1. Securing your Machine with DrakSec

1. Securing your Machine with DrakSec
Prev	Chapter 14. “Security” Section	Next

DrakSec allows you to change your system's security level and to configure options and features associated to those levels.

Draksec allows you to configure three aspects of your system's security:

system behavior,
periodic checks of system state,
rights delegation (Section 1.3, “Setting Up Rights Delegation”).

Each increase in security level modifies the system configuration, making it more and more secure, and verifying more and more security related aspects.

1.1. Setting your Security Level

Figure 14.1. Choosing the Security Level of your System

Choose a Security Level. Simply choose the security level you want from the Security Level pull-down list: it will be effective as soon as you click on OK. Please read the help text regarding security levels very carefully so that you know what setting a specific security level implies.

	Explore Each Level
	If you wish to check which options are activated for each security level, review the other tabs: Network Options, System Options, Periodic Checks and Authentication. Click on the Help button to display information about the options and their default values. If some of the default options don't suit your needs, simply redefine them. See Section 1.2, “Customizing a Security Level”, for details.

Activate Security Alerts. Put a check mark on the Security Alerts box to send mail about possible security issues found by msec to the local user name or to the e-mail address defined in the Security Administrator field.

	Warning
	We highly recommend you activate the security alerts option so that the administrator is automatically informed of possible security issues. Otherwise the administrator will have to regularly check the relevant system log files.

1.2. Customizing a Security Level

Clicking on each of the Options tabs (and the Periodic Checks one) lead you to msec's list of security options. This allows you to define your own security level based on the security level previously chosen.

Figure 14.2. Modifying Standard Options

For each tab, there are two columns:

Options List. All available options are listed.
Value. For each option you can choose from the corresponding pull-down menu:
- Yes. Activate this option no matter what the default value is.
- No. Deactivate this option no matter what the default value is.
- Default. Keep the default security level behavior^[14].
- Ignore. Set this value if you don't wish the corresponding test to be performed.
- ALL, LOCAL, NONE. The meaning of these are option-dependent. Please see the Help text available through the Help button for more information.

Clicking on OK accepts the current security level with custom options, applies it to the system and exits the application.

1.3. Setting Up Rights Delegation

This tab is used to allow users to perform tasks normally reserved to the system administrator (root).

Figure 14.3. Delegating Rights

This tab presents most of the tools available in the Control Center, and defines the level of authentication required to launch each of them:

No password: The tool is launched immediately.
User password: The user password is asked to make sure he is actually the one using the computer and launching the configuration tool.
Root password: The standard behavior: the administrator password is asked for.

Example 14.1. Allow the Users to Manage Network Connections

With the default security level (High), users are allowed to launch the Network Center without password (by clicking on the network applet). This allows them to manage their connections themselves.

^[14] The default value of each setting for the current security level is shown in the Help window.