From 315cd54cc900e87bd93c3c6f885931828e1e9afb Mon Sep 17 00:00:00 2001 From: Camille Begnis Date: Thu, 16 Dec 1999 22:21:14 +0000 Subject: Added level 0 minor changes --- doc/msec.lyx | 194 ++++++++++++++++++++++++++++++++++++++++------------------- 1 file changed, 133 insertions(+), 61 deletions(-) (limited to 'doc') diff --git a/doc/msec.lyx b/doc/msec.lyx index e43063c..a069920 100644 --- a/doc/msec.lyx +++ b/doc/msec.lyx @@ -1,4 +1,4 @@ -#This file was created by Wed Dec 15 19:34:13 1999 +#This file was created by Thu Dec 16 18:08:20 1999 #LyX 0.12 (C) 1995-1998 Matthias Ettrich and the LyX Team \lyxformat 2.15 \textclass article @@ -56,10 +56,10 @@ It is in that aim that were designed the msec package. It is made of two parts: \layout Enumerate -Scripts that modify the whole system to lead it to one of the five security +Scripts that modify the whole system to lead it to one of the six security levels provided with msec. - These levels range from poor security and ease of use, to paranoid config, - suitable for very sensitive applications, managed by experts. + These levels range from very poor security and ease of use, to paranoid + config, suitable for very sensitive applications, managed by experts. \layout Enumerate Cron jobs, that will periodically check the integrity of the system upon @@ -75,6 +75,11 @@ Note that the user may also define his own security level, adjusting parameters Installation \layout Standard +msec is a base rpm. + That means that if you previously installed Linux-Mandrake, msec is already + installed on your system. +\layout Standard + Installing the rpm will create a msec directory into /etc/security, containing all is needed to secure your system. \layout Standard @@ -165,7 +170,7 @@ authorized clients. \layout Standard \LyXTable multicol5 -26 6 0 0 -1 -1 -1 -1 +26 7 0 0 -1 -1 -1 -1 1 1 0 0 1 1 0 0 0 1 0 0 @@ -193,6 +198,7 @@ multicol5 0 1 0 0 0 1 0 0 2 1 0 "80mm" "" +2 1 0 "80mm" "" 8 1 0 "" "" 8 1 0 "" "" 8 1 0 "" "" @@ -222,6 +228,18 @@ multicol5 0 8 0 1 0 0 0 "" "" 0 8 0 1 0 0 0 "" "" 0 8 0 1 0 0 0 "" "" +0 8 0 1 0 0 0 "" "" +0 8 0 1 0 0 0 "" "" +0 8 0 1 0 0 0 "" "" +0 8 0 1 0 0 0 "" "" +0 8 0 1 0 0 0 "" "" +0 8 0 1 0 0 0 "" "" +0 8 0 1 0 0 0 "" "" +0 8 0 1 0 0 0 "" "" +0 8 0 1 0 0 0 "" "" +0 8 0 1 0 0 0 "" "" +0 8 0 1 0 0 0 "" "" +0 2 0 1 0 0 0 "" "" 0 2 0 1 0 0 0 "" "" 0 8 0 1 0 0 0 "" "" 0 8 0 1 0 0 0 "" "" @@ -330,7 +348,6 @@ multicol5 0 8 0 1 0 0 0 "" "" 0 8 0 1 0 0 0 "" "" 0 8 0 1 0 0 0 "" "" -0 2 0 1 0 0 0 "" "" 0 8 0 1 0 0 0 "" "" 0 8 0 1 0 0 0 "" "" 0 8 0 1 0 0 0 "" "" @@ -348,6 +365,21 @@ multicol5 0 8 0 1 0 0 0 "" "" 0 8 0 1 0 0 0 "" "" 0 8 0 1 0 0 0 "" "" +0 2 0 1 0 0 0 "" "" +0 2 0 1 0 0 0 "" "" +0 8 0 1 0 0 0 "" "" +0 8 0 1 0 0 0 "" "" +0 8 0 1 0 0 0 "" "" +0 8 0 1 0 0 0 "" "" +0 8 0 1 0 0 0 "" "" +0 8 0 1 0 0 0 "" "" +0 8 0 1 0 0 0 "" "" +0 8 0 1 0 0 0 "" "" +0 8 0 1 0 0 0 "" "" +0 8 0 1 0 0 0 "" "" +0 8 0 1 0 0 0 "" "" +0 8 0 1 0 0 0 "" "" +0 8 0 1 0 0 0 "" "" 0 8 0 1 0 0 0 "" "" 0 8 0 1 0 0 0 "" "" 0 8 0 1 0 0 0 "" "" @@ -362,6 +394,8 @@ Feature \backslash Security level \newline +0 +\newline 1 \newline 2 @@ -376,6 +410,8 @@ Feature \newline Global security check +\newline + \newline * \newline @@ -391,6 +427,8 @@ umask users \newline 002 \newline +002 +\newline 022 \newline 022 @@ -403,6 +441,8 @@ umask root \newline 002 \newline +002 +\newline 022 \newline 022 @@ -411,19 +451,37 @@ umask root \newline 077 \newline -localhost authorized to connect to X display +shell without password \newline * \newline -* + +\newline + \newline \newline \newline +\newline +authorized to connect to X display +\newline +all +\newline +local +\newline +local +\newline +none +\newline +none +\newline +none \newline User in audio group +\newline + \newline * \newline @@ -438,6 +496,8 @@ User in audio group . in $PATH \newline + +\newline * \newline @@ -449,6 +509,8 @@ User in audio group \newline Warning in /var/log/security.log +\newline + \newline * \newline @@ -463,6 +525,8 @@ Warning in /var/log/security.log Warning directly on tty \newline +\newline + \newline * \newline @@ -475,6 +539,8 @@ Warning directly on tty Warning in syslog \newline +\newline + \newline * \newline @@ -487,6 +553,8 @@ Warning in syslog Suid root file check \newline +\newline + \newline * \newline @@ -499,6 +567,8 @@ Suid root file check Suid root file md5sum check \newline +\newline + \newline * \newline @@ -511,6 +581,8 @@ Suid root file md5sum check Writeable file check \newline +\newline + \newline * \newline @@ -525,6 +597,8 @@ Permissions check \newline +\newline + \newline * \newline @@ -537,6 +611,8 @@ Suid group file check \newline +\newline + \newline * \newline @@ -549,6 +625,8 @@ Unowned file check \newline +\newline + \newline * \newline @@ -561,6 +639,8 @@ Promiscuous check \newline +\newline + \newline * \newline @@ -573,6 +653,8 @@ Listening port check \newline +\newline + \newline * \newline @@ -585,6 +667,8 @@ Passwd file integrity check \newline +\newline + \newline * \newline @@ -597,6 +681,8 @@ Shadow file integrity check \newline +\newline + \newline * \newline @@ -609,6 +695,8 @@ System security check every midnight \newline +\newline + \newline * \newline @@ -621,6 +709,8 @@ All system events additionally logged to /dev/tty12 \newline +\newline + \newline * \newline @@ -635,6 +725,8 @@ Services not known disabled \newline +\newline + \newline * \newline @@ -647,34 +739,26 @@ Boot password \newline -\newline -* -\newline -* -\newline -Disable connections from all but localhost -\newline - \newline \newline - +* \newline * \newline - +Grant connection to \newline -Disable connections from all +all \newline - +all \newline - +all \newline - +all \newline - +local \newline -* +none \layout Standard Note that six out of the ten periodical checks can detect changes on the @@ -775,18 +859,23 @@ umask root The same but for the root. \layout Subsection -localhost authorized to connect to X display +shell without password \layout Standard -Runs -\begin_inset Quotes eld -\end_inset +Access to the consoles is granted without asking for a password. +\layout Subsection -xhost + localhost -\begin_inset Quotes erd -\end_inset +authorized to connect to X display +\layout Itemize + +all : Everybody from everywhere can open an X window on your screen. +\layout Itemize - on every boot. +local : Only people connected at localhost may open an X window on your + screen. +\layout Itemize + +none : Nobodi can do that. \layout Subsection User in audio group @@ -971,41 +1060,24 @@ chkconfig d/ ). \layout Subsection -Disable connections from all but localhost -\layout Standard - -Adds the rule "ALL:ALL EXCEPT localhost:DENY" into -\begin_inset Quotes eld -\end_inset - -/etc/hosts.deny -\begin_inset Quotes erd -\end_inset - - file. - +Boot password \layout Standard -This prevents all clients but localhost to connect to open ports. +Allows you to setup a password for Lilo. + Prevents people for rebooting the machine, but in the other hand, the machine + won't be able to reboot by itself. \layout Subsection -Disable connections from all -\layout Standard - -Adds the rule "ALL:ALL:DENY" into -\begin_inset Quotes eld -\end_inset +Grant connection to +\layout Itemize -/etc/hosts.deny -\begin_inset Quotes erd -\end_inset +all : All computers are allowed to connect to open ports. +\layout Itemize - file. - -\layout Standard +local : Only the localhost is allowed to connect to open ports. +\layout Itemize -This prevents all clients (even localhost) to connect to open ports. - +none : No computers are allowed to connect to open ports. \layout Section ToDo @@ -1022,4 +1094,4 @@ Author \layout Standard Vandoorselaere Yoann -\the_end \ No newline at end of file +\the_end -- cgit v1.2.1