Hey, i think about jailing some "processes" on a new freebsd-system. Is there also another way, to harden freebsd e.g. like selinux? Roger
On Monday 23 January 2006 17:42, Roger Grosswiler wrote:> i think about jailing some "processes" on a new freebsd-system. Is there > also another way, to harden freebsd e.g. like selinux?http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/security.html http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/securing-freebsd.html http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/mac.html http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls.html -- /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: not available Url : http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20060123/c5d02173/attachment.bin
On Mon, Jan 23, 2006 at 05:42:42PM +0100, Roger Grosswiler wrote:> i think about jailing some "processes" on a new freebsd-system. Is there > also another way, to harden freebsd e.g. like selinux?Have a look at security(7) for an overview of the existing FreeBSD security options. Also, jail(8) has some bits. There's no /direct/ SELinux, although much of the same ground is covered by the TrustedBSD stuff. Have a look over the web site: http://www.trustedbsd.org/ -Dom
> i think about jailing some "processes" on a new > freebsd-system. Is there also another way, to harden freebsd > e.g. like selinux?Start here: Mandatory Access Control http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/mac.html -- FreeBSD Volunteer, http://people.freebsd.org/~jkoshy