Msec allows you to change your
system's security level and to configure options and features associated to
those levels.
Draksec allows you to configure various aspects of your system's security:
system behavior,
periodic checks of system state
Increasing security level modifies the system configuration, making it more and more secure, and verifying more and more security related aspects.
Choose a Security Level. First enable msec by checking Enable MSEC toolSimply choose the security level you want: check either Standard or Secure option. It will be effective as soon as you click on save button. Please read the help text regarding security levels very carefully so that you know what setting a specific security level implies.
![]() |
Explore Each Level |
---|---|
If you wish to check which options are activated for each security level, review the other tabs: System security, Network security, Periodic Checks and Permissions. Click on the button to display information about the options and their default values. If some of the default options don't suit your needs, simply redefine them. See Section 8.1.2, “Customizing a Security Level”, for details. |
Activate Security Alerts. Put a check mark on the Security Alerts box to send mail about possible security issues found by msec to the local user name or to the e-mail address defined in the Security Administrator field. Finally you can get notifications for security alerts on your desktop. Check box to enable it.
Select a paramater and double clicking on each of the Value in tabs. A new window will pop up and show information about this current value: Current value, Standard level value which is the value proposed by default in selected security level.
In combo list choose the right value. Clicking on validate current modification on a given value. In order to really save all modifications you will have to click on save icon.
Drakperm allows you to customize
the permissions which should be associated with each file and directory in
your system: configuration files, personal files, applications, etc. If the
owners and permissions listed here don't match the actual permissions of the
system's files, then msec (which stands for Mandriva Linux Security Tool) will
change them during its hourly checks. These modifications can help prevent
possible security holes or intrusions.
The list of files and directories which appears depends on the current system's security level as set by msec, along with their expected permissions for that security level. For each entry (Path) there exists a corresponding owner (User), owner group (Group) and Permissions. In the drop-down menu, you can choose to display only msec rules (System settings), your own user-defined rules (Custom settings) or both as in the example shown in Figure 8.3, “Configuring File-Permission Checks”.
![]() |
Note |
---|---|
You cannot edit system rules,
as stated by the “Do not enter” ( |
Create Your Own Rules. If you wish to add your own rules for specific files or modify the default behavior, display the Custom settings list and click on the button.
Procedure 8.1. Customize Your Home Directory Permissions
Let's imagine your current
security level is set to 3
(high). This means that
only the owners of the home directories can browse them. If you wish to
share the content of Queen's home directory with other users, you need
to modify the permissions of the /home/queen/
directory.
msec only changes file permissions that are more permissive than the one required by a certain security level. That means that for the change above, the permissions must be changed by hand.
You can do this in Konqueror by modifying the permission properties of your home directory, and checking the Apply changes to all sub-folders and their contents option.
If you create more rules, you can change their priorities by moving them up and down the rules list: use the and buttons on your custom rules to have more control over your system's permissions.