diff options
author | Yuri Chornoivan <yurchor@ukr.net> | 2018-02-23 20:34:43 +0200 |
---|---|---|
committer | Yuri Chornoivan <yurchor@ukr.net> | 2018-02-23 20:34:43 +0200 |
commit | 89f013bb4d68b0df17131df47f320ab4a44f060f (patch) | |
tree | 3a8a398ff40d57cc86940f295c97509802935f32 /docs/mcc-help/da/msecgui.xml | |
parent | cd4e1a8183a04d6067bdfa2894b64da8ec339c93 (diff) | |
download | tools-89f013bb4d68b0df17131df47f320ab4a44f060f.tar tools-89f013bb4d68b0df17131df47f320ab4a44f060f.tar.gz tools-89f013bb4d68b0df17131df47f320ab4a44f060f.tar.bz2 tools-89f013bb4d68b0df17131df47f320ab4a44f060f.tar.xz tools-89f013bb4d68b0df17131df47f320ab4a44f060f.zip |
Create stable folder and move stable docs there
Diffstat (limited to 'docs/mcc-help/da/msecgui.xml')
-rw-r--r-- | docs/mcc-help/da/msecgui.xml | 358 |
1 files changed, 0 insertions, 358 deletions
diff --git a/docs/mcc-help/da/msecgui.xml b/docs/mcc-help/da/msecgui.xml deleted file mode 100644 index 3717b3cb..00000000 --- a/docs/mcc-help/da/msecgui.xml +++ /dev/null @@ -1,358 +0,0 @@ -<?xml version='1.0' encoding='utf-8'?><section xmlns="http://docbook.org/ns/docbook" xmlns:ns5="http://www.w3.org/1998/Math/MathML" xmlns:ns4="http://www.w3.org/2000/svg" xmlns:ns3="http://www.w3.org/1999/xhtml" xmlns:ns2="http://www.w3.org/1999/xlink" xmlns:ns="http://docbook.org/ns/docbook" version="5.0" xml:lang="da" xml:id="msecgui"> - <info> - <title xml:id="msecgui-ti1">MSEC: Systemsikkerhed og overvågning</title> - - <subtitle>msecgui</subtitle> - </info> - - - - - <mediaobject> - <!-- written by Lebarhon 2014/01/03 To be checked--> -<imageobject> - <imagedata xml:id="msecgui-im1" revision="1" fileref="msecgui.png" align="center" format="PNG"/> - </imageobject> - </mediaobject> - - - <section> - <title>Presentation</title> - - <para>msecgui<footnote><para>You can start this tool from the command line, by typing <emphasis -role="bold">msecgui</emphasis> as root.</para> - </footnote> is a graphic user interface for -msec that allows to configure your system security according to two -approaches:</para> - - <itemizedlist> - <listitem> - <para>It sets the system behaviour, msec imposes modifications to the system to -make it more secure.</para> - </listitem> - - <listitem> - <para>It carries on periodic checks automatically on the system in order to warn -you if something seems dangerous.</para> - </listitem> - </itemizedlist> - - <para>msec uses the concept of "security levels" which are intended to configure a -set of system permissions, which can be audited for changes or -enforcement. Several of them are proposed by Mageia, but you can define your -own customised security levels.</para> - </section> - - <section> - <title>Overview tab</title> - - <para>See the screenshot above</para> - - <para>The first tab takes up the list of the different security tools with a -button on the right side to configure them:</para> - - <itemizedlist> - <listitem> - <para>Firewall, also found in the MCC / Security / Set up your personal firewall</para> - </listitem> - - <listitem> - <para>Updates, also found in MCC / Software Management / Update your system</para> - </listitem> - - <listitem> - <para>msec itself with some information:</para> - - <itemizedlist> - <listitem> - <para>enabled or not</para> - </listitem> - - <listitem> - <para>the configured Base security level</para> - </listitem> - - <listitem> - <para>the date of the last Periodic checks and a button to see a detailed report -and another button to execute the checks just now.</para> - </listitem> - </itemizedlist> - </listitem> - </itemizedlist> - </section> - - <section> - <title>Security settings tab</title> - - <para>A click on the second tab or on the Security -<guibutton>Configure</guibutton> button leads to the same screen shown -below.</para> - - <mediaobject> - <imageobject> - <imagedata fileref="msecgui2.png"/> - </imageobject> - </mediaobject> - - - <section> - <title>Basic security tab</title> - - <para role="underline"> - <emphasis role="underline">Security levels:</emphasis> - </para> - - <para>After having checked the box <guilabel>Enable MSEC tool</guilabel>, this tab -allows you by a double click to choose the security level that appears then -in bold. If the box is not checked, the level « none » is applied. The -following levels are available:</para> - - <orderedlist numeration="arabic"> - <listitem> - <para>Level <emphasis role="bold">none</emphasis>. This level is intended if you -do not want to use msec to control system security, and prefer tuning it on -your own. It disables all security checks and puts no restrictions or -constraints on system configuration and settings. Please use this level only -if you are knowing what you are doing, as it would leave your system -vulnerable to attack.