Re: SEBSD is dead?
On Sat, Dec 18, 2010 at 2:51 AM, krad kra...@gmail.com wrote: On 17 December 2010 22:20, David Brodbeck g...@gull.us wrote: On Fri, Dec 17, 2010 at 8:02 AM, Jerry McAllister jerr...@msu.edu wrote: Anyway, SeLinux ain't 100% popular over there I noticed. Maybe it is just a matter of getting used to it. I got tired of reading the posts on it, so haven't figured out if they were substantive or just whiney. The problem with SELinux is it becomes very difficult to configure properly if you don't have a normal, out-of-the-box configuration. For example, I never did figure out how to keep it from blocking an rsync backup. I disabled it after that, because a system I can't back up is pretty useless no matter how secure it is. :) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org not sure if it will work on all linuxs but this works fine for me on centos in enforcing mode setsebool -P rsync_disable_trans on Yeah, I'd seen that fix, too. As I recall it worked temporarily, then stopped working again, and issuing the command again didn't help for reasons that I couldn't figure out. I also had problems with SELinux breaking execution of external scripts by the SNMP server. I've seen various HOWTOs about how to craft new rules to permit things like this, but many of them seemed to be out of date or referred to tools that don't ship with RedHat. Documentation is thin and the rule syntax is so cryptic it makes sendmail.cf look like LOGO. It was obviously intended to be a no user serviceable parts inside sort of system, but that only works if your setup is completely standard. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: SEBSD is dead?
On Mon, Dec 20, 2010 at 3:11 PM, David Brodbeck g...@gull.us wrote: I've seen various HOWTOs about how to craft new rules to permit things like this, but many of them seemed to be out of date or referred to tools that don't ship with RedHat. Documentation is thin and the rule syntax is so cryptic it makes sendmail.cf look like LOGO. It was obviously intended to be a no user serviceable parts inside sort of system, but that only works if your setup is completely standard. To be perfectly honest ... SELinux has frightening me from day one. For two reasons. 1) The government had the fingers in it (I just can't fathom them contributing positively and constructively to the F/OSS community. 2) Because it was so poorly documented that I couldn't figure it out. All it did was serve to piss me off and I sought other, tried-and-true methods for securing my systems. Beyond this, I've never seen a real and valid use for SELinux ... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: SEBSD is dead?
On 17 December 2010 22:20, David Brodbeck g...@gull.us wrote: On Fri, Dec 17, 2010 at 8:02 AM, Jerry McAllister jerr...@msu.edu wrote: Anyway, SeLinux ain't 100% popular over there I noticed. Maybe it is just a matter of getting used to it. I got tired of reading the posts on it, so haven't figured out if they were substantive or just whiney. The problem with SELinux is it becomes very difficult to configure properly if you don't have a normal, out-of-the-box configuration. For example, I never did figure out how to keep it from blocking an rsync backup. I disabled it after that, because a system I can't back up is pretty useless no matter how secure it is. :) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org not sure if it will work on all linuxs but this works fine for me on centos in enforcing mode setsebool -P rsync_disable_trans on ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: SEBSD is dead?
2010/12/17 zY zhangyuan5...@gmail.com guys, I have a question. SEBSD is dead? Please tell me its latestprogress. Thanks. What is it? A FreeBSD port? Here we discuss FreeBSD, unless you are porting something from somewhere:) -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ Damn!! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: SEBSD is dead?
SeBSD is a FreeBSD project for security enhancement... ACLs and stuff... its part of FreeBSD On Fri, Dec 17, 2010 at 8:02 AM, Odhiambo Washington odhia...@gmail.comwrote: 2010/12/17 zY zhangyuan5...@gmail.com guys, I have a question. SEBSD is dead? Please tell me its latestprogress. Thanks. What is it? A FreeBSD port? Here we discuss FreeBSD, unless you are porting something from somewhere:) -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ Damn!! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: SEBSD is dead?
