hi,
i've been working on setting up RBAC integration for alpine 2.2, which
we can then enable by default in e.g. setup-alpine.
the plan is to have as /etc/grsec/policy:
include_dir /etc/grsec/policy.d
which allows packages to ship grsec policy files
in /etc/grsec/policy.d, e.g. /etc/grsec/policy.d/openssh
and /etc/grsec/policy.d/busybox containing RBAC policy considerations
for those packages.
this will make alpine even more locked down as UID=0 becomes basically
meaningless if the RBAC system is enabled. in combination with our
other security measures, this should be an entirely overkill solution
for everybody's needs.
in setup-alpine we will do the following:
- prompt if the user wants to enable role-based access control
- if the user says yes, we will create a default admin role and prompt
for a password and enable the grsec-rbac initscript at boottime.
- if the user says no, then we do nothing...
considerations:
- should we only allow RBAC on server and embedded targets for 2.2?
(e.g. not on desktop installs; this means setup-desktop disables the
grsec-rbac initscript for 2.2)
i'm presently working on the initscript and gradm integration, then
i'll put gradm in main. once i have gradm in main, i'll commit package
updates adding policy bits to the core packages (openssh, udev,
busybox, so on.)
- nenolod
---
Unsubscribe: alpine-devel+unsubscribe@lists.alpinelinux.org
Help: alpine-devel+help@lists.alpinelinux.org
---
On Wed, 2 Feb 2011 20:59:41 -0600
William Pitcock <nenolod@dereferenced.org> wrote:
> hi,
>
> i've been working on setting up RBAC integration for alpine 2.2, which
> we can then enable by default in e.g. setup-alpine.
nice!
> the plan is to have as /etc/grsec/policy:
>
> include_dir /etc/grsec/policy.d
>
> which allows packages to ship grsec policy files
> in /etc/grsec/policy.d, e.g. /etc/grsec/policy.d/openssh
> and /etc/grsec/policy.d/busybox containing RBAC policy considerations
> for those packages.
>
> this will make alpine even more locked down as UID=0 becomes basically
> meaningless if the RBAC system is enabled. in combination with our
> other security measures, this should be an entirely overkill solution
> for everybody's needs.
cool!
I'm mostly afraid of the maintenance burden for the RBAC rules, but I
like the idea of an extra layer of protection.
> in setup-alpine we will do the following:
>
> - prompt if the user wants to enable role-based access control
> - if the user says yes, we will create a default admin role and prompt
> for a password and enable the grsec-rbac initscript at boottime.
> - if the user says no, then we do nothing...
>
> considerations:
>
> - should we only allow RBAC on server and embedded targets for 2.2?
> (e.g. not on desktop installs; this means setup-desktop disables the
> grsec-rbac initscript for 2.2)
I think RBAC should be disabled by default for desktop but it should be
possible to enable it. I suppose dbus services might cause some
headache.
> i'm presently working on the initscript and gradm integration, then
> i'll put gradm in main. once i have gradm in main, i'll commit
> package updates adding policy bits to the core packages (openssh,
> udev, busybox, so on.)
thanks for working on this.
-nc
---
Unsubscribe: alpine-devel+unsubscribe@lists.alpinelinux.org
Help: alpine-devel+help@lists.alpinelinux.org
---