[prev in list] [next in list] [prev in thread] [next in thread]
List: firewall-wizards
Subject: RE: [fw-wiz] VM system for firewall use
From: Karl Vogel <karl.vogel () seagha ! com>
Date: 2004-10-13 8:24:52
Message-ID: 6DED3619289CD311BCEB00508B8E133601A68DE8 () nt-server2 ! antwerp ! seagha ! com
[Download RAW message or body]
> Gentoo-Hardened contains both SELinux and RSBAC, and I know
> they have a
> way to do an "audit but don't block" sort of thing for RSBAC that was
> good for profiling a user or application. Their
> documentation is pretty
> good (though I think the TrustedBSD docs are too,) though
> it's still a lot
> of reading and wading and guessing and trying.
FWIW.. Fedora Core 3 (The community version from RedHat) will have
SELinux active when doing a default install. It comes with 2
policies: strict and targeted. The targeted policy is more relaxed
(it only targets daemons, afaik).
The SELinux stuff can run in permissive mode, where it will log all
violations against the policy but will allow the action to go through,
which should help in tuning the policy.
Either way.. defining SELinux policies is still a tricky business.
It will be interesting to see what will come from this larger exposure.
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic