aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorCamille Begnis <camille@mandriva.com>1999-12-16 22:21:14 +0000
committerCamille Begnis <camille@mandriva.com>1999-12-16 22:21:14 +0000
commit315cd54cc900e87bd93c3c6f885931828e1e9afb (patch)
tree16cb0f4c944d720fe5077a154b10a0b928c06c0a
parented13442ca9484b8001f062de5b2c4cc7f9530ef4 (diff)
downloadmsec-315cd54cc900e87bd93c3c6f885931828e1e9afb.tar
msec-315cd54cc900e87bd93c3c6f885931828e1e9afb.tar.gz
msec-315cd54cc900e87bd93c3c6f885931828e1e9afb.tar.bz2
msec-315cd54cc900e87bd93c3c6f885931828e1e9afb.tar.xz
msec-315cd54cc900e87bd93c3c6f885931828e1e9afb.zip
Added level 0
minor changes
-rw-r--r--doc/msec.lyx194
1 files changed, 133 insertions, 61 deletions
diff --git a/doc/msec.lyx b/doc/msec.lyx
index e43063c..a069920 100644
--- a/doc/msec.lyx
+++ b/doc/msec.lyx
@@ -1,4 +1,4 @@
-#This file was created by <camille> Wed Dec 15 19:34:13 1999
+#This file was created by <camille> Thu Dec 16 18:08:20 1999
#LyX 0.12 (C) 1995-1998 Matthias Ettrich and the LyX Team
\lyxformat 2.15
\textclass article
@@ -56,10 +56,10 @@ It is in that aim that were designed the msec package.
It is made of two parts:
\layout Enumerate
-Scripts that modify the whole system to lead it to one of the five security
+Scripts that modify the whole system to lead it to one of the six security
levels provided with msec.
- These levels range from poor security and ease of use, to paranoid config,
- suitable for very sensitive applications, managed by experts.
+ These levels range from very poor security and ease of use, to paranoid
+ config, suitable for very sensitive applications, managed by experts.
\layout Enumerate
Cron jobs, that will periodically check the integrity of the system upon
@@ -75,6 +75,11 @@ Note that the user may also define his own security level, adjusting parameters
Installation
\layout Standard
+msec is a base rpm.
+ That means that if you previously installed Linux-Mandrake, msec is already
+ installed on your system.
+\layout Standard
+
Installing the rpm will create a msec directory into /etc/security, containing
all is needed to secure your system.
\layout Standard
@@ -165,7 +170,7 @@ authorized clients.
\layout Standard
\LyXTable
multicol5
-26 6 0 0 -1 -1 -1 -1
+26 7 0 0 -1 -1 -1 -1
1 1 0 0
1 1 0 0
0 1 0 0
@@ -193,6 +198,7 @@ multicol5
0 1 0 0
0 1 0 0
2 1 0 "80mm" ""
+2 1 0 "80mm" ""
8 1 0 "" ""
8 1 0 "" ""
8 1 0 "" ""
@@ -222,6 +228,18 @@ multicol5
0 8 0 1 0 0 0 "" ""
0 8 0 1 0 0 0 "" ""
0 8 0 1 0 0 0 "" ""
+0 8 0 1 0 0 0 "" ""
+0 8 0 1 0 0 0 "" ""
+0 8 0 1 0 0 0 "" ""
+0 8 0 1 0 0 0 "" ""
+0 8 0 1 0 0 0 "" ""
+0 8 0 1 0 0 0 "" ""
+0 8 0 1 0 0 0 "" ""
+0 8 0 1 0 0 0 "" ""
+0 8 0 1 0 0 0 "" ""
+0 8 0 1 0 0 0 "" ""
+0 8 0 1 0 0 0 "" ""
+0 2 0 1 0 0 0 "" ""
0 2 0 1 0 0 0 "" ""
0 8 0 1 0 0 0 "" ""
0 8 0 1 0 0 0 "" ""
@@ -330,7 +348,6 @@ multicol5
0 8 0 1 0 0 0 "" ""
0 8 0 1 0 0 0 "" ""
0 8 0 1 0 0 0 "" ""
-0 2 0 1 0 0 0 "" ""
0 8 0 1 0 0 0 "" ""
0 8 0 1 0 0 0 "" ""
0 8 0 1 0 0 0 "" ""
@@ -348,6 +365,21 @@ multicol5
0 8 0 1 0 0 0 "" ""
0 8 0 1 0 0 0 "" ""
0 8 0 1 0 0 0 "" ""
+0 2 0 1 0 0 0 "" ""
+0 2 0 1 0 0 0 "" ""
+0 8 0 1 0 0 0 "" ""
+0 8 0 1 0 0 0 "" ""
+0 8 0 1 0 0 0 "" ""
+0 8 0 1 0 0 0 "" ""
+0 8 0 1 0 0 0 "" ""
+0 8 0 1 0 0 0 "" ""
+0 8 0 1 0 0 0 "" ""
+0 8 0 1 0 0 0 "" ""
+0 8 0 1 0 0 0 "" ""
+0 8 0 1 0 0 0 "" ""
+0 8 0 1 0 0 0 "" ""
+0 8 0 1 0 0 0 "" ""
+0 8 0 1 0 0 0 "" ""
0 8 0 1 0 0 0 "" ""
0 8 0 1 0 0 0 "" ""
0 8 0 1 0 0 0 "" ""
@@ -362,6 +394,8 @@ Feature
\backslash
Security level
\newline
+0
+\newline
1
\newline
2
@@ -377,6 +411,8 @@ Feature
\newline
Global security check
\newline
+
+\newline
*
\newline
*
@@ -391,6 +427,8 @@ umask users
\newline
002
\newline
+002
+\newline
022
\newline
022
@@ -403,6 +441,8 @@ umask root
\newline
002
\newline
+002
+\newline
022
\newline
022
@@ -411,11 +451,13 @@ umask root
\newline
077
\newline
-localhost authorized to connect to X display
+shell without password
\newline
*
\newline
-*
+
+\newline
+
\newline
\newline
@@ -423,8 +465,24 @@ localhost authorized to connect to X display
\newline
\newline
+authorized to connect to X display
+\newline
+all
+\newline
+local
+\newline
+local
+\newline
+none
+\newline
+none
+\newline
+none
+\newline
User in audio group
\newline
+
+\newline
*
\newline
*
@@ -438,6 +496,8 @@ User in audio group
.
