diff options
| author | Claire Revillet <grenoya@mageia.org> | 2014-02-06 19:58:14 +0000 |
|---|---|---|
| committer | Claire Revillet <grenoya@mageia.org> | 2014-02-06 19:58:14 +0000 |
| commit | decca40a7e0ee9a3b0465da9399867e442ba0c86 (patch) | |
| tree | 475529b085e57b1c219de29f1eab53c5cfd3c9fd /mcc/4/et/content/msecgui.html | |
| parent | 3ddf61ea9850db5464d2e437261b5f0accfd7002 (diff) | |
| download | doc-decca40a7e0ee9a3b0465da9399867e442ba0c86.tar doc-decca40a7e0ee9a3b0465da9399867e442ba0c86.tar.gz doc-decca40a7e0ee9a3b0465da9399867e442ba0c86.tar.bz2 doc-decca40a7e0ee9a3b0465da9399867e442ba0c86.tar.xz doc-decca40a7e0ee9a3b0465da9399867e442ba0c86.zip | |
- update ET translation of MCC manual for mga4
Diffstat (limited to 'mcc/4/et/content/msecgui.html')
| -rw-r--r-- | mcc/4/et/content/msecgui.html | 232 |
1 files changed, 117 insertions, 115 deletions
diff --git a/mcc/4/et/content/msecgui.html b/mcc/4/et/content/msecgui.html index 5983820a..67879031 100644 --- a/mcc/4/et/content/msecgui.html +++ b/mcc/4/et/content/msecgui.html @@ -5,7 +5,7 @@ <meta http-equiv="X-UA-Compatible" content="IE=7"/> <title>MSEC: süsteemi turvalisus ja audit</title><meta name="generator" content="DocBook XSL-NS Stylesheets V1.75.2"/><link rel="home" href="index.html" title="Mageia juhtimiskeskus"/><link rel="up" href="mcc-security.html" title="Turvalisus"/><link rel="prev" href="mcc-security.html" title="Turvalisus"/><link rel="next" href="drakfirewall.html" title="Isikliku tulemüüri seadistamine"/><meta http-equiv="Content-Type" content="text/html; charset=utf-8"/><script type="text/javascript"> //The id for tree cookie - var treeCookieId = "treeview-5378"; + var treeCookieId = "treeview-5377"; var language = "en"; var w = new Object(); //Localization @@ -33,117 +33,119 @@ | <a accesskey="u" href="mcc-security.html">Üles</a> | - <a accesskey="n" href="drakfirewall.html">Järgmine</a></td></tr></table></div><div id="headerlogo"><img src="t-mageia-2011.png" alt="Company Logo"/></div><h1 id="pagetitle">MSEC: süsteemi turvalisus ja audit<br/>Turvalisus</h1></div><div id="content"><!----><div xml:lang="et" class="section" title="MSEC: süsteemi turvalisus ja audit"><div class="titlepage"><div><div><h3 class="title"><a id="msecgui"><!----></a>MSEC: süsteemi turvalisus ja audit</h3></div><div><h2 class="subtitle">msecgui</h2></div></div></div><div class="mediaobject" align="center"><img src="images/msecgui.png" align="middle"/></div><div class="section" title="Tutvustus"><div class="titlepage"><div><div><h4 class="title"><a id="d4e2623"><!----></a>Tutvustus</h4></div></div></div><p>msecgui<sup>[<a id="d4e2626" href="#ftn.d4e2626" class="footnote">38</a>]</sup> is a graphic user interface for -msec that allows to configure your system security according to two -approaches:</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>It sets the system behaviour, msec imposes modifications to the system to -make it more secure.</p></li><li class="listitem"><p>It carries on periodic checks automatically on the system in order to warn -you if something seems dangerous.</p></li></ul></div><p>msec uses the concept of "security levels" which are intended to configure a -set of system permissions, which can be audited for changes or -enforcement. Several of them are proposed by Mageia, but you can define your -own customised security levels.</p></div><div class="section" title="Overview tab"><div class="titlepage"><div><div><h4 class="title"><a id="d4e2635"><!----></a>Overview tab</h4></div></div></div><p>See the screenshot above</p><p>The first tab takes up the list of the different security tools with a -button on the right side to configure them:</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>Firewall, also found in the MCC / Security / Set up your personal firewall</p></li><li class="listitem"><p>Updates, also found in MCC / Software Management / Update your system</p></li><li class="listitem"><p>msec itself with some information:</p><div class="itemizedlist"><ul class="itemizedlist" type="circle"><li class="listitem"><p>enabled or not</p></li><li class="listitem"><p>the configured Base security level</p></li><li class="listitem"><p>the date of the last Periodic checks and a button to see a detailed report -and another button to execute the checks just now.</p></li></ul></div></li></ul></div></div><div class="section" title="Security settings tab"><div class="titlepage"><div><div><h4 class="title"><a id="d4e2653"><!----></a>Security settings tab</h4></div></div></div><p>A click on the second tab or on the Security -<span class="guibutton">Configure</span> button leads to the same screen shown -below.</p><div class="mediaobject"><img src="cco:/msecgui2.png"/></div><div class="section" title="Basic security tab"><div class="titlepage"><div><div><h5 class="title"><a id="d4e2660"><!----></a>Basic security tab</h5></div></div></div><p class="underline"> - <span class="underline">Security levels:</span> - </p><p>After having checked the box <span class="guilabel">Enable MSEC tool</span>, this tab -allows you by a double click to choose the security level that appears then -in bold. If the box is not checked, the level « none » is applied. The -following levels are available:</p><div class="orderedlist"><ol class="orderedlist" type="1"><li class="listitem"><p>Level <span class="bold"><strong>none</strong></span>. This level is intended if you -do not want to use msec to control system security, and prefer tuning it on -your own. It disables all security checks and puts no restrictions or -constraints on system configuration and settings. Please use this level only -if you are knowing what you are doing, as it would leave your system -vulnerable to attack.</p></li><li class="listitem"><p>Level <span class="bold"><strong>standard</strong></span>. This is the default -configuration when installed and is intended for casual users. It -constrains several system settings and executes daily security checks which -detect changes in system files, system accounts, and vulnerable directory -permissions. (This level is similar to levels 2 and 3 from past msec -versions).</p></li><li class="listitem"><p>Level <span class="bold"><strong>secure</strong></span>. This level is intended when -you want to ensure your system is secure, yet usable. It further restricts -system permissions and executes more periodic checks. Moreover, access to -the system is more restricted. (This level is similar to levels 4 (High) and -5 (Paranoid) from old msec versions).</p></li><li class="listitem"><p>Besides those levels, different task-oriented security are also provided, -such as the <span class="bold"><strong>fileserver </strong></span>, <span class="bold"><strong>webserver</strong></span> and <span class="bold"><strong>netbook</strong></span> levels. Such levels attempt to pre-configure -system security according to the most common use cases.</p></li><li class="listitem"><p>The last two levels called <span class="bold"><strong>audit_daily </strong></span> and -<span class="bold"><strong>audit_weekly</strong></span> are not really security levels -but rather tools for periodic checks only.</p></li></ol></div><p>These levels are saved in -<code class="filename">etc/security/msec/level.<levelname></code>. You can define -your own customised security levels, saving them into specific files called -<code class="filename">level.<levelname></code>, placed into the folder -<code class="filename">etc/security/msec/.</code> This function is intended for power -users which require a customised or more secure system configuration.</p><div class="caution" title="Ettevaatust" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Ettevaatust</h3><p>Keep in mind that user-modified parameters take precedence over default -level settings.</p></div><p> - <span class="underline">Security alerts:</span> - </p><p>If you check the box <span class="guibutton">Send security alerts by email -to:</span>, the security alerts generated by msec are going to be sent -by local e-mail to the security administrator named in the nearby field. You -can fill either a local user or a complete e-mail address (the local e-mail -and the e-mail manager must be set accordingly). At last, you can receive -the security alerts directly on your desktop. Check the relevant box to -enable it.</p><div class="important" title="Oluline" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Oluline</h3><p>It is strongly advisable to enable the security alerts option in order to -immediately inform the security administrator of possible security -problems. If not, the administrator will have to regularly check the logs -files available in <code class="filename">/var/log/security.