[rsbac] Network Templates, RC Model et al
Amon Ott
ao at rsbac.org
Tue Feb 10 17:40:00 CET 2004
On Dienstag, 10. Februar 2004 17:23, Joerg Weber wrote:
> I find the documentation on http://www.rsbac.org/nettemp.htm
> highly confusing- I just don't get it.
>
> My goal: Restrict bind9 to bind only to TCP/UDP 53 and TCP 953
>
> I did:
> rsbac_nettemp_def_menu,
> added template Nr. 66653 Name Bind_53, added properties for Port 63
Port 53, of course.
> rsbac_nettemp_def_menu,
> added template Nr. 666953 Name Bind_953
> added properties for Port 953
The number should be under 100000, so the default templates do not hit first.
Matching is by lowest template number.
> rsbac_rc_type_menu
> added Type Bind_NETOBJ
>
> rsbac_rc_role_menu
> added Role Bind_ROLE
> chose NETOBJ, chose Bind_NETOBJ
...added rights BIND, LISTEN, CLOSE, SHUTDOWN, etc.
> rsbac_menu
rsbac_fd_menu /usr/sbin/named
> chose the named binary
> assign RC Force/Initial Role BIND_ROLE
Use force_role only, otherwise only initial role applies and the role can
change via setuid.
> Now. How do I link the Template Bind_53/Bind_953 with the RC Roles?
Link with types, not roles.
rsbac_nettemp_menu, choose the template, set rc_type to the new RC NETOBJ
type.
Amon.
--
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
More information about the rsbac
mailing list