Joachim Schipper wrote:
On Thu, Oct 11, 2007 at 08:54:42PM +0200, Xavier Mertens wrote:
Hi *,
I'm busy with a systrace/stsh implementation but there is a lack of standard
policies (IMHO). Any idea where I can find some ready-to-use policies?
I must be missing some important ones, when the user logs in, he got immediately
the following error:
systrace: getcwd: Permission denied
You should probably do a Google search on systrace before continuing
further down this road. In particular, I believe the issue highlighted
by Robert Watson has not been fixed yet (although I could be wrong, and
would be happy to be wrong in this case).
Otherwise, I seem to recall a repository of configurations called 'hairy
eyeball'. And the interactive policy generators (xsystrace for instance)
can be pretty useful, too.
Joachim
I hope i'm not out of line changing the thread but this seemed like a
good place to ask this question.
I'm fairly new to OpenBSD and have set up a few machines, nothing
production, trying out configurations, rebuilding, patching etc. before
i felt comfortable putting one in production. One thing I did read up
on, where i could find it, was hardening beyond the default install.
Two of the tools that most of the hardening articles i found,
Securelevels and systrace, (the third one seems to be common sense),
have now seemingly been rendered useless. I followed the huge thread on
"why can't openbsd's securelevels be saved" and now this thread has
alerted me to the fact that systrace is able to be circumvented. I also
noticed that Joachim commented on both so I figured this for a good
place for this topic.
I'm wondering if there are other tools/ways besides these that I
just haven't heard of to do similar things(hardening of the system) or
if there is in effect no way to do the things that, these two tools,
specifically systrace has historically handled(is there really a need in
the first place?). I say specifically systrace because from the
discussions i've been reading, the whole securelevel methodology, to the
people that do the work on OpenBSD, is flawed. I'm not here to dispute
or even to discuss that point, as currently I can't program (nor afford
to hire people that can) so my likes and dislikes are moot.
Like i say, i'm still relatively new to OpenBSD so I'm just looking
for insight, I haven't used systrace in the past, and until about a week
ago was working with securelevels but then found the aforementioned
article. I had abandoned the securelevel method in light of the
'issue'(s)/false sense of security with securelevels and from the
discussion had decided to pick up with systrace, until i saw this thread
yesterday.
Is it more common than not, to not worry as much about "hardening"
the OS, via these methods, but rather just to make 'hopefully' wise
decisions, install the least amount of software as you need, physical
separations(i.e. logging to remote server instead of sappnd'ing your
logs)(but what happens when after getting root on the system producing
logs, the attacker proceeds to work towards your logging server?) and
stay current w/at least the stable branch?
I guess with all the hoopla about 'hardening'/trusted this and
that/fuzzy knobs(i.e. SE Linux) i got a little overzealous looking for
ways to tweak things (which i know can end up either making things less
secure (especially with false sense of security) or just plain breaking
them), but if there is/are acceptable, ways, I'd at least like to be
aware of them and the scope of their use from the people that know
OpenBSD best.
Thanks,
Aaron