[rsbac] Network Templates, RC Model et al

Amon Ott ao at rsbac.org
Tue Feb 10 17:40:00 CET 2004


On Dienstag, 10. Februar 2004 17:23, Joerg Weber wrote:
> I find the documentation on http://www.rsbac.org/nettemp.htm
> highly confusing- I just don't get it.
> 
> My goal: Restrict bind9 to bind only to TCP/UDP 53 and TCP 953
> 
> I did:
> rsbac_nettemp_def_menu,
> added template Nr. 66653 Name Bind_53, added properties for Port 63

Port 53, of course.
 
> rsbac_nettemp_def_menu,
> added template Nr. 666953 Name Bind_953
> added properties for Port 953

The number should be under 100000, so the default templates do not hit first. 
Matching is by lowest template number.
 
> rsbac_rc_type_menu
> added Type Bind_NETOBJ
> 
> rsbac_rc_role_menu
> added Role Bind_ROLE
> chose NETOBJ, chose Bind_NETOBJ

...added rights BIND, LISTEN, CLOSE, SHUTDOWN, etc.
 
> rsbac_menu

rsbac_fd_menu /usr/sbin/named

> chose the named binary
> assign RC Force/Initial Role BIND_ROLE

Use force_role only, otherwise only initial role applies and the role can 
change via setuid.
 
> Now. How do I link the Template Bind_53/Bind_953 with the RC Roles?

Link with types, not roles.

rsbac_nettemp_menu, choose the template, set rc_type to the new RC NETOBJ 
type.
 
Amon.
-- 
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22



More information about the rsbac mailing list