520768 – LEVEL option in sectool.conf has no effect

Bug 520768 - LEVEL option in sectool.conf has no effect

Summary: LEVEL option in sectool.conf has no effect

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	sectool
Sub Component:
Version:	rawhide
Hardware:	All
OS:	Linux
Priority:	low
Severity:	medium
Target Milestone:	---
Assignee:	Maros Barabas
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	RHEL6Sectool
TreeView+	depends on / blocked

Reported:	2009-09-02 10:00 UTC by Petr Šplíchal
Modified:	2016-06-01 01:37 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2009-09-02 12:37:24 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Petr Šplíchal 2009-09-02 10:00:19 UTC

Description of problem:

When default level is set in /etc/sectool/sectool.conf using the
"LEVEL=" option it has no effect.

Version-Release number of selected component (if applicable):
sectool-0.9.4-2.fc11.i586

Steps to Reproduce:
# grep -A7 ACTION /etc/sectool/sectool.conf 
[ACTION]
# which security level we run
# 1 - Naive - pretty basic and short set of tests, 
# 2 - Desktop - set of tests prepared to run on box not connected to internet, 
# 3 - Network - standard client machine connected to internet, 
# 4 - Server - network server, 
# 5 - Paranoid - bunch of tests for paranoid admins.
LEVEL=1

Actual results:

# sectool --auto | grep PASS
    integrity: PASS
    bootloader: PASS
    disc_usage: PASS
    group: PASS
    passwd: PASS
    shadow: PASS
    home_dirs: PASS
    home_files: PASS
    filesystem: PASS
    path: PASS
    firewall: PASS
    netserv: PASS
    openssh: PASS
    openvpn: PASS
    removedlibs: PASS
    xinetd: PASS
    suid: PASS
    logfiles: PASS
    pam: PASS
    permissions: PASS
    exec-shield: PASS
    selinux: PASS
    mountopt: PASS
    aliases: PASS
    cron: PASS
    vsftpd: PASS
    nfs: PASS
    tcp_wrappers: PASS
    routing: PASS

Expected results:

The list of tests run should be the same as it is with using
manual "--level 1" option:

# sectool --level 1 | tee /tmp/manual
# grep PASS /tmp/manual
    integrity: PASS
    disc_usage: PASS
    group: PASS
    passwd: PASS
    shadow: PASS
    home_dirs: PASS
    exec-shield: PASS
    aliases: PASS
    cron: PASS
    nfs: PASS

Comment 1 Maros Barabas 2009-09-02 12:37:24 UTC

(In reply to comment #0)
> Description of problem:
> 
> When default level is set in /etc/sectool/sectool.conf using the
> "LEVEL=" option it has no effect.

When you start sectool with parameter --auto it will start *all tests* in level
defined in the "LEVEL" option.

> Expected results:
> 
> The list of tests run should be the same as it is with using
> manual "--level 1" option:
> 
> # sectool --level 1 | tee /tmp/manual
> # grep PASS /tmp/manual
>     integrity: PASS
>     disc_usage: PASS
>     group: PASS
>     passwd: PASS
>     shadow: PASS
>     home_dirs: PASS
>     exec-shield: PASS
>     aliases: PASS
>     cron: PASS
>     nfs: PASS  

When you start sectool --level it will start tests defined in specified level
(see sectool --list). So all test results from both runs should be same, but
some tests that are not defined in level from "--level run" will be not
executed (or has some missing requirements).

Note You need to log in before you can comment on or make changes to this bug.