Configuring Local Security
\n" + - "Using predefined defaults, change the local security settings, which include\n" + - " booting, login, password, user creation, and file permissions. The default\n" + - " settings can be modified as needed.\n" + + "
Configuring Local Security
\n" \ + "Using predefined defaults, change the local security settings, which include\n" \ + " booting, login, password, user creation, and file permissions. The default\n" \ + " settings can be modified as needed.\n" \ "
" ) + # Main dialog help 5/8 @@ -77,28 +77,28 @@ def initialize_security_helps(include_target) _("Custom Settings: Create your own configuration.
"), # Login dialog help 1/4 "login" => _( - "Login Security
\n" + - "These login settings\n" + + "
Login Security
\n" \ + "These login settings\n" \ "are mainly stored in the /etc/login.defs file.
" ) + # Login dialog help 2/4 _( - "Delay after Incorrect Login Attempt:\n" + - "It is advisable to wait some time after an incorrect login attempt to prevent\n" + - "password guessing. Make the time small enough that users do not need to wait to\n" + + "
Delay after Incorrect Login Attempt:\n" \ + "It is advisable to wait some time after an incorrect login attempt to prevent\n" \ + "password guessing. Make the time small enough that users do not need to wait to\n" \ "retry if a password is mistyped. A sensible value is three seconds (3).
" ) + # Login dialog help 3/4 _( - "Record Successful Login Attempts: Logging successful login\n" + - "attempts is useful. It can warn you of unauthorized access to the\n" + - "system (for example, a user logging in from a different location than usual).\n" + + "
Record Successful Login Attempts: Logging successful login\n" \ + "attempts is useful. It can warn you of unauthorized access to the\n" \ + "system (for example, a user logging in from a different location than usual).\n" \ "
\n" ) + # Login dialog help 4/4 _( - "Allow Remote Graphical Login: Checking this allows access\n" + - "to a graphical login screen for this machine over the network. Remote access\n" + + "
Allow Remote Graphical Login: Checking this allows access\n" \ + "to a graphical login screen for this machine over the network. Remote access\n" \ "to your machine using a display manager might be a security risk.
" ), # Password dialog help 1/8 @@ -107,30 +107,30 @@ def initialize_security_helps(include_target) ) + # Password dialog help 2/8 _( - "Check New Passwords: It is wise to choose a password that\n" + - "cannot be found in a dictionary and is not a name or other simple, common word.\n" + + "
Check New Passwords: It is wise to choose a password that\n" \ + "cannot be found in a dictionary and is not a name or other simple, common word.\n" \ "By checking the box, enforce password checking in regard to these rules.
" ) + # Password dialog help _( - "Minimum Acceptable Password Length:\n" + - "The minimum acceptable size for the new password reduced by the number\n" + - "of different character classes (other, upper, lower and digit) used in the new\n" + - "password. See man pam_cracklib for a more detailed explanation.\n" + + "
Minimum Acceptable Password Length:\n" \ + "The minimum acceptable size for the new password reduced by the number\n" \ + "of different character classes (other, upper, lower and digit) used in the new\n" \ + "password. See man pam_cracklib for a more detailed explanation.\n" \ "This option can only be modified when Check New Passwords is set.
" ) + # Password dialog help 4/8 _( - "Passwords to Remember:\n" + - "Enter the number of user passwords to store and prevent the user from reusing.\n" + + "
Passwords to Remember:\n" \ + "Enter the number of user passwords to store and prevent the user from reusing.\n" \ "Enter 0 if passwords should not be stored.
" ) + # Password dialog help 5a/8 _("Password Encryption Method:
") + # Password dialog help 5b/8 _( - "DES, the Linux default method, works in all network environments,\n" + - "but it restricts you to passwords no longer than eight characters. If you need\n" + + "
DES, the Linux default method, works in all network environments,\n" \ + "but it restricts you to passwords no longer than eight characters. If you need\n" \ "compatibility with other systems, use this method.
