Added level 0

minor changes

1 files changed, 133 insertions, 61 deletions

diff --git a/doc/msec.lyx b/doc/msec.lyx
index e43063c..a069920 100644
--- a/doc/msec.lyx
+++ b/doc/msec.lyx
@@ -1,4 +1,4 @@
-#This file was created by <camille> Wed Dec 15 19:34:13 1999
+#This file was created by <camille> Thu Dec 16 18:08:20 1999
 #LyX 0.12 (C) 1995-1998 Matthias Ettrich and the LyX Team
 \lyxformat 2.15
 \textclass article
@@ -56,10 +56,10 @@ It is in that aim that were designed the msec package.
  It is made of two parts:
 \layout Enumerate
 
-Scripts that modify the whole system to lead it to one of the five security
+Scripts that modify the whole system to lead it to one of the six security
  levels provided with msec.
- These levels range from poor security and ease of use, to paranoid config,
- suitable for very sensitive applications, managed by experts.
+ These levels range from very poor security and ease of use, to paranoid
+ config, suitable for very sensitive applications, managed by experts.
 \layout Enumerate
 
 Cron jobs, that will periodically check the integrity of the system upon
@@ -75,6 +75,11 @@ Note that the user may also define his own security level, adjusting parameters
 Installation
 \layout Standard
 
+msec is a base rpm.
+ That means that if you previously installed Linux-Mandrake, msec is already
+ installed on your system.
+\layout Standard
+
 Installing the rpm will create a msec directory into /etc/security, containing
  all is needed to secure your system.
 \layout Standard
@@ -165,7 +170,7 @@ authorized clients.
 \layout Standard
 \LyXTable
 multicol5
-26 6 0 0 -1 -1 -1 -1
+26 7 0 0 -1 -1 -1 -1
 1 1 0 0
 1 1 0 0
 0 1 0 0
@@ -193,6 +198,7 @@ multicol5
 0 1 0 0
 0 1 0 0
 2 1 0 "80mm" ""
+2 1 0 "80mm" ""
 8 1 0 "" ""
 8 1 0 "" ""
 8 1 0 "" ""
@@ -222,6 +228,18 @@ multicol5
 0 8 0 1 0 0 0 "" ""
 0 8 0 1 0 0 0 "" ""
 0 8 0 1 0 0 0 "" ""
+0 8 0 1 0 0 0 "" ""
+0 8 0 1 0 0 0 "" ""
+0 8 0 1 0 0 0 "" ""
+0 8 0 1 0 0 0 "" ""
+0 8 0 1 0 0 0 "" ""
+0 8 0 1 0 0 0 "" ""
+0 8 0 1 0 0 0 "" ""
+0 8 0 1 0 0 0 "" ""
+0 8 0 1 0 0 0 "" ""
+0 8 0 1 0 0 0 "" ""
+0 8 0 1 0 0 0 "" ""
+0 2 0 1 0 0 0 "" ""
 0 2 0 1 0 0 0 "" ""
 0 8 0 1 0 0 0 "" ""
 0 8 0 1 0 0 0 "" ""
@@ -330,7 +348,6 @@ multicol5
 0 8 0 1 0 0 0 "" ""
 0 8 0 1 0 0 0 "" ""
 0 8 0 1 0 0 0 "" ""
-0 2 0 1 0 0 0 "" ""
 0 8 0 1 0 0 0 "" ""
 0 8 0 1 0 0 0 "" ""
 0 8 0 1 0 0 0 "" ""
@@ -348,6 +365,21 @@ multicol5
 0 8 0 1 0 0 0 "" ""
 0 8 0 1 0 0 0 "" ""
 0 8 0 1 0 0 0 "" ""
+0 2 0 1 0 0 0 "" ""
+0 2 0 1 0 0 0 "" ""
+0 8 0 1 0 0 0 "" ""
+0 8 0 1 0 0 0 "" ""
+0 8 0 1 0 0 0 "" ""
+0 8 0 1 0 0 0 "" ""
+0 8 0 1 0 0 0 "" ""
+0 8 0 1 0 0 0 "" ""
+0 8 0 1 0 0 0 "" ""
+0 8 0 1 0 0 0 "" ""
+0 8 0 1 0 0 0 "" ""
+0 8 0 1 0 0 0 "" ""
+0 8 0 1 0 0 0 "" ""
+0 8 0 1 0 0 0 "" ""
+0 8 0 1 0 0 0 "" ""
 0 8 0 1 0 0 0 "" ""
 0 8 0 1 0 0 0 "" ""
 0 8 0 1 0 0 0 "" ""
@@ -362,6 +394,8 @@ Feature
 \backslash 
  Security level
 \newline 
+0
+\newline 
 1
 \newline 
 2
@@ -377,6 +411,8 @@ Feature
 \newline 
 Global security check
 \newline 
+
+\newline 
 *
 \newline 
 *
@@ -391,6 +427,8 @@ umask users
 \newline 
 002
 \newline 
+002
+\newline 
 022
 \newline 
 022
@@ -403,6 +441,8 @@ umask root
 \newline 
 002
 \newline 
+002
+\newline 
 022
 \newline 
 022
@@ -411,11 +451,13 @@ umask root
 \newline 
 077
 \newline 
-localhost authorized to connect to X display
+shell without password
 \newline 
 *
 \newline 
-*
+
+\newline 
+
 \newline 
 
 \newline 
@@ -423,8 +465,24 @@ localhost authorized to connect to X display
 \newline 
 
