various security levels:
Level 0
Level 1
Level 2
Level 3
Level 4
Level 5
CHECK_SECURITY
no
yes
yes
yes
yes
yes
CHECK_PERMS
no
no
no
yes
yes
yes
CHECK_SUID_ROOT
no
no
yes
yes
yes
yes
CHECK_SUID_MD5
no
no
yes
yes
yes
yes
CHECK_SUID_GROUP
no
no
no
yes
yes
yes
CHECK_WRITEABLE
no
no
yes
yes
yes
yes
CHECK_UNOWNED
no
no
no
yes
yes
yes
CHECK_PROMISC
no
no
no
yes
yes
yes
CHECK_OPEN_PORT
no
no
no
yes
yes
yes
CHECK_PASSWD
no
no
no
yes
yes
yes
CHECK_SHADOW
no
no
no
yes
yes
yes
TTY_WARN
no
no
no
no
yes
yes
MAIL_WARN
no
no
no
yes
yes
yes
SYSLOG_WARN
no
no
yes
yes
yes
yes
RPM_CHECK
no
no
no
yes
yes
yes
CHKROOTKIT_CHECK
no
no
no
yes
yes
yes
--
Brian Schoenhofer
brian@schoenhofer.ca
---------------------------------------------------------------------
To unsubscribe, e-mail: embperl-unsubscribe@perl.apache.org
For additional commands, e-mail: embperl-help@perl.apache.org
Re: Mandrake msec disables Embperl
Posted by Carlos Kassab <ck...@eplsite.org>.
Hi:
I am using Embperl With Mandrake 10 and i donot have any problem, you can run
level 5 without starting X, but you need to remove S30dm from rc's
directories.
I hope this helps to you.
Carlos Kassab
El Lun 03 May 2004 15:48, Brian Schoenhofer escribió:
> Does anyone use Mandrake and Embperl? I'm using Embperl 2.0b9, Apache
> 2.0.47 and mod_perl 1.99_09.
>
> Mandrake has a tool called msec that takes a security level from 1 to 5
> (5 being the most secure) and changes file permissions and running
> services etc. to make the system more or less secure. When I am set at
> level 3 Embperl works fine. When set to level 4 I have a problem. I've
> got base.epl including header.html, content (Execute('*')) and
> footer.html. All works correctly except a one liner in footer.html that
> shows the system uptime like so:
>
> [- @uptime = split /,/, `uptime`; -]
>
> and then
>
> [+ $uptime[0] +] [+ $uptime[1] +]
>
> in the body. It seems the `uptime` call doesn't work. I looked in
> various logs but couldn't find any clues.
>
> Can anyone point me in the right direction? I've pasted a couple of
> tables from Mandrakes website describing the type of security changes
> for the different levels. You may get some idea of what changes just by
> the names below. Again, my problem shows up when switching from level 3
> to 4.
>
> Thanks.
> Level 0 1 2 3 4 5
> root umask
> 002
> 002
> 022
> 022
> 022
> 077
> User umask
> 002
> 002
> 022
> 022
> 077
> 077
> Shell
> timeout
> 0
> 0
> 0
> 0
> 3600
> 900
> Deny
> Services
> none
> none
> none
> none
> local
> all
> su Only
> For wheel
> Group
> no
> no
> no
> no
> no
> yes
> Shell
> History
> Size
> default
> default
> default
> default
> 10
> 10
> Direct
> root Login
> yes
> yes
> yes
> yes
> no
> no
> sulogin
> For Single
> User
> no
> no
> no
> no
> yes
> yes
> User List
> in [kg]dm
> yes
> yes
> yes
> yes
> no
> no
> Ignore
> ICMP Echo
> no
> no
> no
> no
> yes
> yes
> Ignore
> Bogus
> Error
> Responses
> no
> no
> no
> no
> yes
> yes
> Allow
> Reboot by
> User
> yes
> yes
> yes
> yes
> no
> no
> Allow
> crontab/at
> yes
> yes
> yes
> yes
> no
> no
> Password
> Aging
> no
> no
> no
> no
> 60 days
> 30 days
> Password
> Required
> no
> yes
> yes
> yes
> yes
> yes
> Allow
> Autologin
> yes
> yes
> yes
> no
> no
> no
> Console
> Log
> no
> no
> no
> yes
> yes
> yes
> Warnings
> in syslog
> no
> no
> yes
> yes
> yes
> yes
> Warnings
> in
> security.log
> no
> yes
> yes
> yes
> yes
> yes
> Issues
> yes
> yes
> yes
> local
> local
> no
> IP
> Spoofing
> Protection
> no
> no
> no
> yes
> yes
> yes
> Log
> Strange IP
> Packets
> no
> no
> no
> yes
> yes
> yes
> Periodic
> Security
> Check
> no
> yes
> yes
> yes
> yes
> yes
> Allow X
> TCP
> Connections
> yes
> local
> local
> local
> no
> no
> Connect to
> X Display
> all
> localhost
> localhost
> localhost
> localhost
> no
> "." in
> $PATH
> yes
> yes
> no
> no
> no
> no
> Run msec
> tests via
> cron
> no
> no
> no
> some
> yes
> yes
>
> The following table shows the periodic checks that msec performs for the
> various security levels:
>
>
> Level 0
> Level 1
> Level 2
> Level 3
> Level 4
> Level 5
> CHECK_SECURITY
> no
> yes
> yes
> yes
> yes
> yes
> CHECK_PERMS
> no
> no
> no
> yes
> yes
> yes
> CHECK_SUID_ROOT
> no
> no
> yes
> yes
> yes
> yes
> CHECK_SUID_MD5
> no
> no
> yes
> yes
> yes
> yes
> CHECK_SUID_GROUP
> no
> no
> no
> yes
> yes
> yes
> CHECK_WRITEABLE
> no
> no
> yes
> yes
> yes
> yes
> CHECK_UNOWNED
> no
> no
> no
> yes
> yes
> yes
> CHECK_PROMISC
> no
> no
> no
> yes
> yes
> yes
> CHECK_OPEN_PORT
> no
> no
> no
> yes
> yes
> yes
> CHECK_PASSWD
> no
> no
> no
> yes
> yes
> yes
> CHECK_SHADOW
> no
> no
> no
> yes
> yes
> yes
> TTY_WARN
> no
> no
> no
> no
> yes
> yes
> MAIL_WARN
> no
> no
> no
> yes
> yes
> yes
> SYSLOG_WARN
> no
> no
> yes
> yes
> yes
> yes
> RPM_CHECK
> no
> no
> no
> yes
> yes
> yes
> CHKROOTKIT_CHECK
> no
> no
> no
> yes
> yes
> yes
---------------------------------------------------------------------
To unsubscribe, e-mail: embperl-unsubscribe@perl.apache.org
For additional commands, e-mail: embperl-help@perl.apache.org