diff options
Diffstat (limited to 'docs/mcc-help/zh_CN/msecgui.xml')
| -rw-r--r-- | docs/mcc-help/zh_CN/msecgui.xml | 253 |
1 files changed, 86 insertions, 167 deletions
diff --git a/docs/mcc-help/zh_CN/msecgui.xml b/docs/mcc-help/zh_CN/msecgui.xml index e26782c0..43524af8 100644 --- a/docs/mcc-help/zh_CN/msecgui.xml +++ b/docs/mcc-help/zh_CN/msecgui.xml @@ -19,62 +19,52 @@ <section> <title>介绍</title> - <para>msecgui<footnote><para>You can start this tool from the command line, by typing <emphasis -role="bold">msecgui</emphasis> as root.</para> - </footnote> is a graphic user interface for -msec that allows to configure your system security according to two -approaches:</para> + <para>msecgui<footnote><para>您可通过以 root 用户在命令行输入 <emphasis role="bold">drakedm</emphasis> 来启动该工具。</para> + </footnote>是用于配置系统安全的 msec 图形化界面,可用的操作有:</para> <itemizedlist> <listitem> - <para>It sets the system behaviour, msec imposes modifications to the system to -make it more secure.</para> + <para>设置系统行为,使用 msec 来调整系统以便系统更安全。</para> </listitem> <listitem> - <para>It carries on periodic checks automatically on the system in order to warn -you if something seems dangerous.</para> + <para>周期性检查系统,以便在发生危险时及时通知您。</para> </listitem> </itemizedlist> - <para>msec uses the concept of "security levels" which are intended to configure a -set of system permissions, which can be audited for changes or -enforcement. Several of them are proposed by Mageia, but you can define your -own customised security levels.</para> + <para>msec 使用“安全等级”的概念来管理系统权限,您可以对权限的变更或加固进行审计。Mageia 提供了推荐的配置,但您也可以自己定制安全等级。</para> </section> <section> - <title>Overview tab</title> + <title>预览选项卡</title> - <para>See the screenshot above</para> + <para>参见上述截图</para> - <para>The first tab takes up the list of the different security tools with a -button on the right side to configure them:</para> + <para>第一个选项卡中包活了各类安全工具,右侧的按钮可以配置这些工具:</para> <itemizedlist> <listitem> - <para>Firewall, also found in the MCC / Security / Set up your personal firewall</para> + <para>防火墙,它也可以通过 MCC / 安全 /设置您的个人防火墙 来启动</para> </listitem> <listitem> - <para>Updates, also found in MCC / Software Management / Update your system</para> + <para>更新,它也可以通过 MCC / 软件管理 /更新您的系统 来启动</para> </listitem> <listitem> - <para>msec itself with some information:</para> + <para>msec 私有的配置:</para> <itemizedlist> <listitem> - <para>enabled or not</para> + <para>是否启用</para> </listitem> <listitem> - <para>the configured Base security level</para> + <para>预设的基础安全等级</para> </listitem> <listitem> - <para>the date of the last Periodic checks and a button to see a detailed report -and another button to execute the checks just now.</para> + <para>最近一次周期检查的时间、用于查看详细报告的按钮和用于立即执行检查的按钮。</para> </listitem> </itemizedlist> </listitem> @@ -82,11 +72,9 @@ and another button to execute the checks just now.</para> </section> <section> - <title>Security settings tab</title> + <title>安全设置选项卡</title> - <para>A click on the second tab or on the Security -<guibutton>Configure</guibutton> button leads to the same screen shown -below.</para> + <para>点击第二个选项卡,或者点击安全<guibutton>配置</guibutton> 按钮也会打开上述窗口。</para> <mediaobject> <imageobject> @@ -96,105 +84,76 @@ below.</para> <section> - <title>Basic security tab</title> + <title>基本安全选项卡</title> <para role="underline"> - <emphasis role="underline">Security levels:</emphasis> + <emphasis role="underline">安全等级</emphasis>: </para> - <para>After having checked the box <guilabel>Enable MSEC tool</guilabel>, this tab -allows you by a double click to choose the security level that appears then -in bold. If the box is not checked, the level « none » is applied. The -following levels are available:</para> + <para>在勾选了<guilabel>启用 MSEC +工具</guilabel>后,您可以在此选项卡中双击选择所需的安全等级(以粗体字表示)。