</code></p></div><p><span class="underline">Security options:</span></p><p>Creating a customised level is not the only way to customise the computer -security, it is also possible to use the tabs presented here after to change -any option you want. Current configuration for msec is stored in -<code class="filename">/etc/security/msec/security.conf</code>. This file contains -the current security level name and the list of all the modifications done -to the options.</p></div><div class="section" title="System security tab"><div class="titlepage"><div><div><h5 class="title"><a id="d4e2702"><!----></a>System security tab</h5></div></div></div><p>This tab displays all the security options on the left side column, a -description in the centre column, and their current values on the right side -column.</p><div class="mediaobject"><img src="cco:/msecgui3.png"/></div><p>To modify an option, double click on it and a new window appears (see -screenshot below). It displays the option name, a short description, the -actual and default values, and a drop down list where the new value can be -selected. Click on the <span class="guibutton">OK</span> button to validate the -choice.</p><div class="mediaobject"><img src="cco:/msecgui11.png"/></div><div class="caution" title="Ettevaatust" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Ettevaatust</h3><p>Do not forget when leaving msecgui to save definitively your configuration -using the menu <span class="guimenu">File -> Save the configuration</span>. If you -have changed the settings, msecgui allows you to preview the changes before -saving them.</p></div><div class="mediaobject"><img src="cco:/msecgui10.png"/></div></div><div class="section" title="Network security"><div class="titlepage"><div><div><h5 class="title"><a id="d4e2719"><!----></a>Network security</h5></div></div></div><p>This tab displays all the network options and works like the previous tab</p><div class="mediaobject"><img src="cco:/msecgui4.png"/></div></div><div class="section" title="Periodic checks tab"><div class="titlepage"><div><div><h5 class="title"><a id="d4e2725"><!----></a>Periodic checks tab</h5></div></div></div><p>Periodic checks aim to inform the security administrator by means of -security alerts of all situations msec thinks potentially dangerous.</p><p>This tab displays all the periodic checks done by msec and their frequency -if the box <span class="guibutton">Enable periodic security checks</span> is -checked. Changes are done like in the previous tabs.</p><div class="mediaobject"><img src="cco:/msecgui5.png"/></div></div><div class="section" title="Exceptions tab"><div class="titlepage"><div><div><h5 class="title"><a id="d4e2733"><!----></a>Exceptions tab</h5></div></div></div><p>Sometimes alert messages are due to well known and wanted situations. In -these cases they are useless and wasted time for the administrator. This tab -allows you to create as many exceptions as you want to avoid unwanted alert -messages. It is obviously empty at the first msec start. The screenshot -below shows four exceptions.</p><div class="mediaobject"><img src="cco:/msecgui6.png"/></div><p>To create an exception, click on the <span class="guibutton">Add a rule</span> -button</p><div class="mediaobject"><img src="cco:/msecgui7.png"/></div><p>Select the wanted periodic check in the drop down list called -<span class="guilabel">Check</span> and then, enter the -<span class="guilabel">Exception</span> in the text area. Adding an exception is -obviously not definitive, you can either delete it using the -<span class="guibutton">Delete</span> button of the <span class="guilabel">Exceptions</span> -tab or modify it with a double clicK.</p></div><div class="section" title="Permissions"><div class="titlepage"><div><div><h5 class="title"><a id="d4e2749"><!----></a>Permissions</h5></div></div></div><p>This tab is intended for file and directory permissions checking and -enforcement.</p><p>Like for the security, msec owns different permissions levels (standard, -secure, ..), they are enabled accordingly with the chosen security -level. You can create your own customised permissions levels, saving them -into specific files called <code class="filename">perm.<levelname> </code> placed -into the folder <code class="filename">etc/security/msec/</code> . This function is -intended for power users which require a customised configuration. It is -also possible to use the tab presented here after to change any permission -you want. Current configuration is stored in -<code class="filename">/etc/security/msec/perms.conf.</code> This file contains the -list of all the modifications done to the permissions.</p><div class="mediaobject"><img src="cco:/msecgui8.png"/></div><p>Default permissions are visible as a list of rules (a rule per line). You -can see on the left side, the file or folder concerned by the rule, then the -owner, then the group and then the permissions given by the rule. If, for a -given rule:</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>the box <span class="guilabel">Enforce</span> is not checked, msec only checks if the -defined permissions for this rule are respected and sends an alert message -if not, but does not change anything.</p></li><li class="listitem"><p>the box <span class="guilabel">Enforce</span> is checked, then msec will rule the -permissions respect at the first periodic check and overwrite the -permissions.</p></li></ul></div><div class="important" title="Oluline" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Oluline</h3><p>For this to work, the option CHECK_PERMS in the <span class="bold"><strong>Periodic check tab</strong></span> must be configured accordingly.</p></div><p>To create a new rule, click on the <span class="guibutton"> Add a rule</span> button -and fill the fields as shown in the example below. The joker * is allowed in -the <span class="guilabel">File</span> field. “current” means no modification.</p><div class="mediaobject"><img src="cco:/msecgui9.png"/></div><p>Click on the <span class="guibutton">OK</span> button to validate the choice and do -not forget when leaving to save definitively your configuration using the -menu <span class="guimenu">File -> Save the configuration</span>. If you have changed -the settings, msecgui allows you to preview the changes before saving them. </p><div class="note" title="Märkus" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Märkus</h3><p>It is also possible to create or modify the rules by editing the -configuration file <code class="filename">/etc/security/msec/perms.conf</code>. - </p></div><div class="caution" title="Ettevaatust" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Ettevaatust</h3><p>Changes in the <span class="bold"><strong>Permission tab</strong></span> (or directly -in the configuration file) are taken into account at the first periodic -check (see the option CHECK_PERMS in the <span class="bold"><strong>Periodic -checks tab</strong></span>). If you want them to be taken immediately into -account, use the msecperms command in a console with root rights. You can -use before, the msecperms -p command to know the permissions that will be -changed by msecperms.</p></div><div class="caution" title="Ettevaatust" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Ettevaatust</h3><p>Do not forget that if you modify the permissions in a console or in a file -manager, for a file where the box <span class="guilabel">Enforce </span> is checked -in the <span class="bold"><strong>Permissions tab </strong></span>, msecgui will write -the old permissions back after a while, accordingly to the configuration of -the options CHECK_PERMS and CHECK_PERMS_ENFORCE in the <span class="bold"><strong>Periodic Checks tab </strong></span>.</p></div></div></div><div class="footnotes"><br/><hr width="100" align="left"/><div class="footnote"><p><sup>[<a id="ftn.d4e2626" href="#d4e2626" class="para">38</a>] </sup>Tööriista saab käsurealt käivitada, kui anda administraatori õigustes käsk -<span class="bold"><strong>msecgui</strong></span>.</p></div></div></div><script type="text/javascript" src="main.js"><!