Firewall Wizards mailing list archives

RE: VM system for firewall use

From: Karl Vogel <karl.vogel () seagha com>
Date: Wed, 13 Oct 2004 10:24:52 +0200

Gentoo-Hardened contains both SELinux and RSBAC, and I know 
they have a
way to do an "audit but don't block" sort of thing for RSBAC that was
good for profiling a user or application.  Their 
documentation is pretty
good (though I think the TrustedBSD docs are too,) though 
it's still a lot
of reading and wading and guessing and trying.


FWIW.. Fedora Core 3 (The community version from RedHat) will have
SELinux active when doing a default install. It comes with 2
policies: strict and targeted. The targeted policy is more relaxed
(it only targets daemons, afaik).

The SELinux stuff can run in permissive mode, where it will log all
violations against the policy but will allow the action to go through,
which should help in tuning the policy.

Either way.. defining SELinux policies is still a tricky business.

It will be interesting to see what will come from this larger exposure.
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Re: VM system for firewall use, (continued)
- - - Re: VM system for firewall use Bennett Todd (Oct 12)
    - Re: VM system for firewall use Ng Pheng Siong (Oct 14)
    - Re: VM system for firewall use Crispin Cowan (Oct 17)
    - Re: VM system for firewall use Christian Kreibich (Oct 12)
  - Re: VM system for firewall use ArkanoiD (Oct 12)
    - Re: VM system for firewall use Paul D. Robertson (Oct 12)
  - Re: VM system for firewall use Kevin Sheldrake (Oct 12)
    - Re: VM system for firewall use Paul D. Robertson (Oct 12)
- Re: VM system for firewall use sin (Oct 12)
- RE: VM system for firewall use Karl Vogel (Oct 12)
- RE: VM system for firewall use Karl Vogel (Oct 14)