[rsbac] RSBAC usage questions

Markus Weber jmbw at nather.com
Fri Feb 27 06:14:39 CET 2004


I have toyed with RSBAC on and off for years, but I always ran into a few
nagging problems.

The intended hosts are firewalls and fileservers to which I have neither
physical access nor much on-site assistance. It is imperative that remote
maintenance is as close to fully automated as possible and the servers may
have a live expectancy of 3-5 years before they can be restaged or replaced.

For the most part, I can see how to harden a system, but I can't reconcile
this with the mandates of remote maintenance. My main areas of concern are:

- How to handle software and configuration updates

These have to be pulled from a central server and installed without manual
intervention. I could conceivably take away the required privileges from
root and give them to a dedicated maintenance account. Of course, I then
have to solve the next problem:

- How to prevent root from compromising secoff and other accounts

For an on-premise server, I would simply lock out secoff completely and do
all maintenance while booted into a softmode kernel. However, this is not an
option for the remotely deployed servers. The question is, how many
loopholes do I have to plug to prevent root from gaining access to secoff
and other privileged accounts?

It is of course entirely possible that I try to do more than I really need
to. In particular, if I can run the few services (if any) that the firewalls
expose as non-root users in a tightly locked jail, I'm probably where I want
to be.

In summary, do any of you use RSBAC on remotely deployed servers and
firewalls? If so, how do you configure RSBAC?

Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.593 / Virus Database: 376 - Release Date: 2/20/2004

More information about the rsbac mailing list