Link to Launchpad:

Summary of Ubuntu Security Levels

The purpose of this project is to have a security level management tool similar to Mandriva's msec.

The idea is to harden (and maybe monitor/log) the security of Ubuntu by having well-known states or levels that are easy to understand and manage by users and sysadmins.

  • Easy, like in Mandriva, by typing just "msec 3" we go to a level deemed appropriate for desktops connected to the Internet. No need to go through screens answering difficult questions like with Bastille.
  • System administrators will be aware that the systems are in a particular well-known configuration regarding basic aspects of security ("this web server is level 4, that critical server is level 5"). The caveat of course is to have a false sense of security.

  • The proposed difference in philosophy with Mandriva's msec is that the users won't be able to customize (at least easily) the directives for the levels.

Proposed names for the tool/package: usec, seclevels, securitylevels

Description of msec: and

You are welcome to join this task; tech skills you may bring: Python, security, Mandriva, spec designs, Gnome GUI design.


(add your comments here)

Porting msec

Getting msec

msec CVS viewer at:

Current Package:

  • Version: 0.50.1, Aug 11 2006


  • Version: 0.49.1 , Dec 22 2005

Downloadable repositories:

alien, rpm to deb tool:

Installing the rpm

  • (Running all as root, otherwise sudo as necessary) cd somewhere:
     cd /usr/src/
    Get the msec rpm:
    Note that there's also a msec-0.50.1: Install the "alien" tool and extract the rpm

     apt-get install alien
    alien -k msec-0.49.1-0.1.20060mdk.src.rpm 
    dpkg -i msec_0.49.1-0.1.20060mdk_i386.deb
    Perhaps is better: dpkg --unpack ? For some reason the unpacked files went into my root directory, move files here:
     mv /msec* .
    Uncompress and untar the big file:
     bzip2 -d msec-0.49.1.tar.bz2 
    tar xvf msec-0.49.1.tar
     cd msec-0.49.1
    make; make install
    Done! let's try it, for instance:
     man msec
    msec 2
    msec 3
    Now we can see the things that don't work and need porting.

Next Steps

  • Identify the commands and files/directories that need to be abstracted with variables or translated (like the "service" or "chkconfig" commands.


Just a place to put temporarily some notes.

msec package used in list below is: msec-0.45.1-1mdk.src.rpm , from Mandriva LE 2005

msec Requirements

From msec.spec:

Build Requires: python OK


  • /bin/bash OK
  • /bin/touch OK
  • perl-base OK
  • diffutils OK (diff)
  • /usr/bin/python OK
  • /usr/bin/chage OK
  • gawk pkg: gawk (supported)

Requires: setup >= 2.2.0-21mdk Mandriva: from Makefile

csh.cshrc csh.login exports host.conf hosts.allow hosts.deny inputrc motd printcap profile.d protocols securetty services shells profile filesystems bashrc

  • Requires: chkconfig >= 1.2.24-3mdk -> update-rc.d

  • Requires: coreutils OK (gnu coreutils?)
  • Requires: iproute2 OK (ip)
  • Requires: rpm-helper >= 0.4 skip rpm management

  • Conflicts: passwd < 0.67 OK (suppose)

  • Requires: python-base >= 2.3.3-2mdk OK (suppose)

  • Requires: mailx pkg: mailx (supported), or use alternative mail user agent

Other not in list:

  • Requires: userhelper, consolehelper usermode- .rpm

/usr/bin/consolehelper , userhelper

usermode-consoleonly : mandriva package that has userhelper (urpmf userhelper)

  • /etc/pam.d/halt
    • poweroff
    • reboot
    • simple_root_auth
  • /etc/security/console.apps/halt
    • poweroff
    • reboot
  • /usr/bin/consolehelper
  • /usr/bin/halt
  • /usr/bin/poweroff
  • /usr/bin/reboot
  • /usr/sbin/userhelper
  • /usr/share/locale/...
  • /usr/share/man

msec files

msec 0.45.1 rpm -ql msec

  • /etc/logrotate.d/msec
  • /etc/profile.d/msec.csh
  • /etc/profile.d/
  • /etc/security/msec
  • /etc/security/msec/server.4
  • /etc/security/msec/server.5
  • /etc/sysconfig/msec
  • /usr/bin/msec_find
  • /usr/bin/promisc_check
  • /usr/sbin/msec
  • /usr/share/doc/...
  • /usr/share/man/...
  • /usr/share/msec
  • /usr/share/msec/
  • /usr/share/msec/Config.pyo
  • /usr/share/msec/
  • /usr/share/msec/ConfigFile.pyo
  • /usr/share/msec/
  • /usr/share/msec/Log.pyo
  • /usr/share/msec/
  • /usr/share/msec/Perms.pyo
  • /usr/share/msec/
  • /usr/share/msec/
  • /usr/share/msec/compile.pyo
  • /usr/share/msec/
  • /usr/share/msec/
  • /usr/share/msec/draksec_help.pyo
  • /usr/share/msec/level.0
  • /usr/share/msec/level.1
  • /usr/share/msec/level.2
  • /usr/share/msec/level.3
  • /usr/share/msec/level.4
  • /usr/share/msec/level.5
  • /usr/share/msec/
  • /usr/share/msec/libmsec.pyo
  • /usr/share/msec/
  • /usr/share/msec/man.pyo
  • /usr/share/msec/
  • /usr/share/msec/
  • /usr/share/msec/mseclib.pyo
  • /usr/share/msec/perm.0
  • /usr/share/msec/perm.1
  • /usr/share/msec/perm.2
  • /usr/share/msec/perm.3
  • /usr/share/msec/perm.4
  • /usr/share/msec/perm.5
  • /usr/share/msec/
  • /usr/share/msec/
  • /usr/share/msec/
  • /usr/share/msec/
  • /usr/share/msec/shadow.pyo
  • /var/lib/msec
  • /var/log/security

SecurityLevels (last edited 2008-08-06 17:01:04 by localhost)