On Thu, Jan 7, 2016 at 10:11 PM, Mark Steele <[email protected]> wrote: > Hi all, > > I would like to know what a good approach might be to prevent packet > sniffing on a local node from being able to see the network traffic related > to an application. > > Would iptables (secmark/connsecmark) do the trick to prevent tools like > tcpdump from being able to see these packets? Are there alternative > approaches that would be better for handling this?
You should be able to block access to raw/packet sockets for a given domain which would effectively prevent you from running tcpdump, or similar tools. However, applying that system wide would be difficult. -- paul moore www.paul-moore.com _______________________________________________ Selinux mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
