MSEC is a base RPM. That means that it gets installed during the installation of your Mandrake Linux system.
The Installation has created a msec directory into the directory /etc/security, containing all that is needed to secure your system.
There is a graphical interface to MSEC, called draksec. It is available through Control Center and allows to change the security level of your system. See the chapter "Setting your security level" in the User Guide.
There is also a command line tool, which allows better tuning. Login as root and type msec <x>, <x> being the security level you want or custom to create your own security level. The script will begin to remove all modifications made by a previous security level change, and apply the features of the chosen security level to your system. If you choose custom, then you will be asked a series of questions for each security feature MSEC proposes. At the end, these features will be applied to your system.
Note that whatever the level you choose, your configuration will be stored in /etc/security/msec/security.conf.
This level is to be used with care. It makes your system easier to use, but extremely insecure. In particular, you shouldn't use this security level if you answer "yes" to any of the following questions:
Is my computer connected to the Internet?
Is my computer connected to other computers through a network?
Will this computer be used by someone other than me?
Are there any private files on my computer that I don't want others to access?
For lack of knowing GNU/Linux well enough, is it possible that I may harm the system?
The main security improvement compared with level 0 is that now the access to the data of any user is granted via username and password. Therefore, it may be used by various people and it is less sensitive to mistakes. However, it shouldn't be used on a computer that is connected to a modem or LAN (Local Area Network).
Few major improvements for this security level; it mainly provides additional security warnings and checks. It is more secure for multi-user use.
This is the standard security level, recommended for a computer that will be used to connect to the Internet as a client. Most of the security checks are periodically run, specifically one that checks for open ports on the system. However, these open ports are kept opened and access to them is granted to everyone.
From the user's point of view, the system is now a little bit more closed, so he'll need basic knowledge of the GNU/Linux system to achieve some special operations. The security offered here is comparable with the one of a standard Red Hat or any previous Mandrake Linux distribution.
With this security level, the use of this system as a server becomes possible. The security is now high enough to use the system as a server which will accept connections from many clients. By default, only connections from the computer itself will be granted. However, advanced services have been disabled, and the system administrator will have to activate the desired ones by hand in configuration files. He also will have to define for whom the access will be granted.
Security checks will warn the system administrator of possible security holes or intrusions on the system.
We build on Level 4 features and now the system is entirely closed. Security features are at their maximum. The system administrator has to activate ports, and grant connections to give other computers access to services offered by this machine.