Firewall Wizards mailing list archives
Re: VM system for firewall use
From: "Paul D. Robertson" <paul () compuwar net>
Date: Tue, 12 Oct 2004 10:58:03 -0400 (EDT)
On Tue, 12 Oct 2004, Kevin Sheldrake wrote:
Hello I'd be very interested in discussing working SE Linux considerations and configurations. AFAIK it's a bit tricky to setup. I've got a background in DEC MLS+ and Trusted Solaris and can probably configure user space controls; it's the system level controls that I'm nervous about. When we did it (on MLS+), it was a case of 'guess the privs' and then add/subtract until the minimum working set was found. I'm sure there must be a better way; I admit I haven't done a lot of googling but as we were (almost) on the topic, I thought I'd ask the wizards.
Gentoo-Hardened contains both SELinux and RSBAC, and I know they have a way to do an "audit but don't block" sort of thing for RSBAC that was good for profiling a user or application. Their documentation is pretty good (though I think the TrustedBSD docs are too,) though it's still a lot of reading and wading and guessing and trying. I think I'm going to start messing with TrustedBSD soon- the examples I cited in a different message seem like a pretty good starting point- and if the capability set is good enough, then it'll be sort of fun to work into a real config. I always thought the SELinux/RSBAC configs people float were more of a "this works" than a "this is a good process" thing, but they tend to all be more role based than MAC based, and I'm just stubbornly MAC centric. With that all said though, if anyone has any good configuration resources (Crispin?), I'd like to see them too. I can see that when Tiger hits- if not before, I'm going to need yet-another external drive... Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions paul () compuwar net which may have no basis whatsoever in fact." probertson () trusecure com Director of Risk Assessment TruSecure Corporation _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: VM system for firewall use, (continued)
- Re: VM system for firewall use Christopher Hicks (Oct 12)
- Re: VM system for firewall use Paul D. Robertson (Oct 12)
- Re: VM system for firewall use Marcus J. Ranum (Oct 12)
- Re: VM system for firewall use Bennett Todd (Oct 12)
- Re: VM system for firewall use Ng Pheng Siong (Oct 14)
- Re: VM system for firewall use Crispin Cowan (Oct 17)
- Re: VM system for firewall use Christian Kreibich (Oct 12)
- Re: VM system for firewall use Paul D. Robertson (Oct 12)
- Re: VM system for firewall use Paul D. Robertson (Oct 12)