Válasz:_Protect_rc_file(s)_from_manual_running

From: ghorvath@minolta.hu
Subject: Válasz:_Protect_rc_file(s)_from_manual_running
Date: Mon, 1 Oct 2001 17:35:13 +0100

Next Article (by Subject): Re: Válasz:_Protect_rc_file(s)_from_manual_running Arkady A Drovosekov
Previous Article (by Subject): Re: Válasz: Protect rc file(s) from manual running Amon Ott
Next in Thread: Re: Válasz:_Protect_rc_file(s)_from_manual_running Arkady A Drovosekov
Articles sorted by: [Date] [Author] [Subject]

Dear members,

in the meantime the problem is solved with the help of Stanislav Ievlev.
Many thanks for his help again.

Gabor
ghorvath@minolta.hu

----------------
Hello,

I have been fighting with RSBAC and me.. I would like to achive the
following results:
- at init/shutdown rc files should run without any problem but
- no one including root should be allowed to run them manually.

Of course:
- su can't come into picture ..
- despite I set a script's role to e.g. Protected it cannot run a file to
which Protected has execute rights.

Unfortunately os wants to run the content of the script as bash (what
amazing ;-)) and bash hasn't got the necessary rights..

This problem came into light when I wanted to protect /sbin/iptables but I
want to allow shutdown/startup to be able to set default rules for it..

Before I had been working with LIDS and it was possible. /After sealing
iptables couldn't be ran/ but now I'd like to use RSBAC but need a little
help ;-)

I'd like to reach these goals with RC/ACL/FF? module (with that priority
8-))

Please if you get a clue do not hesitate to share with me !
Thanks for your help in advance,

Sincerely yours,

Gabor
ghorvath@minolta.hu

-
To unsubscribe from the rsbac list, send a mail to
majordomo@rsbac.org with
unsubscribe rsbac
as single line in the body.

Go to Compuniverse LWGate Home Page.