diff options
| author | Frederic Lepied <flepied@mandriva.com> | 2002-07-24 23:16:46 +0000 |
|---|---|---|
| committer | Frederic Lepied <flepied@mandriva.com> | 2002-07-24 23:16:46 +0000 |
| commit | 184c7a0eebaf3a76c697db3488871bff5fe27de9 (patch) | |
| tree | b9905902ffae8d67c76aa3790e68ea3a562e7402 /doc | |
| parent | 97535e1b1f1f0d6a14218be13ad495909d338459 (diff) | |
| download | msec-184c7a0eebaf3a76c697db3488871bff5fe27de9.tar msec-184c7a0eebaf3a76c697db3488871bff5fe27de9.tar.gz msec-184c7a0eebaf3a76c697db3488871bff5fe27de9.tar.bz2 msec-184c7a0eebaf3a76c697db3488871bff5fe27de9.tar.xz msec-184c7a0eebaf3a76c697db3488871bff5fe27de9.zip | |
* describe file permissions according to the levels.
* correct description of X server security.
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/security.txt | 24 |
1 files changed, 21 insertions, 3 deletions
diff --git a/doc/security.txt b/doc/security.txt index 1977e15..ea7b620 100644 --- a/doc/security.txt +++ b/doc/security.txt @@ -13,7 +13,8 @@ Security level 1 : - Global security check. - umask is 002 ( user = read,write | greoup = read,write | other = read ) - easy file permission. -- localhost authorized to connect to X display. +- localhost authorized to connect to X display and X server listens to +tcp connections. - . in $PATH - Warning in /var/log/security.log @@ -29,7 +30,8 @@ Security level 2 ( Aka normal system ) : - umask is 022 ( user = read,write | group = read | other = read ) - easy file permission. -- localhost authorized to connect to X display. +- localhost authorized to connect to X display and X server listens to +tcp connections. **************************** Security level 3 ( Aka more secure system ) : @@ -51,11 +53,13 @@ Security level 3 ( Aka more secure system ) : - umask is 022 ( user = read,write | group = read | other = read ) - Normal file permission. -- localhost authorized to connect to X display. +- X server listens to tcp connections. - All system events additionally logged to /dev/tty12 - Some system security check launched every midnight from the ( crontab ). - no autologin +- home directories are accesible but not readable by others and group members. + **************************** Security level 4 ( Aka Secured system ) : @@ -96,6 +100,13 @@ chkconfig -add ). in /etc/hosts.allow). - ctrl-alt-del only allowed for root ( or user in /etc/shutdown.allow ). +- most sensible files and directories are restricted to the members of the adm group. +- home directories are not accesible by others and group members. +- X commands from /usr/X11R6/bin restricted to the members of the xgrp group. +- network commands (ssh, scp, rsh, ...) restricted to the members of the ntools group. +- compilation commands (gcc, g++, ...) restricted to the members of the ctools group. +- rpm command restricted to the members of the rpm group. + ******************************* Security level 5 ( Aka Paranoid system ) : @@ -135,6 +146,13 @@ chkconfig -add ). in /etc/hosts.allow). - ctrl-alt-del only allowed for root ( or user in /etc/shutdown.allow ) . +- most sensible files and directories are restricted to the root account. +- home directories are not accesible by others and group members. +- X commands from /usr/X11R6/bin restricted to the members of the xgrp group. +- network commands (ssh, scp, rsh, ...) restricted to the members of the ntools group. +- compilation commands (gcc, g++, ...) restricted to the members of the ctools group. +- rpm command restricted to the members of the rpm group. + ****************** * level4/level5 : "services disabled" explanations : |