Re: Security outside of SElinux?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Jan 29, 2009 at 13:26:24 -0600,
  Jeff Barnes <hybridjeffbarnes@xxxxxxxxxxxxx> wrote:
> Are there commands with this functionality in Fedora?
> If not what would it take to make them happen in general?
> Reasons would be ease of security application and another reason is
> that Enterprise has restrictions on altering SElinux policies
> which effect warranty. If this functionality were a logic binary AND
> with SELinux then we would not ever need to change default SElinux
> policies.

iptables has an extension that allows you to filter on uids or gids.
For processes or files I think you want to use selinux.

> ________________________________________________________________
> /sbin/PORTS_ALLOW_FOR_USER username list of ports
> /sbin/PORTS_DENY_FOR_USER username  list of ports
> /sbin/LIST_ALLOWED_PORTS_FOR_USER username
> 
> /sbin/PORTS_ALLOW_FOR_FILE filename list of ports
> /sbin/PORTS_DENY_FOR_FILE filename list of ports
> /sbin/LIST_ALLOWED_PORTS_FOR_FILE filename
> 
> /sbin/PORTS_ALLOW_FOR_PROCESS processID list of ports
> /sbin/PORTS_DENY_FOR_PROCESS processID list of ports
> /sbin/LIST_ALLOWED_PORTS_FOR_PROCESS processID
> ___________________________________________________________________________
> /sbin/PRIVILEGES_ALLOW_FOR_USER username list_of_privileges_or_levels
> /sbin/PRIVILEGES_DENY_FOR_USER username list_of_privileges_or_levels
> /sbin/LIST_ALLOWED_PRIVS_FOR_USER username list_of_privileges_or_levels
> 
> /sbin/PRIVILEGES_ALLOW_FOR_FILE filename list_of_privileges
> /sbin/PRIVILEGES_DENY_FOR_FILE filename list_or_privileges
> /sbin/LIST_ALLOWED_PRIVILIGES_FOR_FILE filename
> 
> /sbin/PRIVILEGES_ALLOW_FOR_PROCESS processnameID list_of_privileges
> /sbin/PRIVILEGES_DENY_FOR_PROCESS processnameID list_of_privileges
> /sbin/LIST_ALLOWED_PRIVILEGES_FOR_PROCESS processID
> _____________________________________________________________________________

--
Fedora-security-list mailing list
Fedora-security-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-security-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Coolkey]

  Powered by Linux