如果您没有勾选任何等级,将会使用等级“无”。您可以使用的等级有:</para> <orderedlist numeration="arabic"> <listitem> - <para>Level <emphasis role="bold">none</emphasis>. This level is intended if you -do not want to use msec to control system security, and prefer tuning it on -your own. It disables all security checks and puts no restrictions or -constraints on system configuration and settings. Please use this level only -if you are knowing what you are doing, as it would leave your system -vulnerable to attack.</para> + <para><emphasis role="bold">无</emphasis>等级。如果您不希望使用 msec +来控制系统安全,而希望自己进行配置,请选择此等级。系统将禁用所有安全检查,并且不会对系统配置做任何限制。仅当您清楚自己的目的时才使用此等级,因为这样做可能导致系统容易遭受攻击。</para> </listitem> <listitem> - <para>Level <emphasis role="bold">standard</emphasis>. This is the default -configuration when installed and is intended for casual users. It -constrains several system settings and executes daily security checks which -detect changes in system files, system accounts, and vulnerable directory -permissions. (This level is similar to levels 2 and 3 from past msec -versions).</para> + <para><emphasis +role="bold">标准</emphasis>等级。这是安装时默认使用的配置,可以用于普通用户。系统将限制部分系统设置,并且每天检查系统文件、系统账户和危险目录的权限的变更情况。(此等级与之前版本的 +msec 使用的等级 2 和 3 类似)</para> </listitem> <listitem> - <para>Level <emphasis role="bold">secure</emphasis>. This level is intended when -you want to ensure your system is secure, yet usable. It further restricts -system permissions and executes more periodic checks. Moreover, access to -the system is more restricted. (This level is similar to levels 4 (High) and -5 (Paranoid) from old msec versions).</para> + <para><emphasis +role="bold">安全</emphasis>等级。当您想确保系统安全,同时保证系统可用性时,请使用此等级。系统将进一步收紧系统权限,并提高周期性检查的频率。此外,也会限制系统的访问。(此等级与之前版本的 +msec 使用的等级 4(高) 和 5(严格) 类似)</para> </listitem> <listitem> - <para>Besides those levels, different task-oriented security are also provided, -such as the <emphasis role="bold">fileserver </emphasis>, <emphasis -role="bold">webserver</emphasis> and <emphasis -role="bold">netbook</emphasis> levels. Such levels attempt to pre-configure -system security according to the most common use cases.</para> + <para>除了这些等级之外,msec 也提供了用于不同任务的安全设置,如 <emphasis role="bold">fileserver(文件服务器) +</emphasis>、<emphasis role="bold">webserver(网络服务器)</emphasis> 和 <emphasis +role="bold">netbook(上网本)</emphasis> 等级。这些等级适用于在大多数情况下对系统安全进行配置。</para> </listitem> <listitem> - <para>The last two levels called <emphasis role="bold">audit_daily </emphasis> and -<emphasis role="bold">audit_weekly</emphasis> are not really security levels -but rather tools for periodic checks only.</para> + <para>最后两个等级叫做<emphasis role="bold">每日审计 </emphasis> 和 <emphasis +role="bold">每周审计</emphasis>,它们并非真正的安全等级,而是用于进行周期性检查的工具。</para> </listitem> </orderedlist> - <para>These levels are saved in -<filename>etc/security/msec/level.<levelname></filename>. You can define -your own customised security levels, saving them into specific files called -<filename>level.<levelname></filename>, placed into the folder -<filename>etc/security/msec/.</filename> This function is intended for power -users which require a customised or more secure system configuration.</para> + <para>这些等级保存于 +<filename>etc/security/msec/level.<levelname></filename>。您可以自定义安全等级,并将其保存至特定的文件中,文件名的格式为 +<filename>level.<等级名称></filename>,并将其放到 +<filename>etc/security/msec/</filename>。此功能适用于对系统配置有特殊需求的超级用户。</para> <caution> - <para>Keep in mind that user-modified parameters take precedence over default -level settings.</para> + <para>请记住,用户自定义的参数将会覆盖预设的默认等级。