Initial revision

2 files changed, 170 insertions, 0 deletions

diff --git a/doc/msec.spec b/doc/msec.spec
new file mode 100644
index 0000000..5324cbf
--- /dev/null
+++ b/doc/msec.spec
@@ -0,0 +1,76 @@
+Summary: Security Level & Program for the Linux Mandrake distribution
+Name: msec
+Version: 0.3
+Release: 5mdk
+Source: ftp://mandrakesoft.com/pub/yoann/msec-0.3.tar.gz
+Copyright: GPL
+Group: System Environment/Base
+BuildRoot: /var/tmp/msec
+Requires: /bin/bash setup chkconfig
+
+%description
+The Mandrake-Security package is designed to provide generic 
+secure level to the Mandrake-Linux users...
+It will permit you to choose between level 1 to 5 for a 
+less -> more secured distribution.
+This packages includes several program that will be run periodically
+in order to test the security of your system and alert you if needed.
+
+%prep
+%setup 
+
+%build
+make CFLAGS="$RPM_OPT_FLAGS"
+
+%install
+mkdir -p $RPM_BUILD_ROOT/etc/security/msec/init-sh
+mkdir -p $RPM_BUILD_ROOT/etc/security/msec/cron-sh
+mkdir -p $RPM_BUILD_ROOT/usr/bin
+
+cp init-sh/level*.sh $RPM_BUILD_ROOT/etc/security/msec/init-sh
+cp init-sh/lib.sh $RPM_BUILD_ROOT/etc/security/msec/init-sh
+cp init-sh/init.sh $RPM_BUILD_ROOT/etc/security/msec
+cp init-sh/file_perm.sh $RPM_BUILD_ROOT/etc/security/msec/init-sh
+cp init-sh/perm.[1-5] $RPM_BUILD_ROOT/etc/security/msec/init-sh
+cp init-sh/server.* $RPM_BUILD_ROOT/etc/security/msec/init-sh
+cp cron-sh/*.sh $RPM_BUILD_ROOT/etc/security/msec/cron-sh
+touch $RPM_BUILD_ROOT/etc/security/msec/security.conf
+cp src/promisc_check/promisc_check $RPM_BUILD_ROOT/usr/bin
+
+%clean
+rm -rf $RPM_BUILD_ROOT
+
+%files
+%defattr(-,root,root)
+/etc/security/msec
+/usr/bin/promisc_check
+
+%changelog
+* Thu Nov 25 1999 Yoann Vandoorselaere <yoann@mandrakesoft.com>
+- Cleaned up tree.
+
+* Thu Nov 25 1999 Yoann Vandoorselaere <yoann@mandrakesoft.com>
+- Removed touched file /-i
+
+* Thu Nov 25 1999 Yoann Vandoorselaere <yoann@mandrakesoft.com>
+- Create rc.firewall to avoid error,
+- Call grpuser with the good path,
+- Call groupadd before usermod.
+
+* Tue Nov 23 1999 Yoann Vandoorselaere <yoann@mandrakesoft.com>
+- New release (0.3) :
+  Now each security level has it's own set of permissions.
+  Add "." at the end of $PATH for level 1.
+  Corrected some grave bug, it should work properly now.
+
+* Thu Nov 18 1999 Yoann Vandoorselaere <yoann@mandrakesoft.com>
+- New release (0.2) :
+  Fixed the path for promisc_check.sh :
+  now /etc/security/msec/cron-sh/promisc_check.sh
+  In level 1 & 2, user is now automagically added to the audio group. 
+
+* Tue Nov 16 1999 Yoann Vandoorselaere <yoann@mandrakesoft.com>
+- First packaging attempt :-).
+
+
+
diff --git a/doc/security.txt b/doc/security.txt
new file mode 100644
index 0000000..4d22ca5
--- /dev/null
+++ b/doc/security.txt
@@ -0,0 +1,94 @@
+
+****************************
+
+Security level 1 :
+OK - Access to the system as a normal user.
+OK - . in $PATH
+OK - Login as root from the console granted.
+OK - No rules check for password.
+OK - Permission for /dev & /etc = 755
+OK - Permission for /home = 755
+OK - Device are accessible by group. ( ie: the user is automagically added to the audio group, video group & all... ).
+OK - xhost + localhost
+
+****************************
+
+Security level 2 :
+OK - Access to the system as a normal user.
+OK - Login as root from the console granted.
+
+	- No rules check for password.
+		---> Waiting for Chmouel to verify password...
+
+OK - Device are accessible by group. ( ie: the user is automagically added to the audio group, video group & all... ).
+OK - Permission for /dev & /etc = 755
+OK - Permission for /home = 755
+OK xhost + localhost
+
+****************************
+
+Security level 3 :
+OK - Access to the system as a normal user.
+OK - Login as root from the console denied.
+
+	- Low level rules check on password.
+		---> Waiting for Chmouel to verify password...
+
+OK - Permission for /dev & /etc = 755
+OK - Permission for /home/* = 750
+OK - Detection of interface in promiscuous mode ( one time a minute )
+
+
+****************************
+
+Security level 4 :
+OK - lilo pass -> only if the user want it .
+- kernel patch -> Secure linux ?
+OK - Access to the system as a normal user.
+OK - Login as root from the console denied.
+
+	- Medium level rules check on password.
+		---> Waiting for Chmouel to verify password...
+
+OK - Keep track of the suid file, warn when new suid file are detected, in a suid log file.
+OK - Device only accessible by root as a default.
+OK - Deny all kind of connection except from local network.
+OK - Permission for /dev & /etc directories = 755
+OK - Permission for /home = 711
+OK - Permission for /home/* = 750
+OK - Detection of interface in promiscuous mode ( one time a minute )
+
+*****************************
+
+Security level 5 : *Server Only*
+ 
+OK - lilo pass -> only if the user want it .
+- kernel patch -> Secure linux 
+OK - Access to the system as a normal user.
+OK - Login as root from the console denied.
+
+	- High level rules check on password.
+		---> Waiting for Chmouel to verify password...
+
+OK - Keep track of the suid file, warn when new suid file are detected, in a suid log file.
+OK - Device only accessible by root as a default.
+OK - No server installed by default. ( except maybe the crontab )
+OK - Deny all kind of connection ( hosts.deny -> ALL:ALL:DENY )
+OK - Permission for /dev & /etc directories = 711
+OK - Permission for /home = 711
+OK - Permission for /home/* = 700
+OK - Permission for /tmp = 700
+OK - Detection of interface in promiscuous mode ( one time a minute )
+
+
+
+
+
+*** Future Release : ***
+- Automatic tty locking ( unlock by passwd ) after X time of inactivity.
+
+
+
+
+
+