Re: Block outgoing connections for certaing uids (root, apache, nobody)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

On Wednesday, April 04, 2012 05:13:11 AM Alexander Farber wrote:
> Good morning
> 
> With iptables in CentOS 5 and 6 Linux - how can you please
> prevent processes running as "root", "apache" or "nobody"
> from initiating outgoing connections?

This sounds more like something an SELinux rule could do better, and on a per-process basis.

Now, I don't have such a rule or policy file written, but I think for this purpose SELinux is the right tool to try to use.  You might have to go from the rather lenient 'targeted' policy to the rather difficult to use 'strict' policy to make it happen, though.

Dan Walsh is on here, and he's the expert, so maybe he'll weigh in.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux