DrakSec: Securing Your Machine

There is a graphical interface to MSEC called draksec. You can access it through Control Center. It allows you to change your system's security level and to configure every option of MSEC's security features.

Setting your Security Level

Figure 19.1. Choosing the Security Level of your System

Choosing the Security Level of your System

Simply choose the security level you want from the Security Level pull-down list: it will be effective as soon as you click on the OK button. Please read the help text introducing security levels very carefully so you know what setting a specific security level implies for you and your system's users.

Tip

If you wish to check what options are activated for each security level, review the three other tabs: Network Options, System Options and Periodic Checks. For each available option, a tool-tip explains what that option does and which is the default setting for it. If some of the default options do not suit your needs, simply redefine them in each tab. See the section called “Customizing a Security Level” for details.

Put a check mark on the Security Alerts box to send by mail possible security issues found by MSEC to the local user name or e-mail address defined in the Security Administrator field.

Warning

It is highly recommended that you do activate the security alerts option so that the administrator is immediately informed of possible security issues. Otherwise, the administrator will have to regularly check the /var/log/security.log and /var/log/syslog log files.

Customizing a Security Level

Clicking on each of the Options tabs (and the Periodic Checks one) will lead you to MSEC's list of all security options. This allows you to define your own security level based on the security level previously chosen.

Figure 19.2. Modifying Standard MSEC Options

Modifying Standard MSEC Options

For each tab, there are two columns:

  1. Options List. All available options are listed. The default security level setting will be shown between parenthesis in a tool-tip.

  2. Value. For each option you can choose from the corresponding pull-down menu:

    • Yes. Activate this option no matter what the default value is.

    • No. Deactivate this option no matter what the default value is.

    • Default. Keep the default security level behavior.

    • Ignore. Use this option if you do not wish that test to be performed.

    • ALL, LOCAL, NONE. The meaning of these is option-dependent. Please see the corresponding tool-tip for more information.

The different available buttons are:

  • OK. Accepts the current security level with custom options, applies it to the system and exits the application.

  • Cancel. Discards changes, keeping the old security level and exits the application.