 \newline 
+authorized to connect to X display
+\newline 
+all
+\newline 
+local
+\newline 
+local
+\newline 
+none
+\newline 
+none
+\newline 
+none
+\newline 
 User in audio group
 \newline 
+
+\newline 
 *
 \newline 
 *
@@ -438,6 +496,8 @@ User in audio group
 .
  in $PATH
 \newline 
+
+\newline 
 *
 \newline 
 
@@ -450,6 +510,8 @@ User in audio group
 \newline 
 Warning in /var/log/security.log
 \newline 
+
+\newline 
 *
 \newline 
 *
@@ -464,6 +526,8 @@ Warning directly on tty
 \newline 
 
 \newline 
+
+\newline 
 *
 \newline 
 *
@@ -476,6 +540,8 @@ Warning in syslog
 \newline 
 
 \newline 
+
+\newline 
 *
 \newline 
 *
@@ -488,6 +554,8 @@ Suid root file check
 \newline 
 
 \newline 
+
+\newline 
 *
 \newline 
 *
@@ -500,6 +568,8 @@ Suid root file md5sum check
 \newline 
 
 \newline 
+
+\newline 
 *
 \newline 
 *
@@ -512,6 +582,8 @@ Writeable file check
 \newline 
 
 \newline 
+
+\newline 
 *
 \newline 
 *
@@ -526,6 +598,8 @@ Permissions check
 \newline 
 
 \newline 
+
+\newline 
 *
 \newline 
 *
@@ -538,6 +612,8 @@ Suid group file check
 \newline 
 
 \newline 
+
+\newline 
 *
 \newline 
 *
@@ -550,6 +626,8 @@ Unowned file check
 \newline 
 
 \newline 
+
+\newline 
 *
 \newline 
 *
@@ -562,6 +640,8 @@ Promiscuous check
 \newline 
 
 \newline 
+
+\newline 
 *
 \newline 
 *
@@ -574,6 +654,8 @@ Listening port check
 \newline 
 
 \newline 
+
+\newline 
 *
 \newline 
 *
@@ -586,6 +668,8 @@ Passwd file integrity check
 \newline 
 
 \newline 
+
+\newline 
 *
 \newline 
 *
@@ -598,6 +682,8 @@ Shadow file integrity check
 \newline 
 
 \newline 
+
+\newline 
 *
 \newline 
 *
@@ -610,6 +696,8 @@ System security check every midnight
 \newline 
 
 \newline 
+
+\newline 
 *
 \newline 
 *
@@ -622,6 +710,8 @@ All system events additionally logged to /dev/tty12
 \newline 
 
 \newline 
+
+\newline 
 *
 \newline 
 *
@@ -636,6 +726,8 @@ Services not known disabled
 \newline 
 
 \newline 
+
+\newline 
 *
 \newline 
 *
@@ -648,33 +740,25 @@ Boot password
 \newline 
 
 \newline 
-*
-\newline 
-*
-\newline 
-Disable connections from all but localhost
-\newline 
-
-\newline 
 
 \newline 
-
+*
 \newline 
 *
 \newline 
-
+Grant connection to
 \newline 
-Disable connections from all
+all
 \newline 
-
+all
 \newline 
-
+all
 \newline 
-
+all
 \newline 
-
+local
 \newline 
-*
+none
 \layout Standard
 
 Note that six out of the ten periodical checks can detect changes on the
@@ -775,18 +859,23 @@ umask root
 The same but for the root.
 \layout Subsection
 
-localhost authorized to connect to X display 
+shell without password
 \layout Standard
 
-Runs 
-\begin_inset Quotes eld
-\end_inset 
+Access to the consoles is granted without asking for a password.
+\layout Subsection
 
-xhost + localhost
-\begin_inset Quotes erd
-\end_inset 
+authorized to connect to X display
+\layout Itemize
+
+all : Everybody from everywhere can open an X window on your screen.
+\layout Itemize
 
- on every boot.
+local : Only people connected at localhost may open an X window on your
+ screen.
+\layout Itemize
+
+none : Nobodi can do that.
 \layout Subsection
 
 User in audio group
@@ -971,41 +1060,24 @@ chkconfig
 d/ ).
 \layout Subsection
 
-Disable connections from all but localhost
-\layout Standard
-
-Adds the rule "ALL:ALL EXCEPT localhost:DENY" into 
-\begin_inset Quotes eld
-\end_inset 
-
-/etc/hosts.deny
-\begin_inset Quotes erd
-\end_inset 
-
- file.
- 
+Boot password 
 \layout Standard
 
-This prevents all clients but localhost to connect to open ports.
+Allows you to setup a password for Lilo.
+ Prevents people for rebooting the machine, but in the other hand, the machine
+ won't be able to reboot by itself.
 \layout Subsection
 
-Disable connections from all
-\layout Standard
-
-Adds the rule "ALL:ALL:DENY" into 
-\begin_inset Quotes eld
-\end_inset 
+Grant connection to
+\layout Itemize
 
-/etc/hosts.deny
-\begin_inset Quotes erd
-\end_inset 
+all : All computers are allowed to connect to open ports.
+\layout Itemize
 
- file.
- 
-\layout Standard
+local : Only the localhost is allowed to connect to open ports.
+\layout Itemize
 
-This prevents all clients (even localhost) to connect to open ports.
- 
+none : No computers are allowed to connect to open ports.
 \layout Section
 
 ToDo
@@ -1022,4 +1094,4 @@ Author
 \layout Standard
 
 Vandoorselaere Yoann <yoann@mandrakesoft.com>
-\the_end
\ No newline at end of file
+\the_end