[rsbac] network ports problem
Bartosz Brodecki
bbrodecki at cs.put.poznan.pl
Thu Aug 30 13:18:17 CEST 2007
Hi,
I install newest version of RSBAC 1.3.5 with kernel 2.6.22.4 (patched by rsbac
team)
and my script securing apache2 has some problems
Of course it works, by apache has too much rights:
one big problem is restriction of ports (I want only allow port 80 of tcp
stream Inet4 and Inet6) and now apache may open any port of tcp stream Inet4
and Inet6 and may accept connection and make communications
is it some problems with rsbac or what was changed??
How I starting apache:
- 2 roles (one for starting, and second for working with smaller rights)
(call it MASTER and SLAVE)
- 2 nettemp's (for Inet4 and Inet6): Stream, TCP, Ports 80:80
- 1 netobj for both nettemp's (callit HTTP_NETOBJ)
in RC:
1. for MASTER:
Type_comp_NETOBJ -> GENERAL_NETOBJ -> Create
Type_comp_NETOBJ -> HTTP_NETOBJ -> Close, Create, Get_Status_date,
Modify_Status_data, Bind, Listen, ACCEPT
2. for SLAVE
Type_comp_NETOBJ -> GENERAL_NETOBJ -> none
Type_comp_NETOBJ -> HTTP_NETOBJ -> Get_status_data, Read, Write, Accept, Send,
Receive, Net_shutdown
if I change some of this rights apache2 doesn't work.
Please help,
BBr
ps. I used OpenSuse 10.2 as distribution, but kernel is compiled by myself (I
used rsbac for 2 years in testing system)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://www.rsbac.org/pipermail/rsbac/attachments/20070830/b7a0754e/attachment.pgp
More information about the rsbac
mailing list