diff options
author | Papoteur <papoteur@mageia.org> | 2020-05-24 08:58:33 +0200 |
---|---|---|
committer | Papoteur <papoteur@mageia.org> | 2020-05-24 08:58:33 +0200 |
commit | 28d7e5f5d28564e853f3d656e58514eed72438ab (patch) | |
tree | 076893220e1cae6551a67ce697555171696c96dc | |
parent | 9ff955439ca637b9183cb5eb34b65425c1d8e8e5 (diff) | |
download | msec-28d7e5f5d28564e853f3d656e58514eed72438ab.tar msec-28d7e5f5d28564e853f3d656e58514eed72438ab.tar.gz msec-28d7e5f5d28564e853f3d656e58514eed72438ab.tar.bz2 msec-28d7e5f5d28564e853f3d656e58514eed72438ab.tar.xz msec-28d7e5f5d28564e853f3d656e58514eed72438ab.zip |
Format correctly man page of msec (mga#25125)
-rwxr-xr-x | src/msec/man.py | 94 |
1 files changed, 47 insertions, 47 deletions
diff --git a/src/msec/man.py b/src/msec/man.py index 919a8a0..1eaade0 100755 --- a/src/msec/man.py +++ b/src/msec/man.py @@ -39,18 +39,18 @@ configurations, which can be organized into several security levels, stored in provided with Mageia Linux: .TP -\\fBnone\\fR +\fBnone\fR this level disables all msec options. It should be used when you want to manage all aspects of system security on your own. .TP -\\fBstandard\\fR +\fBstandard\fR this is the default security level, which configures a reasonably safe set of security features. It activates several periodic system checks, and sends the results of their execution by email (by default, the local 'root' account is used). .TP -\\fBsecure\\fR +\fBsecure\fR this level is configured to provide maximum system security, even at the cost of limiting the remote access to the system, and local user permissions. It also runs a wider set of periodic checks, enforces the local password settings, and periodically checks if the @@ -68,12 +68,12 @@ Note that besides those levels you may create as many levels as necessary. .PP -The security settings are stored in \\fB/etc/security/msec/security.conf\\fR +The security settings are stored in \fB/etc/security/msec/security.conf\fR file, and default settings for each predefined level are stored in -\\fB/etc/security/msec/level.LEVEL\\fR. Permissions for files and directories +\fB/etc/security/msec/level.LEVEL\fR. Permissions for files and directories that should be enforced or checked for changes are stored in -\\fB/etc/security/msec/perms.conf\\fR, and default permissions for each -predefined level are stored in \\fB/etc/security/msec/perm.LEVEL\\fR. Note +\fB/etc/security/msec/perms.conf\fR, and default permissions for each +predefined level are stored in \fB/etc/security/msec/perm.LEVEL\fR. Note that user-modified parameters take precedence over default level settings. For example, when default level configuration forbids direct root logins, this setting can be overridden by the user. @@ -83,7 +83,7 @@ setting can be overridden by the user. The following options are supported by msec applications: .TP -\\fBmsec\\fR: +\fBmsec\fR: .PP This is the console version of msec. It is responsible for system security configuration @@ -91,137 +91,137 @@ and checking and transitions between security levels. When executed without parameters, msec will read the system configuration file (/etc/security/msec/security.conf), and enforce the specified security -settings. The operations are logged to \\fB/var/log/msec.log\\fP file, and also -to syslog, using \\fBLOG_AUTHPRIV\\fR facility. Please note that msec should +settings. The operations are logged to \fB/var/log/msec.log\fP file, and also +to syslog, using \fBLOG_AUTHPRIV\fR facility. Please note that msec should by run as root. -\\fB\-h, --help\\fR +\fB\-h, --help\fR This option will display the list of supported command line options. -\\fB\-l, --level <level>\\fR +\fB\-l, --level <level>\fR List the default configuration for given security level. -\\fB\-f, --force <level>\\fR +\fB\-f, --force <level>\fR Apply the specified security level to the system, overwritting all local changes in /etc/security/msec/security.conf. This usually should be performed either on first install, on when a transition to a different level is required. -\\fB\-d\\fR +\fB\-d\fR Enable debugging messages. -\\fB\-p, --pretend\\fR +\fB\-p, --pretend\fR Verify the actions that will be performed by msec, without actually doing anything to the system. In this mode of operation, msec performs all the required tasks, except effectively writting data back to disk. -\\fB\-r, --root <path>\\fR +\fB\-r, --root <path>\fR Use path as root. Can be used to perform msec actions in chroot. -\\fB\-q\\fR +\fB\-q\fR Run quietly -\\fB\-s, --save <level>\\fR +\fB\-s, --save <level>\fR Save current settings as a new security level. .TP -\\fBmsecperms\\fR: +\fBmsecperms\fR: .PP This application is responsible for system permission