-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dear Tomoyo Users,
I'd like to take the chance on this mailing list to announce the availability of my software's first stable version: tomld v0.40. After 7 months of developing I finally achieved my initial goal: create a free and open source fully automatic Mandatory Access Control (MAC) configuration solution that doesn't need any user interaction, building on the great Tomoyo implementation. It carries its pros and cons against the manual configuration. We can look at it as an extension to the user space part of Tomoyo. It reshapes the rules gathered by Tomoyo. The documentation and the quality of code still needs many improvements, but I'm expecting it happening in the next releases. I still don't have a wider user base, so this version is as stable as I myself could make it. I'm already using and testing it in some of my smaller production environments. This was the first time when after installing tomld on one of my server and waiting till all domains got switched to enforcing mode, and without any manual interference, no deny access happened since then. I also double checked every rule line by line in the final approximately 2500 lines of policy and found them sufficient. I'm still waiting on metors.debian.net for a developer to take it as a mentor and get it into Debian as a package. Currently supported installation platforms are Debian 6 and up, Ubuntu 10.10 and up and openSUSE 12.1 (dev). I have .deb packages for Debian in tomld.tgz on the download part, and also set up a PPA for Ubuntu users: https://launchpad.net/~log69/+archive/tomld Requirements: Linux kernel v2.6.30 and above, and tomoyo-tools v2.2 or above. Features: - - 1 click solution, no need to use the command line - - analysis of the current rules without storing much extra information externally in a database or any other way - - full automation including deciding which files get wildcarded and which domains can be switched to enforcing mode and when - - remembers creation time, last change time and the amount of cpu usage of the domain even after a reboot - - saves policy on reboot or on application closure - - creates backup automatically on particular operations - - restore function to restore datas from last backup - - helps to avoid denial of service caused by too many rules if one running cycle takes too long by printing a warning message with the name of the directory containing the most files (this directory can be put then to recursive tag by user) - - secure design by not listening on any socket or to any external input - - coded in clean C without any external dependencies apart from Tomoyo - - relatively small memory footprint on a modern desktop or server - - saves hard disk I/O whenever possible - - switch to power saving mode after all domains in enforcing mode by sleeping 10 times more in every cycle Website: http://log69.com/tomld_en.html Changelog: http://log69.com/downloads/changelog_tomld.txt FAQ: http://log69.com/help_en.html You can see installation video here: http://www.youtube.com/watch?v=FC9-7AkiLSM http://log69.com/extras/tomld039_ubuntu1104_install.ogv Any feedback or opinions on the topic are greatly appreciated. Best Regards, Andras Horvath -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAk5aWNoACgkQAx9+mHylNBhAJACgof0EC2mmE04Ev4WHAKsQOEVE TTMAoMiuz9drSceqcp5q5zjj9qCy41xO =0Baq -----END PGP SIGNATURE----- _______________________________________________ tomoyo-users-en mailing list [email protected] http://lists.sourceforge.jp/mailman/listinfo/tomoyo-users-en