" ) + # Password dialog help 5c/8 @@ -147,8 +147,8 @@ def initialize_security_helps(include_target) ) + # Password dialog help 8/8 _( - "Days before Password Expires Warning: This entry sets the\n" + - "number of days users are warned before their passwords expire. The longer the\n" + + "
Days before Password Expires Warning: This entry sets the\n" \ + "number of days users are warned before their passwords expire. The longer the\n" \ "time, the less likely it is that someone can guess passwords.
" ), # Adduser dialog help 1/2 @@ -169,49 +169,49 @@ def initialize_security_helps(include_target) ) + # Misc dialog help 2/14 _( - "File Permissions: Settings for the permissions\n" + - "of certain system files are set according to the data in /etc/permissions.secure\n" + - "or /etc/permissions.easy. Which file is used depends on this selection.\n" + - "Launching SuSEconfig sets these permissions according to /etc/permissions.*.\n" + - "This fixes files with incorrect permissions, whether this occurred accidentally\n" + - "or by intruders.
\n" + - "With Easy, most of the system files that are only readable by root\n" + - "in Secure are modified so other users can also read these files.\n" + - "Using Secure, certain system files, such as /var/log/messages, can only\n" + - "be viewed by the user root. Some programs can only be launched by root or by\n" + - "daemons, not by ordinary users.\n" + - "The most secure setting is Paranoid. With it, you must\n" + + "
File Permissions: Settings for the permissions\n" \ + "of certain system files are set according to the data in /etc/permissions.secure\n" \ + "or /etc/permissions.easy. Which file is used depends on this selection.\n" \ + "Launching SuSEconfig sets these permissions according to /etc/permissions.*.\n" \ + "This fixes files with incorrect permissions, whether this occurred accidentally\n" \ + "or by intruders.
\n" \ + "With Easy, most of the system files that are only readable by root\n" \ + "in Secure are modified so other users can also read these files.\n" \ + "Using Secure, certain system files, such as /var/log/messages, can only\n" \ + "be viewed by the user root. Some programs can only be launched by root or by\n" \ + "daemons, not by ordinary users.\n" \ + "The most secure setting is Paranoid. With it, you must\n" \ "decide which users are able to run X applications and setuid programs.
\n" ) + # Misc dialog help 6/14 _( - "User Launching updatedb: The program updatedb runs \n" + - "once a day. It scans your entire file system and creates a database (locatedb)\n" + - "that stores the location of every file. The database can be searched by the\n" + - "program \"locate\". Here, set the user that runs this command: nobody\n" + + "
User Launching updatedb: The program updatedb runs \n" \ + "once a day. It scans your entire file system and creates a database (locatedb)\n" \ + "that stores the location of every file. The database can be searched by the\n" \ + "program \"locate\". Here, set the user that runs this command: nobody\n" \ " (few files) or root (all files).
" ) + # Misc dialog help 10/14 _( - "Current Directory in root's Path On a DOS system,\n" + - "the system first searches for executable files (programs) in the current\n" + - "directory then in the current path variable. In contrast, a UNIX-like system\n" + + "
Current Directory in root's Path On a DOS system,\n" \ + "the system first searches for executable files (programs) in the current\n" \ + "directory then in the current path variable. In contrast, a UNIX-like system\n" \ "searches for them exclusively via the search path (variable PATH).
" ) + # Misc dialog help 11/14 _( - "Current Directory in the Path of Regular Users
A DOS\n" +
- "system first searches for executable files (programs) in the current directory\n" +
- "then in the current path variable. In contrast, a UNIX-like system searches\n" +
+ "
Current Directory in the Path of Regular Users
A DOS\n" \
+ "system first searches for executable files (programs) in the current directory\n" \
+ "then in the current path variable. In contrast, a UNIX-like system searches\n" \
"for them exclusively via the search path (variable PATH).
