diff options
| author | Marja van Waes <marja@mageia.org> | 2014-01-27 08:53:26 +0100 |
|---|---|---|
| committer | Marja van Waes <marja@mageia.org> | 2014-01-27 08:53:26 +0100 |
| commit | b80fff1dfa6d7a102aa42745863d068561832eb0 (patch) | |
| tree | 973cdf22c01964552e9db75e6bfcbb49a5b4a1de | |
| parent | c1a2257acb641d39473f9035d17773f7f887ea0a (diff) | |
| download | tools-b80fff1dfa6d7a102aa42745863d068561832eb0.tar tools-b80fff1dfa6d7a102aa42745863d068561832eb0.tar.gz tools-b80fff1dfa6d7a102aa42745863d068561832eb0.tar.bz2 tools-b80fff1dfa6d7a102aa42745863d068561832eb0.tar.xz tools-b80fff1dfa6d7a102aa42745863d068561832eb0.zip | |
- New msecgui.xml written by lebarhon
- updated mcc-help.pot
| -rw-r--r-- | docs/mcc-help/en/msecgui.xml | 360 | ||||
| -rw-r--r-- | docs/mcc-help/mcc-help.pot | 462 |
2 files changed, 806 insertions, 16 deletions
diff --git a/docs/mcc-help/en/msecgui.xml b/docs/mcc-help/en/msecgui.xml index e9a8ccf3..2a4b14ba 100644 --- a/docs/mcc-help/en/msecgui.xml +++ b/docs/mcc-help/en/msecgui.xml @@ -1,18 +1,360 @@ -<?xml version='1.0' encoding='utf-8'?><section xmlns="http://docbook.org/ns/docbook" xmlns:ns5="http://www.w3.org/1998/Math/MathML" xmlns:ns4="http://www.w3.org/2000/svg" xmlns:ns3="http://www.w3.org/1999/xhtml" xmlns:ns2="http://www.w3.org/1999/xlink" xmlns:ns="http://docbook.org/ns/docbook" xml:id="msecgui" version="5.0"> +<?xml version='1.0' encoding='utf-8'?><section xmlns="http://docbook.org/ns/docbook" xmlns:ns5="http://www.w3.org/1998/Math/MathML" xmlns:ns4="http://www.w3.org/2000/svg" xmlns:ns3="http://www.w3.org/1999/xhtml" xmlns:ns2="http://www.w3.org/1999/xlink" xmlns:ns="http://docbook.org/ns/docbook" version="5.0" xml:id="msecgui"> <info> - <title xml:id="msecgui-ti1">MSEC: System Security and Audit</title><subtitle>msecgui</subtitle> + <title xml:id="msecgui-ti1">MSEC: System Security and Audit</title> + + <subtitle>msecgui</subtitle> </info> + <!-- written by Lebarhon 2014/01/03 To be checked--> + + <para/> + <mediaobject> <imageobject> - <imagedata xml:id="msecgui-im1" revision="1" align="center" format="PNG" fileref="msecgui.png"/> + <imagedata xml:id="msecgui-im1" revision="1" fileref="msecgui.png" align="center" format="PNG"/> </imageobject> </mediaobject> - <para>This page hasn't been written yet for lack of resources. If you think - you can write this help, please contact <link ns2:href="https://wiki.mageia.org/en/Documentation_team"> the Doc team.</link> Thanking you in advance.</para> + <para/> + + <section> + <title>Presentation</title> + + <para>msecgui is a graphic user interface for msec that allows to + configure your system security according to two approaches:</para> + + <itemizedlist> + <listitem> + <para>It sets the system behaviour, msec imposes modifications to the + system to make it more secure.</para> + </listitem> + + <listitem>It carries on periodic checks automatically on the system in + order to warn you if something seems dangerous.</listitem> + </itemizedlist> + + <para>msec uses the concept of "security levels" which are intended to + configure a set of system permissions, which can be audited for changes or + enforcement. Several of them are proposed by Mageia, but you can define + your own customised security levels.</para> + </section> + + <section> + <title>Overview tab</title> + + <para>See the screenshot above</para> + + <para>The first tab takes up the list of the different security tools with + a button on the right side to configure them:</para> + + <itemizedlist> + <listitem> + <para>Firewall, also found in the MCC / Security / Set up your + personal firewall</para> + </listitem> + + <listitem> + <para>Updates, also found in MCC / Software Management / Update your + system</para> + </listitem> + + <listitem> + <para>msec itself with some information:</para> + + <itemizedlist> + <listitem> + <para>enabled or not</para> + </listitem> + + <listitem> + <para>the configured Base security level</para> + </listitem> + + <listitem> + <para>the date of the last Periodic checks and a button to see a + detailed report and another button to execute the checks just + now.