----></script><div class="navfooter"><hr/><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="mcc-security.html">Eelmine</a> </td><td width="20%" align="center"><a accesskey="u" href="mcc-security.html">Üles</a></td><td width="40%" align="right"> <a accesskey="n" href="drakfirewall.html">Järgmine</a></td></tr><tr><td width="40%" align="left" valign="top"> </td><td width="20%" align="center"><a accesskey="h" href="index.html">Koju</a></td><td width="40%" align="right" valign="top"> </td></tr></table></div></div><div><div id="leftnavigation"><div id="tabs"><ul><li><a href="#treeDiv"><em>Sisukord</em></a></li><li><a href="#searchDiv"><em/></a></li></ul><div id="treeDiv"><img src="../../common/images/loading.gif" alt="loading table of contents..." id="tocLoading" style="display:block;"/><div id="ulTreeDiv" style="display:none"><ul id="tree" class="filetree"><li><span class="file section"><a href="mcc-intro.html">Mageia juhtimiskeskuse käsiraamatust</a></span></li><li><span class="file section"><a href="software-management.html">Tarkvara haldamine</a></span><ul><li><span class="file section"><a href="rpmdrake.html">Tarkvara haldamine (paigaldamine ja eemaldamine)</a></span><ul><li><span class="file section"><a href="rpmdrake.html#rpmdrake-introduction">Rpmdrake'i sissejuhatus</a></span></li><li><span class="file section"><a href="rpmdrake.html#d4e58">Akna põhiosad</a></span></li><li><span class="file section"><a href="rpmdrake.html#d4e96">Olekuveerg</a></span></li><li><span class="file section"><a href="rpmdrake.html#d4e149">Sõltuvused</a></span></li></ul></li><li><span class="file section"><a href="MageiaUpdate.html">Tarkvara uuendamine</a></span></li><li><span class="file section"><a href="mgaapplet-config.html">Uuendamissageduse seadistamine</a></span></li><li><span class="file section"><a href="drakrpm-edit-media.html">Tarkvaraallikate seadistamine</a></span><ul><li><span class="file section"><a href="drakrpm-edit-media.html#d4e219">Veerud</a></span></li><li><span class="file section"><a href="drakrpm-edit-media.html#d4e251">Nupud paremal</a></span></li><li><span class="file section"><a href="drakrpm-edit-media.html#d4e265">Menüü</a></span></li></ul></li></ul></li><li><span class="file section"><a href="mcc-sharing.html">Failide jagamine</a></span><ul><li><span class="file section"><a href="drakwizard_proftpd.html">FTP seadistamine</a></span></li><li><span class="file section"><a href="drakwizard_apache2.html">Veebiserveri seadistamine</a></span></li></ul></li><li><span class="file section"><a href="mcc-networkservices.html">Võrguteenused</a></span><ul><li><span class="file section"><a href="drakwizard_dhcp.html">DHCP seadistamine</a></span></li><li><span class="file section"><a href="drakwizard_bind.html">DNS seadistamine</a></span></li><li><span class="file section"><a href="drakwizard_squid.html">Puhverserveri seadistamine</a></span></li><li><span class="file section"><a href="drakwizard_ntp.html">Aja seadistamine</a></span></li><li><span class="file section"><a href="drakwizard_sshd.html">OpenSSH deemoni seadistamine</a></span></li></ul></li><li><span class="file section"><a href="mcc-hardware.html">Riistvara</a></span><ul><li><span class="file section"><a href="harddrake2.html">Riistvara seadistamine</a></span><ul><li><span class="file section"><a href="harddrake2.html#d4e515">Aken</a></span></li><li><span class="file section"><a href="harddrake2.html#d4e530">Menüü</a></span></li></ul></li><li><span class="file section"><a href="draksound.html">Heli seadistamine</a></span></li><li><span class="file section"><a href="drak3d.html">Ruumilise töölaua efektid</a></span><ul><li><span class="file section"><a href="drak3d.html#d4e581">Sissejuhatus</a></span></li><li><span class="file section"><a href="drak3d.html#d4e587">Alustamine</a></span></li><li><span class="file section"><a href="drak3d.html#d4e601">Probleemide lahendamine</a></span><ul><li><span class="file section"><a href="drak3d.html#d4e603">Töölauda pole sisselogimise järel näha</a></span></li></ul></li></ul></li><li><span class="file section"><a href="XFdrake.html">Graafikaserveri seadistamine</a></span></li><li><span class="file section"><a href="keyboarddrake.html">Klaviatuuri seadistamine</a></span><ul><li><span class="file section"><a href="keyboarddrake.html#d4e692">Sissejuhatus</a></span></li><li><span class="file section"><a href="keyboarddrake.html#d4e698">Klaviatuuripaigutus</a></span></li><li><span class="file section"><a href="keyboarddrake.html#d4e701">Klaviatuuritüüp</a></span></li></ul></li><li><span class="file section"><a href="mousedrake.html">Osutusseadme (hiir, puutepadi) seadistamine</a></span></li><li><span class="file section"><a href="system-config-printer.html">Printeri paigaldamine ja seadistamine</a></span><ul><li><span class="file section"><a href="system-config-printer.html#introduction">Sissejuhatus</a></span></li><li><span class="file section"><a href="system-config-printer.html#automatic">Printer tuvastati automaatselt</a></span></li><li><span class="file section"><a href="system-config-printer.html#non_automatic">Printerit ei tuvastatud automaatselt</a></span></li><li><span class="file section"><a href="system-config-printer.html#terminate">Paigaldamise lõpetamine</a></span></li><li><span class="file section"><a href="system-config-printer.html#network_printer">Võrguprinter</a></span></li><li><span class="file section"><a href="system-config-printer.html#network_printing_protocols">Trükkimise võrguprotokollid</a></span></li><li><span class="file section"><a href="system-config-printer.html#properties">Seadme omadused</a></span></li><li><span class="file section"><a href="system-config-printer.html#d4e836">Probleemide lahendamine</a></span></li><li><span class="file section"><a href="system-config-printer.html#specificities">Spetsiifilised probleemid</a></span></li></ul></li><li><span class="file section"><a href="scannerdrake.html">Skanneri seadistamine</a></span><ul><li><span class="file section"><a href="scannerdrake.html#scannerinstallation">Paigaldamine</a></span></li><li><span class="file section"><a href="scannerdrake.html#scannersharing">Skanneri jagamine</a></span></li><li><span class="file section"><a href="scannerdrake.html#scannerspecifics">Spetsiifilised probleemid</a></span></li><li><span class="file section"><a href="scannerdrake.html#scannerextrasteps">Paigaldamise lisasammud</a></span></li></ul></li><li><span class="file section"><a href="drakups.html">Puhvertoiteallika (UPS) seadistamine</a></span></li></ul></li><li><span class="file section"><a href="mcc-network.html">Kohtvõrk ja internet</a></span><ul><li><span class="file section"><a href="draknetcenter.html">Võrgukeskus</a></span><ul><li><span class="file section"><a href="draknetcenter.html#d4e1063">Sissejuhatus</a></span></li><li><span class="file section"><a href="draknetcenter.html#d4e1093">Nupp Jälgi</a></span></li><li><span class="file section"><a href="draknetcenter.html#d4e1104">Nupp Seadista</a></span></li><li><span class="file section"><a href="draknetcenter.html#d4e1163">Nupp Muud seadistused</a></span></li></ul></li><li><span class="file section"><a href="drakconnect.html">Uue võrguliidese seadistamine (LAN, ISDN, ADSL...)</a></span><ul><li><span class="file section"><a href="drakconnect.html#d4e1178">Sissejuhatus</a></span></li><li><span class="file section"><a href="drakconnect.html#d4e1185">Uus juhtmega ühendus (Ethernet)</a></span></li><li><span class="file section"><a href="drakconnect.html#d4e1239">Uus satelliidiühendus (DVB)</a></span></li><li><span class="file section"><a href="drakconnect.html#d4e1243">Uus kaablimodemi ühendus</a></span></li><li><span class="file section"><a href="drakconnect.html#d4e1301">Uus DSL-ühendus</a></span></li><li><span class="file section"><a href="drakconnect.html#d4e1337">Uus ISDN-ühendus</a></span></li><li><span class="file section"><a href="drakconnect.html#d4e1386">Uus juhtmeta ühendus (WiFi)</a></span></li><li><span class="file section"><a href="drakconnect.html#d4e1468">Uus GPRS/Edge/3G ühendus</a></span></li><li><span class="file section"><a href="drakconnect.html#d4e1494">Uus Bluetoothi sissehelistamisühendus</a></span></li><li><span class="file section"><a href="drakconnect.html#d4e1498">Uus analoogtelefonimodemi ühendus (POTS)</a></span></li><li><span class="file section"><a href="drakconnect.html#drakconnect-end">Seadistamise lõpetamine</a></span></li></ul></li><li><span class="file section"><a href="drakconnect--del.html">Ühenduse eemaldamine</a></span></li><li><span class="file section"><a href="drakproxy.html">Puhverserver</a></span></li><li><span class="file section"><a href="drakgw.html">Internetiühenduse jagamine teistele kohalikele masinatele</a></span><ul><li><span class="file section"><a href="drakgw.html#drakgw-principles">Põhialused</a></span></li><li><span class="file section"><a href="drakgw.html#drakgw-wizard">Interneti jagamise nõustaja</a></span></li><li><span class="file section"><a href="drakgw.html#drakgw-configure">Kliendi seadistamine</a></span></li><li><span