| 1 |
On Thu, 2004-06-10 at 08:44, Miguel Sousa Filipe wrote: |
| 2 |
> Thanx for that url. |
| 3 |
> |
| 4 |
> However, I must say that its not good policy to discontinue support on |
| 5 |
> one version, and using only a latter one that has so few or none |
| 6 |
> documentation. |
| 7 |
|
| 8 |
Sorry but we develop this stuff for free and I/we have a limited number |
| 9 |
of developers working on this from a grsec angle. Actually it's really |
| 10 |
only me and I've got myself spread somewhat thin within the gentoo |
| 11 |
project now. One can of worms opens up another and before you know it |
| 12 |
your on about every core herd within gentoo etc. So it was ideal for me |
| 13 |
to kill off the old when spender decided to obsolete/deprecate 1.9.x in |
| 14 |
order to keep things reasonably maintainable. |
| 15 |
|
| 16 |
> |
| 17 |
> I've read the docs supplied by spender, and I think they lack depth and |
| 18 |
> have very few info... |
| 19 |
> anyways, my 2.4.26-grsec2 is allready compiled and i'm going to try it |
| 20 |
> out.... |
| 21 |
> :) |
| 22 |
> |
| 23 |
> |
| 24 |
> > I'm a slacker and writing docs is not something I enjoy doing for free. |
| 25 |
> > So... this is all you get from me for now on the subject of creating |
| 26 |
> > roles for your 2.x system |
| 27 |
> > http://dev.gentoo.org/~solar/xml/grsecurity2.html |
| 28 |
> > (...) |
| 29 |
> > -- |
| 30 |
> > Ned Ludd <solar@g.o> |
| 31 |
> > Gentoo (hardened,security,infrastructure,embedded,toolchain) Developer |
| 32 |
> > |
| 33 |
> |
| 34 |
> Now about grsec2, I was thinking about creating a "role" for |
| 35 |
> system/software maintenance, something like upgrading software, |
| 36 |
> changing config files, editing cron files.... since those are made |
| 37 |
> under supervision of a admin... |
| 38 |
> so that the ACL for the "regular & normal" funcioning would not involve |
| 39 |
> those tasks, and only the regular tasks the server runs.. that normally |
| 40 |
> aren't supervised.. one just leaves the machine running, doesn't stay |
| 41 |
> there watching all the time :) |
| 42 |
> |
| 43 |
> is this the way the RBAC is supposed to be used? |
| 44 |
> |
| 45 |
> and for bigger systems one could/should have roles for: |
| 46 |
> - backups and data recovery.. |
| 47 |
> - operator actions has creating acounts, supplying new passwords... |
| 48 |
> - software upgrades and mantainance for admins.. |
| 49 |
> - auditing/log checking.... |
| 50 |
> - and true admin/root mode for users != root (normally the core admins) |
| 51 |
> - root just stays there...and can read the logs... start/stop services.. |
| 52 |
> |
| 53 |
> Is this the way grsec2 envisions? |
| 54 |
> |
| 55 |
> I'm thinking in those actions/roles since thats more or less what I |
| 56 |
> have in a solaris university server with acounts for every student and |
| 57 |
> course.. wich gives 6000 acounts... |
| 58 |
> plus web serving, cvs server, mail server... ftp, ssh, the whole |
| 59 |
> buttload one can imagine... |
| 60 |
> |
| 61 |
> and I'm allways looking/thinking in how could that be better managed |
| 62 |
> with a hardened linux... |
| 63 |
> |
| 64 |
> Thanks for gentoo developers for supplying us with such a great distro! |
| 65 |
> ps: grsec rocks! |
| 66 |
> please reply to: miguel@×××××××××××.pt thanks! |
| 67 |
> |
| 68 |
> Miguel Figueiredo Mascarenhas de Sousa Filipe |
| 69 |
> email: miguel@×××××××××××.pt (PORTUGAL) |
| 70 |
> http://mega.ist.utl.pt/~miguel |
| 71 |
> |
| 72 |
> Equipa de Administracao de Sistemas |
| 73 |
> Rede das Novas Licenciaturas (RNL) |
| 74 |
> Instituto Superior Tecnico |
| 75 |
> http://www.rnl.ist.utl.pt |
| 76 |
> http://mega.ist.utl.pt |
| 77 |
> |
| 78 |
> |
| 79 |
> Miguel Figueiredo Mascarenhas de Sousa Filipe |
| 80 |
> email: miguel@×××××××××××.pt (PORTUGAL) |
| 81 |
> http://mega.ist.utl.pt/~miguel |
| 82 |
> |
| 83 |
> Equipa de Administracao de Sistemas |
| 84 |
> Rede das Novas Licenciaturas (RNL) |
| 85 |
> Instituto Superior Tecnico |
| 86 |
> http://www.rnl.ist.utl.pt |
| 87 |
> http://mega.ist.utl.pt |
| 88 |
> |
| 89 |
> |
| 90 |
> -- |
| 91 |
> gentoo-hardened@g.o mailing list |
| 92 |
-- |
| 93 |
Ned Ludd <solar@g.o> |
| 94 |
Gentoo (hardened,security,infrastructure,embedded,toolchain) Developer |
Archives