User access restriction tool - Linux Forums

Register|FAQ|Member List|Calendar|Unanswered Posts|Forum Rules|Today's Posts|Advanced Search |

Welcome to Linux Forums! With a comprehensive Linux Forum, information on various types of Linux software and many Linux Reviews articles, we have all the knowledge you need a click away, or accessible via our knowledgeable members.

Write an article for LinuxForums Today! Win Great Prizes!

New to Linux Forums? Register here for free!

		Linux Forums > GNU Linux Zone > Linux Security > User access restriction tool

Linux Security Discussion about keeping your machines secure, and the crackers out.

Site Navigation
Linux Articles
Linux Forums
Linux Downloads
Linux Hosting
Free Magazines
Job Board
IRC Chat
RSS Feeds

Linux Forum Topics
Linux Forums
Linux Forums Site News
Your Distro
Redhat / Fedora Linux Help Ubuntu Help SuSE Linux Help Mandriva Linux Help Slackware Linux Help Debian Linux Help Gentoo Linux Help Knoppix Help Forum Other Distributions
Linux Resources
Linux Tutorials, HOWTO's & Reference Material
GNU Linux Zone
Wireless Internet Linux Newbie Installation Misc Linux Applications Servers Linux Networking Peripherals / Hardware Linux Desktop / X-Windows Linux Programming & Scripting Gaming / Games / Multimedia / Entertainment Linux Security The Linux Kernel Linux On Laptops / Netbooks / Minibooks Wine Art & Imaging in Linux
The Community
The Coffee Lounge Comments / Feedback / Suggestions Everything BSD

Reply

07-12-2009	#1 (permalink)
navidpaya Just Joined! Join Date: Jul 2009 Posts: 2	User access restriction tool Kudos My company is dealing with very sensitive and secret information so we need to implement some security measures. My task is the OS and particularly the UNIX family. Now I need to make sure that the users have just enough access to do the stuff they need to. For instance, if a user needs to read some log files using cat or tail, that's all I want him to do. We use SuSE 10 as our distro of choice (it's not my call, so we have to assume it can not be changed RHEL or sth else). I tried to implement it using apparmor but I can't figured out how it works, especially the restricted shell is not as flexible as I hoped it would be. Does anyone have any experience doing this? We'd rather have a rbac (role-based access control solution to make the administration easier. So what do you suggest? Any help is appreciated.

07-14-2009	#2 (permalink)
Rubberman Linux Guru Join Date: Apr 2009 Location: I can be found either 40 miles west of Chicago, or in a galaxy far, far away. Posts: 2,662	Use a mainstream enterprise class linux system that supports the SELinux extensions for mandatory access controls and other such security measures. Red Hat Enterprise Linux (and the free version of that, CentOS) supports SELinux out-of-the-box. SELinux was developed by the US National Security Agency to provide tools for systems that have to work in top-secret and other secure facilities. If it's good enough for the NSA and CIA, it's probably good enough for the rest of us! __________________ Sometimes, real fast is almost as good as real time.

07-15-2009	#3 (permalink)
navidpaya Just Joined! Join Date: Jul 2009 Posts: 2	Thanks for your suggestion. As I said in my post, the company has solutions which run on SuSE 10 and it's not willing to change that any time soon so I have to go with AppArmor. But I've also taken a look at SELinux and sounds like it takes some realy effort to implement and much more to maintain. Acutually I was looking for sth much more straight-forward, especially when it comes to RBAC but sounds like there's no out of the box solution for such stuff. You have to wrestle with things such as restricted shells or sudo sometimes. So far, I've reckoned that ACL is the most promising of all, except for the fact that threre's no such thing as profile in it.

Reply

« Previous Thread | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Posting Rules
You may not post new threads You may not post replies You may not post attachments You may not edit your posts BB code is On Smilies are On [IMG] code is On HTML code is Off Trackbacks are Off Pingbacks are Off Refbacks are Off

Free Magazines

Run Your Own Web Server Using Linux & Apache - Free 191 Page Preview
Learn about everything you'll need to build and maintain your Linux servers, and to deploy Web applications to them.
subscribe

Open Source Security Myths Dispelled
Dispel the five major myths surrounding Open Source Security and gain the tools necessary to make a truly informed decision for your IT organization
subscribe

InformationWeek
InformationWeek is the only newsweekly you'll need to stay on top of the latest developments in information technology.
subscribe

All times are GMT. The time now is 09:26 AM.