[rsbac] Help for NETxxx and CAPABILITIES
Amon Ott
rsbac@rsbac.org
Thu Apr 25 10:58:01 2002
--------------Boundary-00=_NW8429FHWORQ6W4NP7CP
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
On Thursday, 25. April 2002 10:14, Amon Ott wrote:
> Now that pre8 is out, here comes my sample script for named network control
> with templates and RC model.
And here is another example, this time for apache.
For all testing with RC, I recommend to enable rsbac_debug_adf_rc, e.g.
as secoff call
echo debug_adf_rc 1 > /proc/rsbac_info/debug
or use kernel boot param rsbac_debug_adf_rc. This flag turns on role and type
output for all denied requests.
Please note that the rc_type_nt NETTEMP attribute is only for template
administration, while rc_type gets inherited by the NETOBJ.
Amon.
--
http://www.rsbac.org
--------------Boundary-00=_NW8429FHWORQ6W4NP7CP
Content-Type: application/x-shellscript;
name="apache_nettemp.sh"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="apache_nettemp.sh"
IyEvYmluL2Jhc2gKIwojIGFwYWNoZV9uZXR0ZW1wLnNoCiMKIyBTZXR1cCBhIG5ldHdvcmsgdGVt
cGxhdGUgYW5kIFJDIHJvbGUgYW5kIHR5cGUgZm9yIGFwYWNoZSBuZXR3b3JraW5nIGNvbnRyb2wK
IwoKbmV0X3RlbXAgbmV3X3RlbXBsYXRlIDIwMDAgIkhUVFAgTG9jYWwiCm5ldF90ZW1wIHNldF9h
ZGRyZXNzX2ZhbWlseSAyMDAwIElORVQKbmV0X3RlbXAgc2V0X3R5cGUgMjAwMCBTVFJFQU0KbmV0
X3RlbXAgc2V0X2FkZHJlc3MgMjAwMCAwLjAuMC4wCm5ldF90ZW1wIHNldF92YWxpZF9sZW4gMjAw
MCAwCm5ldF90ZW1wIHNldF9wcm90b2NvbCAyMDAwIFRDUApuZXRfdGVtcCBzZXRfbmV0ZGV2IDIw
MDAgIiIKbmV0X3RlbXAgc2V0X21pbl9wb3J0IDIwMDAgODAKbmV0X3RlbXAgc2V0X21heF9wb3J0
IDIwMDAgODAKCnJjX3NldF9pdGVtIFRZUEUgNCB0eXBlX25ldG9ial9uYW1lICJIVFRQIGxvY2Fs
IgoKcmNfc2V0X2l0ZW0gUk9MRSA1IG5hbWUgIldlYnNlcnZlciIKcmNfc2V0X2l0ZW0gLWIgUk9M
RSA1IHR5cGVfY29tcF9mZCAwIDAwMDAwMDAwMDAwMDAwMDExMTAxMDAwMDAwMTEwMTEwMTAwMTAx
MTExMTExMTAxMTAxMDAKcmNfc2V0X2l0ZW0gLWIgUk9MRSA1IHR5cGVfY29tcF9kZXYgMCAwMDAw
MDAwMDAwMDAwMDAwMTEwMDAwMDAwMDAwMDExMDEwMDAwMDAwMDAwMDEwMDAwMTAwCnJjX3NldF9p
dGVtIC1iIFJPTEUgNSB0eXBlX2NvbXBfaXBjIDAgMDAwMDAwMDAwMDAwMDAwMDExMDAwMDAwMDAw
MDAxMTAxMDAxMDAwMTEwMTExMDAxMTExMApyY19zZXRfaXRlbSAtYiBST0xFIDUgdHlwZV9jb21w
X3NjZCA1IDExMTEwMDAwMDAwMDAwMDEwMTEwMDAxMTEwMDAxMDAxMDExMTEwMDExMDAwMDAwMDAw
MDEKcmNfc2V0X2l0ZW0gLWIgUk9MRSA1IHR5cGVfY29tcF9zY2QgMTIgMDAwMDAwMDAwMDAwMDAw
MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMTAwMDAwMDAwMDAwMApyY19zZXRfaXRlbSAtYiBST0xF
IDUgdHlwZV9jb21wX3Byb2Nlc3MgMCAwMDAwMDAwMDAwMDAwMDAwMDAwMDExMDAwMTAwMDAwMDAw
MDAwMDAwMDAwMTAxMDExMDAwCnJjX3NldF9pdGVtIC1iIFJPTEUgNSB0eXBlX2NvbXBfbmV0ZGV2
IDAgMDAwMDAwMDAwMDAwMDAxMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMTAwMDAwMDAwMDAwMApy
Y19zZXRfaXRlbSAtYiBST0xFIDUgdHlwZV9jb21wX25ldG9iaiAwIDAwMDAwMDAwMDExMTEwMDAw
MTAwMDAwMDAwMDAwMDAwMTAwMDAwMDAwMDAxMDAwMDAwMDAKcmNfc2V0X2l0ZW0gLWIgUk9MRSA1
IHR5cGVfY29tcF9uZXRvYmogNCAwMDAwMDAwMDEwMDAwMTEwMDAwMDAwMDAwMDAwMDAwMDAwMDAw
MDAwMDAwMTEwMDAwMDAwCnJjX3NldF9pdGVtIFJPTEUgNSBkZWZfZmRfY3JlYXRlX3R5cGUgNDI5
NDk2NzI5NApyY19zZXRfaXRlbSBST0xFIDUgZGVmX3Byb2Nlc3NfY3JlYXRlX3R5cGUgNDI5NDk2
NzI5NApyY19zZXRfaXRlbSBST0xFIDUgZGVmX3Byb2Nlc3NfY2hvd25fdHlwZSA0Mjk0OTY3Mjkx
CnJjX3NldF9pdGVtIFJPTEUgNSBkZWZfcHJvY2Vzc19leGVjdXRlX3R5cGUgNDI5NDk2NzI5NQpy
Y19zZXRfaXRlbSBST0xFIDUgZGVmX2lwY19jcmVhdGVfdHlwZSAwCgphdHRyX3NldF9uZXQgTkVU
VEVNUCByY190eXBlIDQgMjAwMAoKYXR0cl9zZXRfZmlsZV9kaXIgRklMRSAvdXNyL3NiaW4vaHR0
cGQgcmNfZm9yY2Vfcm9sZSA1Cg==
--------------Boundary-00=_NW8429FHWORQ6W4NP7CP--