From 89f013bb4d68b0df17131df47f320ab4a44f060f Mon Sep 17 00:00:00 2001 From: Yuri Chornoivan Date: Fri, 23 Feb 2018 20:34:43 +0200 Subject: Create stable folder and move stable docs there --- docs/mcc-help/sq/msecgui.xml | 358 ------------------------------------------- 1 file changed, 358 deletions(-) delete mode 100644 docs/mcc-help/sq/msecgui.xml (limited to 'docs/mcc-help/sq/msecgui.xml') diff --git a/docs/mcc-help/sq/msecgui.xml b/docs/mcc-help/sq/msecgui.xml deleted file mode 100644 index 1155dc83..00000000 --- a/docs/mcc-help/sq/msecgui.xml +++ /dev/null @@ -1,358 +0,0 @@ -
- - MSEC: System Security and Audit - - msecgui - - - - - - - - - - - - - -
- Prezantim - - msecguiYou can start this tool from the command line, by typing msecgui as root. - is a graphic user interface for -msec that allows to configure your system security according to two -approaches: - - - - It sets the system behaviour, msec imposes modifications to the system to -make it more secure. - - - - It carries on periodic checks automatically on the system in order to warn -you if something seems dangerous. - - - - msec uses the concept of "security levels" which are intended to configure a -set of system permissions, which can be audited for changes or -enforcement. Several of them are proposed by Mageia, but you can define your -own customised security levels. -
- -
- Overview tab - - See the screenshot above - - The first tab takes up the list of the different security tools with a -button on the right side to configure them: - - - - Firewall, also found in the MCC / Security / Set up your personal firewall - - - - Updates, also found in MCC / Software Management / Update your system - - - - msec vetë me disa informacione: - - - - enabled or not - - - - the configured Base security level - - - - the date of the last Periodic checks and a button to see a detailed report -and another button to execute the checks just now. - - - - -
- -
- Security settings tab - - A click on the second tab or on the Security -Configure button leads to the same screen shown -below. - - - - - - - - -
- Basic security tab - - - Nivele sigurie: - - - After having checked the box Enable MSEC tool, this tab -allows you by a double click to choose the security level that appears then -in bold. If the box is not checked, the level « none » is applied. The -following levels are available: - - - - Level none. This level is intended if you -do not want to use msec to control system security, and prefer tuning it on -your own. It disables all security checks and puts no restrictions or -constraints on system configuration and settings. Please use this level only -if you are knowing what you are doing, as it would leave your system -vulnerable to attack. - - - - Level standard. This is the default -configuration when installed and is intended for casual users. It -constrains several system settings and executes daily security checks which -detect changes in system files, system accounts, and vulnerable directory -permissions. (This level is similar to levels 2 and 3 from past msec -versions). - - - - Level secure. This level is intended when -you want to ensure your system is secure, yet usable. It further restricts -system permissions and executes more periodic checks. Moreover, access to -the system is more restricted. (This level is similar to levels 4 (High) and -5 (Paranoid) from old msec versions). - - - - Besides those levels, different task-oriented security are also provided, -such as the fileserver , webserver and netbook levels. Such levels attempt to pre-configure -system security according to the most common use cases. - - - - The last two levels called audit_daily and -audit_weekly are not really security levels -but rather tools for periodic checks only. - - - - These levels are saved in -/etc/security/msec/level.<levelname>. You can define -your own customised security levels, saving them into specific files called -level.<levelname>, placed into the folder -/etc/security/msec/. This function is intended for -power users which require a customised or more secure system configuration. - - - Keep in mind that user-modified parameters take precedence over default -level settings. - - - - Alarme sigurie: - - - If you check the box Send security alerts by email -to:, the security alerts generated by msec are going to be sent -by local e-mail to the security administrator named in the nearby field. You -can fill either a local user or a complete e-mail address (the local e-mail -and the e-mail manager must be set accordingly). At last, you can receive -the security alerts directly on your desktop. Check the relevant box to -enable it. - - - It is strongly advisable to enable the security alerts option in order to -immediately inform the security administrator of possible security -problems. If not, the administrator will have to regularly check the logs -files available in /var/log/security. - - Security options: - - Creating a customised level is not the only way to customise the computer -security, it is also possible to use the tabs presented here after to change -any option you want. Current configuration for msec is stored in -/etc/security/msec/security.conf. This file contains -the current security level name and the list of all the modifications done -to the options. -
