aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPapoteur <papoteur@mageia.org>2020-05-24 08:58:33 +0200
committerPapoteur <papoteur@mageia.org>2020-05-24 08:58:33 +0200
commit28d7e5f5d28564e853f3d656e58514eed72438ab (patch)
tree076893220e1cae6551a67ce697555171696c96dc
parent9ff955439ca637b9183cb5eb34b65425c1d8e8e5 (diff)
downloadmsec-28d7e5f5d28564e853f3d656e58514eed72438ab.tar
msec-28d7e5f5d28564e853f3d656e58514eed72438ab.tar.gz
msec-28d7e5f5d28564e853f3d656e58514eed72438ab.tar.bz2
msec-28d7e5f5d28564e853f3d656e58514eed72438ab.tar.xz
msec-28d7e5f5d28564e853f3d656e58514eed72438ab.zip
Format correctly man page of msec (mga#25125)
-rwxr-xr-xsrc/msec/man.py94
1 files changed, 47 insertions, 47 deletions
diff --git a/src/msec/man.py b/src/msec/man.py
index 919a8a0..1eaade0 100755
--- a/src/msec/man.py
+++ b/src/msec/man.py
@@ -39,18 +39,18 @@ configurations, which can be organized into several security levels, stored in
provided with Mageia Linux:
.TP
-\\fBnone\\fR
+\fBnone\fR
this level disables all msec options. It should be used when you want to manage
all aspects of system security on your own.
.TP
-\\fBstandard\\fR
+\fBstandard\fR
this is the default security level, which configures a reasonably safe set of security
features. It activates several periodic system checks, and sends the results of their
execution by email (by default, the local 'root' account is used).
.TP
-\\fBsecure\\fR
+\fBsecure\fR
this level is configured to provide maximum system security, even at the cost of limiting
the remote access to the system, and local user permissions. It also runs a wider set of
periodic checks, enforces the local password settings, and periodically checks if the
@@ -68,12 +68,12 @@ Note that besides those levels you may create as many levels as necessary.
.PP
-The security settings are stored in \\fB/etc/security/msec/security.conf\\fR
+The security settings are stored in \fB/etc/security/msec/security.conf\fR
file, and default settings for each predefined level are stored in
-\\fB/etc/security/msec/level.LEVEL\\fR. Permissions for files and directories
+\fB/etc/security/msec/level.LEVEL\fR. Permissions for files and directories
that should be enforced or checked for changes are stored in
-\\fB/etc/security/msec/perms.conf\\fR, and default permissions for each
-predefined level are stored in \\fB/etc/security/msec/perm.LEVEL\\fR. Note
+\fB/etc/security/msec/perms.conf\fR, and default permissions for each
+predefined level are stored in \fB/etc/security/msec/perm.LEVEL\fR. Note
that user-modified parameters take precedence over default level settings. For
example, when default level configuration forbids direct root logins, this
setting can be overridden by the user.
@@ -83,7 +83,7 @@ setting can be overridden by the user.
The following options are supported by msec applications:
.TP
-\\fBmsec\\fR:
+\fBmsec\fR:
.PP
This is the console version of msec. It is responsible for system security configuration
@@ -91,137 +91,137 @@ and checking and transitions between security levels.
When executed without parameters, msec will read the system configuration file
(/etc/security/msec/security.conf), and enforce the specified security
-settings. The operations are logged to \\fB/var/log/msec.log\\fP file, and also
-to syslog, using \\fBLOG_AUTHPRIV\\fR facility. Please note that msec should
+settings. The operations are logged to \fB/var/log/msec.log\fP file, and also
+to syslog, using \fBLOG_AUTHPRIV\fR facility. Please note that msec should
by run as root.
-\\fB\-h, --help\\fR
+\fB\-h, --help\fR
This option will display the list of supported command line options.
-\\fB\-l, --level <level>\\fR
+\fB\-l, --level <level>\fR
List the default configuration for given security level.
-\\fB\-f, --force <level>\\fR
+\fB\-f, --force <level>\fR
Apply the specified security level to the system, overwritting all local
changes in /etc/security/msec/security.conf. This usually should be performed
either on first install, on when a transition to a different level is required.
-\\fB\-d\\fR
+\fB\-d\fR
Enable debugging messages.
-\\fB\-p, --pretend\\fR
+\fB\-p, --pretend\fR
Verify the actions that will be performed by msec, without actually
doing anything to the system. In this mode of operation, msec performs all the
required tasks, except effectively writting data back to disk.
-\\fB\-r, --root <path>\\fR
+\fB\-r, --root <path>\fR
Use path as root. Can be used to perform msec actions in chroot.
-\\fB\-q\\fR
+\fB\-q\fR
Run quietly
-\\fB\-s, --save <level>\\fR
+\fB\-s, --save <level>\fR
Save current settings as a new security level.
.TP
-\\fBmsecperms\\fR:
+\fBmsecperms\fR:
.PP
This application is responsible for system permission checking and enforcements.
