Re: 1.0.9b-pre2 uploaded


From: Jesse Pollard <pollard@dns1.navo.hpc.mil>
Subject: Re: 1.0.9b-pre2 uploaded
Date: Thu, 24 Feb 2000 13:13:35 -0600 (CST)

Next Article (by Date): Re: 1.0.9b-pre2 uploaded ao@morpork.shnet.org (A. Ott)
Previous Article (by Date): Appropriate for webserver? Michael Mikkelsen
Top of Thread: 1.0.9b-pre2 uploaded ao@morpork.shnet.org (A. Ott)
Next in Thread: Re: 1.0.9b-pre2 uploaded ao@morpork.shnet.org (A. Ott)
Articles sorted by: [Date] [Author] [Subject]


Hi
ao@morpork.shnet.org (A. Ott):
...
>- If somebody of you has an SMP system, I would really appreciate feedback
>  and debugging help. RSBAC does not access data on unmounted filesystems,
>  so it should be safe to setup a test system on a separate partition.

Yes I do... And I've had some problems. First a URL reference to my (our)
system: http://www.cats-chateau.net/ (undergoing development). There
is a section at http://www.cats-chateau.net/homenet/security/ that
outlines the beginning of an approach to a very secured web server, but
without assuming a bug free web server...

I have installed the RSBAC patches (for 2.2.13 - not all documents have
been updated yet), created a maintenance and secure kernel.

And unfortunately, I don't have a free partition to stick it on. I do have
a backup system partition however (I don't fully count that as a free
partition).

I booted both maintenance and secured kernels just to see what would happen;
they both hung after reporting the "can't compeletely read..." messages.

I was wondering if the problem may be related to accepting the default
RSBAC options. Specifically - should I only include the MAC and AUTH
modules? Does the MAC include the compartments? I didn't locate any
documents that talked about that, only the hang sounded like the "may not
be able to login ..." sections. Is there a little bit more info on the
installation procedures? The patch/compile procedures worked fine - no
errors reported there.

The hang appeared to occur at the end of the RSBAC initialization. The
sections after that in my boot sequence are to complete the single user list -
loading modules for filesystems, controller, network, sound card ...
Then the multi-user startup.

I'm using a Slackware 7.0 base (hence the 2.2.13 kernel).

I'm also willing to help fill out some of the documentation. That was
part of what I was doing with the security reference, just to create some
introductory writeups and a sample use design (as well as a light analysis
of the security).

I have more to add about creating a database/CGI activity that isn't
available yet.

Thanks for any help.
-
To unsubscribe from the rsbac list, send a mail to
majordomo@morpork.shnet.org with
unsubscribe rsbac
as single line in the body.

Next Article (by Date): Re: 1.0.9b-pre2 uploaded ao@morpork.shnet.org (A. Ott)
Previous Article (by Date): Appropriate for webserver? Michael Mikkelsen
Top of Thread: 1.0.9b-pre2 uploaded ao@morpork.shnet.org (A. Ott)
Next in Thread: Re: 1.0.9b-pre2 uploaded ao@morpork.shnet.org (A. Ott)
Articles sorted by: [Date] [Author] [Subject]


Go to Compuniverse LWGate Home Page.