[rsbac] New to RSBAC - pls help with initial policies setup conf.
Javier Juan Martínez Cabezón
tazok at rsbac.org
Wed Mar 22 19:02:26 CET 2017
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Here you have it
https://www.rsbac.org/pipermail/rsbac/2016-January/002721.html
PD: I would like to know, how kang, ao, michal did their own policies
in their ultrasecret servers, Did they have one hidden elf doing it
for them?????
Well, kang surely with mozilla would need one elf army
On 22/03/17 18:47, Javier Juan Martínez Cabezón wrote:
> On 22/03/17 17:13, Lokesh Ubuntu wrote:
>> Hello All, Am new to RSBAC and likely understand built available
>> options and now looking for help in writing and applying polices
>> and couldn't found much by googling, pls help me on 'whr to
>> start?' 'How polices works?' and 'Polices writing sample/docs?'.
>
>> Thanks in advance!
>
>> Regards, Lokesh _______________________________________________
>> rsbac mailing list rsbac at rsbac.org
>> http://www.rsbac.org/mailman/listinfo/rsbac
>
>
> Have you seen our handbook? as a starting point is good enough.
> Each module (a.k.a decision module or ADF module) needs each one
> their own policy. It would be a good idea to tell us what are you
> going to build and which security requirements do you have.
>
> I suggest you to activate only AUTH, UM, RES, RC CAP and JAIL and
> to use recent git kernel that implement W^X.
>
> Initially you could start assigning to each init.d service each
> own rc_forced_role and grant each binary implied in them their own
> rc_type, not long ago I sent here an script to create initial
> roles and types if you have low roles/types requirements it shall
> be good enough for you it could have "logic bugs and other ones" as
> why the hell my type numbers are multiple of four (and things like
> this), but enough to run (sorry).
>
> Login, and daemons and memory resident software (as tripwire)
> shall run with their own role.
>
> You can use AUTH, CAP and RC learning mode and make a regular use
> of your system to allow rsbac to learn needed rights. After that I
> would make a policy backup (with -p) and analize your policy and
> revoke all unwanted rights (a.k.a request).
>
> If you don't undestand something about our handbook or theory
> please ask
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJY0rwvAAoJEFfmTgt/w77fXlcQAIf75FDn82mdu7HEUwCew7yp
WkEb5DKDBKwo5yeRNOHkDSLdP6pW/0fghQ5yeBkB0vOJT0hVxsitZA1IGM/rf5zb
5NZ73FocoqHiqLVDrK0S+uyoa5l9oP5dQqEpVwbTfzTuhml9irhIBd+3Dtoy/NTi
iFSHmn+g9YzN8uTcG0oIO96qznDcP9zzE7cWD97xzmKjppum0IMpRIOicrr3GqAp
fr0CDGSXf21JZBhASkiAy215SleAMnvIQYEg19pzJX1sphg6zPeXY8IouHg3I1ys
rWcE5zA58qe4Vkz2JAIKX6C+3Oz+kWuMaaM3lJHGTHKUX2m5qZmx+FTszhG42BO2
x3tC9R+llCImqTADd1FW2PasFKFi8Q/+AwHYm8VukuXvstPEsb22xS3IZar/E/ck
n5NOAUJlYtnsoirV6JDM5hhMj5cQbAdkFTUP8X6aLaX/MO6y2GHPmWxTNWkFUzyv
MepvxIFc+KecfEPQESsYKWYtMjQ+rqktRGiMnJi/BNUcsygC/SdDZHD1e3Q1u1FJ
fhWd1Stn2I38Jxykuu4sYR5RsnY0qNhCiMbadQCMBL8Fg5BfUsQLcqxWT9qsm/zc
/iAN2sU20QIhEdLRe4hWcR+2U1/CPmFCZ0I6cAnHuNQ3Lpn2xPQIVhLjcuPscMnq
QU3YkTNm3ubdQVdCtWf+
=zhgG
-----END PGP SIGNATURE-----
More information about the rsbac
mailing list