[rsbac] rc-type-fd test
Jens Kasten
jens at igraltist.dyndns.org
Thu Apr 27 06:28:51 CEST 2006
hi liste
i have make a tool do build rc-fd-types for /, /usr /var /etc
and /etc/{files}.
some basic policies i build but now i have to merge this with new build
policy-function wich are empty. e.g its build
function pol-dir_var_spool(){
echo "in spol"
}
and i have this policy
function pol-dir-var_spool (){
rc_set_item ROLE 999999 type_comp_fd $rc_fd_while_counter SEARCH
GET_STATUS_DATA
}
with default setting.
because first i must run it -b for build all empty rc-type-fd policies for
catch all nessary files and directory.
and then assign this to rsbac it will start count on rc-type-fd number 3.
under http://igraltist.dyndns.org/rc-type-basis.tar.bz2
you can download and test it. it is in experiment so not all policies has
include all nessesary thinks, but enough that security-log get not
overflooded.
when you test it you will need th zsh and start it with zsh otherwise it not
work.
the zsh was offer only filenames like cron.daily and allow this name as part
from the funtionsname. all other not allow . or _ like this in
functionsnames. also my programming knowledge is very limit, mayby other
solution more easy.
the thinking for this was to build first on all main files or directory and
put rc-type-fd and then setup the RC-Roles, so this bring out the RC-Role 2
wich is the root-user, because i have to allow it for get access on this
rc-types wich everywhere.
mfg
igraltist
More information about the rsbac
mailing list