FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Gentoo > Gentoo Hardened

 
 
LinkBack Thread Tools
 
Old 09-07-2012, 08:37 AM
Darknight
 
Default Beginner @ grsecurity rbac

I want to start deploying rbac on already hardened servers, starting
with a server that handles only a few services to "see what happens".
I recompiled the kernel enabling rbac and I'm now ready to reboot.
But... will the default policy break my services until I come up with a
working policy, or at least until I start learning mode manually? Or is
the default policy liberal enough that it is more or less equivalent to
an "allow all" policy?
I'm still learning the syntax and semantics of the policy language so I
don't fully trust my own judgement at this point.


Thanks in advance.
 
Old 09-07-2012, 10:44 AM
"Tóth Attila"
 
Default Beginner @ grsecurity rbac

I think default policy won't be enough for you.
You should first run RBAC in learning mode on your server for a while.
You can generate the learned rules based on the learning log.
You are also advised to go through the learned rules and make some
adjustments.
You can now enable RBAC, but you may still find some denials in your log.
You should accomodate the policy based on the remaining denials.

As the systems gets regularly updated some components will behave
differently, so the policy should incorporate these changes from time to
time.

Regards:
Dw.
--
dr Tóth Attila, Radiológus, 06-20-825-8057
Attila Toth MD, Radiologist, +36-20-825-8057

2012.Szeptember 7.(P) 10:37 időpontban Darknight ezt *rta:
> I want to start deploying rbac on already hardened servers, starting
> with a server that handles only a few services to "see what happens".
> I recompiled the kernel enabling rbac and I'm now ready to reboot.
> But... will the default policy break my services until I come up with a
> working policy, or at least until I start learning mode manually? Or is
> the default policy liberal enough that it is more or less equivalent to
> an "allow all" policy?
> I'm still learning the syntax and semantics of the policy language so I
> don't fully trust my own judgement at this point.
>
> Thanks in advance.
>
 

Thread Tools




All times are GMT. The time now is 09:08 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org