Releases
Fulltext results:
- tweety @wiki:experiences
- les * chroot to /mnt/tmp-loop * setuid to secoff * restore every attributes * continue start... before any pam_unix.so lines. Then : <code bash> secoff$ rsbac_useradd -O && rsbac_groupadd -O secoff$ rsbac_passwd -n secoff </code> ==== Grant sshd ==== Sshd must be allow to change his identity during ke
- syslog-ng @documentation:rsbac_handbook:configuration_basics:administration_examples
- G" compiled in for this to work properly. Simply create a rc init script with these line to start syslog-... make your own.// ===== Configuration file ===== Create the corresponding configuration file "/etc/syslo... directory creation for destination files create_dirs(yes); # default owner, group, and p... # (defaults are 0, 0, 0600) # Replace secoff with whoever user you want to use for #
- syslog-ng @documentation:administration_examples
- G" compiled in for this to work properly. Simply create a rc init script with these line to start syslog-... o make your own// ===== Configuration file ===== Create the corresponding configuration file "/etc/syslo... directory creation for destination files create_dirs(yes); # default owner, group, and p... # (defaults are 0, 0, 0600) # Replace secoff with whoever user you want to use for #
- bugfixes @download
- * Urgency: Medium. * What you see: Programs can create suid and sgid files with sys_creat, sys_open and ... PAX module. * What is wrong: In the JAIL module CREATE check, the corresponding mode values are not chec... * Urgency: Medium. * What you see: Programs can create suid and sgid files with sys_creat, sys_open and ... side jails. * What is wrong: In the JAIL module CREATE check, the corresponding mode values are not chec
- upgrade_and_migration @documentation:rsbac_handbook:maintenance
- ogging source with "cat /proc/rsbac-info/rmsg" as secoff (uid 400). If you want, you can install rsbac_klo... hts to their types. Use role setting def_unixsock_create_type, if you prefer different RC types for socket... ogging source with "cat /proc/rsbac-info/rmsg" as secoff (uid 400). If you want, you can install rsbac_klo... n tools contrib or "cat /proc/rsbac-info/rmsg" as secoff (uid 400). * RC: Add GET_STATUS_DATA right for
- daz @documentation:rsbac_handbook:configuration_basics:setting_up_modules
- Dazuko implementation of RSBAC. You will have to create it, if you do not have it. //Note: The following... r Linux distribution, you might be able to simply create the dazuko device the standard way, as it will be... evices 250 dazuko <= Major number is 250 </code> Create the device (with major number 250): <code> # mkno... . Security Officer :) (1): <code> # attr_set_user secoff daz_role 1 </code> ===== Running, testing, trou
- daz @wiki:experiences:tazok
- After setting up UM clamav user properly with (as secoff or bofh in my system): bofh@orion~$rsbac_use... odule, you should grant required permissions, and create required roles and types. In particular you shoul... /dev/zero, /dev/null etc...) It's a good idea to create its own IPC and grant clamav_r CLOSE CREATE READ WRITE LISTEN SEND RECEIVE and MAP_EXEC. This can be a r
- cap @documentation:rsbac_handbook:configuration_basics:setting_up_modules
- clock | |SYS_TTY_CONFIG | Config ttys | |MKNOD | Create device special files | |LEASE | Take leases in fi... o add a DAC_READ_SEARCH and KILL capabilities for secoff, so that this user can browse the complete filesystem: attr_set_user CAP secoff min_caps DAC_READ_SEARCH KILL \\ ---- **Table o
- vum @documentation:rsbac_handbook:security_models
- "I have no name" - user 1/root is not known. As secoff (uid 0/400), copy group and user root from set 0 ... he uid number with -u or group number with -g, or create other users. If you get an error RSBAC_EINVALIDVA
- todo
- ion * User Management option to automatically create user pseudos when adding a user. * Show diffe... fs. We need to make sure it is secure, maybe with secoff involved in decision. * RC ttl setting in men