Chapter 14. msec - Mandrake Security tools

Table of Contents
14.1. Introducing msec
14.2. Setting your security level
14.2.1. Level 0
14.2.2. Level 1
14.2.3. Level 2
14.2.4. Level 3
14.2.5. Level 4
14.2.6. Level 5
14.3. Security levels features
14.3.1. "global security check"
14.3.2. "umask for users"
14.3.3. "umask for root"
14.3.4. "shell without password"
14.3.5. "authorized to connect to X display"
14.3.6. "users in audio group"
14.3.7. ". in $PATH"
14.3.8. "warnings in security.log"
14.3.9. "warnings directly on tty"
14.3.10. "warnings in syslog"
14.3.11. "warnings sent by e-mail to root"
14.3.12. "suid root files check"
14.3.13. "suid root file MD5 check"
14.3.14. "writable files check"
14.3.15. "permissions check"
14.3.16. "suid group files check"
14.3.17. "unowned files check"
14.3.18. "promiscuous check"
14.3.19. "listening port check"
14.3.20. "passwd file integrity check"
14.3.21. "shadow file integrity check"
14.3.22. "system security check every day at midnight"
14.3.23. "services not known disabled"
14.3.24. "boot password"
14.3.25. "grants connection to"

14.1. Introducing msec

While GNU/Linux is being used for a very wide range of applications, from basic office work to high availability servers, the need arose for different security levels. It is obvious that constraints inherent to highly secured servers do not match the needs of a secretary. On the other hand, a big public server is more sensitive to malicious people than my isolated GNU/Linux box.

It is with that aim that the MSEC package was designed. It is made of two parts:

Note that the user may also define his own security level, adjusting parameters to his own needs.


Tux on Star from MandrakeSoft Linux is a registered trademark of Linus Torvalds. All other trademarks and copyrights are the property of their respective owners.
Unless otherwise stated, all the content of these pages and all images are Copyright MandrakeSoft S.A. and MandrakeSoft Inc. 2001.
http://www.mandrakelinux.com/