I installed Mandrake 9.2 with the security level of "higher". The little I knew about my newly aquired linux software was all gone. I could no longer ssh into my box among other things. Later to find out there are files I have to manually configure.

I also later found out I can change my security level using the "msec x" command substituting "x" for a number from 0-5.

My first question is due to the fact that I still can't ssh into my box unless I change the security level. I want to keep it at level 4 but still be able to ssh into it. Is there clear documentation somewhere on how to deal with the different security levels? I have found bare bone papers describing the levels but not telling me how to enable ssh. I have already configured shorewall to let ssh through for "all". I have also started the sshd. Anything else? Remember... kinda newbie here needing help.

My second question is related to the msec command. Is loading a machine with security level 4 the same as loading a machine with security level 1 and later typing "msec 4" in the command line? This considering I use the default settings for level 4 on both.

Thanks in advance. I hope I was clear.

ian

My first question is due to the fact that I still can't ssh into my box unless I change the security level. I want to keep it at level 4 but still be able to ssh into it.
(I hope you do not log in directly as root account user.)
Can you verify the service is running in level 4?
Is it mentioned in the secure services file /etc/security/msec/server.4?
What errors does it return (run with verbosity flags, add double "-v")?
Does the firewall show port TCP/22 is open for the address you're connecting from?

Sorry... didn't have connectivity for a while.

Nope... I do not log on directly as root.

I tried looking at the file you mentioned (/etc/security/msec/server.4) and I saw a list of what looked like services (ex.: ...crond...iptables...shorewall)

Because I had to rebuild my server anyways I ended up setting the security level to 3 and everything works fine.

Thanks for the help. Still a newbie and learning a lot of stuff. I'll have to set msec levels on the backburner for now.

ian

I've just been through the wringer trying to find info about Mandrake security level 4, its implications and how it disables things. Maybe we can consolidate some info/issues into a thread.

SSH (and probably a bunch of other TCPD related features)
is disabled by default:
/etc/hosts.deny contains the line:
ALL:ALL EXCEPT 127.0.0.1ENY
However after allowing a couple other machines through,
it seems that msec (or a close relative)
fixes this file (puts the above line back in) periodically.
Access has been cut off again.
I'm gonna try adjusting hosts.allow next

Ping:
Security 4 (Higher) disables ping by default
It does so in:
/proc/sys/net/ipv4/icmp_echo_ignore_all
1=ping disabled
0=ping enabled

Thanks for maintaining a great resource.
Larry

All the msec config files are in.. let me remember, I think it's /usr/share/msec or /usr/lib/msec, or something like that... Supposedly you can tweak the msec configuration through the Mandrake Control Panel, but I never got that to work (in 9.0, any way). I just edited the config files directly

By the way, I do highly recommend security level 4, you only need to change a few things and it becomes quite usable, but more safely than level 3.