class="file section"><a href="drakgw.html#drakgw-stop">Ühenduse jagamise peatamine</a></span></li></ul></li><li><span class="file section"><a href="draknetprofile.html">Võrguprofiilide haldamine</a></span></li><li><span class="file section"><a href="drakvpn.html">VPN-ühenduse seadistamine</a></span><ul><li><span class="file section"><a href="drakvpn.html#d4e1673">Sissejuhatus</a></span></li><li><span class="file section"><a href="drakvpn.html#d4e1679">Seadistamine</a></span></li></ul></li><li><span class="file section"><a href="drakhosts.html">Masinate määratlemine</a></span></li></ul></li><li><span class="file section"><a href="mcc-system.html">Süsteem</a></span><ul><li><span class="file section"><a href="drakauth.html">Autentimine</a></span></li><li><span class="file section"><a href="drakxservices.html">Süsteemi teenuste haldamine</a></span></li><li><span class="file section"><a href="drakfont.html">Fontide haldamine, lisamine ja eemaldamine. Windows(TM) fontide import</a></span></li><li><span class="file section"><a href="drakclock.html">Kuupäeva ja kellaaja seadistamine</a></span></li><li><span class="file section"><a href="localedrake.html">Süsteemi lokaliseerimine</a></span><ul><li><span class="file section"><a href="localedrake.html#input_method">Sisestusmeetod</a></span></li></ul></li><li><span class="file section"><a href="logdrake.html">Süsteemi logifailide vaatamine ja neis otsimine</a></span><ul><li><span class="file section"><a href="logdrake.html#d4e1892">Logides otsimine</a></span></li><li><span class="file section"><a href="logdrake.html#d4e1907">E-kirjaga hoiatuse saatmise seadistamine</a></span></li></ul></li><li><span class="file section"><a href="drakconsole.html">Konsooli avamine administraatorina</a></span></li><li><span class="file section"><a href="userdrake.html">Kasutajad ja grupid</a></span></li><li><span class="file section"><a href="transfugdrake.html">Windows(TM) dokumentide ja seadistuste import</a></span></li><li><span class="file section"><a href="draksnapshot-config.html">Hetktõmmised</a></span></li></ul></li><li><span class="file section"><a href="mcc-networksharing.html">Võrgu jagamine</a></span><ul><li><span class="file section"><a href="diskdrake--smb.html">Windowsi (SMB) jagatud ketaste ja kataloogide kasutamine</a></span><ul><li><span class="file section"><a href="diskdrake--smb.html#d4e2175">Sissejuhatus</a></span></li><li><span class="file section"><a href="diskdrake--smb.html#d4e2183">Kasutamine</a></span></li></ul></li><li><span class="file section"><a href="draksambashare.html">Kataloogide ja ketaste jagamine Sambaga</a></span><ul><li><span class="file section"><a href="draksambashare.html#d4e2216">Sissejuhatus</a></span></li><li><span class="file section"><a href="draksambashare.html#d4e2219">Valmistumine</a></span></li><li><span class="file section"><a href="draksambashare.html#d4e2224">Nõustaja - autonoomne server</a></span></li><li><span class="file section"><a href="draksambashare.html#d4e2267">Nõustaja - primaarne domeenikontroller</a></span></li><li><span class="file section"><a href="draksambashare.html#d4e2277">Kataloogi määramine jagatud ressursiks</a></span></li><li><span class="file section"><a href="draksambashare.html#d4e2290">Menüükirjed</a></span></li><li><span class="file section"><a href="draksambashare.html#d4e2306">Printerite jagamine</a></span></li><li><span class="file section"><a href="draksambashare.html#d4e2313">Samba kasutajad</a></span></li></ul></li><li><span class="file section"><a href="diskdrake--nfs.html">NFS-i jagatud ketaste ja kataloogide kasutamine</a></span><ul><li><span class="file section"><a href="diskdrake--nfs.html#d4e2330">Sissejuhatus</a></span></li><li><span class="file section"><a href="diskdrake--nfs.html#d4e2336">Kasutamine</a></span></li></ul></li><li><span class="file section"><a href="draknfs.html">Ketaste ja kataloogide jagamine NFS-i abil</a></span><ul><li><span class="file section"><a href="draknfs.html#d4e2370">Eelnevad nõuded</a></span></li><li><span class="file section"><a href="draknfs.html#d4e2379">Peaaken</a></span></li><li><span class="file section"><a href="draknfs.html#d4e2383">Kirje muutmine</a></span><ul><li><span class="file section"><a href="draknfs.html#d4e2390">NFS-kataloog</a></span></li><li><span class="file section"><a href="draknfs.html#d4e2394">Masina ligipääs</a></span></li><li><span class="file section"><a href="draknfs.html#d4e2406">Kasutaja ID sidumine</a></span></li><li><span class="file section"><a href="draknfs.html#d4e2416">Muud valikud</a></span></li></ul></li><li><span class="file section"><a href="draknfs.html#d4e2426">Menüükirjed</a></span><ul><li><span class="file section"><a href="draknfs.html#d4e2432">Fail|Salvesta konfiguratsioon</a></span></li><li><span class="file section"><a href="draknfs.html#d4e2435">NFS-server|Käivita uuesti</a></span></li><li><span class="file section"><a href="draknfs.html#d4e2438">NFS-server|Laadi uuesti</a></span></li></ul></li></ul></li><li><span class="file section"><a href="diskdrake--dav.html">WebDAV-i jagatud ketaste ja kataloogide kasutamine</a></span><ul><li><span class="file section"><a href="diskdrake--dav.html#d4e2453">Sissejuhatus</a></span></li><li><span class="file section"><a href="diskdrake--dav.html#d4e2457">Uue kirje loomine</a></span></li></ul></li></ul></li><li><span class="file section"><a href="mcc-localdisks.html">Kohalikud kettad</a></span><ul><li><span class="file section"><a href="drakdisk.html">Kettapartitsioonide haldamine</a></span></li><li><span class="file section"><a href="diskdrake--removable.html">CD/DVD-kirjuti</a></span><ul><li><span class="file section"><a href="diskdrake--removable.html#d4e2547">Haakepunkt</a></span></li><li><span class="file section"><a href="diskdrake--removable.html#d4e2551">Eelistused</a></span><ul><li><span class="file section"><a href="diskdrake--removable.html#d4e2556">user/nouser</a></span></li></ul></li></ul></li><li><span class="file section"><a href="diskdrake--fileshare.html">Kõvaketta partitsioonide jagamine</a></span></li></ul></li><li><span class="file section"><a href="mcc-security.html">Turvalisus</a></span><ul><li id="webhelp-currentid"><span class="file section"><a href="msecgui.html">MSEC: süsteemi turvalisus ja audit</a></span><ul><li><span class="file section"><a href="msecgui.html#d4e2623">Tutvustus</a></span></li><li><span class="file section"><a href="msecgui.html#d4e2635">Overview tab</a></span></li><li><span class="file section"><a href="msecgui.html#d4e2653">Security settings tab</a></span><ul><li><span class="file section"><a href="msecgui.html#d4e2660">Basic security tab</a></span></li><li><span class="file section"><a href="msecgui.html#d4e2702">System security tab</a></span></li><li><span class="file section"><a href="msecgui.html#d4e2719">Network security</a></span></li><li><span class="file section"><a href="msecgui.html#d4e2725">Periodic checks tab</a></span></li><li><span class="file section"><a href="msecgui.html#d4e2733">Exceptions tab</a></span></li><li><span class="file section"><a href="msecgui.html#d4e2749">Permissions</a></span></li></ul></li></ul></li><li><span class="file section"><a href="drakfirewall.html">Isikliku tulemüüri seadistamine</a></span></li><li><span class="file section"><a href="draksec.html">Mageia tööriistade autentimise seadistamine</a></span></li><li><span class="file section"><a href="drakinvictus.html">Võrguliideste ja tulemüüri põhjalikum seadistamine</a></span></li><li><span class="file section"><a href="drakguard.html">Lapselukk</a></span><ul><li><span class="file section"><a href="drakguard.html#d4e2874">Tutvustus</a></span></li><li><span class="file section"><a href="drakguard.html#d4e2884">Lapseluku seadistamine</a></span><ul><li><span class="file section"><a href="drakguard.html#d4e2901">Musta ja valge nimekirja kaardid</a></span></li><li><span class="file section"><a href="drakguard.html#d4e2905">Programmide blokeerimise kaart</a></span></li></ul></li></ul></li></ul></li><li><span class="file section"><a href="mcc-boot.html">Algkäivitus</a></span><ul><li><span class="file section"><a href="drakboot.html">Automaatse sisselogimise lubamine</a></span></li><li><span class="file section"><a href="drakboot--boot.html">Süsteemi käivitumise seadistamine</a></span></li><li><span class="file section"><a href="drakedm.html">Kuvahalduri seadistamine</a></span></li></ul></li><li><span class="file section"><a href="otherMageiaTools.html">Muud Mageia tööriistad</a></span><ul><li><span class="file section"><a href="drakbug.html">Mageia veateadete tööriist</a></span></li><li><span class="file section"><a href="drakbug_report.html">Logide ja süsteemiteabe kogumine veateate tarbeks</a></span></li><li><span class="file section"><a href="lsnetdrake.html">Saadaolevate NFS- ja SMB-ressursside leidmine</a></span></li><li><span class="file section"><a href="lspcidrake.html">PCI, USB ja PCMCIA teabe leidmine</a></span></li></ul></li></ul></div></div><div id="searchDiv"><div id="search"><form onsubmit="Verifie(ditaSearch_Form);return false" name="ditaSearch_Form" class="searchForm"><fieldset class="searchFieldSet"><legend/><center><input id="textToSearch" name="textToSearch" type="text" class="searchText"/> <input onclick="Verifie(ditaSearch_Form)" type="button" class="searchButton" value="Go" id="doSearch"/></center></fieldset></form></div><div id="searchResults"><center/></div></div></div></div></div></body></html> + <a accesskey="n" href="drakfirewall.html">Järgmine</a></td></tr></table></div><div id="headerlogo"><img src="t-mageia-2011.png" alt="Company Logo"/></div><h1 id="pagetitle">MSEC: süsteemi turvalisus ja audit<br/>Turvalisus</h1></div><div id="content"><!