[rsbac] network ports problem

Bartosz Brodecki bbrodecki at cs.put.poznan.pl
Thu Aug 30 13:18:17 CEST 2007


I install newest version of RSBAC 1.3.5 with kernel (patched by rsbac 

and my script securing apache2 has some problems
Of course it works, by apache has too much rights:
one big problem is restriction of ports (I want only allow port 80 of tcp 
stream Inet4 and Inet6) and now apache may open any port of tcp stream Inet4 
and Inet6 and may accept connection and make communications

is it some problems with rsbac or what was changed??

How I starting apache:
 - 2 roles (one for starting, and second for working with smaller rights) 
(call it MASTER and SLAVE)
 - 2 nettemp's (for Inet4 and Inet6): Stream, TCP, Ports 80:80
 - 1 netobj for both nettemp's (callit HTTP_NETOBJ)
in RC:
1. for MASTER:
Type_comp_NETOBJ -> GENERAL_NETOBJ -> Create
Type_comp_NETOBJ -> HTTP_NETOBJ -> Close, Create, Get_Status_date, 
Modify_Status_data, Bind, Listen, ACCEPT

2. for SLAVE
Type_comp_NETOBJ -> GENERAL_NETOBJ -> none
Type_comp_NETOBJ -> HTTP_NETOBJ -> Get_status_data, Read, Write, Accept, Send, 
Receive, Net_shutdown

if I change some of this rights apache2 doesn't work.

Please help,


ps. I used OpenSuse 10.2 as distribution, but kernel is compiled by myself (I 
used rsbac for 2 years in testing system)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://www.rsbac.org/pipermail/rsbac/attachments/20070830/b7a0754e/attachment.pgp 

More information about the rsbac mailing list