## Mandrake 7.0 MSEC security custom config. 17.4.00 ## [root@dell /root]# /etc/security/msec/init.sh "custom" 'unknown': I need something more specific. Preparing to run security script : - Cleaning msec appended line in /etc/syslog.conf : done. - Cleaning msec appended line in /etc/hosts.deny : done. - Cleaning user appended line in /etc/hosts.deny : done. - Cleaning msec appended line in /etc/hosts.allow : done. - Cleaning user appended line in /etc/hosts.allow : done. - Cleaning msec appended line in /etc/securetty : done. - Cleaning user appended line in /etc/securetty : done. - Cleaning msec appended line in /etc/security/msec/security.conf : done. - Cleaning user appended line in /etc/security/msec/security.conf : done. - Cleaning msec appended line in /etc/profile : done. - Cleaning msec appended line in /etc/lilo.conf : done. - Cleaning msec appended line in /etc/rc.d/rc.firewall : done. - Cleaning msec appended line in /etc/crontab : done. - Cleaning msec appended line in /etc/X11/xdm/Xsession : done. - Cleaning msec appended line in /etc/X11/xinit/xinitrc : done. Starting to reconfigure the system : Setting spoofing protection : Modifying config in /etc/rc.d/rc.firewall... done. 'unknown': I need something more specific. Do you want all system events to be logged on tty12 ? yes/no : yes 'unknown': I need something more specific. Modifying config in /etc/syslog.conf... done. Do you want to only allow ctrl-alt-del if root is logged locally ? ( or if an user present in /etc/shutdown.allow is logged locally ) yes/no : yes 'unknown': I need something more specific. Do you want to deny any machine to connect to yours ? yes/no : no Do you want root console login to be allowed ? yes/no : yes 'unknown': I need something more specific. /etc/security/msec/init-sh/custom.sh: g: command not found Modifying config in /etc/securetty... done. Do you want your system to daily check important security problem ? yes/no : yes 'unknown': I need something more specific. Modifying config in /etc/security/msec/security.conf... done. Modifying config in /etc/crontab... done. Do you want your system to daily check new open port listening ? yes/no : yes 'unknown': I need something more specific. Modifying config in /etc/security/msec/security.conf... done. Modifying config in /etc/crontab... done. Do you want your system to check for grave permission problem on senssibles files ? yes/no : yes 'unknown': I need something more specific. Modifying config in /etc/security/msec/security.conf... done. Modifying config in /etc/crontab... done. Do you want your system to daily check SUID Root file change ? yes/no : yes 'unknown': I need something more specific. Modifying config in /etc/security/msec/security.conf... done. Modifying config in /etc/crontab... done. Do you want your system to daily check suid files md5 checksum changes ? yes/no : yes 'unknown': I need something more specific. Modifying config in /etc/security/msec/security.conf... done. Modifying config in /etc/crontab... done. Do you want your system to daily check SUID Group file change ? yes/no : yes 'unknown': I need something more specific. Modifying config in /etc/security/msec/security.conf... done. Modifying config in /etc/crontab... done. Do you want your system to daily check Writeable file change ? yes/no : yes 'unknown': I need something more specific. Modifying config in /etc/security/msec/security.conf... done. Modifying config in /etc/crontab... done. Do you want your system to daily check Unowned file change ? yes/no : yes 'unknown': I need something more specific. Modifying config in /etc/security/msec/security.conf... done. Modifying config in /etc/crontab... done. Do you want your system to verify every minutes if a network interface is in promiscuous state (which mean someone is probably running a sniffer on your machine ) ? yes/no : yes 'unknown': I need something more specific. Modifying config in /etc/security/msec/security.conf... done. Modifying config in /etc/crontab... done. Do you want security report to be done directly on the console ? yes/no : no 'unknown': I need something more specific. Modifying config in /etc/security/msec/security.conf... done. Do you want security report to be done in syslog ? yes/no : yes 'unknown': I need something more specific. Modifying config in /etc/security/msec/security.conf... done. Do you want security report to be done by mail ? yes/no : yes 'unknown': I need something more specific. Modifying config in /etc/security/msec/security.conf... done. Do you want a password authentication at boot time ? Be very carefull, this will prevent your server to reboot without an operator to enter password. yes/no : no Do you want to disable your running server ( except important one ) This is only valuable for server installed with rpm. Do you want to disallow rpm to automatically enable a new installed server for run on next reboot ? yes = you will need to chkconfig (--add ) servername for the server to run on boot. no = rpm will do it for you, but you have less control of what is running on your machine. yes/no : no 'unknown': I need something more specific. Modifying config in /etc/profile... done. Do you want an easy, normal, restricted, or paranoid umask ? easy ( 002 ) = user = rwx, group = rwx, other = rx normal ( 022 ) = user = rwx, group = rx, other = rx restricted ( for users ) ( 077 ) = user = rwx, group =, other = restricted ( for root ) ( 022 ) = user = rwx, = group = rx, other = rx paranoid ( 077 ) = user = rwx, group = , other = easy/normal/restricted/paranoid : paranoid Modifying config in /etc/profile... done. Do you want a . in your PATH variable ? This permit you to not use ./progname & to just type progname However this is a *high* security risk. yes/no : no 'unknown': I need something more specific. Modifying config in /etc/profile... done. [root@dell /root]#