----><div xml:lang="et" class="section" title="MSEC: süsteemi turvalisus ja audit"><div class="titlepage"><div><div><h3 class="title"><a id="msecgui"><!----></a>MSEC: süsteemi turvalisus ja audit</h3></div><div><h2 class="subtitle">msecgui</h2></div></div></div><div class="mediaobject" align="center"><img src="images/msecgui.png" align="middle"/></div><div class="section" title="Tutvustus"><div class="titlepage"><div><div><h4 class="title"><a id="d4e2623"><!----></a>Tutvustus</h4></div></div></div><p>Tööriist msecgui<sup>[<a id="d4e2626" href="#ftn.d4e2626" class="footnote">38</a>]</sup> on programmi msec +graafiline kasutajaliides, mis võimaldab seadistada süsteemi turvet kahel +moel:</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>Sellega saab paika panna süsteemi käitumise, mille korral msec kehtestab +süsteemis muudatused, mis suurendavad selle turvalisust.</p></li><li class="listitem"><p>See lubab määrata kindlaks perioodilised kontrollid, mida võetakse süsteemis +ette automaatselt, et hoiatada teid, kui miski paistab ohtlikuna.</p></li></ul></div><p>Programm msec kasutab niinimetatud turbetasemete kontseptsiooni. Need +tasemed hõlmavad teatavat süsteemsete õiguste kogumit, mille põhjal +analüüsitakse süsteemis toimuvaid muutusi. Mõningad tasemed annab Mageia +ette, aga neid saab oma soovi kohaselt muuta ja kohandada.</p></div><div class="section" title="Ülevaate kaart"><div class="titlepage"><div><div><h4 class="title"><a id="d4e2635"><!----></a>Ülevaate kaart</h4></div></div></div><p>Pilt on näha ülal.</p><p>Esimesel kaardil on ära toodud eri turbetööriistade loetelu, millest paremal +asuvad nupud nende seadistamiseks:</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>Tulemüür, mille leiab ka juhtimiskeskuses Turvalisus -> Isikliku tulemüüri +seadistamine</p></li><li class="listitem"><p>Uuendused, mille leiab ka juhtimiskeskuses Tarkvara -> Süsteemi uuendamine</p></li><li class="listitem"><p>Msec ise koos mõninga teabega:</p><div class="itemizedlist"><ul class="itemizedlist" type="circle"><li class="listitem"><p>lubatud või mitte</p></li><li class="listitem"><p>seadistatud baasturbetase</p></li><li class="listitem"><p>viimaste perioodiliste kontrollide aeg ning nupud, mis vastavalt näitavad +üksikasjalikumat teavet ja võimaldavad kontrolli kohe käivitada</p></li></ul></div></li></ul></div></div><div class="section" title="Turbeseadistuste kaart"><div class="titlepage"><div><div><h4 class="title"><a id="d4e2653"><!----></a>Turbeseadistuste kaart</h4></div></div></div><p>Klõps teisele sakile või nupule Turve -> <span class="guibutton">Seadista</span> +avab allnähtava akna.</p><div class="mediaobject"><img src="images/msecgui2.png"/></div><div class="section" title="Põhiseadistuste kaart"><div class="titlepage"><div><div><h5 class="title"><a id="d4e2660"><!----></a>Põhiseadistuste kaart</h5></div></div></div><p class="underline"> + <span class="underline">Turbetasemed:</span> + </p><p>Kui olete märkinud kastikese <span class="guilabel">MSEC-i tööriista lubamine</span>, +saab siin kaardil topeltklõpsuga valida sobiva turbetaseme, mida pärast +valimist näidatakse rasvases kirjas. Kui kastike on märkimata, kasutatakse +taset « puudub ». Saadaval on järgmised tasemed:</p><div class="orderedlist"><ol class="orderedlist" type="1"><li class="listitem"><p>Tase <span class="bold"><strong>puudub</strong></span>. See on hea siis, kui te ei +soovi, et msec majandaks süsteemi turbega, ja eelistate sellega omal käel +hakkama saada. Sel tasemel keelatakse kõik turbekontrollid ning ei piirata +mingil moel süsteemseid seadistusi. Palun valige see tase ainult siis, kui +olete täiesti kindel, et teate, mida teete, sest sel juhul on teie süsteem +rünnakutele avatud.</p></li><li class="listitem"><p>Tase <span class="bold"><strong>standard</strong></span> on vaikimisi rakendatav +seadistus, mida kasutatakse paigaldamisel, kui paigaldaja ei vali midagi +muud. See tavalisele kasutajale sobiv tase sisaldab mõningaid süsteemsete +seadistuste piiranguid ning käivitab igapäevased turbekontrollid, mis +otsivad muudatusi süsteemsetes failides ja kontodes ning kataloogide +õigustes, mis võivad anda võimaluse halba korda saata. (See tase on sarnane +mseci varasemate versioonide tasemetega 2 ja 3.)</p></li><li class="listitem"><p>Tase <span class="bold"><strong>secure</strong></span> on mõeldud selleks, kui +soovite, et süsteem oleks tõeliselt turvaline, aga siiski veel +kasutatav. Süsteemi seadistusi piiratakse veelgi ning perioodilisi +kontrollegi on rohkem. Lisaks piiratakse ligipääsu süsteemile. (See tase on +sarnane mseci varasemate versioonide tasemetega 4 (kõrge) ja 5 +(paranoiline).)</p></li><li class="listitem"><p>Lisaks mainitud tasemetele pakutakse veel mitmeid eesmärgipõhiseid +turbetasemeid, näiteks <span class="bold"><strong>fileserver</strong></span>, +<span class="bold"><strong>webserver</strong></span> ja <span class="bold"><strong>netbook</strong></span>. Nende puhul üritatakse süsteemi turve +seadistada vastavalt levinumatele kasutusjuhtumitele.</p></li><li class="listitem"><p>Viimased kaks taset nimetustega <span class="bold"><strong>audit_daily +</strong></span> ja <span class="bold"><strong>audit_weekly</strong></span> ei ole +õigupoolest päris turbetasemed, vaid pigem ainult tööriistad perioodiliste +kontrollide tarbeks.</p></li></ol></div><p>Tasemed salvestatakse faili +<code class="filename">etc/security/msec/level.<tasemenimi></code>. Soovi korral +võib paika panna omaenda kohandatud turbetaseme, salvestades selle failina +<code class="filename">level.<tasemenimi></code> kataloogis +<code class="filename">etc/security/msec/.</code> See võimalus on mõistagi mõeldud +väga kogenud kasutajatele, kellel on oma vajadused süsteemi turvet enda käe +järgi kohendada.</p><div class="caution" title="Ettevaatust" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Ettevaatust</h3><p>Pidage kindlasti silmas, et kasutaja muudetud parameetreid arvestatakse enne +vaiketaseme määratlusi.</p></div><p> + <span class="underline">Turbehoiatused:</span> + </p><p>Kui märkida ära kastike <span class="guibutton">Turbehoiatuste saatmine +e-postiga:</span>, saadetakse mseci loodud turbehoiatused kohalikule +e-posti aadressile turbeadministraatorile, kelle nimi tuleb kirja panna +kõrval asuval väljal. Sinna võib kirjutada kas kohaliku kasutajanime või +täieliku e-posti aadressi (selle huvides peavad olema vajalikult seadistatud +kohalik e-post ja e-posti haldur). Samuti võib lasta turbehoiatusi näidata +otse töölaual, milleks tuleb ära märkida vastav kastike.</p><div class="important" title="Oluline" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Oluline</h3><p>Turbehoiatuste edastamine on äärmiselt soovitatav sisse lülitada, et +turbeadministraator saab õigeaegselt teada võimalikest +probleemidest. Vastasel juhul peab administraator järjepidevalt uurima +logifaile, mis salvestatakse kataloogi +<code class="filename">/var/log/security.</code></p></div><p><span class="underline">Turbevalikud:</span></p><p>Kohandatud taseme loomine ei ole ainuke viis sättida arvuti turvet oma käe +järgi: samamoodi võib kasutada tööriista eri kaarte, et muuta just neid +valikuid, mida vaja. Mseci kehtiv seadistus on salvestatud faili +<code class="filename">/etc/security/msec/security.conf</code>. See sisaldab nii +kehtivat turbetaseme nime kui ka loetelu kõigist muudetud valikutest.</p></div><div class="section" title="Süsteemi turvalisuse kaart"><div class="titlepage"><div><div><h5 class="title"><a id="d4e2702"><!