Displaying 5 results from an estimated 5 matches for "mac_portacl".
2004 Nov 21
1
mac_portacl and automatic port allocation
Hello,
I really like the idea behind mac_portacl but I find it difficult to use
it because of one issue. When an unprivileged program binds to high
automatic port with a call to bind(2) and port number set to 0 the
system chooses the port to bind to itself. This mechanismus is used by
number of programs, most commonly by ftp clients in active...
2006 Oct 20
2
mac_portacl
Hi, folks.
I am trying to implement reverse proxy using squid with mac_portacl,
but i have problem while binding squid to port 80.
Am i missed something?
Here is my mac_portacl variables:
# sysctl security.mac.portacl.
security.mac.portacl.enabled: 1
security.mac.portacl.suser_exempt: 1
security.mac.portacl.autoport_exempt: 1
security.mac.portacl.port_high: 1023
security.m...
2005 May 24
1
Jail support for mac_portacl(4).
...ne don't need to use firewall for this
purpose. It adds new idtype - 'jid'. With this patch, one can configure
that jail with the given JID can use only defined ports:
# sysctl security.mac.portacl.rules="jid:1:tcp:80"
Patch is here:
http://people.freebsd.org/~pjd/patches/mac_portacl.c.patch
Any objections?
PS. With the above policy, processes from outside a jail can bind to
port 80. We can change this behaviour to "allow port 80 to be used
only inside a jail 1". This will be a warning for not jailed
processes (don't use this port, because it can be...
2007 Feb 18
1
Secure shared web hosting using MAC Framework
Hi all,
I am looking at securing a web server using the FreeBSD MAC Framework.
To make things clear I will call the hosted users "web users". Those are the issues I am dealing with:
** Network Security **
- Web users shouldn't be able to connect to reserved local ports apart from 25(smtp); 80(http); 443(https) and 3306(MySQL)
Solution:
run the web server and web users shell in
2006 May 03
1
MAC policies and shared hosting
Hello,
I've been looking at the different MAC modules available and how they
cold help to implement a less insecure than usual shared hosting web
server.
I've not been able to come up with a suitable configuration, looking
at mac_bsdextended, mac_biba and mac_mls, but I think that a MAC
module with the following policies could be very useful for such an
environment. Have I