Update docs

5 files changed, 361 insertions, 28 deletions

diff --git a/docs/mcc-help/de/XFdrake.xml b/docs/mcc-help/de/XFdrake.xml
index 682a517f..1c533682 100644
--- a/docs/mcc-help/de/XFdrake.xml
+++ b/docs/mcc-help/de/XFdrake.xml
@@ -41,8 +41,8 @@ in your Desktop Environment.</para>
 <para> If even Vesa doesn't work, choose <emphasis><guilabel>Xorg</guilabel> -
 <guilabel>fbdev</guilabel></emphasis>, which is used while installing
 Mageia, but doesn't allow you to change resolution or refresh rates.</para>
-    </note>If you made your choice for a free driver, you may be asked if you
-want to use a proprietary driver instead with more features (3D effects for
+    </note>If you made your choice for a free driver, you may be asked if you want to
+use a proprietary driver instead with more features (3D effects for
 example).</para>
 
   <para/>
@@ -95,9 +95,9 @@ graphical environment doesn't work.</para>
       <para>In case of a non working graphical environment, type Alt+Ctrl+F2 to open a
 text environment, connect as root and type XFdrake (with the caps) to to use
 XFdrake's text version. </para>
-    </note>If the test fails, just wait until the end, if it works but you don't
-want to change after all, click on <guibutton>No</guibutton>, if everything
-is right, click on <guibutton role="bold">OK</guibutton>.</para>
+    </note>If the test fails, just wait until the end, if it works but you don't want
+to change after all, click on <guibutton>No</guibutton>, if everything is
+right, click on <guibutton role="bold">OK</guibutton>.</para>
 
 <orderedlist><title>Optionen:</title>
 	<listitem>
diff --git a/docs/mcc-help/de/diskdrake--dav.xml b/docs/mcc-help/de/diskdrake--dav.xml
index 65619087..28c04b2c 100644
--- a/docs/mcc-help/de/diskdrake--dav.xml
+++ b/docs/mcc-help/de/diskdrake--dav.xml
@@ -68,9 +68,9 @@ an. Wenn sie weitere Optionen benötigen, können sie diese im
 access.</para>
 
     <para>After you accepted the configuration with the radio button
-<guibutton>Done</guibutton>, the first screen is displayed again and your new
-mount point is listed. After you choose <guibutton>Quit</guibutton>, you are
-asked whether or not to save the modifications in
+<guibutton>Done</guibutton>, the first screen is displayed again and your
+new mount point is listed. After you choose <guibutton>Quit</guibutton>, you
+are asked whether or not to save the modifications in
 <emphasis>/etc/fstab</emphasis>. Choose this option if you want that the
 remote directory is available at each boot. If your configuration is for
 one-time usage, do not save it.</para>
diff --git a/docs/mcc-help/de/diskdrake--nfs.xml b/docs/mcc-help/de/diskdrake--nfs.xml
index a4b3e61a..d347eed8 100644
--- a/docs/mcc-help/de/diskdrake--nfs.xml
+++ b/docs/mcc-help/de/diskdrake--nfs.xml
@@ -71,11 +71,11 @@ mounting the directory, you can unmount it with the same button.</para>
       </imageobject>
     </mediaobject>
 
-    <para>On accepting the configuration with the Done button, a message will
-displayed, asking "Do you want to save the /etc/fstab modifications". This
-will make the directory available at each boot, if the network is
-accessible. The new directory is then available in your file browser, for
-example in dolphin.</para>
+    <para>On accepting the configuration with the <guibutton>Done</guibutton> button,
+a message will displayed, asking "Do you want to save the /etc/fstab
+modifications". This will make the directory available at each boot, if the
+network is accessible. The new directory is then available in your file
+browser, for example in Dolphin.</para>
 
