MSEC: bezpieczeństwo systemu i audyt
msecgui
Presentation
msecguiYou can start this tool from the command line, by typing msecgui as root.
is a graphic user interface for
msec that allows to configure your system security according to two
approaches:
It sets the system behaviour, msec imposes modifications to the system to
make it more secure.
It carries on periodic checks automatically on the system in order to warn
you if something seems dangerous.
msec uses the concept of "security levels" which are intended to configure a
set of system permissions, which can be audited for changes or
enforcement. Several of them are proposed by Mageia, but you can define your
own customised security levels.
Overview tab
See the screenshot above
The first tab takes up the list of the different security tools with a
button on the right side to configure them:
Firewall, also found in the MCC / Security / Set up your personal firewall
Updates, also found in MCC / Software Management / Update your system
msec itself with some information:
enabled or not
the configured Base security level
the date of the last Periodic checks and a button to see a detailed report
and another button to execute the checks just now.
Security settings tab
A click on the second tab or on the Security
Configure button leads to the same screen shown
below.
Basic security tab
Security levels:
After having checked the box Enable MSEC tool, this tab
allows you by a double click to choose the security level that appears then
in bold. If the box is not checked, the level « none » is applied. The
following levels are available:
Level none. This level is intended if you
do not want to use msec to control system security, and prefer tuning it on
your own. It disables all security checks and puts no restrictions or
constraints on system configuration and settings. Please use this level only
if you are knowing what you are doing, as it would leave your system
vulnerable to attack.
Level standard. This is the default
configuration when installed and is intended for casual users. It
constrains several system settings and executes daily security checks which
detect changes in system files, system accounts, and vulnerable directory
permissions. (This level is similar to levels 2 and 3 from past msec
versions).
Level secure. This level is intended when
you want to ensure your system is secure, yet usable. It further restricts
system permissions and executes more periodic checks. Moreover, access to
the system is more restricted. (This level is similar to levels 4 (High) and
5 (Paranoid) from old msec versions).
Besides those levels, different task-oriented security are also provided,
such as the fileserver , webserver and netbook levels. Such levels attempt to pre-configure
system security according to the most common use cases.
The last two levels called audit_daily and
audit_weekly are not really security levels
but rather tools for periodic checks only.
These levels are saved in
etc/security/msec/level.<levelname>. You can define
your own customised security levels, saving them into specific files called
level.<levelname>, placed into the folder
etc/security/msec/. This function is intended for power
users which require a customised or more secure system configuration.
Keep in mind that user-modified parameters take precedence over default
level settings.
Security alerts:
If you check the box Send security alerts by email
to:, the security alerts generated by msec are going to be sent
by local e-mail to the security administrator named in the nearby field. You
can fill either a local user or a complete e-mail address (the local e-mail
and the e-mail manager must be set accordingly). At last, you can receive
the security alerts directly on your desktop. Check the relevant box to
enable it.
It is strongly advisable to enable the security alerts option in order to
immediately inform the security administrator of possible security
problems. If not, the administrator will have to regularly check the logs
files available in /var/log/security.
Security options:
Creating a customised level is not the only way to customise the computer
security, it is also possible to use the tabs presented here after to change
any option you want. Current configuration for msec is stored in
/etc/security/msec/security.conf. This file contains
the current security level name and the list of all the modifications done
to the options.
System security tab
This tab displays all the security options on the left side column, a
description in the centre column, and their current values on the right side
column.
To modify an option, double click on it and a new window appears (see
screenshot below). It displays the option name, a short description, the
actual and default values, and a drop down list where the new value can be
selected. Click on the OK button to validate the
choice.
Do not forget when leaving msecgui to save definitively your configuration
using the menu File -> Save the configuration. If you
have changed the settings, msecgui allows you to preview the changes before
saving them.
Bezpieczeństwo sieci
This tab displays all the network options and works like the previous tab
Periodic checks tab
Periodic checks aim to inform the security administrator by means of
security alerts of all situations msec thinks potentially dangerous.
This tab displays all the periodic checks done by msec and their frequency
if the box Enable periodic security checks is
checked. Changes are done like in the previous tabs.
Exceptions tab
Sometimes alert messages are due to well known and wanted situations. In
these cases they are useless and wasted time for the administrator. This tab
allows you to create as many exceptions as you want to avoid unwanted alert
messages. It is obviously empty at the first msec start. The screenshot
below shows four exceptions.
To create an exception, click on the Add a rule
button
Select the wanted periodic check in the drop down list called
Check and then, enter the
Exception in the text area. Adding an exception is
obviously not definitive, you can either delete it using the
Delete button of the Exceptions
tab or modify it with a double clicK.
Prawa dostępu
This tab is intended for file and directory permissions checking and
enforcement.
Like for the security, msec owns different permissions levels (standard,
secure, ..), they are enabled accordingly with the chosen security
level. You can create your own customised permissions levels, saving them
into specific files called perm.<levelname> placed
into the folder etc/security/msec/ . This function is
intended for power users which require a customised configuration. It is
also possible to use the tab presented here after to change any permission
you want. Current configuration is stored in
/etc/security/msec/perms.conf. This file contains the
list of all the modifications done to the permissions.
Default permissions are visible as a list of rules (a rule per line). You
can see on the left side, the file or folder concerned by the rule, then the
owner, then the group and then the permissions given by the rule. If, for a
given rule:
the box Enforce is not checked, msec only checks if the
defined permissions for this rule are respected and sends an alert message
if not, but does not change anything.
the box Enforce is checked, then msec will rule the
permissions respect at the first periodic check and overwrite the
permissions.
For this to work, the option CHECK_PERMS in the Periodic check tab must be configured accordingly.To create a new rule, click on the Add a rule button
and fill the fields as shown in the example below. The joker * is allowed in
the File field. “current” means no modification.
Click on the OK button to validate the choice and do
not forget when leaving to save definitively your configuration using the
menu File -> Save the configuration. If you have changed
the settings, msecgui allows you to preview the changes before saving them.
It is also possible to create or modify the rules by editing the
configuration file /etc/security/msec/perms.conf.
Changes in the Permission tab (or directly
in the configuration file) are taken into account at the first periodic
check (see the option CHECK_PERMS in the Periodic
checks tab). If you want them to be taken immediately into
account, use the msecperms command in a console with root rights. You can
use before, the msecperms -p command to know the permissions that will be
changed by msecperms.
Do not forget that if you modify the permissions in a console or in a file
manager, for a file where the box Enforce is checked
in the Permissions tab , msecgui will write
the old permissions back after a while, accordingly to the configuration of
the options CHECK_PERMS and CHECK_PERMS_ENFORCE in the Periodic Checks tab .