[prev in list] [next in list] [prev in thread] [next in thread]
List: firewall-wizards
Subject: Re: [fw-wiz] VM system for firewall use
From: "Paul D. Robertson" <paul () compuwar ! net>
Date: 2004-10-12 14:32:34
Message-ID: Pine.LNX.4.58.0410121003380.11205 () bat ! clueby4 ! org
[Download RAW message or body]
On Tue, 12 Oct 2004, ArkanoiD wrote:
> .and did i get it right TrustedBSD-stable is already inside FreeBSD 5?
At least MAC and attributes seem to be in there- down to the tcp/udp and
port level- not sure about raw sockets but labeling an interface looks
pretty straight forward. There seems to be a fairly good "feature added
to TrustedBSD, then migrated to 5.x" progression going on. I'd probably
look at 5.1 as a platform if I had to roll one out soon.
Caveat: I don't know anyone who's running 5.x in production, but this
looks like it might be a good time to start leaning that way. The docs
look reasonable so far. Check with your favorite commit bit holder to get
their take on FBSD 5.x overall.
Single and multiple labels are supported, and you get MAC on the VM
infrastructure too. Most of the important buzzwords are there,
Interesting observation from the MAC partition module docs:
"A really crafty implementation could have all of the services disabled in
/etc/rc.conf and started by a script that starts them with the proper
labeling set."
I think the docs are better than any I've seen in quite some time (though
the dev stuff is MIA,) you'll want to glance at least at:
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/mac-implementing.html
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/mac-examplehttpd.html
to see if this is a good path for you.
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
paul@compuwar.net which may have no basis whatsoever in fact."
probertson@trusecure.com Director of Risk Assessment TruSecure Corporation
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic