Final year project ideas

Russell Coker russell at coker.com.au
Mon Sep 28 01:23:20 UTC 2009


On Mon, 28 Sep 2009, Zbynek Houska <zbynek.houska at gmail.com> wrote:
> write a few (new) policies for software of my choice.  I intend to use
> honeypots running Fedora 11 as my base system. However, I'm not sure if
> college class B network will produce conclusive results.
>
> Thus, I would appreciate support, guidance and comments from (seasoned)
> SELinux gurus, developers and practitioners on this list in order to point
> me in the right direction when it comes to sourcing literature, white
> papers, research work other people might already have conducted and
> overcoming pitfalls related to such testing environments.

Firstly firewall all traffic from the system in question - other than that 
which is required for it to be vulnerable to the attacks you desire.  If you 
allow ICMP echo access then someone will try and ping-flood other systems.  
If you allow outbound TCP connections then your system may be used to 
compromise others.

Probably the best way to run honeypots is to use Xen or KVM to run virtual 
machines.  This means that you have lots of good options for monitoring the 
machines while they are attacked.  But don't assume that Xvn or KVM is 
flawless - IE don't have any sensitive data on the same physical machine.

The purpose of a honeypot is to attract attack, running the latest versions of 
software is going to make it more difficult for attackers and partially 
defeats this goal.  Maybe running Fedora 10 (or earlier) with no updates 
would be a better option.  Of course you will probably want to back-port the 
latest SE Linux policy before you do this (which shouldn't be difficult).

It's been a while since anyone ran a SE Linux Play Machine on Fedora, I would 
be happy to offer detailed advice and some testing if you want to run one.

-- 
russell at coker.com.au
http://etbe.coker.com.au/          My Main Blog
http://doc.coker.com.au/           My Documents Blog




More information about the fedora-selinux-list mailing list