|
Hello, I am trying to come to a solution regarding the use of
telnet on our MLS system. ( I know, … the decision to use it was made
above me ) . L What we have is a RHEL 5.3 system with the RedHat MLS policy
installed. The system has multiple physical NICs attached to different
networks. Each network is designated for it’s own sensitivity
level. ( so we might have one network for s1:c20, one for s2:c40 etc…) User accounts are created with sensitivity labeling via
semange. ( so we might have: user1 with s1:c20, and user2 with s2:c40
etc… ) The network does not carry any cipso data for evaluation by
my server, so I don’t think I can use netlabel. Questions: If I use IPTables/SECMARK to apply sensitivity labels to the
packets as they come into the system, will xinetd spawn the telnet session with
a matching sensitivity? ( currently the telnet sessions are spawned at
SystemLow-SystemHigh ) If telnet is spawned with the appropriate sensitivity, will
SELinux disallow a users login who do not have a matching sensitivity? Thanks, Mike Benedict |