     <mediaobject>
       <imageobject>
diff --git a/docs/mcc-help/de/drakboot--boot.xml b/docs/mcc-help/de/drakboot--boot.xml
index 57c5b827..f14c8c82 100644
--- a/docs/mcc-help/de/drakboot--boot.xml
+++ b/docs/mcc-help/de/drakboot--boot.xml
@@ -74,12 +74,6 @@ system which can cause freezes or incorrect device detection (error message
 "spurious 8259A interrupt: IRQ7"). In this case, disable APIC and/or Local
 APIC.</para>
 
-  <para><guibutton>Clean /tmp at each boot:</guibutton></para>
-
-  <para>If checked, this option will empty the /tmp directory at each boot,
-preventing it from become too big and clearing the trackings that don't need
-to be kept.</para>
-
   <mediaobject>
     <imageobject>
       <imagedata fileref="drakboot1.png"/>
diff --git a/docs/mcc-help/de/msecgui.xml b/docs/mcc-help/de/msecgui.xml
index 7c63e34f..eb5be850 100644
--- a/docs/mcc-help/de/msecgui.xml
+++ b/docs/mcc-help/de/msecgui.xml
@@ -1,19 +1,358 @@
-<?xml version='1.0' encoding='utf-8'?><section xmlns="http://docbook.org/ns/docbook" xmlns:ns5="http://www.w3.org/1998/Math/MathML" xmlns:ns4="http://www.w3.org/2000/svg" xmlns:ns3="http://www.w3.org/1999/xhtml" xmlns:ns2="http://www.w3.org/1999/xlink" xmlns:ns="http://docbook.org/ns/docbook" xml:id="msecgui" version="5.0" xml:lang="de">
+<?xml version='1.0' encoding='utf-8'?><section xmlns="http://docbook.org/ns/docbook" xmlns:ns5="http://www.w3.org/1998/Math/MathML" xmlns:ns4="http://www.w3.org/2000/svg" xmlns:ns3="http://www.w3.org/1999/xhtml" xmlns:ns2="http://www.w3.org/1999/xlink" xmlns:ns="http://docbook.org/ns/docbook" version="5.0" xml:lang="de" xml:id="msecgui">
   <info>
-	  <title xml:id="msecgui-ti1">MSEC: System Sicherheit und Prüfung</title><subtitle>msecgui</subtitle>
+    <title xml:id="msecgui-ti1">MSEC: System Sicherheit und Prüfung</title>
+
+    <subtitle>msecgui</subtitle>
   </info>
 
+  
+
+
   <mediaobject>
-    <imageobject>
-      <imagedata   xml:id="msecgui-im1" revision="1" align="center" format="PNG" fileref="msecgui.png"/>
+    <!-- written by Lebarhon 2014/01/03 To be checked-->
+<imageobject>
+      <imagedata xml:id="msecgui-im1" revision="1" fileref="msecgui.png" align="center" format="PNG"/>
     </imageobject>
   </mediaobject>
 
- <para>This page hasn't been written yet for lack of resources. If you think you
-can write this help, please contact <link
-ns2:href="https://wiki.mageia.org/en/Documentation_team"> the Doc
-team.</link> Thanking you in advance.</para>  
 
-  <para>You can start this tool from the command line, by typing <emphasis
+  <section>
+    <title>Präsentation</title>
+
+    <para>msecgui<footnote><para>You can start this tool from the command line, by typing <emphasis
 role="bold">msecgui</emphasis> as root.</para>
+    </footnote> is a graphic user interface for
+msec that allows to configure your system security according to two
+approaches:</para>
+
+    <itemizedlist>
+      <listitem>
+        <para>It sets the system behaviour, msec imposes modifications to the system to
+make it more secure.</para>
+      </listitem>
+
+      <listitem>
+	 <para>It carries on periodic checks automatically on the system in order to warn
+you if something seems dangerous.</para>
+      </listitem>
+    </itemizedlist>
+
+    <para>msec uses the concept of "security levels" which are intended to configure a
+set of system permissions, which can be audited for changes or
+enforcement. Several of them are proposed by Mageia, but you can define your
+own customised security levels.</para>
+  </section>
+
+  <section>
+    <title>Overview tab</title>
+
+    <para>See the screenshot above</para>
+
+    <para>The first tab takes up the list of the different security tools with a
+button on the right side to configure them:</para>
+
+    <itemizedlist>
+      <listitem>
+        <para>Firewall, also found in the MCC / Security / Set up your personal firewall</para>
+      </listitem>
+
+      <listitem>
+        <para>Updates, also found in MCC / Software Management / Update your system</para>
+      </listitem>
+
+      <listitem>
+        <para>msec itself with some information:</para>
+
+        <itemizedlist>
+          <listitem>
+            <para>enabled or not</para>
+          </listitem>
+
+          <listitem>
+            <para>the configured Base security level</para>
+          </listitem>
+
+          <listitem>
+            <para>the date of the last Periodic checks and a button to see a detailed report
+and another button to execute the checks just now.</para>
+          </listitem>
+        </itemizedlist>
+      </listitem>
+    </itemizedlist>
+  </section>
+
+  <section>
+    <title>Security settings tab</title>
+
+    <para>A click on the second tab or on the Security
+<guibutton>Configure</guibutton> button leads to the same screen shown
+below.</para>
+
+    <mediaobject>
+      <imageobject>
+        <imagedata fileref="msecgui2.png"/>
+      </imageobject>
+    </mediaobject>
+
+
+    <section>
+      <title>Basic security tab</title>
+
+      <para role="underline">
+        <emphasis role="underline">Security levels:</emphasis>
+      </para>
+
+      <para>After having checked the box <guilabel>Enable MSEC tool</guilabel>, this tab
+allows you by a double click to choose the security level that appears then
+in bold. If the box is not checked, the level « none » is applied. The
+following levels are available:</para>
+
+      <orderedlist numeration="arabic">
+        <listitem>
+          <para>Level <emphasis role="bold">none</emphasis>. This level is intended if you
+do not want to use msec to control system security, and prefer tuning it on
+your own. It disables all security checks and puts no restrictions or
+constraints on system configuration and settings. Please use this level only
+if you are knowing what you are doing, as it would leave your system
+vulnerable to attack.</para>
+        </listitem>
+
+	<listitem>
+	  <para>Level <emphasis role="bold">standard</emphasis>. This is the default
+configuration when installed and is intended for casual users.  It
+constrains several system settings and executes daily security checks which
+detect changes in system files, system accounts, and vulnerable directory
+permissions. (This level is similar to levels 2 and 3 from past msec
+versions).</para>
+        </listitem>
+
+        <listitem>
+          <para>Level <emphasis role="bold">secure</emphasis>. This level is intended when
+you want to ensure your system is secure, yet usable.  It further restricts
+system permissions and executes more periodic checks. Moreover, access to
+the system is more restricted. (This level is similar to levels 4 (High) and
+5 (Paranoid) from old msec versions).</para>
+        </listitem>
+
+	<listitem>
+	  <para>Besides those levels, different task-oriented security are also provided,
+such as the <emphasis role="bold">fileserver </emphasis>, <emphasis
+role="bold">webserver</emphasis> and <emphasis
+role="bold">netbook</emphasis> levels. Such levels attempt to pre-configure
+system security according to the most common use cases.</para>
+        </listitem>
+
+	<listitem>
+          <para>The last two levels called <emphasis role="bold">audit_daily </emphasis> and
+<emphasis role="bold">audit_weekly</emphasis> are not really security levels
+but rather tools for periodic checks only.</para>
+        </listitem>
+      </orderedlist>
+
+      <para>These levels are saved in
+<filename>etc/security/msec/level.&lt;levelname></filename>. You can define
+your own customised security levels, saving them into specific files called
+<filename>level.&lt;levelname></filename>, placed into the folder
+<filename>etc/security/msec/.</filename> This function is intended for power
+users which require a customised or more secure system configuration.</para>
+
+      <caution>
+	<para>Keep in mind that user-modified parameters take precedence over default
+level settings.</para>
+      </caution>
+
+      <para>
+        <emphasis role="underline">Security alerts:</emphasis>
+      </para>
+
+      <para>If you check the box <guibutton>Send security alerts by email
+to:</guibutton>, the security alerts generated by msec are going to be sent
+by local e-mail to the security administrator named in the nearby field. You
+can fill either a local user or a complete e-mail address (the local e-mail
+and the e-mail manager must be set accordingly). At last, you can receive
+the security alerts directly on your desktop.  Check the relevant box to
+enable it.</para>
+
+      <important>
+	<para>It is strongly advisable to enable the security alerts option in order to
+immediately inform the security administrator of possible security
+problems. If not, the administrator will have to regularly check the logs
+files available in <filename>/var/log/security.</filename></para></important>
+
+      <para><emphasis role="underline">Security options:</emphasis></para>
+
+      <para>Creating a customised level is not the only way to customise the computer
+security, it is also possible to use the tabs presented here after to change
+any option you want. Current configuration for msec is stored in
+<filename>/etc/security/msec/security.conf</filename>. This file contains
+the current security level name and the list of all the modifications done
+to the options.</para>
+    </section>
+
+    <section>
+      <title>System security tab</title>
+
+      <para>This tab displays all the security options on the left side column, a
+description in the centre column, and their current values on the right side
+column.</para>
+
+      <mediaobject>
+        <imageobject>
+          <imagedata fileref="msecgui3.png"/>
+        </imageobject>
+      </mediaobject>
+
+      <para>To modify an option, double click on it and a new window appears (see
+screenshot below). It displays the option name, a short description, the
+actual and default values, and a drop down list where the new value can be
+selected. Click on the <guibutton>OK</guibutton> button to validate the
+choice.</para>
+
+      <mediaobject>
+        <imageobject>
+          <imagedata fileref="msecgui11.png"/>
+        </imageobject>
+      </mediaobject>
+
+      <caution>
+      <para>Do not forget when leaving msecgui to save definitively your configuration
+using the menu <guimenu>File -> Save the configuration</guimenu>. If you
+have changed the settings, msecgui allows you to preview the changes before
+saving them.</para>
+      </caution>
+
+      <mediaobject>
+        <imageobject>
+          <imagedata fileref="msecgui10.png"/>
+        </imageobject>
+      </mediaobject>
+    </section>
+
+    <section>
+      <title>Network security</title>
+
+      <para>This tab displays all the network options and works like the previous tab</para>
+
+      <mediaobject>
+        <imageobject>
+          <imagedata fileref="msecgui4.png"/>
+        </imageobject>
+      </mediaobject>
+    </section>
+
+    <section>
+      <title>Periodic checks tab</title>
+
+      <para>Periodic checks aim to inform the security administrator by means of
+security alerts of all situations msec thinks potentially dangerous.</para>
+
+      <para>This tab displays all the periodic checks done by msec and their frequency
+if the box <guibutton>Enable periodic security checks</guibutton> is
+checked. Changes are done like in the previous tabs.</para>
+
+      <mediaobject>
+        <imageobject>
+          <imagedata fileref="msecgui5.png"/>
+        </imageobject>
+      </mediaobject>
+    </section>
+
+    <section>
+      <title>Exceptions tab</title>
+
+      <para>Sometimes alert messages are due to well known and wanted situations. In
+these cases they are useless and wasted time for the administrator. This tab
+allows you to create as many exceptions as you want to avoid unwanted alert
