'Re: [lids-user] Questions on TDE policy of httpd and symbolic links'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       lids-user
Subject:    Re: [lids-user] Questions on TDE policy of httpd and symbolic links
From:       "James Z. Li" <james.zheng.li () gmail ! com>
Date:       2005-04-27 6:37:42
Message-ID: 8a239a5605042623373eb37303 () mail ! gmail ! com
[Download RAW message or body]

Thanks a lot, Huagang and Purna.

I am currently working on comparing LIDS (Linux) with systrace (openbsd).
Both are MAC methods. For systrace, there is a community maintaining
sample policy files for many applications and binaries. I am wondering
whether LIDS also has such collection of policy files for TDE enforcement 
of applications. Btw, I am testing and wring some TDE policies for apache,
vsftpd, etc. I will post my result and hope to get feedback from lids users. 

Regards,

James

On 4/23/05, Yusuf Wilajati Purna <ywpurna@users.sourceforge.net> wrote:
> Hi,
> 
> 
> >
> > 2). In my configuration file  /etc/lids/lids.postboot.conf, I have the
> > below line
> > /sbin/lidsconf -A POSTBOOT -s /usr/sbin/httpd -o
> > /usr/lib/libapr-0.so.0.9.4 -j READONLY
> >
> > But when I run httpd, it prints error message saying that there is no
> > rule for httpd to read
> > /usr/lib/libapr-0.so.0. Actually, this is a symbolic link to
> > /usr/lib/libapr-0.so.0.9.4.
> > So the question is that should we use the real pathname or the
> > symbolic links in policy
> > file.
> >
> 
> It doesn't matter whether you write the symbolic link or the real
> pathname. The result rule will point to the inode of the real pathname.
> Try to update the postboot config (i.e., lidsconf -U POSTBOOT).
> 
> Regards,
> purna
> 
> --
> Yusuf Wilajati Purna <ywpurna@users.sourceforge.net>
> 1024D/7354A078
> Key fingerprint = 7F4F 8433 C65F 3502 BC93  F529 BFDE F939 7354 A078
> 
>


-------------------------------------------------------
SF.Net email is sponsored by: Tell us your software development plans!
Take this survey and enter to win a one-year sub to SourceForge.net
Plus IDC's 2005 look-ahead and a copy of this survey
Click here to start!  http://www.idcswdc.com/cgi-bin/survey?id5hix
_______________________________________________
lids-user mailing list
lids-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lids-user

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic