Few msec updates

devel, english, mandriva Add comments
Sep 092009

Time has come for some msec updates.

With base on previous post, I was working (among other things) on few msec ideas. And now it looks like a good time to put them out to cooker.

First of all, I added support for exceptions into msec periodic check. I wanted to make it as flexible as possible, and I think I managed to implement everything I wanted. Right now, for each supported periodic check, it is possible to define as many exceptions as necessary. So, for example, if you run a local mandriva mirror with unsecure permissions on files, or want to exclude certain rules from firewall check, or some local users that appear unsafe to msec are safe to you, you can tell it to msec, and it will not bother you about it anymore.

For this, /etc/security/msec/exceptions file is used, and it is possible to define as many rules as necessary for each check there. The syntax is quite simple: RULE_NAME exception. To illustrate, that’s what I put into my local exception list on my machine:

CHECK_UNOWNED /home/chroot
CHECK_UNOWNED /home/images/chroot
CHECK_WRITABLE /home/chroot
CHECK_WRITABLE /home/images/chroot
CHECK_OPEN_PORT /deluge
CHECK_USER_FILES gdm
CHECK_OPEN_PORT eugeni:ircd

This way, I won’t receive msec alerts about unowned and world-writable permissions in chroots, about gdm home directory being accessible to the world, and about network ports used by deluge or connected to local ircd server. Each exception is a regexp, so the possibilities are endless.

Of course, it is possible to do it in the gui:

Showing the list of configured exceptions in msecgui

Showing the list of configured exceptions in msecgui

Adding a new exception

Adding a new exception

Besides that, as suggested in the last post, I also added a summary to periodic msec checks. So if you want to have a quick look on the results, you don’t have to read the entire mail.

Also, a few annoying bugs were fixed and few features were added.

But, besides that, I also contacted vdanen, the author of the rsec tool, and the sectool guys about some possible interaction between our projects. Hopefully, we’ll have some news soon.

Meanwhile, enjoy new msec and (as always) feel free to give your feedback over it.

Posted by eugeni at 2:46 am

One Response to “Few msec updates”

  1. yoho says:
    September 15, 2009 at 12:28 am

    Nothing to say beyond… eeeexcellent news ! :-)

Leave a Reply

(required)

(required)

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

© 2012 Eugeni's blog Suffusion theme by Sayontan Sinha