diff options
| author | Eugeni Dodonov <eugeni@mandriva.org> | 2009-01-06 21:31:46 +0000 |
|---|---|---|
| committer | Eugeni Dodonov <eugeni@mandriva.org> | 2009-01-06 21:31:46 +0000 |
| commit | ff31c9236b1fd7465ea9687fc735e8af882e780e (patch) | |
| tree | eec89033b4ad0b2459fbb91fa6dd39077eeaf407 /share/README | |
| parent | ab984707253940bf5ced3a379699e8d0dc757fa6 (diff) | |
| download | msec-ff31c9236b1fd7465ea9687fc735e8af882e780e.tar msec-ff31c9236b1fd7465ea9687fc735e8af882e780e.tar.gz msec-ff31c9236b1fd7465ea9687fc735e8af882e780e.tar.bz2 msec-ff31c9236b1fd7465ea9687fc735e8af882e780e.tar.xz msec-ff31c9236b1fd7465ea9687fc735e8af882e780e.zip | |
Updated to working version of new msec.
Conflicts:
Makefile
cron-sh/security_check.sh
share/msec.py
Diffstat (limited to 'share/README')
| -rw-r--r-- | share/README | 87 |
1 files changed, 0 insertions, 87 deletions
diff --git a/share/README b/share/README deleted file mode 100644 index 4bb3846..0000000 --- a/share/README +++ /dev/null @@ -1,87 +0,0 @@ -****************** -Configurations files in /etc/security/msec/ -Shell scripts in /usr/share/msec. -****************** - -Suggestions & comments: -flepied@mandriva.com - -****************** -Doc of the rewritting in python: - - 0 1 2 3 4 5 -root umask 022 022 022 022 022 077 -shell timeout 0 0 0 0 3600 900 -deny services none none none none local all -su only for wheel grp no no no no no yes -user umask 022 022 022 022 077 077 -shell history size default default default default 10 10 -direct root login yes yes yes yes no no -remote root login yes yes yes yes no no -sulogin for single user no no no no yes yes -user list in [kg]dm yes yes yes yes no no -promisc check no no no no yes yes -ignore icmp echo no no no no yes yes -ignore broadcasted icmp echo no no no no yes yes -ignore bogus error responses no no no no yes yes -enable libsafe no no no no yes yes -allow reboot by user yes yes yes yes no no -allow crontab/at yes yes yes yes no no -password aging no no no no 60 30 -allow autologin yes yes yes no no no -console log no no no yes yes yes -issues yes yes yes local local no -ip spoofing protection no no no yes yes yes -dns spoofing protection no no no yes yes yes -log stange ip packets no no no yes yes yes -periodic security check no yes yes yes yes yes -allow X connections yes local local no no no -allow xauth from root yes yes yes yes no no -X server listen to tcp tcp tcp tcp local local -run msec by cron yes yes yes yes yes yes - -Periodic security checks by level: - - 0 1 2 3 4 5 -CHECK_SECURITY no yes yes yes yes yes -CHECK_PERMS no no no yes yes yes -CHECK_SUID_ROOT no no yes yes yes yes -CHECK_SUID_MD5 no no yes yes yes yes -CHECK_SGID no no yes yes yes yes -CHECK_WRITABLE no no yes yes yes yes -CHECK_UNOWNED no no no no yes yes -CHECK_PROMISC no no no no yes yes -CHECK_OPEN_PORT no no no yes yes yes -CHECK_PASSWD no no no yes yes yes -CHECK_SHADOW no no no yes yes yes -TTY_WARN no no no no yes yes -MAIL_WARN no no no yes yes yes -SYSLOG_WARN no no yes yes yes yes -RPM_CHECK no no no yes yes yes -CHKROOTKIT_CHECK no no no yes yes yes - -These variables are configured by the user: - -MAIL_USER the user to send the dayly reports. If not set, the email is -sent to root. - -PERM_LEVEL is used to determine which file to use to fix -permissions/owners/groups (from /usr/share/msec/perm.$PERM_LEVEL). If -not set, the SECURE_LEVEL is used instead. If the file -/etc/security/msec/perm.local exists, it's used too. The syntax for -each line if the following: - -<file specification> <owner> <permission> [force] - -<file specification> can be any glob to specify one or multiple -files/diretories. - -<owner> must be in the form <user>.<group> or <user>. (force only -user) or .<group> (force only group) or current (keep current user and -group). - -<permission> is an octal number representing the access rights or -current to keep the current permissions. - -If force is present as a 4th argument, it means that msec will enforce -the permission even if the previous permission was lower. |