</para> + </listitem> + </itemizedlist> + </listitem> + </itemizedlist> + </section> + + <section> + <title>Security settings tab</title> + + <para>A click on the second tab or on the Security + <guibutton>Configure</guibutton> button leads to the same screen shown + below.</para> + + <mediaobject> + <imageobject> + <imagedata fileref="msecgui2.png"/> + </imageobject> + </mediaobject> + + <para/> + + <section> + <title>Basic security tab</title> + + <para role="underline"> + <emphasis role="underline">Security levels:</emphasis> + </para> + + <para>After having checked the box <guilabel>Enable MSEC + tool</guilabel>, this tab allows you by a double click to choose the + security level that appears then in bold. If the box is not checked, the + level « none » is applied. The following levels are available:</para> + + <orderedlist numeration="arabic"> + <listitem> + <para>Level <emphasis role="bold">none</emphasis>. This level is + intended if you do not want to use msec to control system security, + and prefer tuning it on your own. It disables all security checks + and puts no restrictions or constraints on system configuration and + settings. Please use this level only if you are knowing what you are + doing, as it would leave your system vulnerable to attack.</para> + </listitem> + + <listitem>Level <emphasis role="bold">standard</emphasis>. This is the + default configuration when installed and is intended for casual users. + It constrains several system settings and executes daily security + checks which detect changes in system files, system accounts, and + vulnerable directory permissions. (This level is similar to levels 2 + and 3 from past msec versions).</listitem> + + <listitem> + <para>Level <emphasis role="bold">secure</emphasis>. This level is + intended when you want to ensure your system is secure, yet usable. + It further restricts system permissions and executes more periodic + checks. Moreover, access to the system is more restricted. (This + level is similar to levels 4 (High) and 5 (Paranoid) from old msec + versions).</para> + </listitem> + + <listitem>Besides those levels, different task-oriented security are + also provided, such as the <emphasis role="bold">fileserver</emphasis>, <emphasis role="bold">webserver</emphasis> and <emphasis role="bold">netbook</emphasis> levels. Such levels attempt to + pre-configure system security according to the most common use + cases.</listitem> + + <listitem>The last two levels called <emphasis role="bold">audit_daily</emphasis> and <emphasis role="bold">audit_weekly</emphasis> are not really security levels but + rather tools for periodic checks only.</listitem> + </orderedlist> + + <para>These levels are saved in + <filename>etc/security/msec/level.<levelname></filename>. You can + define your own customised security levels, saving them into specific + files called <filename>level.<levelname></filename>, placed into + the folder <filename>etc/security/msec/.</filename> This function is + intended for power users which require a customised or more secure + system configuration.</para> + + <caution>Keep in mind that user-modified parameters take precedence over + default level settings.</caution> + + <para> + <emphasis role="underline">Security alerts:</emphasis> + </para> + + <para>If you check the box <guibutton>Send security alerts by email + to:</guibutton>, the security alerts generated by msec are going to be + sent by local e-mail to the security administrator named in the nearby + field. You can fill either a local user or a complete e-mail address + (the local e-mail and the e-mail manager must be set accordingly). At + last, you can receive the security alerts directly on your desktop. + Check the relevant box to enable it.</para> + + <important>It is strongly advisable to enable the security alerts option + in order to immediately inform the security administrator of possible + security problems. If not, the administrator will have to regularly + check the logs files available in + <filename>/var/log/security.</filename></important> + + <emphasis role="underline">Security options:</emphasis> + + <para>Creating a customised level is not the only way to customise the + computer security, it is also possible to use the tabs presented here + after to change any option you want. Current configuration for msec is + stored in <filename>/etc/security/msec/security.conf</filename>. This + file contains the current security level name and the list of all the + modifications done to the options.