</para> - </listitem> - - <listitem> - <para>Level <emphasis role="bold">standard</emphasis>. This is the default -configuration when installed and is intended for casual users. It -constrains several system settings and executes daily security checks which -detect changes in system files, system accounts, and vulnerable directory -permissions. (This level is similar to levels 2 and 3 from past msec -versions).</para> - </listitem> - - <listitem> - <para>Level <emphasis role="bold">secure</emphasis>. This level is intended when -you want to ensure your system is secure, yet usable. It further restricts -system permissions and executes more periodic checks. Moreover, access to -the system is more restricted. (This level is similar to levels 4 (High) and -5 (Paranoid) from old msec versions).</para> - </listitem> - - <listitem> - <para>Besides those levels, different task-oriented security are also provided, -such as the <emphasis role="bold">fileserver </emphasis>, <emphasis -role="bold">webserver</emphasis> and <emphasis -role="bold">netbook</emphasis> levels. Such levels attempt to pre-configure -system security according to the most common use cases.</para> - </listitem> - - <listitem> - <para>The last two levels called <emphasis role="bold">audit_daily </emphasis> and -<emphasis role="bold">audit_weekly</emphasis> are not really security levels -but rather tools for periodic checks only.</para> - </listitem> - </orderedlist> - - <para>These levels are saved in -<filename>/etc/security/msec/level.<levelname></filename>. You can define -your own customised security levels, saving them into specific files called -<filename>level.<levelname></filename>, placed into the folder -<filename>/etc/security/msec/.</filename> This function is intended for -power users which require a customised or more secure system configuration.</para> - - <caution> - <para>Keep in mind that user-modified parameters take precedence over default -level settings.</para> - </caution> - - <para> - <emphasis role="underline">Security alerts:</emphasis> - </para> - - <para>If you check the box <guibutton>Send security alerts by email -to:</guibutton>, the security alerts generated by msec are going to be sent -by local e-mail to the security administrator named in the nearby field. You -can fill either a local user or a complete e-mail address (the local e-mail -and the e-mail manager must be set accordingly). At last, you can receive -the security alerts directly on your desktop. Check the relevant box to -enable it.</para> - - <important> - <para>It is strongly advisable to enable the security alerts option in order to -immediately inform the security administrator of possible security -problems. If not, the administrator will have to regularly check the logs -files available in <filename>/var/log/security.</filename></para></important> - - <para><emphasis role="underline">Security options:</emphasis></para> - - <para>Creating a customised level is not the only way to customise the computer -security, it is also possible to use the tabs presented here after to change -any option you want. Current configuration for msec is stored in -<filename>/etc/security/msec/security.conf</filename>. This file contains -the current security level name and the list of all the modifications done -to the options.</para> - </section> - - <section> - <title>System security tab</title> - - <para>This tab displays all the security options on the left side column, a -description in the centre column, and their current values on the right side -column.</para> - - <mediaobject> - <imageobject> - <imagedata fileref="msecgui3.png"/> - </imageobject> - </mediaobject> - - <para>To modify an option, double click on it and a new window appears (see -screenshot below). It displays the option name, a short description, the -actual and default values, and a drop down list where the new value can be -selected. Click on the <guibutton>OK</guibutton> button to validate the -choice.</para> - - <mediaobject> - <imageobject> - <imagedata fileref="msecgui11.png"/> - </imageobject> - </mediaobject> - - <caution> - <para>Do not forget when leaving msecgui to save definitively your configuration -using the menu <guimenu>File -> Save the configuration</guimenu>. If you -have changed the settings, msecgui allows you to preview the changes before -saving them.</para> - </caution> - - <mediaobject> - <imageobject> - <imagedata fileref="msecgui10.png"/> - </imageobject> - </mediaobject> - </section> - - <section> - <title>Netværkssikkerhed</title> - - <para>This tab displays all the network options and works like the previous tab</para> - - <mediaobject> - <imageobject> - <imagedata fileref="msecgui4.png"/> - </imageobject> - </mediaobject> - </section> - - <section> - <title>Periodic checks tab</title> - - <para>Periodic checks aim to inform the security administrator by means of -security alerts of all situations msec thinks potentially dangerous.</para> - - <para>This tab displays all the periodic checks done by msec and their frequency -if the box <guibutton>Enable periodic security checks</guibutton> is -checked. Changes are done like in the previous tabs.