- -
- System security tab - - This tab displays all the security options on the left side column, a -description in the centre column, and their current values on the right side -column. - - - - - - - - To modify an option, double click on it and a new window appears (see -screenshot below). It displays the option name, a short description, the -actual and default values, and a drop down list where the new value can be -selected. Click on the OK button to validate the -choice. - - - - - - - - - Do not forget when leaving msecgui to save definitively your configuration -using the menu File -> Save the configuration. If you -have changed the settings, msecgui allows you to preview the changes before -saving them. - - - - - - - -
- -
- Siguria rrjetit - - This tab displays all the network options and works like the previous tab - - - - - - -
- -
- Periodic checks tab - - Periodic checks aim to inform the security administrator by means of -security alerts of all situations msec thinks potentially dangerous. - - This tab displays all the periodic checks done by msec and their frequency -if the box Enable periodic security checks is -checked. Changes are done like in the previous tabs. - - - - - - -
- -
- Exceptions tab - - Sometimes alert messages are due to well known and wanted situations. In -these cases they are useless and wasted time for the administrator. This tab -allows you to create as many exceptions as you want to avoid unwanted alert -messages. It is obviously empty at the first msec start. The screenshot -below shows four exceptions. - - - - - - - - To create an exception, click on the Add a rule -button - - - - - - - - Select the wanted periodic check in the drop down list called -Check and then, enter the -Exception in the text area. Adding an exception is -obviously not definitive, you can either delete it using the -Delete button of the Exceptions -tab or modify it with a double clicK. -
- -
- Autorizimet - This tab is intended for file and directory permissions checking and -enforcement. - Like for the security, msec owns different permissions levels (standard, -secure, ..), they are enabled accordingly with the chosen security -level. You can create your own customised permissions levels, saving them -into specific files called perm.<levelname> placed -into the folder /etc/security/msec/ . This function is -intended for power users which require a customised configuration. It is -also possible to use the tab presented here after to change any permission -you want. Current configuration is stored in -/etc/security/msec/perms.conf. This file contains the -list of all the modifications done to the permissions. - - - - - - Default permissions are visible as a list of rules (a rule per line). You -can see on the left side, the file or folder concerned by the rule, then the -owner, then the group and then the permissions given by the rule. If, for a -given rule: - - - the box Enforce is not checked, msec only checks if the -defined permissions for this rule are respected and sends an alert message -if not, but does not change anything. - - - - the box Enforce is checked, then msec will rule the -permissions respect at the first periodic check and overwrite the -permissions. - - For this to work, the option CHECK_PERMS in the Periodic check tab must be configured accordingly.To create a new rule, click on the Add a rule button -and fill the fields as shown in the example below. The joker * is allowed in -the File field. “current” means no modification. - - - - - - Click on the OK button to validate the choice and do -not forget when leaving to save definitively your configuration using the -menu File -> Save the configuration. If you have changed -the settings, msecgui allows you to preview the changes before saving them. - It is also possible to create or modify the rules by editing the -configuration file /etc/security/msec/perms.conf. - - Changes in the Permission tab (or directly -in the configuration file) are taken into account at the first periodic -check (see the option CHECK_PERMS in the Periodic -checks tab). If you want them to be taken immediately into -account, use the msecperms command in a console with root rights. You can -use before, the msecperms -p command to know the permissions that will be -changed by msecperms. - Do not forget that if you modify the permissions in a console or in a file -manager, for a file where the box Enforce is checked -in the Permissions tab , msecgui will write -the old permissions back after a while, accordingly to the configuration of -the options CHECK_PERMS and CHECK_PERMS_ENFORCE in the Periodic Checks tab . -
-
-
-- cgit v1.2.1