YASSP

Beta15


First, as the web was updated and Beta#14 was pushed out as the default on it,
Special thanks to (In no special order :-):

        Jack Smith <smith35@llnl.gov>
        Reg Quinton <reggers@ist.uwaterloo.ca>
        Doug.Hughes@Eng.Auburn.EDU (Doug Hughes)
        "Sean Boran" <sean@boran.com>

For helping me debugging my English on the web site!
(I'm sure I forgot some people... Let me know I'll update the ref)

PARCdaily:
        now that it can output the diff when comparing files, I have 
        add, in a variable, a list of file for which we shouldn't send 
        the diff, /etc/shadow is always added to this variable.
        (we don't want to mail the passwd field!!!)
	Thanks Nic Pang 

Added tocsin to the yassp tarball, but do not put it yet part of the yassp install,
        as its install cannot be non-interactive.

Added the html page in the yassp directory.


Beta14


PARCdaily:
    Sometime, on Solaris 8 at least, starting the syslogd will failed due to the
    port still in use. In this case, we sleep 5 and retry once.

All: preinstall
  From "Sean Boran" <sean@boran.com> suggestion:
    if we create /opt/local, then we also create a sym-link
    /usr/local -> /opt/local

SECclean:
  From "Sean Boran" <sean@boran.com> comment:
    Grammar correction in the postinstall.
    the md5 binary moved from sbin to bin
    move the current syslog.conf as syslog.conf.server
    and add a new syslog.conf

OPENssh:
  From "Sean Boran" <sean@boran.com> comment:
    Added a dependency on SUNWzlib.
    Do not touch syslog.conf anymore.

Beta13


PRFtripw:
    added the siggen binary
    thanks to : rbf@lyra.rlg.org (Rich)
SECclean:
    Added sooks (1080/tcp) in the list of services
    thanks Sean 

    In the preinstall, we now test for the existance of any file
    handle by a 'sed' class script as if they don't exist, SECclean
    install will partially failled.
    Thanks to : 
        "Lawson, Israel H." <Israel.Lawson@GMACInsurance.com>
    the RPC startup script is no more handle by a sed class, but with
    the postinstall//preremove/postremove, for the same reason.
    it requested lot of testing as the cleanlib was touched.

PARCdaily: take off dependency on GNU package as they may exist under 
    others names.
    Thanks to Rich Fuchs rbf@lyra.rlg.org (Research Libraries Group)

/SECclean: /etc/shells: Update to reflect Solaris 8 getusershell(3)
    Thanks to Rich Fuchs rbf@lyra.rlg.org (Research Libraries Group)

Typo in the prototype file of PRFtripw
    /secure/databases (missing ending 's')
    Thanks Nic Pang <nic@groupfire.com>
Typo in sshd_config.Dist 
    should refer to /etc/hosts.deny not /etc/hosts.denied
    Thanks Nic Pang <nic@groupfire.com>
Typo in the install script:
    If existing (should be 'exists'), the crontab for the users:
    Thanks Nic Pang <nic@groupfire.com>

Incorrect VENDOR string in both OpenSSH package

From Sean's feedback:
a) man page/Readme
  - URL wrong, twice
  - "/none etc/cron.d/cron.allow" -> /etc/cron.d/cron.allow

c) 'Whatsnew' file: Beta11 on first line, instead of Beta12?

g) URL wrong in end of install messages printed out.

h) daemon shells have change to /dev/null rather than 'nosuchshell', why?

The postinstall script of SECclean was corrected to handle architecture
dependent binaries to install correctly

Many thanks as usual Sean! :-)
      

Beta12


Support both i386 and sparc architecture

The components we wrote in SECclean and PARCdaily are now under BSD like license.

OPENssh 2.3.0p1 is now part of the package
        Compiled with OpenSSL (non-optimized at all for sparc, to be compatible 
        with most of the sparc architecture). Full support of securID will be added
        using the Generic Message Exchange Authentication For SSH, as describe in
        draft-ietf-secsh-auth-kbdinteract-00.txt. It won't need client side modification.

SECclean:
        - add an md5 binary
        - On Solaris 8, syslogd is start by default without listening to the network
        
PARCdaily: (Thanks to Josh Hoblitt <Josh.Hoblitt@bbox.net> for his suggestions)
        - don't kill syslogd if we didn't rotated any logs.
        - pkgchk -n is optional and turn off by default 
        - edit yassp.conf to show varable available
        - use rcsdiff instead of diff
        - filemode of the log and the oldlogs is configurable
        ...
PRFtripw:
        - adapt the config file for OpenSSH

Typo in yassp.conf(4): bi -> by
        Thanks Huba Leidenfrost <huba@uidaho.edu>

Typo in yassp(1): contants -> contents

Beta11


Back-out the BSD style license: YASSP *will* be under BSD license, I am just 
    waiting for the paperwork to be signed.