----></a>Süsteemi turvalisuse kaart</h5></div></div></div><p>Sellel kaardil võib näha vasakus veerus turbevalikut, keskmises veerus selle +kirjeldust ja paremas veerus kehtivat väärtust.</p><div class="mediaobject"><img src="images/msecgui3.png"/></div><p>Mõne valiku muutmiseks tehke sellel topeltklõps, mille järel ilmub uus aken +(vt pilti allpool). Selles on näha valiku nimi, lühike kirjeldus, kehtiv ja +vaikeväärtus ning ripploend, milles saab valida uue väärtuse. Klõpsuga +nupule <span class="guibutton">Olgu</span> saab muudatuse kinnitada.</p><div class="mediaobject"><img src="images/msecgui11.png"/></div><div class="caution" title="Ettevaatust" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Ettevaatust</h3><p>Ärge unustage tööriista sulgedes oma seadistust lõplikult salvestamast +menüükäsuga <span class="guimenu">Fail -> Salvesta seadistus</span>. Kui olete +seadistusi muutnud, annab msecgui võimaluse need enne salvestamist üle +vaadata.</p></div><div class="mediaobject"><img src="images/msecgui10.png"/></div></div><div class="section" title="Võrguturvalisuse kaart"><div class="titlepage"><div><div><h5 class="title"><a id="d4e2719"><!----></a>Võrguturvalisuse kaart</h5></div></div></div><p>Sellelt kaardilt leiab võrguga seotud valikud ja kõik käib siin samamoodi +nagu eelmisel kaardil.</p><div class="mediaobject"><img src="images/msecgui4.png"/></div></div><div class="section" title="Perioodiliste kontrollide kaart"><div class="titlepage"><div><div><h5 class="title"><a id="d4e2725"><!----></a>Perioodiliste kontrollide kaart</h5></div></div></div><p>Perioodiliste kontrollide eesmärk on anda turbehoiatuste abil +turbeadministraatorile teada kõigest, mida msec peab võimalikuks ohuks.</p><p>Kui märkida kastike <span class="guibutton">Perioodiliste turbekontrollide +lubamine</span>, näeb sellel kaardil kõiki mseci sooritatavaid +perioodilisi kontrolle ja nende sagedust. Muudatusi saab siin teha samamoodi +nagu eespool kirjeldatud kaartidel.</p><div class="mediaobject"><img src="images/msecgui5.png"/></div></div><div class="section" title="Erandite kaart"><div class="titlepage"><div><div><h5 class="title"><a id="d4e2733"><!----></a>Erandite kaart</h5></div></div></div><p>Mõnikord käivad hoiatused hästi teada ja soovitud olukorra kohta. Sel juhul +ei ole neil tegelikult mõtet ja nad vaid raiskavad administraatori +aega. Sellel kaardil saab luua nii palju erandeid kui vaja, et vältida +tarbetuid turbehoiatusi. Enesest mõista on see kaart mseci esmakäivitusel +tühi. Allpool oleval pildil on näha neli erandit.</p><div class="mediaobject"><img src="images/msecgui6.png"/></div><p>Erandi loomiseks tuleb klõpsata nupule <span class="guibutton">Lisa reegel</span>.</p><div class="mediaobject"><img src="images/msecgui7.png"/></div><p>Valige vajalik perioodiline kontroll ripploendist +<span class="guilabel">Kontroll</span> ja kirjutage erand tekstikasti +<span class="guilabel">Erand</span>. Erandi lisamine ei ole mõistagi midagi jäävat: +selle võib kustutada <span class="guilabel">erandite</span> kaardil klõpsuga nupule +<span class="guibutton">Kustuta</span>, samuti võib seda topeltklõpsuga muuta.</p></div><div class="section" title="Õiguste kaart"><div class="titlepage"><div><div><h5 class="title"><a id="d4e2749"><!----></a>Õiguste kaart</h5></div></div></div><p>Sellel kaardil saab kontrollida ja jõustada failide ja kataloogide õigusi.</p><p>Nagu turvalisuse puhul, kasutab msec ka õiguste puhul mitmesuguseid tasemeid +(standard, secure jne), mida kehtestatakse vastavalt valitud +turbetasemele. Soovi korral saab luua omaenda õigustetasemeid, salvestades +need faili <code class="filename">perm.<tasemenimi></code> kataloogis +<code class="filename">etc/security/msec/</code>. See võimalus on mõeldud väga +kogenud kasutajatele, kel läheb tarvis kohandatud seadistust. Samuti saab +siinsamas kaardil muuta õigusi just selliseks nagu vaja. Kehtiv seadustus on +salvestatud faili <code class="filename">/etc/security/msec/perms.conf.</code> Selles +leiab loetelu kõigist õiguste muudatustest.</p><div class="mediaobject"><img src="images/msecgui8.png"/></div><p>Vaikimisi õigusi kuvatakse reeglite loendina (üks reegel rea kohta). Alates +vasakult antakse teada reegliga hõlmatud fail või kataloog, seejärel selle +omanik, grupp ja lõpuks õigused. Kui reegli puhul</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>kastike <span class="guilabel">Jõuga kehtestamine</span> ei ole märgitud, kontrollib +msec ainult seda, kas reeglis määratud õigused kehtivad, ning saadab +turvahoiatuse, kui see nii pole, aga ei muuda ise midagi.</p></li><li class="listitem"><p>kui kastike <span class="guilabel">Jõuga kehtestamine</span> on märgitud, kontrollib +msec esimese perioodilise kontrolli ajal õiguste vastavust reeglile ning +kirjutab need erinevuse korral üle.</p></li></ul></div><div class="important" title="Oluline" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Oluline</h3><p>Et see toimiks, peab <span class="bold"><strong>perioodiliste kontrollide +kaardil</strong></span> olema valik CHECK_PERMS sobivalt seadistatud.</p></div><p>Uue reegli loomiseks klõpsake nupule <span class="guibutton">Lisa reegel</span> ja +täitke väljad, nagu näha alloleval pildil. Väljal <span class="guilabel">Fail</span> +võib kasutada metamärki *. “current” tähendab, et midagi ei muudeta.</p><div class="mediaobject"><img src="images/msecgui9.png"/></div><p>Muudatuste jõustamiseks klõpsake nupule <span class="guibutton">Olgu</span> ning +kindlasti ärge unustage enne tööriistast väljumist kõiki muudatusi +salvestamast menüükäsuga <span class="guimenu">Fail -> Salvesta seadistus</span>. Kui +olete seadistusi muutnud, annab msecgui võimaluse need enne salvestamist üle +vaadata. </p><div class="note" title="Märkus" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Märkus</h3><p>Reegleid võib samuti luua või muuta seadistustefaili +<code class="filename">/etc/security/msec/perms.conf</code> redigeerides. + </p></div><div class="caution" title="Ettevaatust" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Ettevaatust</h3><p><span class="bold"><strong>Õiguste kaardil</strong></span> (või otse +seadistustefailis) tehtud muudatusi võetakse arvesse esimesel perioodilisel +kontrollil (vt valikut CHECK_PERMS <span class="bold"><strong>perioodiliste +kontrollide kaardil</strong></span>). Kui soovite, et neid kohe arvestataks, +kasutage käsureal administraatori õigustes käsku msecperms. Eelnevalt võib +anda käsu msecperms -p, millega saab teada õigused, mida msecperms muudab.</p></div><div class="caution" title="Ettevaatust" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Ettevaatust</h3><p>Pange kindlasti tähele, et kui muudate õigusi käsureal või failihalduris, +siis faili puhul, millel on <span class="bold"><strong>õiguste kaardil</strong></span> +ära märgitud kastike <span class="guilabel">Jõuga kehtestamine</span>, kirjutab +msecgui mõne aja pärast vanad õigused tagasi vastavalt valikutele +CHECK_PERMS ja CHECK_PERMS_ENFORCE <span class="bold"><strong>perioodiliste +kontrollide kaardil</strong></span>.</p></div></div></div><div class="footnotes"><br/><hr width="100" align="left"/><div class="footnote"><p><sup>[<a id="ftn.d4e2626" href="#d4e2626" class="para">38</a>] </sup>Tööriista saab käsurealt käivitada, kui anda administraatori õigustes käsk +<span class="bold"><strong>msecgui</strong></span>.</p></div></div></div><script type="text/javascript" src="main.js"><!