Re: [fw-wiz] VM system for firewall use

From: Paul D. Robertson (
Date: 10/12/04

  • Next message: Paul D. Robertson: "Re: [fw-wiz] VM system for firewall use (fwd)"
    To: Kevin Sheldrake <>
    Date: Tue, 12 Oct 2004 10:58:03 -0400 (EDT)

    On Tue, 12 Oct 2004, Kevin Sheldrake wrote:

    > Hello
    > I'd be very interested in discussing working SE Linux considerations and
    > configurations. AFAIK it's a bit tricky to setup. I've got a background
    > in DEC MLS+ and Trusted Solaris and can probably configure user space
    > controls; it's the system level controls that I'm nervous about. When we
    > did it (on MLS+), it was a case of 'guess the privs' and then add/subtract
    > until the minimum working set was found. I'm sure there must be a better
    > way; I admit I haven't done a lot of googling but as we were (almost) on
    > the topic, I thought I'd ask the wizards.

    Gentoo-Hardened contains both SELinux and RSBAC, and I know they have a
    way to do an "audit but don't block" sort of thing for RSBAC that was
    good for profiling a user or application. Their documentation is pretty
    good (though I think the TrustedBSD docs are too,) though it's still a lot
    of reading and wading and guessing and trying.

    I think I'm going to start messing with TrustedBSD soon- the examples I
    cited in a different message seem like a pretty good starting point- and
    if the capability set is good enough, then it'll be sort of fun to work
    into a real config.

    I always thought the SELinux/RSBAC configs people float were more of a
    "this works" than a "this is a good process" thing, but they tend to all
    be more role based than MAC based, and I'm just stubbornly MAC centric.

    With that all said though, if anyone has any good configuration resources
    (Crispin?), I'd like to see them too.

    I can see that when Tiger hits- if not before, I'm going to need
    yet-another external drive...

    Paul D. Robertson "My statements in this message are personal opinions which may have no basis whatsoever in fact." Director of Risk Assessment TruSecure Corporation
    firewall-wizards mailing list

  • Next message: Paul D. Robertson: "Re: [fw-wiz] VM system for firewall use (fwd)"