Hello zY, Am 2010-12-17 19:44:29, hacktest Du folgendes herunter: guys, I have a question. SEBSD is dead? Please tell me its latestprogress. Thanks. SEBSD? Do you mean Security Enhanced BSD? Something like OpenBSD and NETSEC? LOL Thanks, Greetings and nice Day/Evening Michelle Konzack -- # Debian GNU/Linux Consultant ## Development of Intranet and Embedded Systems with Debian GNU/Linux itsyst...@tdnet France EURL itsyst...@tdnet UG (limited liability) Owner Michelle KonzackOwner Michelle Konzack Apt. 917 (homeoffice) 50, rue de Soultz Kinzigstraße 17 67100 Strasbourg/France 77694 Kehl/Germany Tel: +33-6-61925193 mobil Tel: +49-177-9351947 mobil Tel: +33-9-52705884 fix http://www.itsystems.tamay-dogan.net/ http://www.flexray4linux.org/ http://www.debian.tamay-dogan.net/ http://www.can4linux.org/ Jabber linux4miche...@jabber.ccc.de ICQ#328449886 Linux-User #280138 with the Linux Counter, http://counter.li.org/ signature.pgp Description: Digital signature
Re: SEBSD is dead?
On Fri, 17 Dec 2010 08:14:22 -0500 Outback Dingo outbackdi...@gmail.com wrote: SeBSD is a FreeBSD project for security enhancement... ACLs and stuff... its part of FreeBSD SEBSD, the MAC framework (http://www.trustedbsd.org/sebsd.html), was integrated into FreeBSD in 5.x (http://www.freebsd.org/doc/handbook/mac.html). Other projects from TrustedBSD such as OpenBSM continue to be integrated as they reach completion. http://www.trustedbsd.org/news.html has details on the current projects. -- Bruce Cran ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: SEBSD is dead?
On 17 December 2010 13:16, Michelle Konzack bsd4miche...@tamay-dogan.netwrote: Hello zY, Am 2010-12-17 19:44:29, hacktest Du folgendes herunter: guys, I have a question. SEBSD is dead? Please tell me its latestprogress. Thanks. SEBSD? Do you mean Security Enhanced BSD? Something like OpenBSD and NETSEC? LOL Thanks, Greetings and nice Day/Evening Michelle Konzack -- # Debian GNU/Linux Consultant ## Development of Intranet and Embedded Systems with Debian GNU/Linux itsyst...@tdnet France EURL itsyst...@tdnet UG (limited liability) Owner Michelle KonzackOwner Michelle Konzack Apt. 917 (homeoffice) 50, rue de Soultz Kinzigstraße 17 67100 Strasbourg/France 77694 Kehl/Germany Tel: +33-6-61925193 mobil Tel: +49-177-9351947 mobil Tel: +33-9-52705884 fix http://www.itsystems.tamay-dogan.net/ http://www.flexray4linux.org/ http://www.debian.tamay-dogan.net/ http://www.can4linux.org/ Jabber linux4miche...@jabber.ccc.de ICQ#328449886 Linux-User #280138 with the Linux Counter, http://counter.li.org/ I was under the impression most of the stuff from trusted bsd was merged into freebsd ages ago, as the trustedBSD project had accomplished its goals. http://www.trustedbsd.org/sebsd.html ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: SEBSD is dead?
On Fri, Dec 17, 2010 at 2:02 PM, Odhiambo Washington odhia...@gmail.com wrote: 2010/12/17 zY zhangyuan5...@gmail.com guys, I have a question. SEBSD is dead? Please tell me its latestprogress. Thanks. What is it? A FreeBSD port? Here we discuss FreeBSD, unless you are porting something from somewhere:) Security Enhanced BSD http://www.trustedbsd.org/sebsd.html Bye, a ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: SEBSD is dead?
On Fri, Dec 17, 2010 at 08:14:22AM -0500, Outback Dingo wrote: SeBSD is a FreeBSD project for security enhancement... ACLs and stuff... its part of FreeBSD Something like SeLinux those other guys use??? jerry On Fri, Dec 17, 2010 at 8:02 AM, Odhiambo Washington odhia...@gmail.comwrote: 2010/12/17 zY zhangyuan5...@gmail.com guys, I have a question. SEBSD is dead? Please tell me its latestprogress. Thanks. What is it? A FreeBSD port? Here we discuss FreeBSD, unless you are porting something from somewhere:) -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ Damn!! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: SEBSD is dead?
