1. Securing your Machine through DrakSec

Abstract

There is a graphical interface to msec (which stands for Mandrakelinux Security Tool) called draksec which you can access through the Mandrakelinux Control Center. It allows you to change your system's security level and to configure every option of msec's security features.

1.1. Setting your Security Level

[Note]Note

This tool is only displayed in expert mode. Choose Options->Expert mode from the menu and then look into the Security section of the Mandrakelinux Control Center to access it.

Figure 7.1. Choosing the Security Level of your System

Choosing the Security Level of your System

Simply choose the security level you want from the Security Level pull-down list: it will be effective as soon as you click on the OK. Please read the help text regarding security levels very carefully so that you know what setting a specific security level implies.

[Tip]Tip

If you wish to check which options are activated for each security level, review the other tabs: Network Options, System Options and Periodic Checks. Click on the Help button to display information about the options and their default values. If some of the default options do not suit your needs, simply redefine them. See Section 1.2, “Customizing a Security Level”, for details.

Put a check mark on the Security Alerts box to send by mail possible security issues found by msec to the local user name or to the e-mail address defined in the Security Administrator field.

[Warning]Warning

It is highly recommended that you do activate the security alerts option so that the administrator is immediately informed of possible security issues. Otherwise, the administrator will have to regularly check the relevant system log files.

1.2. Customizing a Security Level

Clicking on each of the Options tabs (and the Periodic Checks one) will lead you to msec's list of security options. This allows you to define your own security level based on the security level previously chosen.

Figure 7.2. Modifying Standard Options

Modifying Standard Options

For each tab, there are two columns:

  1. Options List. All available options are listed.

  2. Value. For each option[9] you can choose from the corresponding pull-down menu:

    • Yes. Activate this option no matter what the default value is.

    • No. Deactivate this option no matter what the default value is.

    • Default. Keep the default security level behavior.

    • Ignore. Use this option if you do not wish that test to be performed.

    • ALL, LOCAL, NONE. The meaning of these are option-dependent. Please see the Help text available through the Help button for more information.

Clicking on OK accepts the current security level with custom options, applies it to the system and exits the application. Clicking on Cancel discards changes, keeping the old security level and exits the application.



[9] The default security level setting is shown in the Help window.