similar to: MAC problems

FreeBSD 5.1-RELEASE Hi, I'm examining Biba and MLS MAC policies and something is not clear for me. Unless I'm doing something wrong, it seems policies are enforced only for reading, but not writing. 1) Biba I've created test file with biba/127 label: $ echo "Message" > file_biba_127.txt $ setfmac biba/127 file_biba_127.txt $ getfmac file_biba_127.txt

(crossposted to freebsd-security just in case someone has to slap me) :) Hello, I'm doing some work with the MAC subsystem in FreeBSD, and I have spotted some errors in the MAC documentation in the handbook. 1- Section 15.14.4. Error in the example dropping users "nagios" and "www" into the insecure class. The example uses the command "pw usermod nagios -L

Hello, I've been looking at the different MAC modules available and how they cold help to implement a less insecure than usual shared hosting web server. I've not been able to come up with a suitable configuration, looking at mac_bsdextended, mac_biba and mac_mls, but I think that a MAC module with the following policies could be very useful for such an environment. Have I

Hello, Are there many people actually using the MAC subsystem in the real world? I have been working to set up a shared hosting webserver and I've stumbled against some limitations with the BIBA policy. In short, it's an excellent model, and can be used succesfully if applications are aware of its existance, but I find it incompatible with the real-world needs in Unix, and,

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I just try to understand the concepts and possiblities behind the mac framework. After days of puzzling I found one puzzling behaviour and still have one immediate question (this is on 5-stable) - - when I enable mac_biba, set root to biba/equal (or any value, actually), and do a setfmac -R biba/equal / I expect biba to be activated without any

A bit of a background: I've been experimenting with LOMAC labels on a 9.1-RELEASE test system. To get the dynamic IP assigned to the machine, I tried following recipe: set the label for /sbin/dhclient to lomac/high[low]. This gets the job done, but there were a few problems: first of all, this label does not seem to persist after a reboot - I have not yet found a reasonable explanation

Dear All, I am a student enrolled google summer code 2007. My job is to write security regression testsuites for FreeBSD under the guidance of my mentor Dr. Robert Watson. Under his encourage, I write following request for comments RFC :-) ////////////////////////////////////////////////////////////// What I plan to do: 1) to test the stability of Mandatory Access Control and Audit

I am using a Netgear MA401 with the wi driver, and am having trouble using wpa_supplicant to set static WEP keys. I have the wlan_wep.ko module loaded with wlan and wi built into the kernel. My wpa_supplicant.conf looks like this: ctrl_interface=/var/run/wpa_supplicant ctrl_interface_group=wheel network={ ssid="INTERNERD" scan_ssid=1 priority=1 key_mgmt=NONE

Hi there . Some one know how fix this??? I tried a lot of diffierent thinks, but nothing. and my Freebsd Access point keep crashing some time when I use cards prism 2.5 , but dosen't crash with prism 2 . The problem is I must to use prims 2.5 because it's a high power card, and work really well until crash. thanks!! -- Marcos Biscaysaqu Systems Administrator ThePacific.Net Ltd.

Hello I am trying to redirect all http traffic of unauthorized wifi users on a wireless hotspot to a login page. The problem I have is that I can not disable the regular address translation (I want the source address to stay the same). 10.0.0.7 is the wifi client 195.250.155.29 is the web wifi user tries to access from his browser 195.113.17.94 is my login page 10.0.0.1 is the wifi

Hi List! Don't see much discussion about MAC here, time to change that! :-) Currently trying to set up a service jail, according to instructions in the handbook[1]. The problem I'm facing is that nullfs does not seem to support multilabeled filesystems, or am i missing something? ls -lZ /usr/js/testjail/var/run/test -rw-r--r-- 1 root wheel biba/equal 0 Feb 6 17:15

On 01/13/2014 04:50 PM, Michal Privoznik wrote: > On 13.01.2014 16:10, Ivan Gooten wrote: >> hi, >> >> recently i've been busy with libvirt(d) v1.2.0 on armhf and i see, even >> if selinux sec driver is enabled on the configure stage, the driver is >> not finally created. these configure parameters are: >> >> --with-selinux >>

Hi There . Iam runnig a Freebsd5.0 Access Point with a PCMCIA card PRISM 2.5 chipset 200mw , I have got 32 clients on it but is not working fine, keep crashing and I have lot wi0: timesouts on the screen. I was using with same computer other prism card but prism2 and that card work very well but with a lot lower power and more noise because I need use an Ampl. With The prism2.5 the Access

Hi there, I am trying to move from lmtpd (lmtpd.sf.net) to dovecot sieve. One thing used by some of powerusers are archiving mail automatically with autocreated folders based on year + month. Is there any good way to make that with sieve... One example require "fileinto"; if address :is ["From", "To"] "dovecot at dovecot.org" { fileinto

Updating a system from CentOS 5.4 (current) to 5.5, and I see: libsepol.scope_copy_callback: zosremote: Duplicate declaration in module: type/attribute zos_remote_t libsemanage.semanage_link_sandbox: Link packages failed semodule: Failed! Any ideas as to what's going on, or why? mark "glad selinux is disabled on that box"

These patches update the example FLASK policy shipped with Xen and enable its build if the required tools are present. The third patch requires rerunning autoconf to update tools/configure. [PATCH 1/3] flask/policy: sort dom0 accesses [PATCH 2/3] flask/policy: rework policy build system [PATCH 3/3] tools/flask: add FLASK policy to build

>I have a series of write statements because >i am writing to a file >where the characters strings are the column names of a dataframe >and the numbers are the elements in a particular row. >So, a file might look like > >AAA 2.1 >BB 3.1 >AHLZ 0.2 > >and it would be named "rowname".mls. > >so, each time i get to a new row, i create a new file and

Does anyone know of a good resource on doing MLS (Multiple Listing Service) integration with Rails? My searches don''t seem to be turning up much information and I need to get a quick handle on what''s involved in this process. Many thanks!

I used the latest version from here: http://www.mls-software.com/opensshd.html On my other (Windows 10) machine (on which openssh works), I have cygwin installed, but if ssh was using cygwin, I wasn't aware of it. I just ran ssh from the command prompt. Wallace Forman 913-669-4453 On Wed, Jun 29, 2016 at 4:37 PM, ?ngel Gonz?lez <keisial at gmail.com> wrote: > On 29/06/16 21:36,

I have FreeBSD 7.1-RELEASE-p4 running on a Soekris 4521 with three wireless cards that use the wi-driver: - one mini-pci wireless card: <Intersil Prism2.5> on pci0 using RF:PRISM2.5 MAC:ISL3874A(Mini-PCI) Intersil Firmware: Primary (1.1.1), Station (1.8.2) - and two pcmcia wireless cards: