Date: Tue, 17 Jun 2008 11:34:43 +0200 From: Mister Olli <mister.olli@googlemail.com> To: Jeffrey Goldberg <jeffrey@goldmark.org> Cc: Bill Moran <wmoran@potentialtech.com>, FreeBSD List <freebsd-questions@freebsd.org> Subject: Re: Enforce minimal file/ dir permissions Message-ID: <1213695283.760.8.camel@phoenix.blechhirn.net> In-Reply-To: <AFE68B39-2732-4338-B561-F24CB19A23B6@goldmark.org> References: <1213611664.6398.275.camel@phoenix.blechhirn.net> <20080616082125.7dd23b70.wmoran@potentialtech.com> <AFE68B39-2732-4338-B561-F24CB19A23B6@goldmark.org>
next in thread | previous in thread | raw e-mail | index | archive | help
hi.... Am Montag, den 16.06.2008, 08:51 -0500 schrieb Jeffrey Goldberg: > On Jun 16, 2008, at 7:21 AM, Bill Moran wrote: > > > Look at MAC and the bsdextended module (filesystem firewall): > > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/mac.html > > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/mac-bsdextended.html > > I've recently been looking at those myself, and while I think that I > have developed some limited understanding "in principle" about how MAC > works, I need a great deal more practical guidance. Is there some > extended tutorial with cookbook or other resource that will actually > help someone who doesn't fully grok this work out a policy and rules > that will do more good than harm? Yeah, I'm currently in the same need of some documentation. Do you have any hints on that? I would be happy to extend some, if it exists. or even upload some of my own documentation/ knowledge to the web ;-)) oh, and does anybody of you know how to express a file mode of 660 (unix) with the 'ugidfw' utility within a rule? greetz, olli
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1213695283.760.8.camel>