Script to check security?
Bob Gustafson
bobgus at rcn.com
Thu May 27 16:59:24 UTC 2004
With all of the possible variations in security settings - strict,
permissive, local, lots of users, only daemons, etc.
Is there a script around somewhere - something like 'configure' which is
used at the beginning of a component build - which will query various
pieces of a system, do a 'setenforce 1' and then try various programs and
grep the output to give some binary answer, then do 'setenforce 0' and try
the same program, etc.
This script would help to give struggling sysadmins some degree of
confidence that what is being done to their 'policy.local' or whatever, is
benign.
Of course the script could be corrupted or buggy - one more thing to add to
when adding or changing the SELinux system, but there would be advantages:
Just as the 'no child left behind' program uses testing to measure the
effectiveness of public expenditures on schools ( :-) ), a security testing
script could help to test the effectiveness of the SELinux system as it
evolves.
A testing script would also help to rein in the tendency to add wrinkles
and grow the complexity of the system - each wrinkle would have a test
module to check it.
BobG
More information about the fedora-selinux-list
mailing list