in $PATH
\newline
+
+\newline
*
\newline
@@ -450,6 +510,8 @@ User in audio group
\newline
Warning in /var/log/security.log
\newline
+
+\newline
*
\newline
*
@@ -464,6 +526,8 @@ Warning directly on tty
\newline
\newline
+
+\newline
*
\newline
*
@@ -476,6 +540,8 @@ Warning in syslog
\newline
\newline
+
+\newline
*
\newline
*
@@ -488,6 +554,8 @@ Suid root file check
\newline
\newline
+
+\newline
*
\newline
*
@@ -500,6 +568,8 @@ Suid root file md5sum check
\newline
\newline
+
+\newline
*
\newline
*
@@ -512,6 +582,8 @@ Writeable file check
\newline
\newline
+
+\newline
*
\newline
*
@@ -526,6 +598,8 @@ Permissions check
\newline
\newline
+
+\newline
*
\newline
*
@@ -538,6 +612,8 @@ Suid group file check
\newline
\newline
+
+\newline
*
\newline
*
@@ -550,6 +626,8 @@ Unowned file check
\newline
\newline
+
+\newline
*
\newline
*
@@ -562,6 +640,8 @@ Promiscuous check
\newline
\newline
+
+\newline
*
\newline
*
@@ -574,6 +654,8 @@ Listening port check
\newline
\newline
+
+\newline
*
\newline
*
@@ -586,6 +668,8 @@ Passwd file integrity check
\newline
\newline
+
+\newline
*
\newline
*
@@ -598,6 +682,8 @@ Shadow file integrity check
\newline
\newline
+
+\newline
*
\newline
*
@@ -610,6 +696,8 @@ System security check every midnight
\newline
\newline
+
+\newline
*
\newline
*
@@ -622,6 +710,8 @@ All system events additionally logged to /dev/tty12
\newline
\newline
+
+\newline
*
\newline
*
@@ -636,6 +726,8 @@ Services not known disabled
\newline
\newline
+
+\newline
*
\newline
*
@@ -648,33 +740,25 @@ Boot password
\newline
\newline
-*
-\newline
-*
-\newline
-Disable connections from all but localhost
-\newline
-
-\newline
\newline
-
+*
\newline
*
\newline
-
+Grant connection to
\newline
-Disable connections from all
+all
\newline
-
+all
\newline
-
+all
\newline
-
+all
\newline
-
+local
\newline
-*
+none
\layout Standard
Note that six out of the ten periodical checks can detect changes on the
@@ -775,18 +859,23 @@ umask root
The same but for the root.
\layout Subsection
-localhost authorized to connect to X display
+shell without password
\layout Standard
-Runs
-\begin_inset Quotes eld
-\end_inset
+Access to the consoles is granted without asking for a password.
+\layout Subsection
-xhost + localhost
-\begin_inset Quotes erd
-\end_inset
+authorized to connect to X display
+\layout Itemize
+
+all : Everybody from everywhere can open an X window on your screen.
+\layout Itemize
- on every boot.
+local : Only people connected at localhost may open an X window on your
+ screen.
+\layout Itemize
+
+none : Nobodi can do that.
\layout Subsection
User in audio group
@@ -971,41 +1060,24 @@ chkconfig
d/ ).
\layout Subsection
-Disable connections from all but localhost
-\layout Standard
-
-Adds the rule "ALL:ALL EXCEPT localhost:DENY" into
-\begin_inset Quotes eld
-\end_inset
-
-/etc/hosts.deny
-\begin_inset Quotes erd
-\end_inset
-
- file.
-
+Boot password
\layout Standard
-This prevents all clients but localhost to connect to open ports.
+Allows you to setup a password for Lilo.
+ Prevents people for rebooting the machine, but in the other hand, the machine
+ won't be able to reboot by itself.
\layout Subsection
-Disable connections from all
-\layout Standard
-
-Adds the rule "ALL:ALL:DENY" into
-\begin_inset Quotes eld
-\end_inset
+Grant connection to
+\layout Itemize
-/etc/hosts.deny
-\begin_inset Quotes erd
-\end_inset
+all : All computers are allowed to connect to open ports.
+\layout Itemize
- file.
-
-\layout Standard
+local : Only the localhost is allowed to connect to open ports.
+\layout Itemize
-This prevents all clients (even localhost) to connect to open ports.
-
+none : No computers are allowed to connect to open ports.
\layout Section
ToDo
@@ -1022,4 +1094,4 @@ Author
\layout Standard
Vandoorselaere Yoann <yoann@mandrakesoft.com>
-\the_end \ No newline at end of file
+\the_end