le dim 24-02-2002 à 16:04, Bryan Paxton a écrit : > I've been looking at all the threads regarding draksec, and msec, and > so forth... All these questions are old, and the answers were answered > before...
indeed. msec need more documentation, a GUI or at least a config tool ( like InteractiveBastille ). > A bit dusty, yet still doormant, in cooker cvs is a project that was > designed to replace msec. BUS, which stands for Bastille Unix Security > was an idea put in action via Yoann Vandoorselaere, Jay Beale (Bastille > Linux), and myself. > The backend is simply beautiful IMHO. Let me shortly explain (as best I > can). > The core of BUS is written in C, sweet > perl modules can be used for routines, sweet no need to install python. 1 package less > and the configuration is done in xml. future. just a joke : use openoffice format so that you can edit it in openoffice with color ... it's a joke. everything tend to be in xml nowadays ... > This makes up the backend. There are two main configuration files, > actions.xml and secdb.xml. > A look at secdb/pam.xml: > /* SNIP */ > <variable name="pam_filesize"> > <question>Would you like to set a maximum file size a user is allowed > via PAM ? > > If so what shall be the maximum file size(default it 40000 == > 40MB)?</question> > > <answer default="1" level="4,5">40000</answer> > <answer type="number">Maxium File Size</answer> > <answer level="0,1,2,3">no</answer> > </variable> > / * SNIP * / this remind me some of the config file of Bastille > > (See the README for more info) > > Here's a screenshot of what a custom session looks like. > This is a gtk+ frontend (pre-alpha beautifully written by Renaud > Chaillat). fine so can be easily integrate with mdk tools > (ncurses frontend, as well as the basic CLI frontend (done) were in > place) nice for servers config ( no need of a GUI ) > Now of course, BUS, was being worked on not only to replace msec, but > Bastille Linux as well, and not only for Linux, but Solaris, HP-UX, and > so on... concerning the replacement of Bastille what are its features concerning firewalling ? > BUS has rollbacks really good > One particular thing that I always pointed out about BUS was that you > didn't have to hack to your system, it learned your system on it's own > (this is due to a lot of great code by Yoann, e.g., xml function check). great! there's not enough config tools that use the variables of your system -- http://linux-wizard.tuxfamily.org/index.html - William Miller: When and where does this "real world" occur?! -- "Almost Famous"