Date: Tue, 26 Feb 2019 16:59:16 +0100 From: =?UTF-8?B?QWxiaW4gTGlkw6lu?= <albin.liden@gmail.com> To: freebsd-questions@freebsd.org Subject: ILLUSION part 2 Message-ID: <CAB4busuSAGAXGm0gSP0KLHmEaE3-%2BCJtwA0EcTWn3DpEe7h_Yw@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Howdi
Please do forward this to the right team
Here are some more ideas about ILLUSION.
A little more specifics for The Matrix security suite
Please check the first document/email before reading this (part 2)
Some abstracts may be in collision course with first document
Simply see this as a further explanation or clarification not the ultimate
truth. This is still, more or less, a concept/idea.
This means everything about this can be exchanged for something else
especially if another functionality is better/wizer.
Also, keep in mind that this is a concept NOT a technical implementaiton
(programlanguage code) of any sort.
Those details are left for the developers. And the interface of The Matrix
are something for the GUI-designers of apache/localhostaccess for
customizing The Matrix
----------->>The Matrix<<---------------
These are variables to an illusion system
Accesslevels:
Smith
Root of Illusion, full control to everything, but cannot uninstall the
matrix
Agent with different degree, allowed full control of Illusion
Examples of security principles being applied with illcontrol utility
* Install sub illusion
* Install backdoor
* Install jail with warden
* Install programs systemwide
* Install SELinux
* Install PAM
* Install ACL
* Put illusion into reset-mode
Reset-mode will make a users=C2=B4s file and setting reset
Admin may execute a instant reset or it can be scheduled
Meaning everything is really read-only,
But there seems to be write-access,
That, is only an illusion however
* Run symlinks from custom list
* Install firewall
* Install into Home/ using public libraries
* Security setting of ONLY allowing appimages to be executed
* Grant mounting options to various users and drives
* Grant access to give other access to various
* Give access to harddware
* Give access/denial to change password for self/others
* Give access/denial to root-bins located in /usr/sbin
* Give custom chmod access to any other folder
* Give shell access
* Give command from psuedo-console (not shell):
only execution of appimages or certain installed programs
* Give read/write access to HOME
* Give access to compile within home
* Give access or denial to share a folder in /TMP with others
* White/Black-list programs from running and modify files
Agent adjusts the ILLUSION with the commandline program illcontrol
USERS/Groups of users:
* Neo
May access custom control of illusion
Accessable with HTTP to localhost
Need webdesign and programming
* Someone
Can see ILLUSION is running
May have info about what's possible or not during this state
Access depending on configuration
User is in a jail and so on, but is not a hoax system
* User/Group: Nobody
Put in a mode where ILLUSION is active
Everything there is to a system will be shown in any manner adm likes
A "spooky" environment, but user has no clue
Admins can see users activities, log his actions
Admins can put in fake binaries like showing another uname -a, uptime etc
Implemented possibility of giving user Nobody a root account
A Nobody may be granted a fake-root password with sudo
But will not be able to escape a actual jail or understand it is a jail at
all, seeing other files, other users and so on but everything is a illusion=
.
This jail will actually be in total domination of the admins/crew of the
ILLUSION
System may be altered in any spooky way adm likes
But should always look alike a real system itself
This fake mechanism will be based upon ILLUSIONs settings and configuration
Having a function for the admins to on-the-fly hoax with the user
Applying extra customizations for the Nobody user restrictions from the
list above with all the examples of security locks.
[MORE SECURITY SPECIFICS MAY BE INCLUDED, THESE ARE ONLY A PROPOSITION, NOT
DEFINITE].
[PLEASE SEEK AN EXPERT IN UNIX/LINUX SECURITY FOR MORE POSSIBLE SECURITY
IMPLEMENTATION FOR The Matrix]
Thanks for listening, bye!
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAB4busuSAGAXGm0gSP0KLHmEaE3-%2BCJtwA0EcTWn3DpEe7h_Yw>