----></script><div class="navfooter"><hr/><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="mcc-security.html">Eelmine</a> </td><td width="20%" align="center"><a accesskey="u" href="mcc-security.html">Üles</a></td><td width="40%" align="right"> <a accesskey="n" href="drakfirewall.html">Järgmine</a></td></tr><tr><td width="40%" align="left" valign="top"> </td><td width="20%" align="center"><a accesskey="h" href="index.html">Koju</a></td><td width="40%" align="right" valign="top"> </td></tr></table></div></div><div><div id="leftnavigation"><div id="tabs"><ul><li><a href="#treeDiv"><em>Sisukord</em></a></li><li><a href="#searchDiv"><em/></a></li></ul><div id="treeDiv"><img src="../../common/images/loading.gif" alt="loading table of contents..." id="tocLoading" style="display:block;"/><div id="ulTreeDiv" style="display:none"><ul id="tree" class="filetree"><li><span class="file section"><a href="mcc-intro.html">Mageia juhtimiskeskuse käsiraamatust</a></span></li><li><span class="file section"><a href="software-management.html">Tarkvara haldamine</a></span><ul><li><span class="file section"><a href="rpmdrake.html">Tarkvara haldamine (paigaldamine ja eemaldamine)</a></span><ul><li><span class="file section"><a href="rpmdrake.html#rpmdrake-introduction">Rpmdrake'i sissejuhatus</a></span></li><li><span class="file section"><a href="rpmdrake.html#d4e58">Akna põhiosad</a></span></li><li><span class="file section"><a href="rpmdrake.html#d4e96">Olekuveerg</a></span></li><li><span class="file section"><a href="rpmdrake.html#d4e149">Sõltuvused</a></span></li></ul></li><li><span class="file section"><a href="MageiaUpdate.html">Tarkvara uuendamine</a></span></li><li><span class="file section"><a href="mgaapplet-config.html">Uuendamissageduse seadistamine</a></span></li><li><span class="file section"><a href="drakrpm-edit-media.html">Tarkvaraallikate seadistamine</a></span><ul><li><span class="file section"><a href="drakrpm-edit-media.html#d4e219">Veerud</a></span></li><li><span class="file section"><a href="drakrpm-edit-media.html#d4e251">Nupud paremal</a></span></li><li><span class="file section"><a href="drakrpm-edit-media.html#d4e265">Menüü</a></span></li></ul></li></ul></li><li><span class="file section"><a href="mcc-sharing.html">Failide jagamine</a></span><ul><li><span class="file section"><a href="drakwizard_proftpd.html">FTP seadistamine</a></span></li><li><span class="file section"><a href="drakwizard_apache2.html">Veebiserveri seadistamine</a></span></li></ul></li><li><span class="file section"><a href="mcc-networkservices.html">Võrguteenused</a></span><ul><li><span class="file section"><a href="drakwizard_dhcp.html">DHCP seadistamine</a></span></li><li><span class="file section"><a href="drakwizard_bind.html">DNS seadistamine</a></span></li><li><span class="file section"><a href="drakwizard_squid.html">Puhverserveri seadistamine</a></span></li><li><span class="file section"><a href="drakwizard_ntp.html">Aja seadistamine</a></span></li><li><span class="file section"><a href="drakwizard_sshd.html">OpenSSH deemoni seadistamine</a></span></li></ul></li><li><span class="file section"><a href="mcc-hardware.html">Riistvara</a></span><ul><li><span class="file section"><a href="harddrake2.html">Riistvara seadistamine</a></span><ul><li><span class="file section"><a href="harddrake2.html#d4e515">Aken</a></span></li><li><span class="file section"><a href="harddrake2.html#d4e530">Menüü</a></span></li></ul></li><li><span class="file section"><a href="draksound.html">Heli seadistamine</a></span></li><li><span class="file section"><a href="drak3d.html">Ruumilise töölaua efektid</a></span><ul><li><span class="file section"><a href="drak3d.html#d4e581">Sissejuhatus</a></span></li><li><span class="file section"><a href="drak3d.html#d4e587">Alustamine</a></span></li><li><span class="file section"><a href="drak3d.html#d4e601">Probleemide lahendamine</a></span><ul><li><span class="file section"><a href="drak3d.html#d4e603">Töölauda pole sisselogimise järel näha</a></span></li></ul></li></ul></li><li><span class="file section"><a href="XFdrake.html">Graafikaserveri seadistamine</a></span></li><li><span class="file section"><a href="keyboarddrake.html">Klaviatuuri seadistamine</a></span><ul><li><span class="file section"><a href="keyboarddrake.html#d4e692">Sissejuhatus</a></span></li><li><span class="file section"><a href="keyboarddrake.html#d4e698">Klaviatuuripaigutus</a></span></li><li><span class="file section"><a href="keyboarddrake.html#d4e701">Klaviatuuritüüp</a></span></li></ul></li><li><span class="file section"><a href="mousedrake.html">Osutusseadme (hiir, puutepadi) seadistamine</a></span></li><li><span class="file section"><a href="system-config-printer.html">Printeri paigaldamine ja seadistamine</a></span><ul><li><span class="file section"><a href="system-config-printer.html#introduction">Sissejuhatus</a></span></li><li><span class="file section"><a href="system-config-printer.html#automatic">Printer tuvastati automaatselt</a></span></li><li><span class="file section"><a href="system-config-printer.html#non_automatic">Printerit ei tuvastatud automaatselt</a></span></li><li><span class="file section"><a href="system-config-printer.html#terminate">Paigaldamise lõpetamine</a></span></li><li><span class="file section"><a href="system-config-printer.html#network_printer">Võrguprinter</a></span></li><li><span class="file section"><a href="system-config-printer.html#network_printing_protocols">Trükkimise võrguprotokollid</a></span></li><li><span class="file section"><a href="system-config-printer.html#properties">Seadme omadused</a></span></li><li><span class="file section"><a href="system-config-printer.html#d4e836">Probleemide lahendamine</a></span></li><li><span class="file section"><a href="system-config-printer.html#specificities">Spetsiifilised probleemid</a></span></li></ul></li><li><span class="file section"><a href="scannerdrake.html">Skanneri seadistamine</a></span><ul><li><span class="file section"><a href="scannerdrake.html#scannerinstallation">Paigaldamine</a></span></li><li><span class="file section"><a href="scannerdrake.html#scannersharing">Skanneri jagamine</a></span></li><li><span class="file section"><a href="scannerdrake.html#scannerspecifics">Spetsiifilised probleemid</a></span></li><li><span class="file section"><a href="scannerdrake.html#scannerextrasteps">Paigaldamise lisasammud</a></span></li></ul></li><li><span class="file section"><a href="drakups.html">Puhvertoiteallika (UPS) seadistamine</a></span></li></ul></li><li><span class="file section"><a href="mcc-network.html">Kohtvõrk ja internet</a></span><ul><li><span class="file section"><a href="draknetcenter.html">Võrgukeskus</a></span><ul><li><span class="file section"><a href="draknetcenter.html#d4e1063">Sissejuhatus</a></span></li><li><span class="file section"><a href="draknetcenter.html#d4e1093">Nupp Jälgi</a></span></li><li><span class="file section"><a href="draknetcenter.html#d4e1104">Nupp Seadista</a></span></li><li><span class="file section"><a href="draknetcenter.html#d4e1163">Nupp Muud seadistused</a></span></li></ul></li><li><span class="file section"><a href="drakconnect.html">Uue võrguliidese seadistamine (LAN, ISDN, ADSL...)</a></span><ul><li><span class="file section"><a href="drakconnect.html#d4e1178">Sissejuhatus</a></span></li><li><span class="file section"><a href="drakconnect.html#d4e1185">Uus juhtmega ühendus (Ethernet)</a></span></li><li><span class="file section"><a href="drakconnect.html#d4e1239">Uus satelliidiühendus (DVB)</a></span></li><li><span class="file section"><a href="drakconnect.html#d4e1243">Uus kaablimodemi ühendus</a></span></li><li><span class="file section"><a href="drakconnect.html#d4e1301">Uus DSL-ühendus</a></span></li><li><span class="file section"><a href="drakconnect.html#d4e1337">Uus ISDN-ühendus</a></span></li><li><span class="file section"><a href="drakconnect.html#d4e1386">Uus juhtmeta ühendus (WiFi)</a></span></li><li><span class="file section"><a href="drakconnect.html#d4e1468">Uus GPRS/Edge/3G ühendus</a></span></li><li><span class="file section"><a href="drakconnect.html#d4e1494">Uus Bluetoothi sissehelistamisühendus</a></span></li><li><span class="file section"><a href="drakconnect.html#d4e1498">Uus analoogtelefonimodemi ühendus (POTS)</a></span></li><li><span class="file section"><a href="drakconnect.html#drakconnect-end">Seadistamise lõpetamine</a></span></li></ul></li><li><span class="file section"><a href="drakconnect--del.html">Ühenduse eemaldamine</a></span></li><li><span class="file section"><a href="drakproxy.html">Puhverserver</a></span></li><li><span class="file section"><a href="drakgw.html">Internetiühenduse jagamine teistele kohalikele masinatele</a></span><ul><li><span class="file section"><a href="drakgw.html#drakgw-principles">Põhialused</a></span></li><li><span class="file section"><a href="drakgw.html#drakgw-wizard">Interneti jagamise nõustaja</a></span></li><li><span class="file section"><a href="drakgw.html#drakgw-configure">Kliendi seadistamine</a></span></li><li><span class="file section"><a href="drakgw.html#drakgw-stop">Ühenduse jagamise peatamine</a></span></li></ul></li><li><span class="file section"><a href="draknetprofile.html">Võrguprofiilide haldamine</a></span></li><li><span class="file section"><a href="drakvpn.html">VPN-ühenduse seadistamine</a></span><ul><li><span class="file section"><a href="drakvpn.html#d4e1673">Sissejuhatus</a></span></li><li><span class="file section"><a href="drakvpn.html#d4e1679">Seadistamine</a></span></li></ul></li><li><span class="file section"><a href="drakhosts.html">Masinate määratlemine</a></span></li></ul></li><li><span class="file section"><a href="mcc-system.html">Süsteem</a></span><ul><li><span class="file section"><a href="drakauth.html">Autentimine</a></span></li><li><span class="file section"><a href="drakxservices.html">Süsteemi teenuste