Home page logo

bugtraq logo Bugtraq mailing list archives

ANNOUNCE: Medusa DS9 security system
From: www () BANAN NAPRI SK (Milan WWW Pikula)
Date: Tue, 15 Feb 2000 17:38:49 +0100


I'd like to announce the release of stable version of the security
 system Medusa DS9. It's purpose is to increase the security of OS Linux.
 Medusa it one of projects of the Slovak Linux user group (SkLUG).
 It can be downloaded at


Medusa consists of two major parts - linux kernel changes and the user-space
 daemon. Kernel changes do the monitoring of syscalls, filesystem actions,
 processes and they implement the communication protocol. Security daemon
 communicates with the kernel using character device to send and receive
 "packets". Daemon contains the whole logic and implements the concrete
 security policy. That means, that medusa can (as opposite to another
 approaches) implement any model of data protection - it depends only on
 configuration file, which is in fact an program in the internal programming
 language, somewhat similiar to C.

At the logical level there are these changes:
 * separation of processes, files and IPC to the independent groups
   (virtual subsystems)
 * ability to detect, disable or modify any system call from any process
 * ability to detect, ... selected "process actions" like sending signals,
   exec, ...
 * ability to detect, redirect, ... selected file actions, such as access
   to the file and so
 * ability to enforce process to execute an arbitrary code. This feature
   is usefull to enforce logging drom that process and so.

I'd like to answer some of frequently asked questions here:

 Q what relation is between medusa and capabilities?
 A medusa SUPPORTS linux capabilities and can test, set or change them.
 Q how remarkable is the slowdown of this communication between the kernel
   and user-space daemon in the real usage?
 A actually it's insensible. medusa was designed with the question of speed
   in mind, so all informations are stored in kernel. you can specify exactly
   what actions do you need to be watched. on the real servers with about 50
   shell-account users, where we test medusa, is traffic about 11 packets
   per second or less.
   the fact that the daemon is in userspace, gives it the comfort in
   deciding about security reasons and it increases the portability of
   the whole system. (bsd?:)
 Q where it works?
 A linux 2.2.13, 2.2.14, intel. SMP is not fully tested, but it's reported
   to work. we are working on alpha port and other platforms will follow.
 Q where can I find more information?
 A at http://medusa.fornax.sk/ and in ``doc'' subdirectory in the source

Kind regards,
        Medusa development team
                Marek Zelem
                Martin Ockajak
                Milan Pikula

Milan Pikula, WWW. Finger me for Geek Code.
http://fornax.elf.stuba.sk/~www, www () fornax elf stuba sk
.. dajte mi pevnu linku a pohnem zemegulou ..

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]