</para> </caution> <para> - <emphasis role="underline">Security alerts:</emphasis> + <emphasis role="underline">安全警报</emphasis>: </para> - <para>If you check the box <guibutton>Send security alerts by email -to:</guibutton>, the security alerts generated by msec are going to be sent -by local e-mail to the security administrator named in the nearby field. You -can fill either a local user or a complete e-mail address (the local e-mail -and the e-mail manager must be set accordingly). At last, you can receive -the security alerts directly on your desktop. Check the relevant box to -enable it.</para> + <para>如果您勾选了<guibutton>用邮件发送安全警报至</guibutton>,msec +生成的安全警报将通过本地邮件服务发送至预先设定的安全管理员。您可以在收件人地址一栏填写一个本地用户名,或完整的电子邮件地址(同时应当设置本地邮件和邮件管理器)。最后,您将可以直接在桌面读取 +msec 发送的安全警报。请勾选相应的复选框来启用这一功能。</para> <important> - <para>It is strongly advisable to enable the security alerts option in order to -immediately inform the security administrator of possible security -problems. If not, the administrator will have to regularly check the logs -files available in <filename>/var/log/security.</filename></para></important> - - <para><emphasis role="underline">Security options:</emphasis></para> - - <para>Creating a customised level is not the only way to customise the computer -security, it is also possible to use the tabs presented here after to change -any option you want. Current configuration for msec is stored in -<filename>/etc/security/msec/security.conf</filename>. This file contains -the current security level name and the list of all the modifications done -to the options.</para> + <para>我们强烈建议您启用安全警报功能,以便在系统出现可能的安全问题时能及时反馈给安全管理员。否则,管理员需要定期手动检查 +<filename>/var/log/security</filename> 下的日志文件。</para></important> + + <para><emphasis role="underline">安全选项</emphasis>:</para> + + <para>自定义计算机安全的方法不仅限于创建自定义安全等级,您也可以使用此处介绍的选项卡来修改任意选项。当前的 msec 配置存储在 +<filename>/etc/security/msec/security.conf</filename>,此文件包含了当前的安全等级名,以及一系列针对默认参数进行的修改。</para> </section> <section> - <title>System security tab</title> + <title>系统安全选项卡</title> - <para>This tab displays all the security options on the left side column, a -description in the centre column, and their current values on the right side -column.</para> + <para>此选项卡的左侧显示了所有安全选项,中间显示了相关的描述,右侧显示了选项当前的值。</para> <mediaobject> <imageobject> @@ -202,11 +161,7 @@ column.</para> </imageobject> </mediaobject> - <para>To modify an option, double click on it and a new window appears (see -screenshot below). It displays the option name, a short description, the -actual and default values, and a drop down list where the new value can be -selected. Click on the <guibutton>OK</guibutton> button to validate the -choice.</para> + <para>若要修改某个选项,请双击它,然后在弹出的窗口(见下面的截图)中进行修改。窗口中将显示选项的名词、简短描述、当前值和默认值,以及包含可选值的下拉列表。请点击<guibutton>确定</guibutton>按钮来确认修改。</para> <mediaobject> <imageobject> @@ -215,10 +170,8 @@ choice.</para> </mediaobject> <caution> - <para>Do not forget when leaving msecgui to save definitively your configuration -using the menu <guimenu>File -> Save the configuration</guimenu>. If you -have changed the settings, msecgui allows you to preview the changes before -saving them.</para> + <para>在退出 msecgui 时,请不要忘记点击菜单 <guimenu>文件 -> 保存配置</guimenu> +来应用您的配置。如果您做了更改,msecgui 在保存前会提示您预览这些更改。</para> </caution> <mediaobject> @@ -231,7 +184,7 @@ saving them.</para> <section> <title>网络安全</title> - <para>This tab displays all the network options and works like the previous tab</para> + <para>此选项卡中显示了所有的网络选项,操作方式与上一个选项卡类似</para> <mediaobject> <imageobject> @@ -241,14 +194,12 @@ saving them.