On Tue, Sep 19, 2006 at 11:23:21AM +0200, Francois Visconte wrote:
> I think it's the best way too.
> One detail : your users are chrooted AND systraced or they have just
> filesystem access
> limitation thanks to systrace ?
>
users are `chrooted' because they're `systraced' ;) I just allow
specific fsreads/fswrites/chdirs:
native-fsread: filename match "$HOME*" then permit
native-fsread: filename inpath "$HOME" then permit
of course, i allowed execves from /bin, /usr/bin, and so on, but with
logging( you want only sftp, so probably only few programs have to be
execved/fsreaded).
It isn't trivial to write good policy, but you could change stsh`s code
to use systrace with `-A' and policy dir in $HOME, and then try to
generate base ruleset with test user. As i already said, systrace`s `-i'
opt would help a lot.
best ruleset i could find right now:
http://entropy.pl/misc/systrace/bin_ksh
... but you probably won't need all this syscalls.
- Lukasz Sztachanski
--
0x01A3E654 // 7832 E59C B733 9E6F CB54 6327 DFC1 161E 01A3 E654
*new keys*
http://entropy.pl
http://entropy.pl/?blog