+messages. It is obviously empty at the first msec start. The screenshot
+below shows four exceptions.</para>
+
+      <mediaobject>
+        <imageobject>
+          <imagedata fileref="msecgui6.png"/>
+        </imageobject>
+      </mediaobject>
+
+      <para>To create an exception, click on the <guibutton>Add a rule</guibutton>
+button</para>
+
+      <mediaobject>
+        <imageobject>
+          <imagedata fileref="msecgui7.png"/>
+        </imageobject>
+      </mediaobject>
+
+      <para>Select the wanted periodic check in the drop down list called
+<guilabel>Check</guilabel> and then, enter the
+<guilabel>Exception</guilabel> in the text area. Adding an exception is
+obviously not definitive, you can either delete it using the
+<guibutton>Delete</guibutton> button of the <guilabel>Exceptions</guilabel>
+tab or modify it with a double clicK.</para>
+    </section>
+
+    <section>
+    <title>Permissions</title>
+    <para>This tab is intended for file and directory permissions checking and
+enforcement.</para>
+    <para>Like for the security, msec owns different permissions levels (standard,
+secure, ..), they are enabled accordingly with the chosen security
+level. You can create your own customised permissions levels, saving them
+into specific files called <filename>perm.&lt;levelname> </filename> placed
+into the folder <filename>etc/security/msec/</filename> . This function is
+intended for power users which require a customised configuration. It is
+also possible to use the tab presented here after to change any permission
+you want. Current configuration is stored in
+<filename>/etc/security/msec/perms.conf.</filename> This file contains the
+list of all the modifications done to the permissions.</para>
+      <mediaobject>
+        <imageobject>
+          <imagedata fileref="msecgui8.png"/>
+        </imageobject>
+	</mediaobject>
+    <para>Default permissions are visible as a list of rules (a rule per line). You
+can see on the left side, the file or folder concerned by the rule, then the
+owner, then the group and then the permissions given by the rule. If, for a
+given rule:</para>
+   <itemizedlist>
+        <listitem>
+          <para>the box <guilabel>Enforce</guilabel> is not checked, msec only checks if the
+defined permissions for this rule are respected and sends an alert message
+if not, but does not change anything.</para>
+        </listitem>
+
+	<listitem>
+	  <para>the box <guilabel>Enforce</guilabel> is checked, then msec will rule the
+permissions respect at the first periodic check and overwrite the
+permissions.</para></listitem>
+   </itemizedlist>
+   <important><para>For this to work, the option CHECK_PERMS in the <emphasis
+role="bold">Periodic check tab</emphasis> must be configured accordingly.</para></important><para>To create a new rule, click on the <guibutton> Add a rule</guibutton> button
+and fill the fields as shown in the example below. The joker * is allowed in
+the <guilabel>File</guilabel> field. “current” means no modification.</para>
+     <mediaobject>
+        <imageobject>
+          <imagedata fileref="msecgui9.png"/>
+        </imageobject>
+	</mediaobject>
+    <para>Click on the <guibutton>OK</guibutton> button to validate the choice and do
+not forget when leaving to save definitively your configuration using the
+menu <guimenu>File -> Save the configuration</guimenu>. If you have changed
+the settings, msecgui allows you to preview the changes before saving them. </para>
+    <note><para>It is also possible to create or modify the rules by editing the
+configuration file <filename>/etc/security/msec/perms.conf</filename>.
+    </para></note>
+    <caution><para>Changes in the <emphasis role="bold">Permission tab</emphasis> (or directly
+in the configuration file) are taken into account at the first periodic
+check (see the option CHECK_PERMS in the <emphasis role="bold">Periodic
+checks tab</emphasis>). If you want them to be taken immediately into
+account, use the msecperms command in a console with root rights. You can
+use before, the msecperms -p command to know the permissions that will be
+changed by msecperms.</para></caution>
+    <caution><para>Do not forget that if you modify the permissions in a console or in a file
+manager, for a file where the box <guilabel>Enforce </guilabel> is checked
+in the <emphasis role="bold">Permissions tab </emphasis>, msecgui will write
+the old permissions back after a while, accordingly to the configuration of
+the options CHECK_PERMS and CHECK_PERMS_ENFORCE in the <emphasis
+role="bold">Periodic Checks tab </emphasis>.</para></caution>
+   </section>
+  </section>
 </section>