[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] Linux Security Modules

To: Thomas Jones <thomas.jones@xxxxxxxxxxxxxxxx>
Subject: Re: [suse-security] Linux Security Modules
From: Thomas Bleher <thomas.bleher@xxxxxxxxxx>
Date: Wed, 2 Jul 2003 23:23:05 +0200
Cc: suse-security@xxxxxxxx, carstengrohmann@xxxxxx
Delivered-to: mailing list suse-security@xxxxxxxx
Delivery-date: Wed, 02 Jul 2003 23:52:00 +0200
Envelope-to: suse@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
In-reply-to: <200306291043.31304.thomas.jones@xxxxxxxxxxxxxxxx>
List-help: <mailto:suse-security-help@suse.com>
List-post: <mailto:suse-security@suse.com>
List-subscribe: <mailto:suse-security-subscribe@suse.com>
List-unsubscribe: <mailto:suse-security-unsubscribe-suse=archive.cert.uni-stuttgart.de@suse.com>
Mailing-list: contact suse-security-help@xxxxxxxx; run by ezmlm
References: <200306291043.31304.thomas.jones@xxxxxxxxxxxxxxxx>
Resent-date: Wed, 2 Jul 2003 23:50:54 +0200
Resent-from: Thomas Bleher <bleher@xxxxxxxxxxxxxxxxxxxxxxxxxx>
Resent-message-id: <20030702215054.D859AA75BD@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Resent-to: suse-security@xxxxxxxx
User-agent: Mutt/1.4i

Hello Thomas,

* Thomas Jones <thomas.jones@xxxxxxxxxxxxxxxx> [2003-06-29 17:35]:
> Has anyone implemented LSM into a SuSE box as of yet? I tried a quick text
> search through the last 6 months or so of the list archive, but found no
> instance of this topic.
> 
> I am particularly interested in utilizing the SELinux module. Possibly LIDS as
> well.

Yes, Carsten Grohmann has been maintaining SELinux-rpms for SuSE for a
while now. They can be found at his site 

    http://www.securityenhancedlinux.de/

These are definitely worth a look because SELinux needs some patching of
core-utilities, which is some work if you do it yourself as the
SuSE-packages may differ significantly from the vanilla-packets (added
functionality, patched etc)

I haven't found the time to test Carsten's packets yet, so I can't say
much more.  I have cc'ed Carsten, maybe he wants to comment further on
his work and the status of SELinux on SuSE.

Regarding LIDS: I do not know of any SuSE-specific work at the moment,
but LIDS does not need that much patching, so the distribution-specific
amount of work should not be that big. I have not yet tested LIDS (I am
leaning more towards SELinux) so you should take this with a grain of
salt.

HTH,
Thomas

> Thanks.
> 
> - -- 
> Thomas Jones
> Linux-Howtos Network Administrator
> OpenGPG Key: 0x6A3DF6E9
-- 
This text is printed on 100% recycled electrons.

-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here

Prev by Date: Re: [suse-security] Chattr
Next by Date: Re: [suse-security] YOU on 7.3 Pro kills my server (how do I get updates, if the updatetool needs as much cpu as M$ products?)
Previous by thread: Re: [suse-security] YOU on 7.3 Pro kills my server (how do I getupdates, if the updatetool needs as much cpu as M$ products?)
Next by thread: [suse-security] New SuSEfirewall2 feature, what do u think?
Index(es):
- Date
- Thread