</para> - - <mediaobject> - <imageobject> - <imagedata fileref="msecgui5.png"/> - </imageobject> - </mediaobject> - </section> - - <section> - <title>Exceptions tab</title> - - <para>Sometimes alert messages are due to well known and wanted situations. In -these cases they are useless and wasted time for the administrator. This tab -allows you to create as many exceptions as you want to avoid unwanted alert -messages. It is obviously empty at the first msec start. The screenshot -below shows four exceptions.</para> - - <mediaobject> - <imageobject> - <imagedata fileref="msecgui6.png"/> - </imageobject> - </mediaobject> - - <para>To create an exception, click on the <guibutton>Add a rule</guibutton> -button</para> - - <mediaobject> - <imageobject> - <imagedata fileref="msecgui7.png"/> - </imageobject> - </mediaobject> - - <para>Select the wanted periodic check in the drop down list called -<guilabel>Check</guilabel> and then, enter the -<guilabel>Exception</guilabel> in the text area. Adding an exception is -obviously not definitive, you can either delete it using the -<guibutton>Delete</guibutton> button of the <guilabel>Exceptions</guilabel> -tab or modify it with a double clicK.</para> - </section> - - <section> - <title>Rettigheder</title> - <para>This tab is intended for file and directory permissions checking and -enforcement.</para> - <para>Like for the security, msec owns different permissions levels (standard, -secure, ..), they are enabled accordingly with the chosen security -level. You can create your own customised permissions levels, saving them -into specific files called <filename>perm.<levelname> </filename> placed -into the folder <filename>/etc/security/msec/</filename> . This function is -intended for power users which require a customised configuration. It is -also possible to use the tab presented here after to change any permission -you want. Current configuration is stored in -<filename>/etc/security/msec/perms.conf.</filename> This file contains the -list of all the modifications done to the permissions.</para> - <mediaobject> - <imageobject> - <imagedata fileref="msecgui8.png"/> - </imageobject> - </mediaobject> - <para>Default permissions are visible as a list of rules (a rule per line). You -can see on the left side, the file or folder concerned by the rule, then the -owner, then the group and then the permissions given by the rule. If, for a -given rule:</para> - <itemizedlist> - <listitem> - <para>the box <guilabel>Enforce</guilabel> is not checked, msec only checks if the -defined permissions for this rule are respected and sends an alert message -if not, but does not change anything.</para> - </listitem> - - <listitem> - <para>the box <guilabel>Enforce</guilabel> is checked, then msec will rule the -permissions respect at the first periodic check and overwrite the -permissions.</para></listitem> - </itemizedlist> - <important><para>For this to work, the option CHECK_PERMS in the <emphasis -role="bold">Periodic check tab</emphasis> must be configured accordingly.</para></important><para>To create a new rule, click on the <guibutton> Add a rule</guibutton> button -and fill the fields as shown in the example below. The joker * is allowed in -the <guilabel>File</guilabel> field. “current” means no modification.</para> - <mediaobject> - <imageobject> - <imagedata fileref="msecgui9.png"/> - </imageobject> - </mediaobject> - <para>Click on the <guibutton>OK</guibutton> button to validate the choice and do -not forget when leaving to save definitively your configuration using the -menu <guimenu>File -> Save the configuration</guimenu>. If you have changed -the settings, msecgui allows you to preview the changes before saving them. </para> - <note><para>It is also possible to create or modify the rules by editing the -configuration file <filename>/etc/security/msec/perms.conf</filename>. - </para></note> - <caution><para>Changes in the <emphasis role="bold">Permission tab</emphasis> (or directly -in the configuration file) are taken into account at the first periodic -check (see the option CHECK_PERMS in the <emphasis role="bold">Periodic -checks tab</emphasis>). If you want them to be taken immediately into -account, use the msecperms command in a console with root rights. You can -use before, the msecperms -p command to know the permissions that will be -changed by msecperms.</para></caution> - <caution><para>Do not forget that if you modify the permissions in a console or in a file -manager, for a file where the box <guilabel>Enforce </guilabel> is checked -in the <emphasis role="bold">Permissions tab </emphasis>, msecgui will write -the old permissions back after a while, accordingly to the configuration of -the options CHECK_PERMS and CHECK_PERMS_ENFORCE in the <emphasis -role="bold">Periodic Checks tab </emphasis>.</para></caution> - </section> - </section> -</section> |