As our version freeze for Mandriva 2010.1 approaches quickly, I felt it was the right time to release new versions of msec, netprofile and drakguard.. and, as always, blog a bit about each of them.
Starting with msec. The last release introduced a security summary gui, which was very warmly welcomed by the community. This new release further improves this gui, and also adds some interesting and useful features.
New GUI layout. Among new features, it now displays when each periodic check was lust run, allows to run it instantly and view last results
As you can see, new GUI switched the layout a bit, and also added features to improve the usage of periodic checks. Now it is possible to run each check instantly, instead of waiting from cron to run it on periodic base, and also view the results of the last check.
Simple visualization of msec periodic checks
Besides that, a few bugs were fixed, and an interesting new feature was added, based on a patch from Tiago Marques from Caixa Magica: support for ACL. This features was added initially to allow drakguard application to work together with msec, in order to restrict users from running applications they should not have access to.
How does it works? Basically, besides the usual filesystem permissions for each file, it is possible to specify users who should have additional permissions. For example, permissions for /usr/bin/somescaryapp could be set to 750, but via ACL you could say that users eugeni, guest and friend could have read and execution permissions for it. This way, it is possible to extend the traditional unix access rules in a quite flexible way.
As for drakguard, most credit goes to Tiago Marques (if he manages to read this post, thanks a lot!). Among new features are more efficient GUI for managing all drakguard issues, and support for application blocking for specific users.
New initial drakguard gui
New drakguard interface for restricting application usage for specific users
This is one of the things I like the most about open source and community. If there is some functionality you need or want, you could just grab the code and implement it right away.
And finally, netprofile. Among some trivial bugfixes, it has one nice feature: support for custom services configuration. Turns out that while the way netprofile was working before, simple restarting some specific services when switching profiles, was enough for most use cases, it is not adequate for some cases. For example, you could want to run ypbind, cups and postfix in one profile, and run neither of them in another. Now it is possible to do so.
For this to work, it is extremely easy. Just switch to a different profile and disable/stop the services you don’t want, or enable/start the services you want to run on this profile. This will be saved automatically, just like all other settings, and the next time you switch to a profile your configuration will be restored.
There are some bugs left, and some features to be implemented yet. But in any case, as always, feel free to leave your opinion, suggestions and comments!
