Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: a secure base system
From: Yusuf Wilajati Purna <ywpurna () users sourceforge net>
Date: Tue, 23 Mar 2004 02:06:13 +0900


harry wrote:

the standard we use here is debian, so i guess i'm stuck to debian (or
maybe trusteddebian, which i'm looking into right now) (no bsd :()
RSBAC provides everything SELinux has, and more ==> which is in adamantix

i'll see for a 2.6 kernel (since 2.4 and noexec doesn't help very much)

remote logging (without a doubt)

noexec, nodev, nosuid, ... on parts that we don't need
If you prefer a much simpler system, but still would like to use
a MAC-like approach, I think you can use LIDS 1.2.0 for kernel 2.4.25.

I have just released LIDS 1.2.0 for kernel 2.4.25. In this version,
LIDS is enhanced with a security feature implementing
Trusted Path Execution (TPE). See
for more info. In TPE mode, LIDS will only execute binaries as
well as libraries, and even load kernel modules as far as
they are protected (by lids ACLs).

Thank you,

Yusuf Wilajati Purna <ywpurna () users sourceforge net>
Key fingerprint = 7F4F 8433 C65F 3502 BC93  F529 BFDE F939 7354 A078

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]