Firewall Wizards mailing list archives

Re: VM system for firewall use

From: "Paul D. Robertson" <paul () compuwar net>
Date: Tue, 12 Oct 2004 10:58:03 -0400 (EDT)

On Tue, 12 Oct 2004, Kevin Sheldrake wrote:

Hello

I'd be very interested in discussing working SE Linux considerations and
configurations.  AFAIK it's a bit tricky to setup.  I've got a background
in DEC MLS+ and Trusted Solaris and can probably configure user space
controls; it's the system level controls that I'm nervous about.  When we
did it (on MLS+), it was a case of 'guess the privs' and then add/subtract
until the minimum working set was found.  I'm sure there must be a better
way; I admit I haven't done a lot of googling but as we were (almost) on
the topic, I thought I'd ask the wizards.


Gentoo-Hardened contains both SELinux and RSBAC, and I know they have a
way to do an "audit but don't block" sort of thing for RSBAC that was
good for profiling a user or application.  Their documentation is pretty
good (though I think the TrustedBSD docs are too,) though it's still a lot
of reading and wading and guessing and trying.

I think I'm going to start messing with TrustedBSD soon- the examples I
cited in a different message seem like a pretty good starting point- and
if the capability set is good enough, then it'll be sort of fun to work
into a real config.

I always thought the SELinux/RSBAC configs people float were more of a
"this works" than a "this is a good process" thing, but they tend to all
be more role based than MAC based, and I'm just stubbornly MAC centric.

With that all said though, if anyone has any good configuration resources
(Crispin?), I'd like to see them too.

I can see that when Tiger hits- if not before, I'm going to need
yet-another external drive...

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
paul () compuwar net       which may have no basis whatsoever in fact."
probertson () trusecure com Director of Risk Assessment TruSecure Corporation
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Re: VM system for firewall use, (continued)
- - - Re: VM system for firewall use Christopher Hicks (Oct 12)
    - Re: VM system for firewall use Paul D. Robertson (Oct 12)
    - Re: VM system for firewall use Marcus J. Ranum (Oct 12)
    - Re: VM system for firewall use Bennett Todd (Oct 12)
    - Re: VM system for firewall use Ng Pheng Siong (Oct 14)
    - Re: VM system for firewall use Crispin Cowan (Oct 17)
    - Re: VM system for firewall use Christian Kreibich (Oct 12)
  - Re: VM system for firewall use ArkanoiD (Oct 12)
    - Re: VM system for firewall use Paul D. Robertson (Oct 12)
  - Re: VM system for firewall use Kevin Sheldrake (Oct 12)
    - Re: VM system for firewall use Paul D. Robertson (Oct 12)
- Re: VM system for firewall use sin (Oct 12)
- RE: VM system for firewall use Karl Vogel (Oct 12)
- RE: VM system for firewall use Karl Vogel (Oct 14)