</para> + </section> + + <section> + <title>System security tab</title> + + <para>This tab displays all the security options on the left side + column, a description in the centre column, and their current values on + the right side column.</para> + + <mediaobject> + <imageobject> + <imagedata fileref="msecgui3.png"/> + </imageobject> + </mediaobject> + + <para>To modify an option, double click on it and a new window appears + (see screenshot below). It displays the option name, a short + description, the actual and default values, and a drop down list where + the new value can be selected. Click on the <guibutton>OK</guibutton> + button to validate the choice.</para> + + <para> + <figure> + <screenshot> + <mediaobject> + <imageobject> + <imagedata fileref="msecgui11.png"/> + </imageobject> + </mediaobject> + </screenshot> + </figure> + </para> + + <caution>Do not forget when leaving msecgui to save definitively your + configuration using the menu <guimenu>File -> Save the + configuration</guimenu>. If you have changed the settings, msecgui + allows you to preview the changes before saving them.</caution> + + <para> + <figure> + <screenshot> + <mediaobject> + <imageobject> + <imagedata fileref="msecgui10.png"/> + </imageobject> + </mediaobject> + </screenshot> + </figure> + </para> + </section> + + <section> + <title>Network security</title> + + <para>This tab displays all the network options and works like the + previous tab</para> + + <mediaobject> + <imageobject> + <imagedata fileref="msecgui4.png"/> + </imageobject> + </mediaobject> + </section> + + <section> + <title>Periodic checks tab</title> + + <para>Periodic checks aim to inform the security administrator by means + of security alerts of all situations msec thinks potentially + dangerous.</para> + + <para>This tab displays all the periodic checks done by msec and their + frequency if the box <guibutton>Enable periodic security + checks</guibutton> is checked. Changes are done like in the previous + tabs.</para> + + <mediaobject> + <imageobject> + <imagedata fileref="msecgui5.png"/> + </imageobject> + </mediaobject> + </section> + + <section> + <title>Exceptions tab</title> + + <para>Sometimes alert messages are due to well known and wanted + situations. In these cases they are useless and wasted time for the + administrator. This tab allows you to create as many exceptions as you + want to avoid unwanted alert messages. It is obviously empty at the + first msec start. The screenshot below shows four exceptions.</para> + + <mediaobject> + <imageobject> + <imagedata fileref="msecgui6.png"/> + </imageobject> + </mediaobject> + + <para>To create an exception, click on the <guibutton>Add a + rule</guibutton> button</para> + + <mediaobject> + <imageobject> + <imagedata fileref="msecgui7.png"/> + </imageobject> + </mediaobject> + + <para>Select the wanted periodic check in the drop down list called + <guilabel>Check</guilabel> and then, enter the + <guilabel>Exception</guilabel> in the text area. Adding an exception is + obviously not definitive, you can either delete it using the + <guibutton>Delete</guibutton> button of the + <guilabel>Exceptions</guilabel> tab or modify it with a double + clicK.</para> + </section> + + <section><title>Permissions</title><para>This tab is intended for file and + directory permissions checking and enforcement.</para><para>Like for the + security, msec owns different permissions levels (standard, secure, ..), + they are enabled accordingly with the chosen security level. You can + create your own customised permissions levels, saving them into specific + files called <filename>perm.<levelname></filename> placed into the + folder <filename>etc/security/msec/</filename>. This function is intended + for power users which require a customised configuration. It is also + possible to use the tab presented here after to change any permission you + want. Current configuration is stored in + <filename>/etc/security/msec/perms.conf.</filename> This file contains the + list of all the modifications done to the permissions.</para><mediaobject> + <imageobject> + <imagedata fileref="msecgui8.png"/> + </imageobject> + </mediaobject><para>Default permissions are visible as a list of rules + (a rule per line). You can see on the left side, the file or folder + concerned by the rule, then the owner, then the group and then the + permissions given by the rule. If, for a given rule:</para><itemizedlist> + <listitem> + <para>the box <guilabel>Enforce</guilabel> is not checked, msec only + checks if the defined permissions for this rule are respected and + sends an alert message if not, but does not change anything.</para> + </listitem> + + <listitem>the box <guilabel>Enforce</guilabel> is checked, then msec + will rule the permissions respect at the first periodic check and + overwrite the permissions.</listitem> + </itemizedlist><important>For this to work, the option CHECK_PERMS in + the <emphasis role="bold">Periodic check tab</emphasis> must be configured + accordingly.</important>To create a new rule, click on the<guibutton> Add + a rule</guibutton> button and fill the fields as shown in the example + below. The joker * is allowed in the <guilabel>File</guilabel> field. + “current” means no modification.<mediaobject> + <imageobject> + <imagedata fileref="msecgui9.png"/> + </imageobject> + </mediaobject><para>Click on the <guibutton>OK</guibutton> button to + validate the choice and do not forget when leaving to save definitively + your configuration using the menu <guimenu>File -> Save the + configuration</guimenu>. If you have changed the settings, msecgui allows + you to preview the changes before saving them. </para><note>It is also + possible to create or modify the rules by editing the configuration file + <filename>/etc/security/msec/perms.conf</filename>. + </note><caution>Changes in the <emphasis role="bold">Permission + tab</emphasis> (or directly in the configuration file) are taken into + account at the first periodic check (see the option CHECK_PERMS in the + <emphasis role="bold">Periodic checks tab</emphasis>). If you want them to + be taken immediately into account, use the msecperms command in a console + with root rights. You can use before, the msecperms -p command to know the + permissions that will be changed by msecperms.</caution><caution>Do not + forget that if you modify the permissions in a console or in a file + manager, for a file where the box <guilabel>Enforce</guilabel> is checked + in the <emphasis role="bold">Permissions tab</emphasis>, msecgui will + write the old permissions back after a while, accordingly to the + configuration of the options CHECK_PERMS and CHECK_PERMS_ENFORCE in the + <emphasis role="bold">Periodic Checks tab</emphasis>.</caution></section> + </section> + + <para>You can start this tool from the command line, by typing <emphasis role="bold">msecgui</emphasis> as root.</para> - <para>You can start this tool from the - command line, by typing <emphasis role="bold">msecgui</emphasis> as - root.</para> -</section> + <para/> +</section>
\ No newline at end of file diff --git a/docs/mcc-help/mcc-help.pot b/docs/mcc-help/mcc-help.pot index 733c9d1e..bc7da073 100644 --- a/docs/mcc-help/mcc-help.pot +++ b/docs/mcc-help/mcc-help.pot @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: Mageia Control Center Help 4.0\n" "Report-Msgid-Bugs-To: doc-discuss@ml.mageia.org\n" -"POT-Creation-Date: 2013-12-24 17:14+0200\n" +"POT-Creation-Date: 2014-01-27 08:52+0100\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: LANGUAGE <LL@li.org>\n" @@ -2549,7 +2549,7 @@ msgid "" msgstr "" #. type: Content of: <section><section><title> -#: en/drakguard.xml:21 +#: en/drakguard.xml:21 en/msecgui.xml:21 msgid "Presentation" msgstr "" @@ -2909,7 +2909,7 @@ msgid "drakinvictus.png" msgstr "" #. type: Content of: <section><para> -#: en/drakinvictus.xml:12 en/draknetcenter.xml:187 en/draknetprofile.xml:12 en/drakups.xml:12 en/drakwizard_apache2.xml:12 en/drakwizard_bind.xml:12 en/drakwizard_dhcp.xml:12 en/drakwizard_proftpd.xml:12 en/drakwizard_squid.xml:12 en/drakwizard_sshd.xml:12 en/drakxservices.xml:12 en/msecgui.xml:12 +#: en/drakinvictus.xml:12 en/draknetcenter.xml:187 en/draknetprofile.xml:12 en/drakups.xml:12 en/drakwizard_apache2.xml:12 en/drakwizard_bind.xml:12 en/drakwizard_dhcp.xml:12 en/drakwizard_proftpd.xml:12 en/drakwizard_squid.xml:12 en/drakwizard_sshd.xml:12 en/drakxservices.xml:12 msgid "" "This page hasn't been written yet for lack of resources. If you think you " "can write this help, please contact <link " @@ -4117,7 +4117,7 @@ msgid "draksambashare17.png" msgstr "" #. type: Content of: <section><section><screenshot> -#: en/draksambashare.xml:239 en/drakvpn.xml:46 en/logdrake.xml:89 en/rpmdrake.xml:42 en/rpmdrake.xml:147 en/rpmdrake.xml:157 en/rpmdrake.xml:167 en/rpmdrake.xml:177 en/rpmdrake.xml:187 en/rpmdrake.xml:222 +#: en/draksambashare.xml:239 en/drakvpn.xml:46 en/logdrake.xml:89 en/msecgui.xml:206 en/msecgui.xml:223 en/rpmdrake.xml:42 en/rpmdrake.xml:147 en/rpmdrake.xml:157 en/rpmdrake.xml:167 en/rpmdrake.xml:177 en/rpmdrake.xml:187 en/rpmdrake.xml:222 msgid "<placeholder type=\"mediaobject\" id=\"0\"/>" msgstr "" @@ -5999,17 +5999,465 @@ msgid "MSEC: System Security and Audit" msgstr "" #. type: Content of: <section><info><subtitle> -#: en/msecgui.xml:3 +#: en/msecgui.xml:5 msgid "msecgui" msgstr "" #. type: Attribute 'fileref' of: <section><mediaobject><imageobject><imagedata> -#: en/msecgui.xml:8 +#: en/msecgui.xml:14 msgid "msecgui.png" msgstr "" +#. type: Content of: <section><section><para> +#: en/msecgui.xml:23 +msgid "" +"msecgui is a graphic user interface for msec that allows to configure your " +"system security according to two approaches:" +msgstr "" + +#. type: Content of: <section><section><itemizedlist><listitem><para> +#: en/msecgui.xml:28 +msgid "" +"It sets the system behaviour, msec imposes modifications to the system to " +"make it more secure." +msgstr "" + +#. type: Content of: <section><section><para> +#: en/msecgui.xml:36 +msgid "" +"msec uses the concept of \"security levels\" which are intended to configure " +"a set of system permissions, which can be audited for changes or " +"enforcement. Several of them are proposed by Mageia, but you can define your " +"own customised security levels." +msgstr "" + +#. type: Content of: <section><section><title> +#: en/msecgui.xml:43 +msgid "Overview tab" +msgstr "" + +#. type: Content of: <section><section><para> +#: en/msecgui.xml:45 +msgid "See the screenshot above" +msgstr "" + +#. type: Content of: <section><section><para> +#: en/msecgui.xml:47 +msgid "" +"The first tab takes up the list of the different security tools with a " +"button on the right side to configure them:" +msgstr "" + +#. type: Content of: <section><section><itemizedlist><listitem><para> +#: en/msecgui.xml:52 +msgid "Firewall, also found in the MCC / Security / Set up your personal firewall" +msgstr "" + +#. type: Content of: <section><section><itemizedlist><listitem><para> +#: en/msecgui.xml:57 +msgid "Updates, also found in MCC / Software Management / Update your system" +msgstr "" + +#. type: Content of: <section><section><itemizedlist><listitem><para> +#: en/msecgui.xml:62 +msgid "msec itself with some information:" +msgstr "" + +#. type: Content of: <section><section><itemizedlist><listitem><itemizedlist><listitem><para> +#: en/msecgui.xml:66 +msgid "enabled or not" +msgstr "" + +#. type: Content of: <section><section><itemizedlist><listitem><itemizedlist><listitem><para> +#: en/msecgui.xml:70 +msgid "the configured Base security level" +msgstr "" + +#. type: Content of: <section><section><itemizedlist><listitem><itemizedlist><listitem><para> +#: en/msecgui.xml:74 +msgid "" +"the date of the last Periodic checks and a button to see a detailed report " +"and another button to execute the checks just now." +msgstr "" + +#. type: Content of: <section><section><title> +#: en/msecgui.xml:84 +msgid "Security settings tab" +msgstr "" + +#. type: Content of: <section><section><para> +#: en/msecgui.xml:86 +msgid "" +"A click on the second tab or on the Security " +"<guibutton>Configure</guibutton> button leads to the same screen shown " +"below." +msgstr "" + +#. type: Attribute 'fileref' of: <section><section><mediaobject><imageobject><imagedata> +#: en/msecgui.xml:92 +msgid "msecgui2.png" +msgstr "" + +#. type: Content of: <section><section><section><title> +#: en/msecgui.xml:99 +msgid "Basic security tab" +msgstr "" + +#. type: Content of: <section><section><section><para> +#: en/msecgui.xml:102 +msgid "<emphasis role=\"underline\">Security levels:</emphasis>" +msgstr "" + +#. type: Content of: <section><section><section><para> +#: en/msecgui.xml:105 +msgid "" +"After having checked the box <guilabel>Enable MSEC tool</guilabel>, this tab " +"allows you by a double click to choose the security level that appears then " +"in bold. If the box is not checked, the level « none » is applied. The " +"following levels are available:" +msgstr "" + +#. type: Content of: <section><section><section><orderedlist><listitem><para> +#: en/msecgui.xml:112 +msgid "" +"Level <emphasis role=\"bold\">none</emphasis>. This level is intended if you " +"do not want to use msec to control system security, and prefer tuning it on " +"your own. It disables all security checks and puts no restrictions or " +"constraints on system configuration and settings. Please use this level only " +"if you are knowing what you are doing, as it would leave your system " +"vulnerable to attack." +msgstr "" + +#. type: Content of: <section><section><section><orderedlist><listitem><emphasis> +#: en/msecgui.xml:120 +msgid "standard" +msgstr "" + +#. type: Content of: <section><section><section><orderedlist><listitem><para> +#: en/msecgui.xml:128 +msgid "" +"Level <emphasis role=\"bold\">secure</emphasis>. This level is intended when " +"you want to ensure your system is secure, yet usable. It further restricts " +"system permissions and executes more periodic checks. Moreover, access to " +"the system is more restricted. (This level is similar to levels 4 (High) and " +"5 (Paranoid) from old msec versions)." +msgstr "" + +#. type: Content of: <section><section><section><orderedlist><listitem><emphasis> +#: en/msecgui.xml:137 +msgid "fileserver" +msgstr "" + +#. type: Content of: <section><section><section><orderedlist><listitem><emphasis> +#: en/msecgui.xml:137 +msgid "webserver" +msgstr "" + +#. type: Content of: <section><section><section><orderedlist><listitem><emphasis> +#: en/msecgui.xml:137 +msgid "netbook" +msgstr "" + +#. type: Content of: <section><section><section><orderedlist><listitem><emphasis> +#: en/msecgui.xml:141 +msgid "audit_daily" +msgstr "" + +#. type: Content of: <section><section><section><orderedlist><listitem><emphasis> +#: en/msecgui.xml:141 +msgid "audit_weekly" +msgstr "" + +#. type: Content of: <section><section><section><para> +#: en/msecgui.xml:145 +msgid "" +"These levels are saved in " +"<filename>etc/security/msec/level.<levelname></filename>. You can define " +"your own customised security levels, saving them into specific files called " +"<filename>level.<levelname></filename>, placed into the folder " +"<filename>etc/security/msec/.</filename> This function is intended for power " +"users which require a customised or more secure system configuration." +msgstr "" + +#. type: Content of: <section><section><section><para> +#: en/msecgui.xml:157 +msgid "<emphasis role=\"underline\">Security alerts:</emphasis>" +msgstr "" + +#. type: Content of: <section><section><section><para> +#: en/msecgui.xml:160 +msgid "" +"If you check the box <guibutton>Send security alerts by email " +"to:</guibutton>, the security alerts generated by msec are going to be sent " +"by local e-mail to the security administrator named in the nearby field. You " +"can fill either a local user or a complete e-mail address (the local e-mail " +"and the e-mail manager must be set accordingly). At last, you can receive " +"the security alerts directly on your desktop. Check the relevant box to " +"enable it." +msgstr "" + +#. type: Content of: <section><section><section><important><filename> +#: en/msecgui.xml:172 +msgid "/var/log/security." +msgstr "" + +#. type: Content of: <section><section><section><emphasis> +#: en/msecgui.xml:174 +msgid "Security options:" +msgstr "" + +#. type: Content of: <section><section><section><para> +#: en/msecgui.xml:176 +msgid "" +"Creating a customised level is not the only way to customise the computer " +"security, it is also possible to use the tabs presented here after to change " +"any option you want. Current configuration for msec is stored in " +"<filename>/etc/security/msec/security.conf</filename>. This file contains " +"the current security level name and the list of all the modifications