Amon Ott | 1 May 11:01 2004

RSBAC 1.2.3-pre5 with fixed Dazuko released

Hello everyone,

this is just a short note that there is now an official RSBAC pre-release 
containing full Dazuko support:
- fully compatible with Dazuko 2.0.2-pre2, because it uses the same code 
base
- fixed (non-module) code
- fast kernel level caching of "clean" results
- supports kernels 2.4.25/26 and 2.6.5
- limits, which programs may attach to the Dazuko interface (daz_scanner 
file attribute, may only be set by DAZ Security Officers)
- full fine grained access control through the other RSBAC decision modules

All RSBAC code is available at http://www.rsbac.org

It is planned to have a "stripped" RSBAC version in the future, which only 
supports cached Dazuko with a little bit of access control.

Amon.
--

-- 
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
John Ogness | 4 May 22:39 2004
Picon

2.0.2 Released

Hi,

I have released 2.0.2 of Dazuko today. This addresses the many problems
that were introduced in 2.0.2-pre1 (mainly compiler warnings and
errors). There was also a significant bugfix in the way Dazuko handles
filenames with non-standard characters. It's amazing how a bug like that
can go so many months without anyone noticing.

This version also includes official support for RSBAC. The RSBAC project
has now officially incorporated Dazuko into their patch-set to allow
anti-virus on-access scanning. I have been working together with Amon
Ott to make sure that the code in the Dazuko package exactly matches the
code in the RSBAC project. It is our goal that no code-splitting occurs.
Thanks to Dazuko's abstraction layer, this is proving to be very easy.

As I mentioned before, Dazuko is spreading out, but I am still just one
guy. Many of the compiler errors and warnings that occurred during the
development of 2.0.2 could have been avoided if we had people who could
try out new versions before I post them (official testers). If anyone
would like to be responsible for a specific platform, please send me
email. It is really easy. If I have your email, I will send you a new
version before I post it. You just have to try it out and see if it
compiles without any problems and that it runs ok. That's it. I would
love to have testers for the following:

Linux 2.2
Linux 2.4
Linux 2.4-rsbac
Linux 2.6
Linux 2.6-rsbac
(Continue reading)

fred wu | 6 May 10:59 2004
Picon

Check Virus when download?

Hi ALL,

  I have encountered a big problem in dazuko. I have
execute the example.c to monitor /usr/local/src. It
work well when I copy file to the directory. However,
dazuko doesn't check the file that I download from the
internet. No PID and filename is shown. Do I need to
set extra things? 

  Does it work if I download file from samba or NFS?

  One more thing, I have copy, delete and execute file
in the directory. The status is just OPEN or CLOSE.How
can I set the status like 'CLOSE(MODIFIED)',
'EXEC','UNLINK' and 'RMDIR'? 

  Thanks a lot!

Best,
Fred

_________________________________________________________
必殺技、飲歌、小星星...
浪漫鈴聲  情心連繫
http://us.rd.yahoo.com/evt=22281/*http://ringtone.yahoo.com.hk/
John Ogness | 6 May 19:13 2004
Picon

Re: Check Virus when download?

fred wu wrote:
>   I have encountered a big problem in dazuko. I have
> execute the example.c to monitor /usr/local/src. It
> work well when I copy file to the directory. However,
> dazuko doesn't check the file that I download from the
> internet. No PID and filename is shown. Do I need to
> set extra things? 

This is usually because there was no file access in that directory.
Browsers usually download files into a temporary directory and then use
the rename() system call to move the file into the final destination.
This means that no "file access" actually took place in that
directory... only in the temporary directory.

>   Does it work if I download file from samba or NFS?

Yes, this should work just fine.

>   One more thing, I have copy, delete and execute file
> in the directory. The status is just OPEN or CLOSE.How
> can I set the status like 'CLOSE(MODIFIED)',
> 'EXEC','UNLINK' and 'RMDIR'? 

Check out the options for the 'configure' script:

./configure --help

Not all the events are enabled by default. After running the configure
script, it lists which events were enabled.

(Continue reading)


Gmane