[prev in list] [next in list] [prev in thread] [next in thread]
List: firewall-wizards
Subject: Re: [fw-wiz] VM system for firewall use
From: "Paul D. Robertson" <paul () compuwar ! net>
Date: 2004-10-12 14:58:03
Message-ID: Pine.LNX.4.58.0410121045580.11205 () bat ! clueby4 ! org
[Download RAW message or body]
On Tue, 12 Oct 2004, Kevin Sheldrake wrote:
> Hello
>
> I'd be very interested in discussing working SE Linux considerations and
> configurations. AFAIK it's a bit tricky to setup. I've got a background
> in DEC MLS+ and Trusted Solaris and can probably configure user space
> controls; it's the system level controls that I'm nervous about. When we
> did it (on MLS+), it was a case of 'guess the privs' and then add/subtract
> until the minimum working set was found. I'm sure there must be a better
> way; I admit I haven't done a lot of googling but as we were (almost) on
> the topic, I thought I'd ask the wizards.
Gentoo-Hardened contains both SELinux and RSBAC, and I know they have a
way to do an "audit but don't block" sort of thing for RSBAC that was
good for profiling a user or application. Their documentation is pretty
good (though I think the TrustedBSD docs are too,) though it's still a lot
of reading and wading and guessing and trying.
I think I'm going to start messing with TrustedBSD soon- the examples I
cited in a different message seem like a pretty good starting point- and
if the capability set is good enough, then it'll be sort of fun to work
into a real config.
I always thought the SELinux/RSBAC configs people float were more of a
"this works" than a "this is a good process" thing, but they tend to all
be more role based than MAC based, and I'm just stubbornly MAC centric.
With that all said though, if anyone has any good configuration resources
(Crispin?), I'd like to see them too.
I can see that when Tiger hits- if not before, I'm going to need
yet-another external drive...
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
paul@compuwar.net which may have no basis whatsoever in fact."
probertson@trusecure.com Director of Risk Assessment TruSecure Corporation
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic