On Thu, 27 Sep 2001, Ben Reser wrote: BR> That's great, but the defaults as you call them are set by msec on BR> Mandrake. If you don't want it to do anything set you security to Low BR> and it will do minimal things..
I examined the package, if I set it to low (which I presume is level 2) it will write enable files and do a lot of other things I don't want. BR> msec is *NOT* obscurity. The source is freely available for anyone to BR> look at. Not to mention that everything it does is documented at: BR> /usr/share/doc/msec-0.15/security.txt BR> So if msec is obscure than Solaris sure as hell is obscuree (FYI I run BR> Solaris too on some of my servers). I won't defend Solaris, but it is what runs good on Sun 440 servers... :-) What I mean by obscurity is that changing file permission on binaries so only some users can run them is just obscurity and won't bring you any more security, just false hope. BR> You'll note that at Level 3 the only thing it does is set the umask to BR> 022 which is probably what you want anyway. It doesn't touch any file BR> permissions. Mostly what it does is tell you when something is wrong. BR> BR> Ultimately msec if setup properly won't do anything you don't like. If BR> you're really paranoid edit /etc/security/msec/ to your liking. BR> However, I'm pretty sure removing msec will cause you problems down the BR> line installing updates. Maybe. But I am in Power. Muhaha. *grin* :-) msec is probably a good thing, but I would like to be able to disable it, for example via "ntsysv". Of course I can disable it the hard way, but.... -- Henrik Edlund <[EMAIL PROTECTED]> http://www.edlund.org/ "You're young, you're drunk, you're in bed, you have knives; shit happens." -- Angelina Jolie
