mailing list archives
Re: a secure base system
From: Yusuf Wilajati Purna <ywpurna () users sourceforge net>
Date: Tue, 23 Mar 2004 02:06:13 +0900
the standard we use here is debian, so i guess i'm stuck to debian (or
maybe trusteddebian, which i'm looking into right now) (no bsd :()
RSBAC provides everything SELinux has, and more ==> which is in adamantix
i'll see for a 2.6 kernel (since 2.4 and noexec doesn't help very much)
remote logging (without a doubt)
noexec, nodev, nosuid, ... on parts that we don't need
If you prefer a much simpler system, but still would like to use
a MAC-like approach, I think you can use LIDS 1.2.0 for kernel 2.4.25.
I have just released LIDS 1.2.0 for kernel 2.4.25. In this version,
LIDS is enhanced with a security feature implementing
Trusted Path Execution (TPE). See
for more info. In TPE mode, LIDS will only execute binaries as
well as libraries, and even load kernel modules as far as
they are protected (by lids ACLs).
Yusuf Wilajati Purna <ywpurna () users sourceforge net>
Key fingerprint = 7F4F 8433 C65F 3502 BC93 F529 BFDE F939 7354 A078
Full-Disclosure - We believe in it.
Re: a secure base system harry (Mar 16)
- Re: a secure base system, (continued)
- Re: a secure base system Yusuf Wilajati Purna (Mar 22)