similar to: Poll for users: mac_partition and mac_ifoff policies

FYI for those attending BSDCan and interested in some of the security feature development going on for FreeBSD right now... Robert N M Watson ---------- Forwarded message ---------- Date: Thu, 28 Apr 2005 21:39:31 +0100 (BST) From: Robert Watson <rwatson@FreeBSD.org> To: trustedbsd-discuss@TrustedBSD.org Subject: FYI: TrustedBSD at BSDCan Mentioned in an earlier e-mail, but here it is

Dear All, I am a student enrolled google summer code 2007. My job is to write security regression testsuites for FreeBSD under the guidance of my mentor Dr. Robert Watson. Under his encourage, I write following request for comments RFC :-) ////////////////////////////////////////////////////////////// What I plan to do: 1) to test the stability of Mandatory Access Control and Audit

FYI for those working with audit and intrusion detection on FreeBSD. Robert N M Watson ---------- Forwarded message ---------- Date: Mon, 5 Jun 2006 17:01:04 +0100 (BST) From: Robert Watson <rwatson@FreeBSD.org> To: current@FreeBSD.org Cc: trustedbsd-audit@TrustedBSD.org Subject: Heads up: OpenBSM 1.0a6, per-auditpipe preselection imported to CVS This is a heads up to current@ users

FYI, since this is probably of interest to subscribers of this mailing list also. Robert N M Watson ---------- Forwarded message ---------- Date: Wed, 1 Feb 2006 22:55:40 +0000 (GMT) From: Robert Watson <rwatson@FreeBSD.org> To: Julian Elischer <julian@elischer.org> Cc: trustedbsd-audit@TrustedBSD.org, K?vesd?n G?bor <gabor.kovesdan@t-hosting.hu>, current@freebsd.org

Dear Sirs. It seems to me a never ending story. We run a box with a TYAN Thunder 2500 Dual SMP mainboard, 2GB ECC Tyan certified memory, AMI Enterprise 1600 RAID adapter and additional Intel 1000/Pro server type (64 bit) GBit LAN NIC. With FreeBSD 4.8 this was stable, but to achive this state was really hard! It is a story similar to that what happend when we changed towards FreeBSD

Exactly what I need. I am so glad that you read the forum. Thanks a lot. ----- Original Message ----- From: "Robert Watson" <rwatson@FreeBSD.org> To: "Georgi Hristov" <hristov@iocc.com> Sent: Thursday, June 26, 2003 10:44 AM Subject: Re: SysLog Manipulation | On Thu, 26 Jun 2003, Georgi Hristov wrote: | | > About what time did you merge it ... I may have

On Wed, 2 Jan 2002, John Hay wrote: > Well I can accept your argument for -stable, although bigger changes has > gone in -stable in the past, but what about -current? My -current boxes > also still claim: "sshd version OpenSSH_2.9 FreeBSD localisations > 20011202" And this is the problem, if we don't have -current upgraded > we have little chance in getting wrinkles

Dear 6-STABLE users, In the next 2-3 weeks, I plan to MFC support for CAPP security eventing auditing from 7-CURRENT to 6-STABLE. The implementation has been running quite nicely in -CURRENT for several months. Right now, I'm just waiting on a confirmation from Sun regarding formal allocation of a BSM header version number so as to avoid accidental version number conflicts in the

Dear 6-STABLE users, In the next 2-3 weeks, I plan to MFC support for CAPP security eventing auditing from 7-CURRENT to 6-STABLE. The implementation has been running quite nicely in -CURRENT for several months. Right now, I'm just waiting on a confirmation from Sun regarding formal allocation of a BSM header version number so as to avoid accidental version number conflicts in the

FreeBSD version: 5.1-RELEASE Hi, I'm quite new to FreeBSD. I've check list archives and read a handbook, but I didn't find solution to my problem and I hope this is not off-topic. I've installed 5.1-RELEASE, enabled ACLs on the filesystems and I wanted to test MAC features. I'm also new to MAC, so perhaps this is some my mistake. When I enable mac_biba or mac_lomac (in

I would like to know that there is or is not a way to prevent users from executing binaries that are not owned by root or that the user is in a particular group. Is this something I can achieve with TrustedBSD's MAC framework?

Hello I have some issues with OpenBSM which i cannot resolve, so i decided to ask there. 1) I found some bugs in the auditreduce utility and created patch for it - http://www.freebsd.org/cgi/query-pr.cgi?pr=114534. Please, someone from freebsd team - take it, i think its better to fix this before next release. 2) I found that when i`m using XDM as login manager with OpenBSM, all my audit

On a FreeBSD 5.0 the behaviour of screen when connecting to other users sessions have changed. Previously: 1. login as userA start a screen as userA and disconnect 2. login as root su - userA "screen -r" 3. result failure as userA cant access the ttyX with such a message Current: 1. login as userA start a screen as userA and disconnect 2. login as root su - userA "screen -r" 3.

Dear All, Over the past week or so, I have spent some time updating Tom Rhodes' excellent FreeBSD Handbook chapter on Audit for some of the more recent audit changes, such as new features in more recent OpenBSM versions. Since FreeBSD 6.2-BETA2 contains what is likely the final drop of the audit code (modulo any bug fixes) for 6.2-RELEASE, now would be a great time for people interested

This is a check for FreeBSD's acl_get_perm_np() function (FreeBSD/TrustedBSD implement non-POSIX.1e functions with a _np (non-portable) suffix). The Linux ACL library includes an acl_get_perm() implementation so not having this function should not be a concern. ...Juergen

This is a check for FreeBSD's acl_get_perm_np() function (FreeBSD/TrustedBSD implement non-POSIX.1e functions with a _np (non-portable) suffix). The Linux ACL library includes an acl_get_perm() implementation so not having this function should not be a concern. ...Juergen

Hello. Has anyone here ever successfully set up a jail for X apps, connecting to an external X server? I'm trying an experimental sandbox setup here. I have a jail running on an aliased IP on my local machine and X programs connect out of the jail to my local X server via an SSH tunneled TCP connection. All other packets to and from the jail are denied by the packet filter. The trouble I am

The FreeBSD ACL implementation is currently based on a late POSIX.1e draft, and is similar in functionality to the ACL support in Solaris, IRIX, and Linux. It was developed along a similar timeline to the Linux ACL support, and Andreas and I chatted a fair amount along the way so the parallels are strong -- in fact, the Samba ACL support is almost identical, and the ACL API man pages on

Hello, What do you recommend for keeping track of user activities? For preserving bash histories I followed these recommendations: http://www.defcon1.org/secure-command.html They include using 'chflags sappnd .bash_history', enabling process accounting, and the like. My goal is to "watch the watchers," i.e. watch for abuse of power by SOC people with the ability to view

NAI Labs Announces DARPA-Funded FreeBSD Security Initiative Monday, July 09, 2001 NAI Labs Partners With DARPA to Secure Open Source Operating System