Full Disclosure mailing list archives
Re: a secure base system
From: Yusuf Wilajati Purna <ywpurna () users sourceforge net>
Date: Tue, 23 Mar 2004 02:06:13 +0900
Hi, harry wrote:
the standard we use here is debian, so i guess i'm stuck to debian (or maybe trusteddebian, which i'm looking into right now) (no bsd :() RSBAC provides everything SELinux has, and more ==> which is in adamantix i'll see for a 2.6 kernel (since 2.4 and noexec doesn't help very much) remote logging (without a doubt) noexec, nodev, nosuid, ... on parts that we don't need
If you prefer a much simpler system, but still would like to use a MAC-like approach, I think you can use LIDS 1.2.0 for kernel 2.4.25. I have just released LIDS 1.2.0 for kernel 2.4.25. In this version, LIDS is enhanced with a security feature implementing Trusted Path Execution (TPE). See http://www.lids.org/document/LIDS-TPE-feature.txt for more info. In TPE mode, LIDS will only execute binaries as well as libraries, and even load kernel modules as far as they are protected (by lids ACLs). Thank you, purna -- Yusuf Wilajati Purna <ywpurna () users sourceforge net> 1024D/7354A078 Key fingerprint = 7F4F 8433 C65F 3502 BC93 F529 BFDE F939 7354 A078 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: a secure base system, (continued)
- Re: a secure base system Stephen Clowater (Mar 15)
- Re: a secure base system Tobias Weisserth (Mar 15)
- Re: a secure base system Alexander Bartolich (Mar 15)
- Re: a secure base system Valdis . Kletnieks (Mar 15)
- Re: a secure base system martin f krafft (Mar 15)
- Re: Re: a secure base system Tobias Weisserth (Mar 15)
- Re: a secure base system Alexander Bartolich (Mar 15)
- Re: a secure base system Tobias Weisserth (Mar 15)
- Re: a secure base system Thomas Sjögren (Mar 16)
- Re: a secure base system martin f krafft (Mar 16)
- Re: a secure base system Yusuf Wilajati Purna (Mar 22)