Some systems set up a work-around by adding the dot (\".\") to the\n" + - "search path, enabling files in the current path to be found and executed.\n" + - "This is highly dangerous because you may accidentally launch unknown programs in\n" + - "the current directory instead of the usual systemwide files. As a result,\n" + - "executing Trojan Horses, which exploit this weakness and invade your system,\n" + + "
Some systems set up a work-around by adding the dot (\".\") to the\n" \ + "search path, enabling files in the current path to be found and executed.\n" \ + "This is highly dangerous because you may accidentally launch unknown programs in\n" \ + "the current directory instead of the usual systemwide files. As a result,\n" \ + "executing Trojan Horses, which exploit this weakness and invade your system,\n" \ "is rather easy if you set this option.
" ) + # Misc dialog help 13/14 @@ -224,8 +224,8 @@ def initialize_security_helps(include_target) ) + # Misc dialog help 14/14 _( - "Enable Magic SysRq Keys
If you check this option, you\n" +
- "will have some control over the system even if it crashes (for example, during kernel\n" +
+ "
Enable Magic SysRq Keys
If you check this option, you\n" \
+ "will have some control over the system even if it crashes (for example, during kernel\n" \
"debugging). For details, see /usr/src/linux/Documentation/sysrq.txt
A display manager provides a graphical login screen and can be accessed\n" + - "across the network by an X server running on another system if so\n" + - "configured.
The windows that are being displayed would then transmit\n" + - "their data across the network. If that network is not fully trusted, then the\n" + - "network traffic can be eavesdropped by an attacker, gaining access not only to\n" + - "the graphical content of the display, but also to usernames and passwords that\n" + - "are being used.
If you do not need XDMCP for remote graphical\n" + + "
A display manager provides a graphical login screen and can be accessed\n" \ + "across the network by an X server running on another system if so\n" \ + "configured.
The windows that are being displayed would then transmit\n" \ + "their data across the network. If that network is not fully trusted, then the\n" \ + "network traffic can be eavesdropped by an attacker, gaining access not only to\n" \ + "the graphical content of the display, but also to usernames and passwords that\n" \ + "are being used.
If you do not need XDMCP for remote graphical\n" \ "logins, then disable this option.
" ), "SYSTOHC" => _( - "Upon startup, the system time is being set from the hardware clock of the\n" + - "computer. As a consequence, setting the hardware clock before shutting down is\n" + - "necessary.
Consistent system time is essential for the system to create\n" + + "
Upon startup, the system time is being set from the hardware clock of the\n" \ + "computer. As a consequence, setting the hardware clock before shutting down is\n" \ + "necessary.
Consistent system time is essential for the system to create\n" \ "correct log messages.
" ), "SYSLOG_ON_NO_ERROR" => _( @@ -276,36 +276,36 @@ def initialize_security_helps(include_target) "Administrators should never log on as root into an X Window session to minimize the usage of the root privileges.
This option does not help against careless administrators, but shall prevent attackers to be able to log on as root via the display manager if they guess or otherwise acquire the password.
" ), "DISPLAYMANAGER_XSERVER_TCP_PORT_6000_OPEN" => _( - "X Window clients, e.g. programs that open a window on your display, connect\n" + - "to the X server that runs on the physical machine. Programs can also run on a\n" + - "different system and display their content on the X server through network\n" + - "connections.
When enabled, the X server listens on a port 6000 plus the\n" + - "display number. Since network traffic is transferred unencrypted and therefore\n" + - "subject to network sniffing, and since the port held open by the X server\n" + - "offers attack options, the secure setting is to disable it.
To display X\n" + + "
X Window clients, e.g. programs that open a window on your display, connect\n" \ + "to the X server that runs on the physical machine. Programs can also run on a\n" \ + "different system and display their content on the X server through network\n" \ + "connections.
When enabled, the X server listens on a port 6000 plus the\n" \ + "display number. Since network traffic is transferred unencrypted and therefore\n" \ + "subject to network sniffing, and since the port held open by the X server\n" \ + "offers attack options, the secure setting is to disable it.
To display X\n" \ "Window clients across a network, we recommend the use of secure shell (ssh), which allows the X Window clients to connect to the X server through the encrypted ssh connection.