done " +"to the options." +msgstr "" + +#. type: Content of: <section><section><section><title> +#: en/msecgui.xml:185 +msgid "System security tab" +msgstr "" + +#. type: Content of: <section><section><section><para> +#: en/msecgui.xml:187 +msgid "" +"This tab displays all the security options on the left side column, a " +"description in the centre column, and their current values on the right side " +"column." +msgstr "" + +#. type: Attribute 'fileref' of: <section><section><section><mediaobject><imageobject><imagedata> +#: en/msecgui.xml:193 +msgid "msecgui3.png" +msgstr "" + +#. type: Content of: <section><section><section><para> +#: en/msecgui.xml:197 +msgid "" +"To modify an option, double click on it and a new window appears (see " +"screenshot below). It displays the option name, a short description, the " +"actual and default values, and a drop down list where the new value can be " +"selected. Click on the <guibutton>OK</guibutton> button to validate the " +"choice." +msgstr "" + +#. type: Attribute 'fileref' of: <section><section><section><para><figure><screenshot><mediaobject><imageobject><imagedata> +#: en/msecgui.xml:208 +msgid "msecgui11.png" +msgstr "" + +#. type: Content of: <section><section><section><para><figure> +#: en/msecgui.xml:205 en/msecgui.xml:222 +msgid "<placeholder type=\"screenshot\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <section><section><section><para> +#: en/msecgui.xml:204 en/msecgui.xml:221 +msgid "<placeholder type=\"figure\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <section><section><section><caution><guimenu> +#: en/msecgui.xml:216 +msgid "File -> Save the configuration" +msgstr "" + +#. type: Attribute 'fileref' of: <section><section><section><para><figure><screenshot><mediaobject><imageobject><imagedata> +#: en/msecgui.xml:225 +msgid "msecgui10.png" +msgstr "" + +#. type: Content of: <section><section><section><title> +#: en/msecgui.xml:234 +msgid "Network security" +msgstr "" + +#. type: Content of: <section><section><section><para> +#: en/msecgui.xml:236 +msgid "This tab displays all the network options and works like the previous tab" +msgstr "" + +#. type: Attribute 'fileref' of: <section><section><section><mediaobject><imageobject><imagedata> +#: en/msecgui.xml:241 +msgid "msecgui4.png" +msgstr "" + +#. type: Content of: <section><section><section><caution><emphasis> +#: en/msecgui.xml:247 en/msecgui.xml:345 +msgid "Periodic checks tab" +msgstr "" + +#. type: Content of: <section><section><section><para> +#: en/msecgui.xml:249 +msgid "" +"Periodic checks aim to inform the security administrator by means of " +"security alerts of all situations msec thinks potentially dangerous." +msgstr "" + +#. type: Content of: <section><section><section><para> +#: en/msecgui.xml:253 +msgid "" +"This tab displays all the periodic checks done by msec and their frequency " +"if the box <guibutton>Enable periodic security checks</guibutton> is " +"checked. Changes are done like in the previous tabs." +msgstr "" + +#. type: Attribute 'fileref' of: <section><section><section><mediaobject><imageobject><imagedata> +#: en/msecgui.xml:260 +msgid "msecgui5.png" +msgstr "" + +#. type: Content of: <section><section><section><title> +#: en/msecgui.xml:266 +msgid "Exceptions tab" +msgstr "" + +#. type: Content of: <section><section><section><para> +#: en/msecgui.xml:268 +msgid "" +"Sometimes alert messages are due to well known and wanted situations. In " +"these cases they are useless and wasted time for the administrator. This tab " +"allows you to create as many exceptions as you want to avoid unwanted alert " +"messages. It is obviously empty at the first msec start. The screenshot " +"below shows four exceptions." +msgstr "" + +#. type: Attribute 'fileref' of: <section><section><section><mediaobject><imageobject><imagedata> +#: en/msecgui.xml:276 +msgid "msecgui6.png" +msgstr "" + +#. type: Content of: <section><section><section><para> +#: en/msecgui.xml:280 +msgid "" +"To create an exception, click on the <guibutton>Add a rule</guibutton> " +"button" +msgstr "" + +#. type: Attribute 'fileref' of: <section><section><section><mediaobject><imageobject><imagedata> +#: en/msecgui.xml:285 +msgid "msecgui7.png" +msgstr "" + +#. type: