nall.com
Nall Design Works : SELinux and Multilevel Security
http://www.nall.com/blog
SELinux and Multilevel Security. VMWare Fusion port forwarding. I needed to forward port 2020 on my laptop to a VM for test. Sudo vi "/Library/Application Support/VMware Fusion/vmnet8/nat.conf". Stanza and add the port forward. Is the VM IP address. Incomingtcp] 2020 = 192.168.243.138:2020. Restart VMware Fusion networking. Sudo "/Library/Application Support/VMware Fusion/boot.sh" - restart. MacBook Pro VMWare xorg.conf for Fedora 10 Enforcing. Turning on MLS in Fedora 13 (v2). Login and do the following:.
kernsec.org
Projects - Linux Kernel Security Subsystem
http://kernsec.org/wiki/index.php/Projects
From Linux Kernel Security Subsystem. Linux Security Modules (LSM). The API for access control frameworks. A pathname-based access control system. Security Enhanced Linux (SELinux). A flexible and fine-grained MAC framework. The Simplified Mandatory Access Control Kernel for Linux. Another pathname-based access control system (LiveCD available). Extensive security enhancement patch for the Linux kernel (RBAC, chroot hardening, auditing, stack/heap protection randomization and more.). This page was last m...
selinux-mac.blogspot.com
SELinux Mandatory Access Control: december 2010
http://selinux-mac.blogspot.com/2010_12_01_archive.html
SELinux Mandatory Access Control. Dominick Grift blogs about topics related to Security-Enhanced Linux Mandatory Access Control. Donderdag 16 december 2010. Note to self: all the stuff a pulseaudio client needs. Basically i figured out about three scenarios so far:. Pulseaudio is running normally, and the pulseaudio client needs to make some sound i guess. Manage a pulse-shm file in /dev/shm. Manage files pattern($1, $2 tmpfs t, $2 tmpfs t). Fs tmpfs filetrans($1 t, $2 tmpfs t, file). Manage /.cache ...
selinux-mac.blogspot.com
SELinux Mandatory Access Control: december 2013
http://selinux-mac.blogspot.com/2013_12_01_archive.html
SELinux Mandatory Access Control. Dominick Grift blogs about topics related to Security-Enhanced Linux Mandatory Access Control. Zondag 15 december 2013. Finding file context files that do not end with a newline. File context files not ending with a newline cause annoying situations. Maandag 9 december 2013. The tool also has it's drawback because you are bound to the functionality the tool provides but nothing stops you from manually editing the generated policy, and so that is pretty much a non-issue.
selinux-mac.blogspot.com
SELinux Mandatory Access Control: Can SELinux be made simpler?
http://selinux-mac.blogspot.com/2013/12/can-selinux-be-made-simpler.html
SELinux Mandatory Access Control. Dominick Grift blogs about topics related to Security-Enhanced Linux Mandatory Access Control. Donderdag 5 december 2013. Can SELinux be made simpler? Disclaimer: this is just my opinion. This must be a trick question. There is no easy answer for this. First we should define SELinux to be able to put the question into a context. SELinux has three components: The LSM-Based system in the kernel, the tools and libraries, and lastly security policy. This prerequisite brings ...
selinux-mac.blogspot.com
SELinux Mandatory Access Control: augustus 2011
http://selinux-mac.blogspot.com/2011_08_01_archive.html
SELinux Mandatory Access Control. Dominick Grift blogs about topics related to Security-Enhanced Linux Mandatory Access Control. Dinsdag 23 augustus 2011. Git daemon and SELinux with RHEL6. RHEL6 does not ship with a manual page for configuring Git daemon SELinux policy, and so decided to publish a demonstration on youtube:. Part 1. Git system daemon, shared repositories. Http:/ www.youtube.com/watch? Part 2. Git session daemon, personal repositories. Http:/ www.youtube.com/watch? NSA SELinux Mail List.
selinux-mac.blogspot.com
SELinux Mandatory Access Control: september 2012
http://selinux-mac.blogspot.com/2012_09_01_archive.html
SELinux Mandatory Access Control. Dominick Grift blogs about topics related to Security-Enhanced Linux Mandatory Access Control. Zondag 30 september 2012. Determine whether Cron can execute jobs on behalf of the user with login user SELinux permissions. Cron would run jobs on behalf of users in a "cronjob" domain. This domain is reasonable restricted compared to the domain in which most users operate. Then Cron will run the jobs in the default login user domain of the user owning the job. Allow cronjob t...
selinuxnews.org
Planet SELinux
http://www.selinuxnews.org/planet
Note: this site is now a static archive and no longer updated. September 26, 2014. A follow up to the Bash Exploit and SELinux. One of the advantages of a remote exploit is to be able to setup and launch attacks on other machines. I wondered if it would be possible to setup a bot net. Attack using the remote attach on an apache server with the bash exploit. Looking at my rawhide machine's policy. Sesearch -A -s httpd sys script t -p name connect -C grep -v D. Found 24 semantic av rules:. Lots of people a...
selinux-mac.blogspot.com
SELinux Mandatory Access Control: quick script to check for unsupported device nodes by SELinux
http://selinux-mac.blogspot.com/2013/12/quick-script-to-check-for-unsupported.html
SELinux Mandatory Access Control. Dominick Grift blogs about topics related to Security-Enhanced Linux Mandatory Access Control. Maandag 9 december 2013. Quick script to check for unsupported device nodes by SELinux. L "$i" ]; then echo "$(ls -alZ "$i")" fi done } recurse block() { for i in "$1"/*;do if [ -d "$i" ];then recurse block "$i" elif [ -b "$i" -a! Abonneren op: Reacties plaatsen (Atom). Join us at #selinux and #fedora-selinux on irc.freenode.org. Can SELinux be made simpler? Of Red Hat, Inc....
