MSEC is a base RPM. That means that it gets installed during the installation of your Mandrake Linux system.
The installation created a msec directory into the /etc/security directory, containing all that is needed to secure your system.
There is a graphical interface to MSEC, called draksec. It is available through Control Center and allows to change your system's security level. See the chapter Setting Your Security Level in the User Guide.
A command-line tool also exists. It allows better tuning. Log in as root and type msec <x>, <x> being the security level you want.
Note that whatever level you choose, your configuration will be stored in /var/lib/msec/security.conf.
This level is to be used with care. It makes your system easier to use, but extremely insecure. In particular, you should not use this security level if you answer "yes" to any of the following questions:
is my computer connected to the Internet?
is my computer connected to other computers through a network?
will this computer be used by someone other than me?
are there any private files on my computer that I don't want others to access?
for lack of knowing GNU/Linux well enough, is it possible that I may harm the system?
The main security improvement compared with level 0 is that the access to any user's data is granted via username and password. Therefore, it may be used by various people and it is less sensitive to mistakes. However, it should not be used on a computer which is connected to a modem or LAN (Local Area Network).
Few major improvements for this security level; it mainly provides additional security warnings and checks. It is more secure for multi-user use.
This is the standard security level, recommended for a computer which will be used to connect to the Internet as a client. Most of the security checks are periodically run, especially one (security check) which looks for open ports on the system. However, these open ports are kept opened and access to them is granted to everyone.
From the user's point of view, the system is now a little bit more closed, so he will need basic knowledge of the GNU/Linux system to achieve special operations. The security offered here is comparable with the one of a standard Red Hat or any previous Mandrake Linux distribution.
With this security level, it is possible to use the system as a serve. The security is now high enough and accept connections from many clients. By default, only connections from the computer itself will be granted. However, advanced services have been disabled, and the system administrator will have to activate the desired ones by hand in configuration files. He also will have to define for whom the access will be granted.
Security checks will warn the system administrator of possible system security holes or intrusions.
We build on Level 4 features and now the system is entirely closed. Security features are at their maximum. The system administrator must activate ports and grant connections to give other computers access to services offered by this machine.