</para> </section> <section> - <title>Periodic checks tab</title> + <title>周期检查选项卡</title> - <para>Periodic checks aim to inform the security administrator by means of -security alerts of all situations msec thinks potentially dangerous.</para> + <para>周期检查用于通过安全警告将 msec 认为可能危险的情形发送给系统管理员。</para> - <para>This tab displays all the periodic checks done by msec and their frequency -if the box <guibutton>Enable periodic security checks</guibutton> is -checked. Changes are done like in the previous tabs.</para> + <para>此选项卡中显示了所有 msec +完成的周期检查,如果勾选了<guibutton>启用周期性安全检查</guibutton>,还将显示检查的频率。请参考上一个选项卡的介绍进行操作。</para> <mediaobject> <imageobject> @@ -258,13 +209,10 @@ checked. Changes are done like in the previous tabs.</para> </section> <section> - <title>Exceptions tab</title> + <title>例外选项卡</title> - <para>Sometimes alert messages are due to well known and wanted situations. In -these cases they are useless and wasted time for the administrator. This tab -allows you to create as many exceptions as you want to avoid unwanted alert -messages. It is obviously empty at the first msec start. The screenshot -below shows four exceptions.</para> + <para>部分警报信息可能并非源于系统风险,您可能有意让它们发生。在这种情况下,安全警报就显得不必要了。您可以在此选项卡中创建任意数量的例外,以避免不需要的安全警报。当 +msec 首次启动时,列表中是空的。下面的截图中包含了四个例外。</para> <mediaobject> <imageobject> @@ -272,8 +220,7 @@ below shows four exceptions.</para> </imageobject> </mediaobject> - <para>To create an exception, click on the <guibutton>Add a rule</guibutton> -button</para> + <para>若要创建例外,请点击 <guibutton>添加规则</guibutton> 按钮</para> <mediaobject> <imageobject> @@ -281,78 +228,50 @@ button</para> </imageobject> </mediaobject> - <para>Select the wanted periodic check in the drop down list called -<guilabel>Check</guilabel> and then, enter the -<guilabel>Exception</guilabel> in the text area. Adding an exception is -obviously not definitive, you can either delete it using the -<guibutton>Delete</guibutton> button of the <guilabel>Exceptions</guilabel> -tab or modify it with a double clicK.</para> + <para>请在<guilabel>检查</guilabel>下拉列表中选择需要的周期检查,然后在文本区域输入 +<guilabel>例外</guilabel>。您也可以在 <guilabel>例外</guilabel> 选项卡中使用 +<guibutton>删除</guibutton>按钮将现有的例外删除,或者双击某个例外来更改它。</para> </section> <section> <title>权限</title> - <para>This tab is intended for file and directory permissions checking and -enforcement.</para> - <para>Like for the security, msec owns different permissions levels (standard, -secure, ..), they are enabled accordingly with the chosen security -level. You can create your own customised permissions levels, saving them -into specific files called <filename>perm.<levelname> </filename> placed -into the folder <filename>etc/security/msec/</filename> . This function is -intended for power users which require a customised configuration. It is -also possible to use the tab presented here after to change any permission -you want. Current configuration is stored in -<filename>/etc/security/msec/perms.conf.</filename> This file contains the -list of all the modifications done to the permissions.</para> + <para>此选项卡用于进行文件/目录权限检查和加固。</para> + <para>与安全选项卡类似,msec +提供了不同的权限等级(标准、安全……),分别根据您的选择予以启用。您也可以创建自己的权限等级,并将其保存在特定的文件中,文件名为<filename>perm.<等级名> +</filename>,且放置于 <filename>etc/security/msec/</filename> +文件夹中。此功能适用于需要自定义配置的超级用户。您也可以使用此选项卡来改变所需的权限。当前的配置存储在 +<filename>/etc/security/msec/perms.conf</filename>。此文件包含一系列针对默认参数进行的修改。</para> <mediaobject> <imageobject> <imagedata fileref="msecgui8.png"/> </imageobject> </mediaobject> - <para>Default permissions are visible as a list of rules (a rule per line). You -can see on the left side, the file or folder concerned by the rule, then the -owner, then the group and then the permissions given by the rule. If, for a -given rule:</para> + <para>默认权限以规则列表的形式显示,每行显示一条规则。