blob: 8ddc1490e1f0c7803e500a55073a8af4e6eaca5c (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
|
.TH msec 8 "29 Sep 2001" "Mandriva" "Mandriva Linux"
.IX msec
.SH NAME
msec \- Mandriva Linux security tools
.SH SYNOPSIS
.B msec
([-o <option>=<value>...]) ([0-5])
.SH DESCRIPTION
\fPmsec\fP is the main script of the msec package. It enables the
system administrator to change the security level for that system.
msec is provided with six preconfigured security levels. These levels
range from poor security and ease of use, to paranoid config, suitable
for very sensitive server applications.
.PP
You must be root to run \fPmsec\fP.
.br
Launch "msec x" to set you security level to x (x=[0-5]). It'll modify
your system according to security level x features. Called without
argument, it will enforce the current security level without lowering
security.
.br
All the changes are logged to syslog at the AUTH facility when called
non interactivelly (by cron for example) or at the LOCAL1 facility
when called interactivelly (on the command line or from Mandriva Linux
Control Center for example).
.br
For a fine description of each security level, consult the
documentation under /usr/share/doc/msec-*/security.txt.
.PP
If you want to make changes to the current level, use
/etc/security/msec/perm.local to override the
permissions/owners/groups (use the same syntax as /usr/share/msec/perm.*
or use the drakperm graphical utility) and /etc/security/msec/level.local to
override the rules (see mseclib(3) for details or use the draksec graphical utility).
.PP
Available options:
.TP
\fB\-o all-local-files=<value>\fR
if <value> is 1, consider that all the files are local.
.TP
\fB\-o log=<value>\fR
if <value> is different of syslog do not log to syslog but to the standard error output.
.TP
\fB\-o nolocal=<path>\fR
do not load the /etc/security/msec/level.local rules.
.TP
\fB\-o non-local-fstypes=<value>\fR
<value> is a list of non local file system types separated by spaces.
.TP
\fB\-o print=<value>\fR
if <value> is equal to 1, output the default values of the rules.
.TP
\fB\-o root=<path>\fR
use <path> as the root of the file system.
.SH FILES
/usr/sbin/msec
.br
The \fPmsec\fP executable (sh script)
.PP
/var/lib/msec/security.conf
.br
Contains the configuration of the current active security level. These
settings can be overridden in /etc/security/msec/security.conf.
.SH "SEE ALSO"
mseclib(3), draksec, drakperm
.SH AUTHOR
Vandoorselaere Yoann, Mandriva
|