http://qa.mandrakesoft.com/show_bug.cgi?id=3789
------- Additional Comments From [EMAIL PROTECTED] 2003-25-06 10:00 ------- You have missed the point. Msec purports to facilitate firewall setup for non-experts. If users must learn (or guess) how to configure msec to produce a firewall that is appropriate for their needs, msec really isn't helping. Because of its simplistic "1-5" model, msec cannot set up an appropriate firewall for many (if not most) users. A much better solution would be a carefully designed question tree. -- Configure bugmail: http://qa.mandrakesoft.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. ------- Reminder: ------- assigned_to: [EMAIL PROTECTED] status: UNCONFIRMED creation_date: description: I have a problem with the notion that system security is so simple it can be described by a single number, 0 - 5. I run my desktop machine heavily as a single user in an appartment where I live alone, and I run the machine as a web server. Level 4 won't let me run my server, but level 5 does all sorts of bad things to me as a user! Msec wants to time-out my terminal sessions as though somebody were going to walk by and see some vital information. It locks my primary user out of vital services. It won't let me log in as root. (granted, some of these are just bugs in the ability to re-configure the settings, but they're wrong to begin with). I propose that you re-think your security criteria. As a suggestion, consider asking several questions, such as: Degree of access to console: (1 person, a few trusted people, a few untrustworthy people, anybody) Internet exposure (none, behind a firewall, direct) Servers (none, or list) Importance of info (unimportant, personal, highly desirable financial records...) Some options shouldn't be possible: for example, a machine containing personal information shouldn't have its console available to just anybody. Based on a small number of questions, a reasonable security scheme can be worked out. But I don't think a few "security levels" can capture the complexity of the problem.
