Linux-Mandrake:
User Guide and
Reference Manual

MandrakeSoft

 
 
January 2000
http://www.linux-mandrake.com


Next : Auto Install
Previous : Samba
Up

(Back to the table of contents)

Chapter 7 : MSEC -- Mandrake SECurity tools


Introducing MSEC

While Linux is being used for a very wide range of applications, from basic office work to high availability servers, came the need for different security levels. It is obvious that constraints inherent to highly secured servers do not match the needs of a secretary. On the other hand, a big public server is more sensitive to malicious people than my isolated Linux box.

It is with that aim that the MSEC package was designed. It is made of two parts:

Note that the user may also define his own security level, adjusting parameters to his own needs.

Installation

MSEC is a base RPM. That means that if you previously installed Linux-Mandrake, MSEC is already installed on your system.

Installing the RPM will create a msec directory into the directory /etc/security, containing all that is needed to secure your system.

Then just login as root and type /etc/security/msec/init.sh x, x being the security level you want or custom to create your own security level. The script will begin to remove all modifications made by a previous security level change, and apply the features of the chosen security level to your system. If you choose custom, then you will be asked a series of questions for each security feature MSEC proposes. In the end, these features will be applied to your system.

Note that whatever the level you choose, your configuration will be stored into /etc/security/msec/security.conf.

Level 0

This level is to be used with care. It makes your system easier to use, but extremely insecure. In particular, you shouldn't use this without security level if you answer "yes" to any of the following questions:

As you can see, this security level shouldn't be set by default because it may result in big problems for your data.

Level 1

The main security improvement compared with level 0 is that now, the access to the data of any user is granted via username and password. Therefore, it may be used by various people, and it is less sensitive to mistakes. However, it shouldn't be used on a computer that is connected to a modem or LAN (Local Area Network).

Level 2

Few major improvements for this security level; it mainly provides additional security warnings and checks. It is more secure for multi-users use.

Level 3

This is the standard security level, recommended for a computer that will be used to connect to the Internet as a client. Most of the security checks are periodically run, specifically one that checks for open ports on the system. However, these open ports are kept opened and access to them is granted to everyone.

From the user's point of view, the system is now a little bit more closed, so he'll need basic knowledge of the Linux system to achieve some special operations. The security here offered is comparable with the one of a standard Red Hat or any previous Linux-Mandrake distribution.

Level 4

With this security level, the use of this system as a server becomes possible. The security is now high enough to use the system as a server which will accept connections from many clients. By default, only connections from the computer itself will be granted. However, advanced services have been disabled, and the system administrator will have to activate the desired ones by hand in configuration files. He also will have to define for whom the access will be granted.

Security checks will warn system administrator of possible security holes or intrusions on the system.

Level 5

We build on Level 4 features and now the system is entirely closed. Security features are at their maximum. The system administrator has to activate ports, and grant connections to give other computers access to services offered by this machine.

Security levels features

What follows is the description of the different security features each level brings to the system. These features are of various types:

Security012345
Featurelevel      

global security

yesyesyesyesyes
check

umask for users

002002022022077077

umask for root

002002022022022077

shell without

yes
password

authorized to

connect toalllocallocalnonenonenone
X display

user in audio

yesyesyes
group

. in '$PATH'

yesyes    

warnings in file

yesyesyesyesyes
/var/log/security.log

warnings directly

yesyes
on tty

warnings in syslog

  yesyesyesyes

warnings sent by

  yesyesyes
e-mail to root

suid root files check

  yesyesyesyes

suid root files

yesyesyesyes
MD5 check

writeable files check

  yesyesyesyes

permissions check

   yesyesyes

suid group files check

   yesyesyes

unowned files check

   yesyes

promiscuous check

   yesyes

listening port check

   yesyesyes

passwd file

yesyesyes
integrity check

shadow file

yesyesyes
integrity check

system security check

yesyesyes
every day at midnight

all system events

yesyes
additionally logged to
/dev/tty12

unknown services

yesyes
are disabled

boot password (LILO)

    yesyes

grants connection to

allallallalllocalnone

Note that six out of the ten periodical checks can detect changes on the system. They store into files located in the /var/log/security/ directory the configuration of the system during the last check (one day ago), and warn you of any changes occurred in the meantime. These checks are:

"global security check"

"umask for users"

Simply sets the umask for normal users to the value corresponding to the security level.

"umask for root"

The same, but for root.

"shell without password"

Access to the consoles are granted without asking for a password.

"authorized to connect to X display"

"users in audio group"

Each user is a member of the audio, urpmi and cdrom groups. That means that all users are granted some special privileges regarding sound card, packages, etc.

". in '$PATH'"

the . entry is added to the '$PATH' environment variable, allowing easy execution of programs within the current working directory (it is also, to some extent, a security hole).

"warnings in /var/log/security.log"

Each warning issued by MSEC is logged into the file bearing the name /var/log/security.log.

"warnings directly on tty"

Each warning issued by MSEC is directly printed on the current console.

"warnings in syslog"

Warnings of MSEC are directed to the syslog service.

"warnings sent by e-mail to root"

Warnings issued by MSEC are also sent by e-mail to root.

"suid root files check"

Checks for new or removed suid root files on the system. If such files are found, a list of these files are issued as a warning.

"suid root file MD5 check"

Checks the MD5 signature of each suid root file that is on the system. If the signature has changed, it means that a modification has been made to this program, possibly a backdoor. A warning is then issued.

"writeable files check"

Check whether files are world writeable on the system. If so, issues a warning containing the list of these naughty files.

"permissions check"

This one checks permissions for some special files such as .netrc or users' configuration files. It also checks permissions of users' home directories. If their permissions are too loose or the owners unusual, it issues a warning.

"suid group files check"

Check for new or removed suid group files on the system. If such files are found, a list of these files are issued as a warning.

"unowned files check"

This check searches for files owned by users or groups not known by the system. If such files are found, the owner is automatically changed to user/group nobody.

"promiscuous check"

This test checks every Ethernet card to determine whether they are in "promiscuous" mode. This mode allows the card to intercept every packet received by the card, even those that are not directed to it. It may mean that a sniffer is running on your machine. Note that this check is set up to be run every minute.

"listening port check"

Issues a warning with all listening ports.

"passwd file integrity check"

Verifies that each user has a password (not a blank or an easy to guess one) an checks that it is shadowed.

"shadow file integrity check"

Verifies that each user into the shadow file has a password (not a blank or an easy to guess one).

"system security check every day at midnight"

All previous checks will be performed everyday at midnight. This relies on the addition of a cron script in the crontab file.

"services not known disabled"

All services not into /etc/security/msec/init-sh/server.4 for level 4 or server.5 for level 5 will be disabled. They are not removed, but simply not started when loading a runlevel. If you need some of them, just add them again with the chkconfig utility (you might also need to restart them with init scripts in /etc/rc.d/init.d).

"boot password"

Allows you to setup a password for LILO. Prevents (unexperienced) people from rebooting the machine, but in the other hand, the machine won't be able to reboot by itself.

"grants connection to"


Next : Auto Install
Previous : Samba
Up

Copyright � 2000 MandrakeSoft