This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
модули_mac [2018/02/06 09:01] val [Модули MAC] |
модули_mac [2018/02/08 14:44] (current) val [Вариант использования пользователями] |
||
---|---|---|---|
Line 6: | Line 6: | ||
* [[https://en.wikipedia.org/wiki/Biba_Model|Biba Model]] | * [[https://en.wikipedia.org/wiki/Biba_Model|Biba Model]] | ||
* [[https://en.wikipedia.org/wiki/Multilevel_security|Multilevel security]] | * [[https://en.wikipedia.org/wiki/Multilevel_security|Multilevel security]] | ||
+ | |||
+ | ===== Вариант использования пользователями ===== | ||
+ | |||
+ | * Попробовать добавить [[https://www.freebsd.org/doc/ru_RU.KOI8-R/books/faq/security.html#idp71191528|уровень защиты (securelevel)]] для запрета изменения меток пользователям root | ||
+ | |||
+ | <code> | ||
+ | # cat /etc/login.conf | ||
+ | ... | ||
+ | russian|Russian Users Accounts:\ | ||
+ | :charset=UTF-8:\ | ||
+ | :lang=ru_RU.UTF-8:\ | ||
+ | :tc=default:\ | ||
+ | :label=mls/5,biba/5: | ||
+ | ... | ||
+ | |||
+ | # cap_mkdb /etc/login.conf | ||
+ | |||
+ | # pw usermod user1 -L russian | ||
+ | |||
+ | # mkdir ~user1/doc | ||
+ | |||
+ | # chown user1:user1 ~user1/doc | ||
+ | |||
+ | # setfmac 'biba/5,mls/5' ~user1/doc | ||
+ | |||
+ | # ls ~user1/doc | ||
+ | |||
+ | # setfmac 'biba/high,mls/low' ~user1/doc | ||
+ | |||
+ | # setpmac 'biba/5,mls/5' setfmac 'biba/high,mls/low' ~user1/doc | ||
+ | </code> | ||
===== Вариант использования как AppArmor ===== | ===== Вариант использования как AppArmor ===== |