Re: [expert] Some process changing groups & permissions
Jack Coates wrote: > google msec and read up on it. You'll want to put your specific settings > in /etc/security/msec/perm.local I found http://www.mandrakeuser.org/docs/mdoc/ref/prog-msec.html, but neither it nor the man page adequately explain how to edit this file to change the default user umask from 022 to 002. Adding a line set_user_umask(002) didn't work, and the GUI for msec doesn't seem to provide coverage of user umask at all. -- "...[B]e quick to listen, slow to speak and slow to become angry" James 1:19 NIV Team OS/2 ** Reg. Linux User #211409 Felix Miata *** http://members.ij.net/mrmazda/ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Some process changing groups & permissions
On Mon, 2003-09-01 at 12:21, Jack Coates wrote: > On Mon, 2003-09-01 at 11:24, Felix Miata wrote: > > Jack Coates wrote: > > > > > google msec and read up on it. You'll want to put your specific settings > > > in /etc/security/msec/perm.local > > > > I found http://www.mandrakeuser.org/docs/mdoc/ref/prog-msec.html, but > > neither it nor the man page adequately explain how to edit this file to > > change the default user umask from 022 to 002. Adding a line > > > > set_user_umask(002) > > > > didn't work, and the GUI for msec doesn't seem to provide coverage of > > user umask at all. > > here's mine: > [EMAIL PROTECTED] jack]$ cat /etc/security/msec/perm.local > /etc/rc.d/init.d/functions root.wheel 750 > /home/RPMS/ root.wheel 750 > /home/RPMS/*root.wheel 644 > > by the way, changes can't take effect immediately, right? You've got to > either wait for the cron job or do it manually. /etc/cron.hourly/msec I like Todd's method rpm -e msec --nodeps and then put it into the urpmi skip list *grin* James Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Some process changing groups & permissions
On Mon, 2003-09-01 at 11:24, Felix Miata wrote: > Jack Coates wrote: > > > google msec and read up on it. You'll want to put your specific settings > > in /etc/security/msec/perm.local > > I found http://www.mandrakeuser.org/docs/mdoc/ref/prog-msec.html, but > neither it nor the man page adequately explain how to edit this file to > change the default user umask from 022 to 002. Adding a line > > set_user_umask(002) > > didn't work, and the GUI for msec doesn't seem to provide coverage of > user umask at all. here's mine: [EMAIL PROTECTED] jack]$ cat /etc/security/msec/perm.local /etc/rc.d/init.d/functions root.wheel 750 /home/RPMS/ root.wheel 750 /home/RPMS/*root.wheel 644 by the way, changes can't take effect immediately, right? You've got to either wait for the cron job or do it manually. /etc/cron.hourly/msec -- Jack Coates Monkeynoodle: A Scientific Venture... Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Some process changing groups & permissions
On Mon, 2003-09-01 at 13:08, James Sparenberg wrote: ... > > I like Todd's method rpm -e msec --nodeps and then put it into the urpmi > skip list *grin* > > James ... It's got its uses, but I agree that the right mistake with msec can royally screw a system. Of course, that's Unix for you; most tools can bite if you don't learn how to use them right. -- Jack Coates Monkeynoodle: A Scientific Venture... Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Some process changing groups & permissions
On Mon, 2003-09-01 at 18:10, Jack Coates wrote: > On Mon, 2003-09-01 at 13:08, James Sparenberg wrote: > ... > > > > I like Todd's method rpm -e msec --nodeps and then put it into the urpmi > > skip list *grin* > > > > James Wh? Uninstall msec??? It's a GREAT tool. I'm glad Mandrake includes it. Just because you're running Linux doesn't mean you're immune for any sort of attacks. Ripping out the security mechanisms is a good way to make it a target. Learn to use msec correctly instead of banishing anything you don't understand. -- Brian Keefer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Some process changing groups & permissions
On Mon, 2003-09-01 at 19:28, chort wrote: > On Mon, 2003-09-01 at 18:10, Jack Coates wrote: > > On Mon, 2003-09-01 at 13:08, James Sparenberg wrote: > > ... > > > > > > I like Todd's method rpm -e msec --nodeps and then put it into the urpmi > > > skip list *grin* > > > > > > James > > Wh? Uninstall msec??? It's a GREAT tool. I'm glad Mandrake > includes it. Just because you're running Linux doesn't mean you're > immune for any sort of attacks. Ripping out the security mechanisms is > a good way to make it a target. > > Learn to use msec correctly instead of banishing anything you don't > understand. IF someone gets through 2 (or 5) firewalls depending on my location... they probably aren't going to be slowed down by msec. Yes it's a great tool. But not a panacea. C is a great language but lousy for fast prototyping. Need to apply the tool where need and not as a catch all. James Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Some process changing groups & permissions