Content of: <section><section><section><para> +#: en/msecgui.xml:289 +msgid "" +"Select the wanted periodic check in the drop down list called " +"<guilabel>Check</guilabel> and then, enter the " +"<guilabel>Exception</guilabel> in the text area. Adding an exception is " +"obviously not definitive, you can either delete it using the " +"<guibutton>Delete</guibutton> button of the <guilabel>Exceptions</guilabel> " +"tab or modify it with a double clicK." +msgstr "" + +#. type: Content of: <section><section><section><title> +#: en/msecgui.xml:298 +msgid "Permissions" +msgstr "" + +#. type: Content of: <section><section><section><para> +#: en/msecgui.xml:298 +msgid "" +"This tab is intended for file and directory permissions checking and " +"enforcement." +msgstr "" + +#. type: Content of: <section><section><section><para> +#: en/msecgui.xml:299 +msgid "" +"Like for the security, msec owns different permissions levels (standard, " +"secure, ..), they are enabled accordingly with the chosen security " +"level. You can create your own customised permissions levels, saving them " +"into specific files called <filename>perm.<levelname></filename> placed " +"into the folder <filename>etc/security/msec/</filename>. This function is " +"intended for power users which require a customised configuration. It is " +"also possible to use the tab presented here after to change any permission " +"you want. Current configuration is stored in " +"<filename>/etc/security/msec/perms.conf.</filename> This file contains the " +"list of all the modifications done to the permissions." +msgstr "" + +#. type: Attribute 'fileref' of: <section><section><section><mediaobject><imageobject><imagedata> +#: en/msecgui.xml:311 +msgid "msecgui8.png" +msgstr "" + +#. type: Content of: <section><section><section><para> +#: en/msecgui.xml:313 +msgid "" +"Default permissions are visible as a list of rules (a rule per line). You " +"can see on the left side, the file or folder concerned by the rule, then the " +"owner, then the group and then the permissions given by the rule. If, for a " +"given rule:" +msgstr "" + +#. type: Content of: <section><section><section><itemizedlist><listitem><para> +#: en/msecgui.xml:318 +msgid "" +"the box <guilabel>Enforce</guilabel> is not checked, msec only checks if the " +"defined permissions for this rule are respected and sends an alert message " +"if not, but does not change anything." +msgstr "" + +#. type: Content of: <section><section><section><caution><guilabel> +#: en/msecgui.xml:323 en/msecgui.xml:350 +msgid "Enforce" +msgstr "" + +#. type: Content of: <section><section><section><important><emphasis> +#: en/msecgui.xml:327 +msgid "Periodic check tab" +msgstr "" + +#. type: Content of: <section><section><section><guibutton> +#: en/msecgui.xml:328 +msgid "Add a rule" +msgstr "" + +#. type: Content of: <section><section><section><guilabel> +#: en/msecgui.xml:330 +msgid "File" +msgstr "" + +#. type: Attribute 'fileref' of: <section><section><section><mediaobject><imageobject><imagedata> +#: en/msecgui.xml:333 +msgid "msecgui9.png" +msgstr "" + +#. type: Content of: <section><section><section><para> +#: en/msecgui.xml:335 +msgid "" +"Click on the <guibutton>OK</guibutton> button to validate the choice and do " +"not forget when leaving to save definitively your configuration using the " +"menu <guimenu>File -> Save the configuration</guimenu>. If you have changed " +"the settings, msecgui allows you to preview the changes before saving them." +msgstr "" + +#. type: Content of: <section><section><section><note><filename> +#: en/msecgui.xml:341 +msgid "/etc/security/msec/perms.conf" +msgstr "" + +#. type: Content of: <section><section><section><caution><emphasis> +#: en/msecgui.xml:342 +msgid "Permission tab" +msgstr "" + +#. type: Content of: <section><section><section><caution><emphasis> +#: en/msecgui.xml:351 +msgid "Permissions tab" +msgstr "" + +#. type: Content of: <section><section><section><caution><emphasis> +#: en/msecgui.xml:354 +msgid "Periodic Checks tab" +msgstr "" + #. type: Content of: <section><para> -#: en/msecgui.xml:15 +#: en/msecgui.xml:357 msgid "" "You can start this tool from the command line, by typing <emphasis " "role=\"bold\">msecgui</emphasis> as root." |