Bug 520768 - LEVEL option in sectool.conf has no effect
Summary: LEVEL option in sectool.conf has no effect
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: sectool
Version: rawhide
Hardware: All
OS: Linux
low
medium
Target Milestone: ---
Assignee: Maros Barabas
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks: RHEL6Sectool
TreeView+ depends on / blocked
 
Reported: 2009-09-02 10:00 UTC by Petr Šplíchal
Modified: 2016-06-01 01:37 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-09-02 12:37:24 UTC


Attachments (Terms of Use)

Description Petr Šplíchal 2009-09-02 10:00:19 UTC
Description of problem:

When default level is set in /etc/sectool/sectool.conf using the
"LEVEL=" option it has no effect.

Version-Release number of selected component (if applicable):
sectool-0.9.4-2.fc11.i586

Steps to Reproduce:
# grep -A7 ACTION /etc/sectool/sectool.conf 
[ACTION]
# which security level we run
# 1 - Naive - pretty basic and short set of tests, 
# 2 - Desktop - set of tests prepared to run on box not connected to internet, 
# 3 - Network - standard client machine connected to internet, 
# 4 - Server - network server, 
# 5 - Paranoid - bunch of tests for paranoid admins.
LEVEL=1

Actual results:

# sectool --auto | grep PASS
    integrity: PASS
    bootloader: PASS
    disc_usage: PASS
    group: PASS
    passwd: PASS
    shadow: PASS
    home_dirs: PASS
    home_files: PASS
    filesystem: PASS
    path: PASS
    firewall: PASS
    netserv: PASS
    openssh: PASS
    openvpn: PASS
    removedlibs: PASS
    xinetd: PASS
    suid: PASS
    logfiles: PASS
    pam: PASS
    permissions: PASS
    exec-shield: PASS
    selinux: PASS
    mountopt: PASS
    aliases: PASS
    cron: PASS
    vsftpd: PASS
    nfs: PASS
    tcp_wrappers: PASS
    routing: PASS

Expected results:

The list of tests run should be the same as it is with using
manual "--level 1" option:

# sectool --level 1 | tee /tmp/manual
# grep PASS /tmp/manual
    integrity: PASS
    disc_usage: PASS
    group: PASS
    passwd: PASS
    shadow: PASS
    home_dirs: PASS
    exec-shield: PASS
    aliases: PASS
    cron: PASS
    nfs: PASS

Comment 1 Maros Barabas 2009-09-02 12:37:24 UTC
(In reply to comment #0)
> Description of problem:
> 
> When default level is set in /etc/sectool/sectool.conf using the
> "LEVEL=" option it has no effect.

When you start sectool with parameter --auto it will start *all tests* in level
defined in the "LEVEL" option.

> Expected results:
> 
> The list of tests run should be the same as it is with using
> manual "--level 1" option:
> 
> # sectool --level 1 | tee /tmp/manual
> # grep PASS /tmp/manual
>     integrity: PASS
>     disc_usage: PASS
>     group: PASS
>     passwd: PASS
>     shadow: PASS
>     home_dirs: PASS
>     exec-shield: PASS
>     aliases: PASS
>     cron: PASS
>     nfs: PASS  

When you start sectool --level it will start tests defined in specified level
(see sectool --list). So all test results from both runs should be same, but
some tests that are not defined in level from "--level run" will be not
executed (or has some missing requirements).


Note You need to log in before you can comment on or make changes to this bug.