This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
mac [2012/05/25 15:02] val |
mac [2012/05/25 16:59] val |
||
---|---|---|---|
Line 1: | Line 1: | ||
====== MAC ====== | ====== MAC ====== | ||
+ | ===== Вариант использования как AppArmor ===== | ||
- | ===== Вариант использование AppArmor ===== | + | ==== Выбор приложения ==== |
+ | |||
+ | [[Средства программирования shell#Web свервер на shell]] | ||
+ | |||
+ | [[Сервис INETD]] | ||
+ | |||
+ | ==== Тестирование ==== | ||
+ | |||
+ | <code> | ||
+ | # fetch -qo - http://172.16.1.6/index.html | ||
+ | |||
+ | # fetch -qo - http://172.16.1.6/../../etc/passwd | ||
+ | </code> | ||
==== Патчинг модулей biba и mls ==== | ==== Патчинг модулей biba и mls ==== | ||
Line 7: | Line 20: | ||
# rcsdiff /usr/src/sys/security/mac_mls/mac_mls.c | # rcsdiff /usr/src/sys/security/mac_mls/mac_mls.c | ||
</code><code> | </code><code> | ||
- | =================================================================== | ||
- | RCS file: /usr/src/sys/security/mac_mls/mac_mls.c,v | ||
- | retrieving revision 1.1 | ||
- | diff -r1.1 /usr/src/sys/security/mac_mls/mac_mls.c | ||
875c875 | 875c875 | ||
< mls_set_effective(dest, MAC_MLS_TYPE_LOW, 0, NULL); | < mls_set_effective(dest, MAC_MLS_TYPE_LOW, 0, NULL); | ||
Line 18: | Line 27: | ||
# rcsdiff /usr/src/sys/security/mac_biba/mac_biba.c | # rcsdiff /usr/src/sys/security/mac_biba/mac_biba.c | ||
</code><code> | </code><code> | ||
- | =================================================================== | ||
- | RCS file: /usr/src/sys/security/mac_biba/mac_biba.c,v | ||
- | retrieving revision 1.1 | ||
- | diff -r1.1 /usr/src/sys/security/mac_biba/mac_biba.c | ||
915c915 | 915c915 | ||
< biba_set_effective(dest, MAC_BIBA_TYPE_HIGH, 0, NULL); | < biba_set_effective(dest, MAC_BIBA_TYPE_HIGH, 0, NULL); | ||
Line 104: | Line 109: | ||
</code> | </code> | ||
+ | ==== Запуск приложения ==== | ||
+ | |||
+ | <code> | ||
+ | # cat /etc/inetd.conf | ||
+ | </code><code> | ||
+ | ... | ||
+ | http stream tcp nowait root /usr/sbin/setpmac setpmac biba/low,mls/low /usr/local/sbin/webd | ||
+ | </code> | ||
+ | |||
+ | ==== Тестирование ==== | ||
+ | |||
+ | <code> | ||
+ | # fetch -qo - http://172.16.1.6/index.html | ||
+ | |||
+ | # fetch -qo - http://172.16.1.6/../../etc/passwd | ||
+ | </code> |