Re: lug-bg: resource testing + rsbac test machine
On Tuesday 07 December 2004 13:45, Nikola Antonov wrote: BTW,2.4.27 rsbac 1.2.3. , , . ,, PAM. RES ( RSBAC) . as (address space limit), , OOM Killer- sshd:)as , , . , ;) -- Nikola ANTONOV, Linux for Bulgarians (http://linux-bg.org) -- Public GnuPG key at http://wwwkeys.pgp.net http://ftp.logos-bg.net/pub/Linux-BG.org/GPG_Keys/ Fingerprint: AD64 2468 0AB4 B298 E7E3 92DA 15F5 7AC5 A05E 0F63 -- pgpJ5cYWkPFkI.pgp Description: PGP signature
Re: lug-bg: resource testing + rsbac test machine
On Wednesday 08 December 2004 13:48, Nikola Antonov wrote: ,, PAM. RES ( RSBAC) . cpu ,, PAM. , , ;) -- Nikola ANTONOV, Linux for Bulgarians (http://linux-bg.org) -- Public GnuPG key at http://wwwkeys.pgp.net http://ftp.logos-bg.net/pub/Linux-BG.org/GPG_Keys/ Fingerprint: AD64 2468 0AB4 B298 E7E3 92DA 15F5 7AC5 A05E 0F63 -- pgpfAazRsLFHc.pgp Description: PGP signature
Re: lug-bg: resource testing + rsbac test machine
Nikola Antonov wrote: On Wednesday 08 December 2004 13:48, Nikola Antonov wrote: ,, PAM. RES ( RSBAC) . cpu ,, PAM. , , ;) pure_LISPI/O , . . . ... -- Skelet -- http://skelet.hit.bg/ A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
Re: lug-bg: resource testing + rsbac test machine
On Monday 06 December 2004 16:46, George Danchev wrote: --cut-- fork-a. cpu-, , 90% . cpu hoging RES ( ;-) , cpu limit. (cpu limit per-process, , seconds, % cpu time 2.6 RSBAC kernel limit features. top load-a idle... - , respond-. -- pub 4096R/0E4BD0AB 2003-03-18 keyserver.bu.edu ; pgp.mit.edu fingerprint 1AE7 7C66 0A26 5BFF DF22 5D55 1C57 0C89 0E4B D0AB A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
Re: lug-bg: resource testing + rsbac test machine
On Tuesday 07 December 2004 12:06, George Danchev wrote: top load-a idle... - , respond-. ,load avg , . BTW, 2.4.27 rsbac 1.2.3. , , . -- Nikola ANTONOV, Linux for Bulgarians (http://linux-bg.org) -- Public GnuPG key at http://wwwkeys.pgp.net http://ftp.logos-bg.net/pub/Linux-BG.org/GPG_Keys/ Fingerprint: AD64 2468 0AB4 B298 E7E3 92DA 15F5 7AC5 A05E 0F63 -- pgp8UP7Mk1mgE.pgp Description: PGP signature
Re: lug-bg: resource testing + rsbac test machine
On Tuesday 07 December 2004 13:45, Nikola Antonov wrote: On Tuesday 07 December 2004 12:06, George Danchev wrote: top load-a idle... - , respond-. ,load avg , . BTW,2.4.27 rsbac 1.2.3. , , . ( ?) SELinux play/test machines (Fedora, Debian, Gentoo): http://www.coker.com.au/selinux/play.html -- pub 4096R/0E4BD0AB 2003-03-18 keyserver.bu.edu ; pgp.mit.edu fingerprint 1AE7 7C66 0A26 5BFF DF22 5D55 1C57 0C89 0E4B D0AB A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
Re: lug-bg: resource testing + rsbac test machine
On Monday 06 December 2004 15:30, Skeleta wrote: George Danchev wrote: On Tuesday 30 November 2004 15:05, Skeleta wrote: ... resource testing rsbac ( pam ). ;-) ( , testing ) ... ;-) , , , , 100% . VM ( ),- . UNIX , -. ;-) UNIX ? UNIX Single Unix Specification The OpenGroup POSIX.1 POSIX.2 IEEE portability enhancements. : IEEE Std 1003.1e is part of the POSIX series of standards. It defines security interfaces to open systems for access control lists, audit, separation of privilege (capabilities), mandatory access control, and information label mechanisms. This standard is stated in terms of its C binding. IEEE Std 1003.2c is an amendment to IEEE Std 1003.2-1992. It defines security utilities to open systems for access control lists, separation of privilege (capabilities), mandatory access control, and information label mechanisms. Fine-grained Mandatory Access Control SuSv1/2/3 POSIX* standards. UNIX Operating System - : # Mandatory security and access labelling of all objects, e.g. files, processes, devices etc. # Label integrity checking (e.g. maintenance of sensitivity labels when data is exported). # Auditing of labelled objects. # Mandatory access control for all operations. # Ability to specify security level printed on human-readable output (e.g. printers). # Ability to specify security level on any machine-readable output. # Enhanced auditing. # Enhanced protection of Operating System. # Improved documentation. http://www.radium.ncsc.mil/tpep/epl/entries/CSC-EPL-93-008-A.html http://www.radium.ncsc.mil/tpep/epl/entries/CSC-EPL-95-001.html ;-) UNIX- ( ) (root/user) , , . Decretionary times ;-) Roles (Role Based Access Control), Types, Domains, . (apt-get install selinux-doc, policy.pdf, module.pdf ( kernel internals ;-) Unix ;-) userspace - daemons, new utils. ... ;-) - , , .. ... Policy on-the-fly. on-the-fly , , , - , +. , - policy , - - N 1/N- ( ) . ,. rsbac ;-) , - resource temporary unavailable ;-), , ,. fork-a. cpu-, , 90% . . ;-) ... , ;-) ... -. , / . ;-) , ,, , - . ( ) : listen sockets ; syslog ; TCP- , fork. , , . , ! ,, - - , Internet- - web-, SQL ., , - . shell - . Unices. - build ;-) RSBAC. , . RSBAC ( , RSBAC, ). build host, , ( ). , . , , , . . system resource exhausting . , , , , RSBAC . rsbac_menu ( ). , . . Celeron 366, 128 MB RAM + 512 swap, . : hostname: logos-bg.net user/pass: testN/testN [N=1..5] ( 25 ) ssh port: 8022 test* , , , . ssh keys, - . SELinux stay tuned ;-) -- pub 4096R/0E4BD0AB 2003-03-18 keyserver.bu.edu ; pgp.mit.edu fingerprint 1AE7 7C66 0A26 5BFF DF22 5D55 1C57 0C89 0E4B D0AB A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html