On 17/12/2010 15:27, Jerry McAllister wrote: On Fri, Dec 17, 2010 at 08:14:22AM -0500, Outback Dingo wrote: SeBSD is a FreeBSD project for security enhancement... ACLs and stuff... its part of FreeBSD Something like SeLinux those other guys use??? Good job that wasnt FBI sponsored, those NSA guys are far more trustworthy ;) jerry On Fri, Dec 17, 2010 at 8:02 AM, Odhiambo Washington odhia...@gmail.comwrote: 2010/12/17 zY zhangyuan5...@gmail.com guys, I have a question. SEBSD is dead? Please tell me its latestprogress. Thanks. What is it? A FreeBSD port? Here we discuss FreeBSD, unless you are porting something from somewhere:) -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ Damn!! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: SEBSD is dead?
On Fri, Dec 17, 2010 at 03:42:45PM +, Vincent Hoffman wrote: On 17/12/2010 15:27, Jerry McAllister wrote: On Fri, Dec 17, 2010 at 08:14:22AM -0500, Outback Dingo wrote: SeBSD is a FreeBSD project for security enhancement... ACLs and stuff... its part of FreeBSD Something like SeLinux those other guys use??? Good job that wasnt FBI sponsored, those NSA guys are far more trustworthy ;) ??? I missed something there. Anyway, SeLinux ain't 100% popular over there I noticed. Maybe it is just a matter of getting used to it. I got tired of reading the posts on it, so haven't figured out if they were substantive or just whiney. jerry jerry On Fri, Dec 17, 2010 at 8:02 AM, Odhiambo Washington odhia...@gmail.comwrote: 2010/12/17 zY zhangyuan5...@gmail.com guys, I have a question. SEBSD is dead? Please tell me its latestprogress. Thanks. What is it? A FreeBSD port? Here we discuss FreeBSD, unless you are porting something from somewhere:) -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ Damn!! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: SEBSD is dead?
On Fri, Dec 17, 2010 at 8:02 AM, Jerry McAllister jerr...@msu.edu wrote: Anyway, SeLinux ain't 100% popular over there I noticed. Maybe it is just a matter of getting used to it. I got tired of reading the posts on it, so haven't figured out if they were substantive or just whiney. The problem with SELinux is it becomes very difficult to configure properly if you don't have a normal, out-of-the-box configuration. For example, I never did figure out how to keep it from blocking an rsync backup. I disabled it after that, because a system I can't back up is pretty useless no matter how secure it is. :) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: SEBSD is dead?
On 12/18/10 08:20, David Brodbeck wrote: On Fri, Dec 17, 2010 at 8:02 AM, Jerry McAllisterjerr...@msu.edu wrote: Anyway, SeLinux ain't 100% popular over there I noticed. Maybe it is just a matter of getting used to it. I got tired of reading the posts on it, so haven't figured out if they were substantive or just whiney. The problem with SELinux is it becomes very difficult to configure properly if you don't have a normal, out-of-the-box configuration. For example, I never did figure out how to keep it from blocking an rsync backup. I disabled it after that, because a system I can't back up is pretty useless no matter how secure it is. :) I always thought it was a PITA, but I did figure out a couple of things (after hours fart-assing around). You have to take the error and make it into a module that allows the process to continue, but I don't blame anyone for just walking away- sometimes even then it still didn't work. Mind you, unlike most things, you can't just stow the info away for quick retrieval to adjust something on the fly- it still takes you that long again: 1) you have to follow a different method again for each instance and 2) its an impossible process to remember! :) Not to mention that it can cascade errors... its a hydra- fix one and another 2 errors crop up! As for whiney- I was one of those (supposedly), and you're just told to shut up and take it because security is more important, and you should take the time to learn something (that will take the same length of time to fix _every_ time). I agree on the security, but the usage and howto shouldn't be so obscure as to confuse even the most determined learner. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