您可以在左侧看到与某个规则相关的文件或文件夹、文件所有者、文件所有组以及此规则授予的权限。例如,对于给定的规则:</para> <itemizedlist> <listitem> - <para>the box <guilabel>Enforce</guilabel> is not checked, msec only checks if the -defined permissions for this rule are respected and sends an alert message -if not, but does not change anything.</para> + <para><guilabel>加固</guilabel> 未被勾选,则 msec 将只检查此规则定义的权限是否有效,如果无效则发送安全警报,但不做任何更改。</para> </listitem> <listitem> - <para>the box <guilabel>Enforce</guilabel> is checked, then msec will rule the -permissions respect at the first periodic check and overwrite the -permissions.</para></listitem> + <para><guilabel>加固</guilabel>被勾选,则 msec 将根据第一次周期检查时得到的权限信息改写当前权限。</para></listitem> </itemizedlist> - <important><para>For this to work, the option CHECK_PERMS in the <emphasis -role="bold">Periodic check tab</emphasis> must be configured accordingly.</para></important><para>To create a new rule, click on the <guibutton> Add a rule</guibutton> button -and fill the fields as shown in the example below. The joker * is allowed in -the <guilabel>File</guilabel> field. “current” means no modification.</para> + <important><para>若要使用此功能,您必须正确配置<emphasis role="bold">周期性检查</emphasis>选项卡中的 CHECK_PERMS 选项。</para></important><para>若要创建新规则,请点击<guibutton>添加规则</guibutton>按钮,并参考以下示例填写相应字段。<guilabel>文件</guilabel>字段中可以使用通配符 +*。“current”表示尚未被更改。</para> <mediaobject> <imageobject> <imagedata fileref="msecgui9.png"/> </imageobject> </mediaobject> - <para>Click on the <guibutton>OK</guibutton> button to validate the choice and do -not forget when leaving to save definitively your configuration using the -menu <guimenu>File -> Save the configuration</guimenu>. If you have changed -the settings, msecgui allows you to preview the changes before saving them. </para> - <note><para>It is also possible to create or modify the rules by editing the -configuration file <filename>/etc/security/msec/perms.conf</filename>. + <para>点击<guibutton>确定</guibutton>按钮来确认更改。不要忘记点击菜单 <guimenu>文件 -> +保存配置</guimenu>来应用您的配置。如果您做了更改,msecgui 在保存前会提示您预览这些更改。 </para> + <note><para>您也可以手动创建或修改配置文件 <filename>/etc/security/msec/perms.conf</filename>。 </para></note> - <caution><para>Changes in the <emphasis role="bold">Permission tab</emphasis> (or directly -in the configuration file) are taken into account at the first periodic -check (see the option CHECK_PERMS in the <emphasis role="bold">Periodic -checks tab</emphasis>). If you want them to be taken immediately into -account, use the msecperms command in a console with root rights. You can -use before, the msecperms -p command to know the permissions that will be -changed by msecperms.</para></caution> - <caution><para>Do not forget that if you modify the permissions in a console or in a file -manager, for a file where the box <guilabel>Enforce </guilabel> is checked -in the <emphasis role="bold">Permissions tab </emphasis>, msecgui will write -the old permissions back after a while, accordingly to the configuration of -the options CHECK_PERMS and CHECK_PERMS_ENFORCE in the <emphasis -role="bold">Periodic Checks tab </emphasis>.</para></caution> + <caution><para><emphasis role="bold">权限选项卡</emphasis>(或配置文件)中的更改将在首次周期性检查时生效(参见<emphasis +role="bold">周期检查选项卡</emphasis>中的 CHECK_PERMS 选项)。如果您希望它们立即生效,请以 root +权限在命令行执行 msecperms。在此之前,您可以使用“msecperms -p”命令来了解 msecperms 将要更改的权限。</para></caution> + <caution><para>请记住,如果您通过终端或文件管理器修改了被 <guilabel>Enforce </guilabel> 文件的权限,msecgui +随后将会根据<emphasis role="bold">权限选项卡</emphasis>中的 CHECK_PERMS 和 +CHECK_PERMS_ENFORCE 选项将其恢复到之前的值。</para></caution> </section> </section> </section> |