Control Center problems - Security/msec

[Read_Icculus]

I recently installed 9.1 after using 9.0 for a long time and I've had a few problems configuring my system's security settings the same way. I go into the control center, then DrakSec to set up specific settings, like "allow_remote_root_login" under "Network Options, System Options, Periodic Checks". I set all of my options and everything seems to go normally except I've noticed that "enable_console_log" won't work no matter how many times I've tried to set it through DrakSec. Also all of my options are reset/dissapear everytime I start up DrakSec making me wonder if they are working, or not working like the console log on vt12. I've updated all of the packages via the official update mirrors in urpmi and I still have the same problem. Thanks for your help.

[bvc]

Welcome! See if this helps :)

http://www.mandrakeusers.org/viewtopic.php?t=4564

[Read_Icculus]

Thanks for the response. Actually I already knew about msec, I was looking for a bit more refined level of security besides the defaults provided by level 1, 2, 3, etc. As even level 4 allows remote root login with a password. But anyway I bumped up security to "high" in DrakSec, and set my options, (console log on v12 being among my most valued), and it seems to work. Although if "high" is msec level 3 then it might just be on that and my specific options might not have taken since console log, (the only noticeable option I checked), is enabled by default on level 3. So I went rooting around for a config file and /etc/security/msec/security.conf and all the other files in there don't tell me anything about my settings at all. In fact they're empty. So I guess I'll try enabling some specific types of security checks that aren't part of msec level 3 and see if my mucking around with DrakSec has accomplished anything.

[bvc]

regarding your settings being reset, this shouldn't happen if your changes are in /etc/security/msec/perm.local.

 

Honestly, I haven't messed with msec in 9.1, but in 9.0 I think it was called DrakPerm and it was useless. I did everything from the command line and the setting would stick.

[Read_Icculus]

Maybe that's part of the problem. I don't have a perm.local. Here's an ls of /etc/security/msec/

 

level.local  security.conf*  server.4  server.5

 

level.local and security.conf are blank, the server.4 and 5 files are just lists of commands and whatnot. I'll try some of the security checks before long and see if those settings "stick".

[Read_Icculus]

After taking a look at the man page for msec I notice that my current config is in /var/lib/msec/security.conf

 

CHECK_SHADOW=yes

CHECK_SUID_MD5=yes

CHECK_UNOWNED=no

CHECK_SECURITY=yes

CHECK_PASSWD=yes

SYSLOG_WARN=yes

CHECK_SUID_ROOT=yes

CHECK_PERMS=yes

MAIL_EMPTY_CONTENT=no

CHECK_WRITABLE=yes

CHKROOTKIT_CHECK=yes

CHECK_PROMISC=no

CHECK_SGID=yes

RPM_CHECK=yes

TTY_WARN=no

MAIL_WARN=yes

CHECK_OPEN_PORT=yes

 

So can I just edit this file and set my options that way after an "msec -something"? Or do I have to edit a file in /etc/security/msec? And does a simple invocation of msec (1, 2, 3) setup my security level according to the *.conf file? Or what? I've tried reading through the msec man page a few times and doing a search on mandrake secure or what have you with no luck.

[bvc]

/var/lib/msec/security.conf is where the default levels are set depending on the level you choose. Changes to these settings are done in /etc/security/msec/security.conf, or.....for customizations like yours....have you read

 

Customizing msec With Overrides

@

http://www.mandrakesecure.net/en/docs/msec.php

?

[Read_Icculus]

Thanks! That looks like it'll solve my problems.