On Mon, 2003-09-01 at 19:48, James Sparenberg wrote: > On Mon, 2003-09-01 at 19:28, chort wrote: > > On Mon, 2003-09-01 at 18:10, Jack Coates wrote: > > > On Mon, 2003-09-01 at 13:08, James Sparenberg wrote: > > > ... > > > > > > > > I like Todd's method rpm -e msec --nodeps and then put it into the urpmi > > > > skip list *grin* > > > > > > > > James > > > > Wh? Uninstall msec??? It's a GREAT tool. I'm glad Mandrake > > includes it. Just because you're running Linux doesn't mean you're > > immune for any sort of attacks. Ripping out the security mechanisms is > > a good way to make it a target. > > > > Learn to use msec correctly instead of banishing anything you don't > > understand. > > > IF someone gets through 2 (or 5) firewalls depending on my location... > they probably aren't going to be slowed down by msec. Yes it's a great > tool. But not a panacea. C is a great language but lousy for fast > prototyping. Need to apply the tool where need and not as a catch all. > > James Point taken, but neither are firewalls a holistic solution. There are many avenues of attack which firewalls were never designed to stop. Besides, just having lots of layers doesn't mean security is increased. If all the firewalls run the same software/firmware or have the same hardware weakness, they can all be bypassed just as easily. I see msec as more protection against people who have permission to use the machine, not unauthorized outside access. According to most estimates, 80-90% of attacks happen from the inside so it's really those users you have to worry about any way. I just have a knee-jerk reaction when ever someones solution to inconvenient security mechanisms is to automatically remove them. Some are needed simply to protect us from ourselves. Sure, the most usable computers are those without all the burden of security, but by the same token it's easiest to destroy someones work on an unprotected machine, so a balances needs to be struck. msec and Bastille (hope I spelled that right) are two very useful lockdown utilities. Just because they can occasionally be annoying doesn't mean they should be whole-sale removed. -- Brian Keefer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Some process changing groups & permissions
On Mon, 2003-09-01 at 20:46, chort wrote: > On Mon, 2003-09-01 at 19:48, James Sparenberg wrote: > > On Mon, 2003-09-01 at 19:28, chort wrote: > > > On Mon, 2003-09-01 at 18:10, Jack Coates wrote: > > > > On Mon, 2003-09-01 at 13:08, James Sparenberg wrote: > > > > ... > > > > > > > > > > I like Todd's method rpm -e msec --nodeps and then put it into the urpmi > > > > > skip list *grin* > > > > > > > > > > James > > > > > > Wh? Uninstall msec??? It's a GREAT tool. I'm glad Mandrake > > > includes it. Just because you're running Linux doesn't mean you're > > > immune for any sort of attacks. Ripping out the security mechanisms is > > > a good way to make it a target. > > > > > > Learn to use msec correctly instead of banishing anything you don't > > > understand. > > > > > > IF someone gets through 2 (or 5) firewalls depending on my location... > > they probably aren't going to be slowed down by msec. Yes it's a great > > tool. But not a panacea. C is a great language but lousy for fast > > prototyping. Need to apply the tool where need and not as a catch all. > > > > James > > Point taken, but neither are firewalls a holistic solution. There are > many avenues of attack which firewalls were never designed to stop. > Besides, just having lots of layers doesn't mean security is increased. > If all the firewalls run the same software/firmware or have the same > hardware weakness, they can all be bypassed just as easily. True enough > > I see msec as more protection against people who have permission to use > the machine, not unauthorized outside access. According to most > estimates, 80-90% of attacks happen from the inside so it's really those > users you have to worry about any way. herein lies the rub... On the boxes I remove it from there is one user . Me or, I have some destructive testing boxes that msec is just too helpful for. (We'd double the setup time making constant adjustments to msec so away it goes.) > I just have a knee-jerk reaction when ever someones solution to > inconvenient security mechanisms is to automatically remove them. Some > are needed simply to protect us from ourselves. I don't need to be protected from myself. If I screw up. I pay the price. If I wanted to be protected from myself I'd run windows. Or run all of my boxes via knoppix without HDD's (screw up reboot it's back to what was.) of course data preservation would be a bear. > > Sure, the most usable computers are those without all the burden of > security, but by the same token it's easiest to destroy someones work on > an unprotected machine, so a balances needs to be struck. msec and > Bastille (hope I spelled that right) are two very useful lockdown > utilities. Just because they can occasionally be annoying doesn't mean > they should be whole-sale removed. Remember one thing. Whatever an automated system does for you it also does to you. Annoyances.. nah when something is annoying it gets squashed. (flies, mosquitos etc) When it is counter productive and causes me to spend more time "fixing" it than doing real work... it gets pulled. (And yes I ran windows without IE) James Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
