Re: Válasz: Protect rc file(s) from manual running


From: Stanislav Ievlev <inger@altlinux.ru>
Subject: Re: Válasz: Protect rc file(s) from manual running
Date: Tue, 02 Oct 2001 09:34:17 +0400

Next Article (by Date): Re: rsbac dir Stanislav Ievlev
Previous Article (by Date): Re: Válasz: Protect rc file(s) from manual running steve
Top of Thread: Re: Válasz: Protect rc file(s) from manual running steve
Next in Thread: Re: Válasz: Protect rc file(s) from manual running Amon Ott
Articles sorted by: [Date] [Author] [Subject]


--------------040608060509020505070601
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

Hello friends!

Arkady A Drovosekov wrote:

>On Mon, Oct 01, 2001 at 05:35:13PM +0100, ghorvath@minolta.hu wrote:
>
>>Dear members,
>>
>>in the meantime the problem is solved with the help of Stanislav Ievlev.
>>Many thanks for his help again.
>>
>Stanislav, could you give us little more details about this case?
>

;)

Well....

Problem with  the scripts.

Task:
1) I have some bash script (e.g. to configure Firewall)
2) This script uses some program (e.g. ipchains) for system configuration.
3) I'm want to protect this configuration and script from changes.

Problem:
I cannot use forced RC roles for the scripts, because when I start 
script I really start interpreter (bash) with my (not forced) role. Then 
this interpreter read data from the script and execute programs.

Possible solution:
To use some simple wrapper, that executes script.

Wrapper can use forced role , therefore, script (for Firewall 
configuration) and program (ipchains) can be protected by RC.
Only wrapper can run this program and read this script.


P.S. May be Amon have  better solution ?

-------------------------------------------
With best regards
Stanislav Ievlev


--------------040608060509020505070601
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit

<html>
<head>
</head>
<body>
Hello friends!<br>
<br>
Arkady A Drovosekov wrote:<br>
<blockquote type="cite" cite="mid:20011001231343.B869@pclin.suct.uu.ru">
  <pre wrap="">On Mon, Oct 01, 2001 at 05:35:13PM +0100, <a class="moz-txt-link-abbreviated" href="mailto:ghorvath@minolta.hu">ghorvath@minolta.hu</a> wrote:<br></pre>
  <blockquote type="cite">
    <pre wrap="">Dear members,<br><br>in the meantime the problem is solved with the help of Stanislav Ievlev.<br>Many thanks for his help again.<br></pre>
    </blockquote>
    <pre wrap=""><!---->Stanislav, could you give us little more details about this case?<br></pre>
    </blockquote>
    <br>
;)<br>
    <br>
Well....<br>
    <br>
Problem with&nbsp; the scripts.<br>
    <br>
Task:<br>
1) I have some bash script (e.g. to configure Firewall)<br>
2) This script uses some program (e.g. ipchains) for system configuration.<br>
3) I'm want to protect this configuration and script from changes.<br>
    <br>
Problem:<br>
I cannot use forced RC roles for the scripts, because when I start script
I really start interpreter (bash) with my (not forced) role. Then this interpreter
read data from the script and execute programs.<br>
    <br>
Possible solution:<br>
To use some simple wrapper, that executes script.<br>
    <br>
Wrapper can use forced role , therefore, script (for Firewall configuration)
and program (ipchains) can be protected by RC.<br>
Only wrapper can run this program and read this script.<br>
    <br>
    <br>
P.S. May be Amon have&nbsp; better solution ?<br>
    <br>
-------------------------------------------<br>
With best regards<br>
Stanislav Ievlev<br>
    <br>
    </body>
    </html>

--------------040608060509020505070601--

-
To unsubscribe from the rsbac list, send a mail to
majordomo@rsbac.org with
unsubscribe rsbac
as single line in the body.

Next Article (by Date): Re: rsbac dir Stanislav Ievlev
Previous Article (by Date): Re: Válasz: Protect rc file(s) from manual running steve
Top of Thread: Re: Válasz: Protect rc file(s) from manual running steve
Next in Thread: Re: Válasz: Protect rc file(s) from manual running Amon Ott
Articles sorted by: [Date] [Author] [Subject]


Go to Compuniverse LWGate Home Page.