Abstract
In the section called “DrakSec: Securing Your Machine”, we have seen how to change your system's security level and customize the security checks associated to those levels.
drakperm allows you to
customize the permissions that should be associated with each
file and directory in the system: configuration, personal files,
applications, etc. If the owners and permissions listed here do
not match the actual permissions of the files in the system,
then MSEC will change them during its hourly checks.
Those modifications can help prevent possible
security holes or a possible intrusion.
The list of files and directories that appears will depend on the current system's security level as set by MSEC and their expected permissions for that security level. For each entry (Path) there is the corresponding owner (User), owner group (Group) and Permissions. In the drop-down menu at the top right, you can choose to display only MSEC rules (System settings), your own user-defined rules (Custom settings) or both of them as in the example shown in Figure 19.3.
You cannot edit system rules, as stated by the “Do not enter” sign on the left. However, you can overwrite them by adding custom rules.
If you wish to add your own rules for specific files, or modify the default behavior, display the Custom settings list, and click on the button.
Let's imagine your current security level is set to 3 (high). This means that only the owners of the home directories will be able to browse them. If you wish to share the content of Peter's home directory with others, you will need to modify the /home/peter/ directory permissions.
Filling the new rule dialog as seen in Figure 19.4 accomplishes this.
Remember that this tool just tells MSEC what the permissions and owners of system files should be. It will not actually set the permissions for the files you create the new rules for. You will have to do this by hand on the command line or with your preferred file browser.
If you create more rules, you can change their priorities by moving them up and down the rules list: use the and buttons on your custom rules to have more control over your system's permissions.
When you are satisfied with your settings, do not forget to save your changes by clicking on the button.