http://qa.mandrakesoft.com/show_bug.cgi?id=3789
[EMAIL PROTECTED] changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |bugzilla-
| |[EMAIL PROTECTED]
------- Additional Comments From [EMAIL PROTECTED] 2003-25-06 01:50 -------
Msec can be configured in great detail; look at draksec (checks/settings) and
drakperm (changing file permissions part).
--
Configure bugmail: http://qa.mandrakesoft.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
------- Reminder: -------
assigned_to: [EMAIL PROTECTED]
status: UNCONFIRMED
creation_date:
description:
I have a problem with the notion that system security is so simple it can be
described by a single number, 0 - 5.
I run my desktop machine heavily as a single user in an appartment where I live
alone, and I run the machine as a web server.
Level 4 won't let me run my server, but level 5 does all sorts of bad things to
me as a user! Msec wants to time-out my terminal sessions as though somebody
were going to walk by and see some vital information. It locks my primary user
out of vital services. It won't let me log in as root. (granted, some of these
are just bugs in the ability to re-configure the settings, but they're wrong to
begin with).
I propose that you re-think your security criteria. As a suggestion, consider
asking several questions, such as:
Degree of access to console:
(1 person, a few trusted people, a few untrustworthy people, anybody)
Internet exposure
(none, behind a firewall, direct)
Servers
(none, or list)
Importance of info
(unimportant, personal, highly desirable financial records...)
Some options shouldn't be possible: for example, a machine containing personal
information shouldn't have its console available to just anybody.
Based on a small number of questions, a reasonable security scheme can be worked
out. But I don't think a few "security levels" can capture the complexity of
the problem.
