search for: trustedbsd

FYI for those attending BSDCan and interested in some of the security feature development going on for FreeBSD right now... Robert N M Watson ---------- Forwarded message ---------- Date: Thu, 28 Apr 2005 21:39:31 +0100 (BST) From: Robert Watson <rwatson@FreeBSD.org> To: trustedbsd-discuss@TrustedBSD.org Subject: FYI: TrustedBSD at BSDCan Mentioned in an earlier e-mail, but here it is more specifically -- several members of the TrustedBSD team will be at BSDCan in mid-May. You can learn more about the conference at: http://www.bsdcan.org/ This is a pretty neat tec...

I would like to know that there is or is not a way to prevent users from executing binaries that are not owned by root or that the user is in a particular group. Is this something I can achieve with TrustedBSD's MAC framework?

FYI for those working with audit and intrusion detection on FreeBSD. Robert N M Watson ---------- Forwarded message ---------- Date: Mon, 5 Jun 2006 17:01:04 +0100 (BST) From: Robert Watson <rwatson@FreeBSD.org> To: current@FreeBSD.org Cc: trustedbsd-audit@TrustedBSD.org Subject: Heads up: OpenBSM 1.0a6, per-auditpipe preselection imported to CVS This is a heads up to current@ users regarding two moderate sized sets of changes that entered FreeBSD CVS today: (1) I imported OpenBSM 1.0 alpha 6. (2) I imported support for per-auditpipe presel...

.../etc/security/audit* to configure. There are detailed man pages, as well as a chapter in the FreeBSD Handbook, thanks to Tom Rhodes, explaining audit and audit configuration at a high level. Feedback on both the documentation and implementation would be most welcome; please direct this to the trustedbsd-audit@TrustedBSD.org mailing list. Until the implementation is upgraded from "experimental", AUDIT will remain disabled in the GENERIC kernel by default. I hope to compile AUDIT in by default starting around FreeBSD 6.3 or 6.4, but exactly when will depend on the nature of feedback,...

.../etc/security/audit* to configure. There are detailed man pages, as well as a chapter in the FreeBSD Handbook, thanks to Tom Rhodes, explaining audit and audit configuration at a high level. Feedback on both the documentation and implementation would be most welcome; please direct this to the trustedbsd-audit@TrustedBSD.org mailing list. Until the implementation is upgraded from "experimental", AUDIT will remain disabled in the GENERIC kernel by default. I hope to compile AUDIT in by default starting around FreeBSD 6.3 or 6.4, but exactly when will depend on the nature of feedback,...

FYI, since this is probably of interest to subscribers of this mailing list also. Robert N M Watson ---------- Forwarded message ---------- Date: Wed, 1 Feb 2006 22:55:40 +0000 (GMT) From: Robert Watson <rwatson@FreeBSD.org> To: Julian Elischer <julian@elischer.org> Cc: trustedbsd-audit@TrustedBSD.org, K?vesd?n G?bor <gabor.kovesdan@t-hosting.hu>, current@freebsd.org Subject: Re: HEADS UP: Audit integration into CVS in progress, some tree disruption On Wed, 1 Feb 2006, Julian Elischer wrote: >>> I'll send out follow-up e-mail once the worst is...

...is loaded, networking works, but starting X server fails with message "Couldn't mmap /dev/vga" (I don't see /dev/vga device regardless of MAC policy loaded) Is it normal, or is something wrong ? Is any additional documentation about MAC available, more than papers at http://www.trustedbsd.org ? I'd like to learn a bit more. Regards and thanks for any help, Jarek

Just a quick question, My system is quite heavily customised with regard to permissions and MAC labels on system binaries. Is there any way to stop make installworld resetting all my customisation? At the moment I have a set of scripts to set permissions on everything but that's not exactly ideal. Mark -- PGP: http://www.darklogik.org/pub/pgp/pgp.txt B776 43DC 8A5D EAF9 2126 9A67 A7DA 390F

----- Mensagem encaminhada ---- De: Ricardo A. Reis <ricardo_bsd@yahoo.com.br> Para: security@freebsd.org Enviadas: Sexta-feira, 3 de Novembro de 2006 10:54:14 Assunto: FreeBSD and the new virtual machine-based rootkits Hi All, Recently i participated in Brazil on October 2006 The FIRST/TRANSITS and II Latin American Incident Response Conference (COLARIS). In the II COLARIS - Joanna

