| 1 |
Hi, |
| 2 |
|
| 3 |
Tóth Attila wrote: |
| 4 |
> I'm about to set up a new box. It'll run Hardened Gentoo (suprise!) - what |
| 5 |
> else? |
| 6 |
> Beside providing usual services (ssh, mail, etc.), it would also function |
| 7 |
> as a (uhm..) desktop (i know, i know...). |
| 8 |
> I'm hesitating between Grsec and SELinux. |
| 9 |
> I'm already quite familiar with Grsec, but I have just some limited |
| 10 |
> knowledge and experience on SELinux. IMHO, a regular desktop system should |
| 11 |
> also have effective security features enforced nowdays. |
| 12 |
> Has anybody running xorg on an SELinux box (i know, i know)? |
| 13 |
> |
| 14 |
> Are there any working policies for, or has anybody ever sucessfully used |
| 15 |
> the following list of deamons?sendmail |
| 16 |
> dovecot |
| 17 |
> (cyrus-imapd?) |
| 18 |
|
| 19 |
not sure about sendmail as I don't use it, but the other two don't have a gentoo policy. |
| 20 |
there is policy available for them on the selinux.sf.net CVS. |
| 21 |
a quick view here: |
| 22 |
|
| 23 |
http://dev.gentoo.org/~kaiowas/policy/nsa/domains/program/unused/cyrus.te |
| 24 |
http://dev.gentoo.org/~kaiowas/policy/nsa/domains/program/unused/dovecot.te |
| 25 |
http://dev.gentoo.org/~kaiowas/policy/nsa/file_contexts/program/cyrus.fc |
| 26 |
http://dev.gentoo.org/~kaiowas/policy/nsa/file_contexts/program/dovecot.fc |
| 27 |
|
| 28 |
> spamd |
| 29 |
> clamd |
| 30 |
|
| 31 |
I use these two on a production server so their policy should be up-to-date. |
| 32 |
courier-imap is also supported if you hesitate about cyrus-imapd. |
| 33 |
|
| 34 |
> BTW, which MTA suit would you recommend to use with SELinux? |
| 35 |
|
| 36 |
we have policy for qmail and postfix |
| 37 |
|
| 38 |
> Should I stick to my good old Grsec RBAC policy if I hope for desktop |
| 39 |
> functionality? |
| 40 |
|
| 41 |
some have reported success with the not-yet-supported x11 policy. |
| 42 |
you can test it to see if it fits |
| 43 |
|
| 44 |
http://dev.gentoo.org/~kaiowas/distfiles/selinux-x11-[get_the_latest] |
| 45 |
|
| 46 |
szia, |
| 47 |
peter |
| 48 |
|
| 49 |
-- |
| 50 |
petre rodan |
| 51 |
<kaiowas@g.o> |
| 52 |
Developer, |
| 53 |
Hardened Gentoo Linux |
Archives