[rsbac] Several questions
Amon Ott
rsbac@rsbac.org
Wed Mar 20 12:05:01 2002
On Wednesday, 20. March 2002 11:20, Jan Andrejkovic wrote:
> First of all I have several questions:
>
> 1. I have small linux sever which purpose is firewall, router, mail,
> and dns server and I would like to ask you which models of RSBAC will be
> the best for protection of such server?
I have been using AUTH, FF and RC for a long time on such systems. However,
you will have to make your personal choice.
> 2. Let's say some intruder will gain login and password to my sever on the
> level of common user. And this intruder will find that I have bug in the
> sendmail program. He will exploit my sendmail and he will gain root
> rights. Which model should I use if I want to prevent him to do another
> operations like sendmail do? Or which model should I use for maximall
> elimination of the intruder?
The recommended way of protection is to define an RC role for sendmail, which
has only access to your mail spool and helper dirs, which need their own type
for that, and SEARCH on type 0 for path lookup. The sendmail role is then
assigned as force_role to the sendmail program.
> 3. Can you explain me the mechanism how RSBAC will protect my server in
> the case written in the previous paragraph?
It will set the forced sendmail role for every process starting sendmail. The
role will even be kept, if sendmail runs another program without a forced or
initial role (which might not be allowed in the first place). Since the
sendmail role is only compatible with the mail dir type, all other requests
will be denied. This means that the intruder can only harm your mail system,
but not the rest.
BTW: Is there any special reason to use sendmail instead of something known
to be more secure by design, e.g. postfix or qmail?
Amon.
--
http://www.rsbac.org