12.2. Setting Your Security Level

MSEC is a base RPM. That means that it gets installed during the installation of your Mandrake Linux system.

The installation created a msec directory into the /etc/security directory, containing all that is needed to secure your system.

There is a graphical interface to MSEC, called draksec. It is available through Control Center and allows to change your system's security level. See the chapter Setting Your Security Level in the User Guide.

A command-line tool also exists. It allows better tuning. Log in as root and type msec <x>, <x> being the security level you want.

Note that whatever level you choose, your configuration will be stored in /var/lib/msec/security.conf.

12.2.1. Level 0

This level is to be used with care. It makes your system easier to use, but extremely insecure. In particular, you should not use this security level if you answer "yes" to any of the following questions:

As you can see, this security level should not be set by default, because huge data problems may occur.

12.2.2. Level 1

The main security improvement compared with level 0 is that the access to any user's data is granted via username and password. Therefore, it may be used by various people and it is less sensitive to mistakes. However, it should not be used on a computer which is connected to a modem or LAN (Local Area Network).

12.2.3. Level 2

Few major improvements for this security level; it mainly provides additional security warnings and checks. It is more secure for multi-user use.

12.2.4. Level 3

This is the standard security level, recommended for a computer which will be used to connect to the Internet as a client. Most of the security checks are periodically run, especially one (security check) which looks for open ports on the system. However, these open ports are kept opened and access to them is granted to everyone.

From the user's point of view, the system is now a little bit more closed, so he will need basic knowledge of the GNU/Linux system to achieve special operations. The security offered here is comparable with the one of a standard Red Hat or any previous Mandrake Linux distribution.

12.2.5. Level 4

With this security level, it is possible to use the system as a serve. The security is now high enough and accept connections from many clients. By default, only connections from the computer itself will be granted. However, advanced services have been disabled, and the system administrator will have to activate the desired ones by hand in configuration files. He also will have to define for whom the access will be granted.

Security checks will warn the system administrator of possible system security holes or intrusions.

12.2.6. Level 5

We build on Level 4 features and now the system is entirely closed. Security features are at their maximum. The system administrator must activate ports and grant connections to give other computers access to services offered by this machine.


Tux on Star from MandrakeSoft Linux is a registered trademark of Linus Torvalds. All other trademarks and copyrights are the property of their respective owners.
Unless otherwise stated, all the content of these pages and all images are Copyright MandrakeSoft S.A. and MandrakeSoft Inc. 2002.
http://www.mandrakelinux.com/