haldamine</a></span></li><li><span class="file section"><a href="drakfont.html">Fontide haldamine, lisamine ja eemaldamine. Windows(TM) fontide import</a></span></li><li><span class="file section"><a href="drakclock.html">Kuupäeva ja kellaaja seadistamine</a></span></li><li><span class="file section"><a href="localedrake.html">Süsteemi lokaliseerimine</a></span><ul><li><span class="file section"><a href="localedrake.html#input_method">Sisestusmeetod</a></span></li></ul></li><li><span class="file section"><a href="logdrake.html">Süsteemi logifailide vaatamine ja neis otsimine</a></span><ul><li><span class="file section"><a href="logdrake.html#d4e1892">Logides otsimine</a></span></li><li><span class="file section"><a href="logdrake.html#d4e1907">E-kirjaga hoiatuse saatmise seadistamine</a></span></li></ul></li><li><span class="file section"><a href="drakconsole.html">Konsooli avamine administraatorina</a></span></li><li><span class="file section"><a href="userdrake.html">Kasutajad ja grupid</a></span></li><li><span class="file section"><a href="transfugdrake.html">Windows(TM) dokumentide ja seadistuste import</a></span></li><li><span class="file section"><a href="draksnapshot-config.html">Hetktõmmised</a></span></li></ul></li><li><span class="file section"><a href="mcc-networksharing.html">Võrgu jagamine</a></span><ul><li><span class="file section"><a href="diskdrake--smb.html">Windowsi (SMB) jagatud ketaste ja kataloogide kasutamine</a></span><ul><li><span class="file section"><a href="diskdrake--smb.html#d4e2175">Sissejuhatus</a></span></li><li><span class="file section"><a href="diskdrake--smb.html#d4e2183">Kasutamine</a></span></li></ul></li><li><span class="file section"><a href="draksambashare.html">Kataloogide ja ketaste jagamine Sambaga</a></span><ul><li><span class="file section"><a href="draksambashare.html#d4e2216">Sissejuhatus</a></span></li><li><span class="file section"><a href="draksambashare.html#d4e2219">Valmistumine</a></span></li><li><span class="file section"><a href="draksambashare.html#d4e2224">Nõustaja - autonoomne server</a></span></li><li><span class="file section"><a href="draksambashare.html#d4e2267">Nõustaja - primaarne domeenikontroller</a></span></li><li><span class="file section"><a href="draksambashare.html#d4e2277">Kataloogi määramine jagatud ressursiks</a></span></li><li><span class="file section"><a href="draksambashare.html#d4e2290">Menüükirjed</a></span></li><li><span class="file section"><a href="draksambashare.html#d4e2306">Printerite jagamine</a></span></li><li><span class="file section"><a href="draksambashare.html#d4e2313">Samba kasutajad</a></span></li></ul></li><li><span class="file section"><a href="diskdrake--nfs.html">NFS-i jagatud ketaste ja kataloogide kasutamine</a></span><ul><li><span class="file section"><a href="diskdrake--nfs.html#d4e2330">Sissejuhatus</a></span></li><li><span class="file section"><a href="diskdrake--nfs.html#d4e2336">Kasutamine</a></span></li></ul></li><li><span class="file section"><a href="draknfs.html">Ketaste ja kataloogide jagamine NFS-i abil</a></span><ul><li><span class="file section"><a href="draknfs.html#d4e2370">Eelnevad nõuded</a></span></li><li><span class="file section"><a href="draknfs.html#d4e2379">Peaaken</a></span></li><li><span class="file section"><a href="draknfs.html#d4e2383">Kirje muutmine</a></span><ul><li><span class="file section"><a href="draknfs.html#d4e2390">NFS-kataloog</a></span></li><li><span class="file section"><a href="draknfs.html#d4e2394">Masina ligipääs</a></span></li><li><span class="file section"><a href="draknfs.html#d4e2406">Kasutaja ID sidumine</a></span></li><li><span class="file section"><a href="draknfs.html#d4e2416">Muud valikud</a></span></li></ul></li><li><span class="file section"><a href="draknfs.html#d4e2426">Menüükirjed</a></span><ul><li><span class="file section"><a href="draknfs.html#d4e2432">Fail|Salvesta konfiguratsioon</a></span></li><li><span class="file section"><a href="draknfs.html#d4e2435">NFS-server|Käivita uuesti</a></span></li><li><span class="file section"><a href="draknfs.html#d4e2438">NFS-server|Laadi uuesti</a></span></li></ul></li></ul></li><li><span class="file section"><a href="diskdrake--dav.html">WebDAV-i jagatud ketaste ja kataloogide kasutamine</a></span><ul><li><span class="file section"><a href="diskdrake--dav.html#d4e2453">Sissejuhatus</a></span></li><li><span class="file section"><a href="diskdrake--dav.html#d4e2457">Uue kirje loomine</a></span></li></ul></li></ul></li><li><span class="file section"><a href="mcc-localdisks.html">Kohalikud kettad</a></span><ul><li><span class="file section"><a href="drakdisk.html">Kettapartitsioonide haldamine</a></span></li><li><span class="file section"><a href="diskdrake--removable.html">CD/DVD-kirjuti</a></span><ul><li><span class="file section"><a href="diskdrake--removable.html#d4e2547">Haakepunkt</a></span></li><li><span class="file section"><a href="diskdrake--removable.html#d4e2551">Eelistused</a></span><ul><li><span class="file section"><a href="diskdrake--removable.html#d4e2556">user/nouser</a></span></li></ul></li></ul></li><li><span class="file section"><a href="diskdrake--fileshare.html">Kõvaketta partitsioonide jagamine</a></span></li></ul></li><li><span class="file section"><a href="mcc-security.html">Turvalisus</a></span><ul><li id="webhelp-currentid"><span class="file section"><a href="msecgui.html">MSEC: süsteemi turvalisus ja audit</a></span><ul><li><span class="file section"><a href="msecgui.html#d4e2623">Tutvustus</a></span></li><li><span class="file section"><a href="msecgui.html#d4e2635">Ülevaate kaart</a></span></li><li><span class="file section"><a href="msecgui.html#d4e2653">Turbeseadistuste kaart</a></span><ul><li><span class="file section"><a href="msecgui.html#d4e2660">Põhiseadistuste kaart</a></span></li><li><span class="file section"><a href="msecgui.html#d4e2702">Süsteemi turvalisuse kaart</a></span></li><li><span class="file section"><a href="msecgui.html#d4e2719">Võrguturvalisuse kaart</a></span></li><li><span class="file section"><a href="msecgui.html#d4e2725">Perioodiliste kontrollide kaart</a></span></li><li><span class="file section"><a href="msecgui.html#d4e2733">Erandite kaart</a></span></li><li><span class="file section"><a href="msecgui.html#d4e2749">Õiguste kaart</a></span></li></ul></li></ul></li><li><span class="file section"><a href="drakfirewall.html">Isikliku tulemüüri seadistamine</a></span></li><li><span class="file section"><a href="draksec.html">Mageia tööriistade autentimise seadistamine</a></span></li><li><span class="file section"><a href="drakinvictus.html">Võrguliideste ja tulemüüri põhjalikum seadistamine</a></span></li><li><span class="file section"><a href="drakguard.html">Lapselukk</a></span><ul><li><span class="file section"><a href="drakguard.html#d4e2874">Tutvustus</a></span></li><li><span class="file section"><a href="drakguard.html#d4e2884">Lapseluku seadistamine</a></span><ul><li><span class="file section"><a href="drakguard.html#d4e2901">Musta ja valge nimekirja kaardid</a></span></li><li><span class="file section"><a href="drakguard.html#d4e2905">Programmide blokeerimise kaart</a></span></li></ul></li></ul></li></ul></li><li><span class="file section"><a href="mcc-boot.html">Algkäivitus</a></span><ul><li><span class="file section"><a href="drakboot.html">Automaatse sisselogimise lubamine</a></span></li><li><span class="file section"><a href="drakboot--boot.html">Süsteemi käivitumise seadistamine</a></span></li><li><span class="file section"><a href="drakedm.html">Kuvahalduri seadistamine</a></span></li></ul></li><li><span class="file section"><a href="otherMageiaTools.html">Muud Mageia tööriistad</a></span><ul><li><span class="file section"><a href="drakbug.html">Mageia veateadete tööriist</a></span></li><li><span class="file section"><a href="drakbug_report.html">Logide ja süsteemiteabe kogumine veateate tarbeks</a></span></li><li><span class="file section"><a href="lsnetdrake.html">Saadaolevate NFS- ja SMB-ressursside leidmine</a></span></li><li><span class="file section"><a href="lspcidrake.html">PCI, USB ja PCMCIA teabe leidmine</a></span></li></ul></li></ul></div></div><div id="searchDiv"><div id="search"><form onsubmit="Verifie(ditaSearch_Form);return false" name="ditaSearch_Form" class="searchForm"><fieldset class="searchFieldSet"><legend/><center><input id="textToSearch" name="textToSearch" type="text" class="searchText"/> <input onclick="Verifie(ditaSearch_Form)" type="button" class="searchButton" value="Go" id="doSearch"/></center></fieldset></form></div><div id="searchResults"><center/></div></div></div></div></div></body></html> |