Add a note in /etc/sshd_config and /etc/hosts.allow to cite sshdfwd-X11
    and refer to sshd(8)

On Solaris 8, no priority_paging should be used in /etc/system

Corrected in nettune a typo on ip6_ignore_redirects (Missing 's')

Change the prototype to use sym-link and not hardlink on the startup
    files we install (nettune and umask.sh)

Beta10


Add manual page for clean_passwd(1), yassp.conf(4)

change the order of some msg in the postinstall, so that the warning is last

corrected a problem reported by Paolo Pugliese <pugliese@si.deis.unical.it>
    Installation of files  registered in the *replaced files* class was
    losing the package file-type. syslog.conf for example was registered
    as 'f' (file) not 'e' (editable)

Update nettune to the last version just received from Jens, which
    include ipv6 and better comments

Update SSH to V1.2.30, with SDI Patch. No more Open-BSD patch needed.

minor changes to PARCdaily

Beta9


Change the SSH config files to match Sean's one (Much better commented)

Change all the licenses to a BSD style license.

install.sh yassp's script was always installing *all* the packages
    reported by Sweth Chandramouli <sweth@sweth.net>)
Lot of typo reported by Sweth Chandramouli <sweth@sweth.net>)

root crontab:
    deleted comment about rtc deleted (sean.boran@swisscom.com)

postinstall:
    typo in a msg (passw.Old -> passwd.Old) (sean.boran@swisscom.com)
    it will do a makewhatis (if it exist)

Beta8


2000/06/26 04:22:50;

Still To Be Done:
    * Manual pages: clean_passwd(1), yassp.conf(4)
    * web internal.html page + update these changes.
    * the postinstall checkconfig script

preinstall:
    - turn on debugging if /var/tmp/seccleandebug exist
    - all the files classes (Replaced, deleted, init files yasppified)
      are defined in the pre-install now, and pass to the postinstall
    - define $CLEANUPDIR if not set. It's the directory used to copy
      the clean-up tools (fix-modes + OS dependents package DB correction)
      and execute them. It is now part of SECclean.
    - Backup all the file the installation will touch under $SECBCK or
      by default /yassp.bk

postinstall:
    - copy in $CLEANUPDIR the OS clean-up (fix-modes + OS dependents 
      package DB correction) and execute them now that it is part of 
      SECclean
    - treat /etc/shells as an exception: create and register it if it
      does not exist, but do nothing if it was already present.
    - corrected /etc/default/passwd (Reported by Susan Ng <ng@ucs.ubc.ca>)
    - the files classes are defined now in the preinstall
    
prototype:
    - reorganize to clarify it
    - add the manual pages (yassp(1), and yassp.conf(4))
    - add the clean-up tools to be installed  under opt/local/bin/clean-up
      and copy after
    - corrected /etc/default/passwd
    - Most of the *created* files were moved as being *replaced* so that
      they will be saved if they exist instead of being overwritten

cleanlib.sh:
    - noshel => noshell in a comment 
      (Reported by Richard Cove <Richard.Cove@alphawest.com.au>)

clean-up:
    Integrate it to SECclean and change it to:
    - accept to be downloaded and executed from any directory
    - gather all the script and tools needed for the various OS / Arch
   In the generation of the yassp.conf:
    - add USERDELETED and ROOTALLOWED in the yassp.conf default file.
    - Change typo on ROOTNAME definition example (USERDENIED was used 
      instead, Reported by Sweth Chandramouli <sweth@sweth.net>)
    - Change USERSDENIED to be a list and not a regexp for nawk.

clean_passwd:
    - rewritten to use /usr/sbin/passmgmt and /usr/bin/passwd to access the
      passwd/shadow files
    - Accept a two new class of users:
        ${DELUSERS} to be removed from the password file.
        ${ROOTALLOWED} allowed uid 0 user != root
    - log its actions now to /var/sadm/system/logs/yassp_cleanup_passwd.log

inetd.conf.sed:
    try to make /etc/inetd.conf more readable after SECclean install

/etc/motd:
    to be less verbose 
    (Suggested by David Brumley <dbrumley@rtfm.stanford.edu>)

/etc/default/login:
    removed /opt/local/etc from the PATH

/etc/default/su:
    removed /opt/local/etc from the PATH

/etc/profile
    removed /opt/local/etc from the PATH

/etc/skel/local.profile
    corrected the path (Susan Ng <ng@ucs.ubc.ca>) to include /opt/local/bin

Beta6


i386 no more (or yet:-) supported :-(
Here is the (majors) changes from Beta#5:

SECclean: YASSP:

Beta#5


The major change introduced by this beta#5 touch the SECclean package:
For the non-SECclean changes:
May 17 2000 Add the FAQ page.
May 15 2000 Start updating the internal page documenting SECclean.
May 10 2000 WVtcpd: correct a prototype entry.
May 08 2000 PARCdaily: Added /etc/rc.conf /etc/yassp.conf to the monitored files list.
Apr 27 2000 The cleanup scripts (Solaris 2.6 and 2.7) has been updated to use the latest fixmode version available (Version Id: fix-modes,v 2.6 2000/01/13 14:13:35 casper Exp )
Mar 22 2000 PARCdaily: Corrected typos => RCS was not working



Home

$Id: new.html,v 1.17 2000/11/19 01:29:38 jean Exp jean $; Jean Chouanard, Xerox PARC