From 43ae230908a7360e79a9fe6949c4cabf9df0bc15 Mon Sep 17 00:00:00 2001 From: Eugeni Dodonov Date: Tue, 13 Jan 2009 21:31:51 +0000 Subject: Updated man page and added examples. --- man/C/msec.8 | 72 ++++++++++++++++++++++++++++++++++++++++++++++++++---------- 1 file changed, 61 insertions(+), 11 deletions(-) (limited to 'man') diff --git a/man/C/msec.8 b/man/C/msec.8 index ba9f294..0663c14 100644 --- a/man/C/msec.8 +++ b/man/C/msec.8 @@ -1,5 +1,5 @@ .ds q \N'34' -.TH msec 0.60.2 msec "Mandriva Linux" +.TH msec 0.60.3 msec "Mandriva Linux" .SH NAME msec \- Mandriva Linux security tools .SH SYNOPSIS @@ -11,13 +11,14 @@ msec \- Mandriva Linux security tools .SH DESCRIPTION .B msec is responsible to maintain system security in Mandriva. It supports different security -configurations, which can be organized into several security levels. Currently, three -preconfigured security levels are provided: +configurations, which can be organized into several security levels, stored in +/etc/security/msec/level.LEVELNAME. Currently, three preconfigured security levels are +provided with Mandriva Linux: .TP \fBnone\fR -this level aims to provide the most basic security. It should be used when you want to -manage all aspects of system security on your own. +this level disables all msec options. It should be used when you want to manage +all aspects of system security on your own. .TP \fBdefault\fR @@ -33,6 +34,9 @@ periodic checks, enforces the local password settings, and periodically checks i system security settings, configured by msec, were modified directly or by some other application. +.TP +Note that besides those levels you may create as many levels as necessary. + .PP The security settings are stored in \fB/etc/security/msec/security.conf\fR @@ -69,9 +73,10 @@ by run as root. List the default configuration for given security level. \fB\-f, --force \fR - Apply the specified security level to the system, overwritting all -local changes. This is necessary to initialize a security level, either on first -install, on when a change to a different level is required. + + Apply the specified security level to the system, overwritting all local +changes in /etc/security/msec/security.conf. This usually should be performed +either on first install, on when a transition to a different level is required. \fB\-d\fR Enable debugging messages. @@ -100,9 +105,9 @@ should by run as root. List the default configuration for given security level. \fB\-f, --force \fR - Apply the specified security level to the system, overwritting all -local changes. This is necessary to initialize a security level, either on first -install, on when a change to a different level is required. + Apply the specified security level to the system, overwritting all local +changes in /etc/security/msec/perms.conf. This usually should be performed +either on first install, on when a transition to a different level is required. \fB\-e, --enforce\fR Enforce the default permissions on all files. @@ -127,6 +132,42 @@ This is the GTK version of msec. It acts as frontend to all msec functionalities \fB\-d\fR Enable debugging messages. +.SH EXAMPLES + +\fBEnforce system configuration according to /etc/security/msec/security.conf file:\fP + msec + +\fBDisplay system configuration changes without enforcing anything:\fP + msec -p + +\fBInstall predefined security level 'default':\fP + msec -f default + +\fBPreview changes inflicted by change to 'default' level:\fP + msec -p -f default + +\fBCreate a custom security level based on 'default':\fP + cp /etc/security/msec/level.default /etc/security/msec/level.my + edit /etc/security/msec/level.my + msec -f my + +\fBEnforce system permissions according to /etc/security/msec/perms.conf file:\fP + msecperms + +\fBDisplay permissions changes without enforcing anything:\fP + msecperms -p + +\fBInstall predefined permissions for level 'default':\fP + msecperms -f default + +\fBPreview changes inflicted by change to 'default' level:\fP + msecperms -p -f default + +\fBCreate a custom permissions level based on 'secure':\fP + cp /etc/security/msec/perm.secure /etc/security/msec/perm.my + edit /etc/security/msec/level.my + msecperms -f my + .SH "SECURITY OPTIONS" The following security options are supported by msec: @@ -412,6 +453,15 @@ MSEC parameter: \fIENABLE_DNS_SPOOFING_PROTECTION\fP Accepted values: \fIyes, no\fP +.TP 4 +.B \fIbase_level\fP +Defines the base security level, on top of which the current configuration is based. + +MSEC parameter: \fIBASE_LEVEL\fP + +Accepted values: \fI*\fP + + .TP 4 .B \fIcheck_perms\fP Enables periodic permission checking for system files. -- cgit v1.2.1