1. Securing your Machine through DrakSec

draksec is a graphical interface to msec (which stands for Mandriva Linux Security Tool). It allows you to change your system's security level and to configure every option of msec's security features.

msec has two aspects: system behavior configuration and periodic checks of system state. Each security level modifies the system configuration, making it more and more secure, and verifying more and more security related aspects.

1.1. Setting your Security Level

[Note] Expert Tool

This tool is only displayed in expert mode. Choose OptionsExpert mode from the menu and then access the Security section of Mandriva Linux Control Center.

Figure 12.1. Choosing the Security Level of your System

Choosing the Security Level of your System

Choose a Security Level. Simply choose the security level you want from the Security Level pull-down list: it will be effective as soon as you click on OK. Please read the help text regarding security levels very carefully so that you know what setting a specific security level implies.

[Tip] Explore Each Level

If you wish to check which options are activated for each security level, review the other tabs: Network Options, System Options and Periodic Checks. Click on the Help button to display information about the options and their default values. If some of the default options don't suit your needs, simply redefine them. See Section 1.2, “Customizing a Security Level”, for details.

Activate Security Alerts. Put a check mark on the Security Alerts box to send by mail possible security issues found by msec to the local user name or to the e-mail address defined in the Security Administrator field.

[Warning] Warning

We highly recommend you activate the security alerts option so that the administrator is immediately informed of possible security issues. Otherwise the administrator will have to regularly check the relevant system log files.

1.2. Customizing a Security Level

Clicking on each of the Options tabs (and the Periodic Checks one) lead you to msec's list of security options. This allows you to define your own security level based on the security level previously chosen.

Figure 12.2. Modifying Standard Options

Modifying Standard Options

For each tab, there are two columns:

  1. Options List. All available options are listed.

  2. Value. For each option[11] you can choose from the corresponding pull-down menu:

    • Yes. Activate this option no matter what the default value is.

    • No. Deactivate this option no matter what the default value is.

    • Default. Keep the default security level behavior.

    • Ignore. Use this value if you don't wish this test to be performed.

    • ALL, LOCAL, NONE. The meaning of these are option-dependent. Please see the Help text available through the Help button for more information.

Clicking on OK accepts the current security level with custom options, applies it to the system and exits the application.



[11] The default security level setting is shown in the Help window.