" ), "SMTPD_LISTEN_REMOTE" => _( "The email delivery subsystem is always started. However, it does not expose\nitself outside the system by default, since it does not listen on the SMTP network port 25.
If you do not deliver emails to your system through the SMTP protocol, then disable this option.
" ), "DISABLE_RESTART_ON_UPDATE" => _( - "If a package containing a service that is currently running is being\n" + - "updated, the service is restarted after the files in the package have been\n" + - "installed.
This makes sense in most cases, and it is safe to do,\n" + - "considering that many services either need their binaries or configuration\n" + - "files accessible in the file system. Otherwise these services would continue\n" + - "to run until the services are stopped, e.g. running daemons are\n" + - "killed.
This setting should only be changed if there is a specific\n" + + "
If a package containing a service that is currently running is being\n" \ + "updated, the service is restarted after the files in the package have been\n" \ + "installed.
This makes sense in most cases, and it is safe to do,\n" \ + "considering that many services either need their binaries or configuration\n" \ + "files accessible in the file system. Otherwise these services would continue\n" \ + "to run until the services are stopped, e.g. running daemons are\n" \ + "killed.
This setting should only be changed if there is a specific\n" \ "reason to do so.
" ), "DISABLE_STOP_ON_REMOVAL" => _( - "If a package containing a service that is currently running is being\n" + - "uninstalled, the service is stopped before the files of the package are\n" + - "removed.
This makes sense in most cases, and it is safe to do,\n" + - "considering that many services either need their binaries or configuration\n" + - "files accessible in the file system. Otherwise these services would continue\n" + - "to run until they are stopped, e.g. running daemons are\n" + - "killed.
This setting should only be changed if there is a specific\n" + + "
If a package containing a service that is currently running is being\n" \ + "uninstalled, the service is stopped before the files of the package are\n" \ + "removed.
This makes sense in most cases, and it is safe to do,\n" \ + "considering that many services either need their binaries or configuration\n" \ + "files accessible in the file system. Otherwise these services would continue\n" \ + "to run until they are stopped, e.g. running daemons are\n" \ + "killed.
This setting should only be changed if there is a specific\n" \ "reason to do so.
" ), "net.ipv4.tcp_syncookies" => _( @@ -340,27 +340,32 @@ def boot_dialog_help "Boot Security
\nIn this dialog, change various boot settings related to security.
" ) - # Boot dialog help 2/4, diferent message based on default if ::Security::CtrlAltDelConfig.default == "reboot" - help += _( - "Interpretation of Ctrl + Alt + Del:\n" \ - "Configure what the system should do in response to\n" \ - "someone at the console pressing the CTRL + ALT + DEL key\n" \ - "combination. Usually the system reboots. Sometimes it is desirable\n" \ + # TRANSLATORS: part of help text - default action (the default is + # reboot) + details = _( + "Usually the system reboots. Sometimes it is desirable\n" \ "to ignore this event, for example, when the system serves as both\n" \ "workstation and server.
" ) else - help += _( - "Interpretation of Ctrl + Alt + Del:\n" \ - "Configure what the system should do in response to\n" \ - "someone at the console pressing the CTRL + ALT + DEL key\n" \ - "combination. By default the system halts but sometimes it is desirable\n" \ + # TRANSLATORS: part of help text - default action (the default is halt) + details = _( + "By default the system halts but sometimes it is desirable\n" \ "to ignore this event, for example, when the system serves as both\n" \ "workstation and server.
" ) end + # Boot dialog help 2/4 + # TRANSLATORS: %s is help text - default action + help += _( + "Interpretation of Ctrl + Alt + Del:\n" \ + "Configure what the system should do in response to\n" \ + "someone at the console pressing the CTRL + ALT + DEL key\n" \ + "combination. %s" + ) % details + # Boot dialog help 3/4 help += _( "
Shutdown Behaviour of Login Manager:\nSet who is allowed to shut down the machine from KDM.
\n"