checking and enforcements. When executed without parameters, msecperms will read the permissions configuration file (/etc/security/msec/perms.conf), and enforce the specified -security settings. The operations are logged to \\fB/var/log/msec.log\\fP file, -and also to syslog, using \\fBLOG_AUTHPRIV\\fR facility. Please note that msecperms +security settings. The operations are logged to \fB/var/log/msec.log\fP file, +and also to syslog, using \fBLOG_AUTHPRIV\fR facility. Please note that msecperms should by run as root. -\\fB\-h, --help\\fR +\fB\-h, --help\fR This option will display the list of supported command line options. -\\fB\-l, --level <level>\\fR +\fB\-l, --level <level>\fR List the default configuration for given security level. -\\fB\-e, --enforce\\fR +\fB\-e, --enforce\fR Enforce the default permissions on all files. -\\fB\-d\\fR +\fB\-d\fR Enable debugging messages. -\\fB\-p, --pretend\\fR +\fB\-p, --pretend\fR Verify the actions that will be performed by msec, without actually doing anything to the system. In this mode of operation, msec performs all the required tasks, except effectively writting data back to disk. -\\fB\-r, --root <path>\\fR +\fB\-r, --root <path>\fR Use path as root. Can be used to perform msec actions in chroot. -\\fB\-q\\fR +\fB\-q\fR Run quietly .TP -\\fBmsecgui\\fR: +\fBmsecgui\fR: .PP This is the GTK version of msec. It acts as frontend to all msec functionalities. -\\fB\-h, --help\\fR +\fB\-h, --help\fR This option will display the list of supported command line options. -\\fB\-d\\fR +\fB\-d\fR Enable debugging messages. .SH EXAMPLES -\\fBEnforce system configuration according to /etc/security/msec/security.conf file:\\fP +\fBEnforce system configuration according to /etc/security/msec/security.conf file:\fP msec -\\fBDisplay system configuration changes without enforcing anything:\\fP +\fBDisplay system configuration changes without enforcing anything:\fP msec -p -\\fBInstall predefined security level 'standard':\\fP +\fBInstall predefined security level 'standard':\fP msec -f standard -\\fBPreview changes inflicted by change to 'standard' level:\\fP +\fBPreview changes inflicted by change to 'standard' level:\fP msec -p -f standard -\\fBCreate a custom security level based on 'standard':\\fP +\fBCreate a custom security level based on 'standard':\fP cp /etc/security/msec/level.standard /etc/security/msec/level.my edit /etc/security/msec/level.my msec -f my -\\fBExport current security settings to create a new security level named 'office':\\fP +\fBExport current security settings to create a new security level named 'office':\fP msec -s office -\\fBEnforce system permissions according to /etc/security/msec/perms.conf file:\\fP +\fBEnforce system permissions according to /etc/security/msec/perms.conf file:\fP msecperms -\\fBDisplay permissions changes without enforcing anything:\\fP +\fBDisplay permissions changes without enforcing anything:\fP msecperms -p -\\fBInstall predefined permissions for level 'standard':\\fP +\fBInstall predefined permissions for level 'standard':\fP msecperms -f standard -\\fBPreview changes inflicted by change to 'standard' level:\\fP +\fBPreview changes inflicted by change to 'standard' level:\fP msecperms -p -f standard -\\fBCreate a custom permissions level based on 'secure':\\fP +\fBCreate a custom permissions level based on 'secure':\fP cp /etc/security/msec/perm.secure /etc/security/msec/perm.my edit /etc/security/msec/level.my msecperms -f my -\\fBExport current security settings to create a new security level named 'office':\\fP +\fBExport current security settings to create a new security level named 'office':\fP msecperms -s office .SH "DEFINING EXCEPTIONS FOR PERIODIC CHECKS" .B msec is capable of excluding certain patterns from periodic check reports. For this, it is possible to define the exceptions in -\\fB/etc/security/msec/exceptions\\fP file, for each supported check. +\fB/etc/security/msec/exceptions\fP file, for each supported check. .PP -For example, to exclude all items that match \\fB/mnt\\fP, Mageia-based -chrooted installations in \\fB/chroot\\fP and all backup files from the +For example, to exclude all items that match \fB/mnt\fP, Mageia-based +chrooted installations in \fB/chroot\fP and all backup files from the results of of check for unowned files on the system, it is sufficient to define the following entry in the exceptions file: @@ -234,7 +234,7 @@ define the following entry in the exceptions file: .PP In a similar way, it is possible to exclude the results for the -\\fBdeluge\\fP application from the list of open ports as follows: +\fBdeluge\fP application from the list of open ports as follows: .TP CHECK_OPEN_PORT /deluge |