[rsbac] RSBAC usage questions

[Markus Weber]

All,

I have toyed with RSBAC on and off for years, but I always ran into a few
nagging problems.

The intended hosts are firewalls and fileservers to which I have neither
physical access nor much on-site assistance. It is imperative that remote
maintenance is as close to fully automated as possible and the servers may
have a live expectancy of 3-5 years before they can be restaged or replaced.

For the most part, I can see how to harden a system, but I can't reconcile
this with the mandates of remote maintenance. My main areas of concern are:

- How to handle software and configuration updates

These have to be pulled from a central server and installed without manual
intervention. I could conceivably take away the required privileges from
root and give them to a dedicated maintenance account. Of course, I then
have to solve the next problem:

- How to prevent root from compromising secoff and other accounts

For an on-premise server, I would simply lock out secoff completely and do
all maintenance while booted into a softmode kernel. However, this is not an
option for the remotely deployed servers. The question is, how many
loopholes do I have to plug to prevent root from gaining access to secoff
and other privileged accounts?


It is of course entirely possible that I try to do more than I really need
to. In particular, if I can run the few services (if any) that the firewalls
expose as non-root users in a tightly locked jail, I'm probably where I want
to be.

In summary, do any of you use RSBAC on remotely deployed servers and
firewalls? If so, how do you configure RSBAC?

Markus
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.593 / Virus Database: 376 - Release Date: 2/20/2004