Enforce minimal file/ dir permissions
Bill Moran
wmoran at potentialtech.com
Mon Jun 16 17:40:55 UTC 2008
In response to Jeffrey Goldberg <jeffrey at goldmark.org>:
> On Jun 16, 2008, at 7:21 AM, Bill Moran wrote:
>
> > Look at MAC and the bsdextended module (filesystem firewall):
> > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/mac.html
> > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/mac-bsdextended.html
>
> I've recently been looking at those myself, and while I think that I
> have developed some limited understanding "in principle" about how MAC
> works, I need a great deal more practical guidance. Is there some
> extended tutorial with cookbook or other resource that will actually
> help someone who doesn't fully grok this work out a policy and rules
> that will do more good than harm?
In my experience, there is a tremendous dearth of information on this
topic, and it's not much better on the Linux side where MAC is call
"SE Linux".
At this time, I think you're going to have to rely on your own
experimenting to fully understand how everything works. Hopefully
that will improve with time.
--
Bill Moran
http://www.potentialtech.com
More information about the freebsd-questions
mailing list