When executed without parameters, msecperms will read the permissions
configuration file (/etc/security/msec/perms.conf), and enforce the specified
-security settings. The operations are logged to \\fB/var/log/msec.log\\fP file,
-and also to syslog, using \\fBLOG_AUTHPRIV\\fR facility. Please note that msecperms
+security settings. The operations are logged to \fB/var/log/msec.log\fP file,
+and also to syslog, using \fBLOG_AUTHPRIV\fR facility. Please note that msecperms
should by run as root.
-\\fB\-h, --help\\fR
+\fB\-h, --help\fR
This option will display the list of supported command line options.
-\\fB\-l, --level <level>\\fR
+\fB\-l, --level <level>\fR
List the default configuration for given security level.
-\\fB\-e, --enforce\\fR
+\fB\-e, --enforce\fR
Enforce the default permissions on all files.
-\\fB\-d\\fR
+\fB\-d\fR
Enable debugging messages.
-\\fB\-p, --pretend\\fR
+\fB\-p, --pretend\fR
Verify the actions that will be performed by msec, without actually
doing anything to the system. In this mode of operation, msec performs all the
required tasks, except effectively writting data back to disk.
-\\fB\-r, --root <path>\\fR
+\fB\-r, --root <path>\fR
Use path as root. Can be used to perform msec actions in chroot.
-\\fB\-q\\fR
+\fB\-q\fR
Run quietly
.TP
-\\fBmsecgui\\fR:
+\fBmsecgui\fR:
.PP
This is the GTK version of msec. It acts as frontend to all msec functionalities.
-\\fB\-h, --help\\fR
+\fB\-h, --help\fR
This option will display the list of supported command line options.
-\\fB\-d\\fR
+\fB\-d\fR
Enable debugging messages.
.SH EXAMPLES
-\\fBEnforce system configuration according to /etc/security/msec/security.conf file:\\fP
+\fBEnforce system configuration according to /etc/security/msec/security.conf file:\fP
msec
-\\fBDisplay system configuration changes without enforcing anything:\\fP
+\fBDisplay system configuration changes without enforcing anything:\fP
msec -p
-\\fBInstall predefined security level 'standard':\\fP
+\fBInstall predefined security level 'standard':\fP
msec -f standard
-\\fBPreview changes inflicted by change to 'standard' level:\\fP
+\fBPreview changes inflicted by change to 'standard' level:\fP
msec -p -f standard
-\\fBCreate a custom security level based on 'standard':\\fP
+\fBCreate a custom security level based on 'standard':\fP
cp /etc/security/msec/level.standard /etc/security/msec/level.my
edit /etc/security/msec/level.my
msec -f my
-\\fBExport current security settings to create a new security level named 'office':\\fP
+\fBExport current security settings to create a new security level named 'office':\fP
msec -s office
-\\fBEnforce system permissions according to /etc/security/msec/perms.conf file:\\fP
+\fBEnforce system permissions according to /etc/security/msec/perms.conf file:\fP
msecperms
-\\fBDisplay permissions changes without enforcing anything:\\fP
+\fBDisplay permissions changes without enforcing anything:\fP
msecperms -p
-\\fBInstall predefined permissions for level 'standard':\\fP
+\fBInstall predefined permissions for level 'standard':\fP
msecperms -f standard
-\\fBPreview changes inflicted by change to 'standard' level:\\fP
+\fBPreview changes inflicted by change to 'standard' level:\fP
msecperms -p -f standard
-\\fBCreate a custom permissions level based on 'secure':\\fP
+\fBCreate a custom permissions level based on 'secure':\fP
cp /etc/security/msec/perm.secure /etc/security/msec/perm.my
edit /etc/security/msec/level.my
msecperms -f my
-\\fBExport current security settings to create a new security level named 'office':\\fP
+\fBExport current security settings to create a new security level named 'office':\fP
msecperms -s office
.SH "DEFINING EXCEPTIONS FOR PERIODIC CHECKS"
.B msec
is capable of excluding certain patterns from periodic check reports. For
this, it is possible to define the exceptions in
-\\fB/etc/security/msec/exceptions\\fP file, for each supported check.
+\fB/etc/security/msec/exceptions\fP file, for each supported check.
.PP
-For example, to exclude all items that match \\fB/mnt\\fP, Mageia-based
-chrooted installations in \\fB/chroot\\fP and all backup files from the
+For example, to exclude all items that match \fB/mnt\fP, Mageia-based
+chrooted installations in \fB/chroot\fP and all backup files from the
results of of check for unowned files on the system, it is sufficient to
define the following entry in the exceptions file:
@@ -234,7 +234,7 @@ define the following entry in the exceptions file:
.PP
In a similar way, it is possible to exclude the results for the
-\\fBdeluge\\fP application from the list of open ports as follows:
+\fBdeluge\fP application from the list of open ports as follows:
.TP
CHECK_OPEN_PORT /deluge