...H-1.99-OpenSSH_3.8.1p1 FreeBSD-20040419 I might check that you're using the version shipped with FreeBSD rather than a package-installed version, and that your sshd configuration doesn't include a line to indicate the older version number. Robert N M Watson FreeBSD Core Team, TrustedBSD Projects robert@fledge.watson.org Principal Research Scientist, McAfee Research

Hello I have some issues with OpenBSM which i cannot resolve, so i decided to ask there. 1) I found some bugs in the auditreduce utility and created patch for it - http://www.freebsd.org/cgi/query-pr.cgi?pr=114534. Please, someone from freebsd team - take it, i think its better to fix this before next release. 2) I found that when i`m using XDM as login manager with OpenBSM, all my audit

Hi. This is mostly hypothetical, just because I want to see how knowledgeable people would go about achieving it: I want to sandbox Mozilla Firefox. For the sake of example, I'm running it under my own user account. The idea is that it should be allowed to connect to the X server, it should be allowed to write to ~/.mozilla and /tmp. I expect some configurations would want access to audio

...ity to view traffic captured by sniffers. I plan to use sudo to limit and audit user activities too. I may also try some of the patches to bash listed at project.honeynet.org which send keystrokes to a remote server. Hardware keystroke logging is always a possibility. For more, should I turn to TrustedBSD integration in a future 5.x release? Thank you, Richard Bejtlich http://www.taosecurity.com __________________________________ Do you Yahoo!? Yahoo! Hotjobs: Enter the "Signing Bonus" Sweepstakes http://hotjobs.sweepstakes.yahoo.com/signingbonus

Hello, I really like the idea behind mac_portacl but I find it difficult to use it because of one issue. When an unprivileged program binds to high automatic port with a call to bind(2) and port number set to 0 the system chooses the port to bind to itself. This mechanismus is used by number of programs, most commonly by ftp clients in active mode. Unfortunately this 0 is checked by the

This is a check for FreeBSD's acl_get_perm_np() function (FreeBSD/TrustedBSD implement non-POSIX.1e functions with a _np (non-portable) suffix). The Linux ACL library includes an acl_get_perm() implementation so not having this function should not be a concern. ...Juergen

This is a check for FreeBSD's acl_get_perm_np() function (FreeBSD/TrustedBSD implement non-POSIX.1e functions with a _np (non-portable) suffix). The Linux ACL library includes an acl_get_perm() implementation so not having this function should not be a concern. ...Juergen

...-------------------------- | | Take a look at the $FreeBSD$ ID in your src/sys/net/if_ether.c and make | sure you have 1.64.2.254. Unfortunately, I'm not sure if the timestamp in | CVS is localized or not -- that could be GMT, EDT, or PDT... | | Robert N M Watson FreeBSD Core Team, TrustedBSD Projects | robert@fledge.watson.org Network Associates Laboratories

...ecent OpenBSM versions. Since FreeBSD 6.2-BETA2 contains what is likely the final drop of the audit code (modulo any bug fixes) for 6.2-RELEASE, now would be a great time for people interested in Audit to read the handbook chapter and give Audit a try. And then, of course, send feedback to the TrustedBSD audit mailing list with all the bugs and problems you find :-). This will give us time to shake out these bugs, further enhance the documentation, etc, before BETA3 in a week or so, and ideally chase out any remaining significant bugs over the next month before the release. You can find the h...

...ng While mac_stub and mac_test are both extremely useful for devleopers as shipped, it's not clear to me that mac_ifoff and mac_partition offer significantly similar value, and as they are reference policies rather than production policies, my leaning is to provide them as downloads on the TrustedBSD web site and via p4, but to not ship them with FreeBSD 7.0. So this e-mail is to poll to see if anyone is currently using the mac_ifoff and mac_partition policies in production, and would object on those grounds to shipping them separately from the base OS. Robert N M Watson Computer Laborator...

Regards to everyone, I'm trying to make freeBSD compliant with C2 (orange book C2). Is there any guide for freeBSD made for this porpouse or similar? Thanks to all of you, Rubén _________________________________________________________________ MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*. http://join.msn.com/?page=features/virus