Dear Tomoyo Users, 1. Wishing ALL Tomoyo Users who celebrate the Lunar New Year - a Happy belated Lunar New year 2012! I am a postgraduate student working towards the development of a Linux Rootkit Secure Kernel and I am attached to a research university in Malaysia. 2. Million thanks to Tetsuo Handa for the info how enabling IMA with Tomoyo- I managed to have both enabled as part of my Ubuntu 10.04 kernel. 3. I have some queries - pertaining to the File-system security features of Tomoyo Linux. 4. I am planning to use IMA to create a clean database of SHA1s from " cat /sys/kernel/security/ima/ascii_runtime_measurements". The clean database of SHA1s will be compared to runtime database of SHA1s also from " cat /sys/kernel/security/ima/ascii_runtime_measurements". If any SHA1s changed, alert will be raised and any read or write access to critical kernel files will be denied. I plan to use Tomoyo 1.8.3 to perform the denial of read or write access to critical kernel files 5. This is where my questions come in: 6. Can Tomoyo 1.8.3 be used to disallow read& write access to kernel files and any files in the "/ " filesystem? 7.I had read all the pages in the "TOMOYO Linux 1.8.x : The Official Guide" documentation as per : "http://tomoyo.sourceforge.jp/1.8/index.html.en" but so far my conclusion is that Tomoyo only permits disallow read & write access of files grouped under a certain domain where a process runs. 8. Referring to "http://tomoyo.sourceforge.jp/1.8/chapter-5.html.en", sections 5.1 and 5.4; what I mean is that, Tomoyo secures binaries and process and any config files in relation to that binary or process. For example, all files in the "/usr/sbin/httpd" domain are secured and policy changes such as allow read/write can be applied to the files in the "/usr/sbin/httpd" domain. 9. Now, in reference to my plans in no.4 above, would it be possible if I have a domain that consists of ALL kernel files, and when SHA1s of files differs, have a TOMOYO policy disallow read/write access to ALL kernel files in the my domain? 10.What I mean is that can Tomoyo work based on a domain of files instead of domain of applications or binaries or services as per "http://tomoyo.sourceforge.jp/1.8/chapter-5.html.en"? Sorry for the long mail and thanks in advance for any help given. rgdsjyteh --- On Sat, 1/7/12, tomoy****@lists***** <tomoy****@lists*****> wrote: From: tomoy****@lists***** <tomoy****@lists*****> Subject: tomoyo-users-en Digest, Vol 42, Issue 3 To: tomoy****@lists***** Date: Saturday, January 7, 2012, 11:00 AM Send tomoyo-users-en mailing list submissions to tomoy****@lists***** To subscribe or unsubscribe via the World Wide Web, visit http://lists.sourceforge.jp/mailman/listinfo/tomoyo-users-en or, via email, send a message with subject or body 'help' to tomoy****@lists***** You can reach the person managing the list at tomoy****@lists***** When replying, please edit your Subject line so it is more specific than "Re: Contents of tomoyo-users-en digest..." Today's Topics: 1. [tomoyo-users-en 439] Re: tomoyo-users-en Digest, Vol 42, Issue 2 (TEH JIA YEW) ---------------------------------------------------------------------- Message: 1 Date: Thu, 5 Jan 2012 21:41:37 -0800 (PST) From: TEH JIA YEW <jyteh****@yahoo*****> Subject: [tomoyo-users-en 439] Re: tomoyo-users-en Digest, Vol 42, Issue 2 To: tomoy****@lists***** Message-ID: <13258****@web16*****> Content-Type: text/plain; charset="iso-8859-1" ? Dear Tetsuo Handa , 1. Thank you for your fast reply & Happy New Year 2012! ?2. You want to use TOMOYO 1.8 + IMA on Ubuntu 10.04, right? ? Ans: Yes. 3. will do as suggested. Thank you very much for your kind help. rgdsjyteh. --- On Fri, 1/6/12, tomoy****@lists***** <tomoy****@lists*****> wrote: From: tomoy****@lists***** <tomoy****@lists*****> Subject: tomoyo-users-en Digest, Vol 42, Issue 2 To: tomoy****@lists***** Date: Friday, January 6, 2012, 11:00 AM Send tomoyo-users-en mailing list submissions to ??? tomoy****@lists***** To subscribe or unsubscribe via the World Wide Web, visit ??? http://lists.sourceforge.jp/mailman/listinfo/tomoyo-users-en or, via email, send a message with subject or body 'help' to ??? tomoy****@lists***** You can reach the person managing the list at ??? tomoy****@lists***** When replying, please edit your Subject line so it is more specific than "Re: Contents of tomoyo-users-en digest..." Today's Topics: ???1. [tomoyo-users-en 437] How to Download Tomoyo Source Code at ? ? ? http://tomoyo.sourceforge.jp/cgi-bin/lxr/source? (TEH JIA YEW) ???2. [tomoyo-users-en 438] Re: How to Download Tomoyo Source Code ? ? ? at??? http://tomoyo.sourceforge.jp/cgi-bin/lxr/source? (Tetsuo Handa) ---------------------------------------------------------------------- Message: 1 Date: Thu, 5 Jan 2012 00:18:06 -0800 (PST) From: TEH JIA YEW <jyteh****@yahoo*****> Subject: [tomoyo-users-en 437] How to Download Tomoyo Source Code at ??? http://tomoyo.sourceforge.jp/cgi-bin/lxr/source? To: tomoy****@lists***** Message-ID: ??? <13257****@web16*****> Content-Type: text/plain; charset="iso-8859-1" Dear Tomoyo User, 1. Goo day and Happy New Year 2012.2. I am a Postgraduate Research Student working on implementation on Linux Security for Linux File-systems using Tomoyo Linux. I am attached to a research university in Malaysia.3. I need to enable IMA in kernel 2.6.32-generic-ccs as part of my work.4. Hence I need the entire Tomoyo kernel source to ensure that both IMA and Tomoyo in http://tomoyo.sourceforge.jp/cgi-bin/lxr/source/?v=linux-2.6.32.52-ccs-1.8.3 can be compiled into one single kernel.5. I had tried downloading the codes from no. 4 above using git , svn and cvs but no success.6. Highly appreciate if any one can tell me on how to download all codes from?? http://tomoyo.sourceforge.jp/cgi-bin/lxr/source/?v=linux-2.6.32.52-ccs-1.8.3 ?? ? Thank you for your help. rgdsjyteh. -------------- next part -------------- An HTML attachment was scrubbed...Download ------------------------------ Message: 2 Date: Thu, 05 Jan 2012 18:10:55 +0900 From: Tetsuo Handa <from-****@I-lov*****> Subject: [tomoyo-users-en 438] Re: How to Download Tomoyo Source Code ??? at??? http://tomoyo.sourceforge.jp/cgi-bin/lxr/source? To: tomoy****@lists***** Message-ID: <20120****@www26*****> Content-Type: text/plain; charset="ISO-2022-JP" Hello. TEH JIA YEW wrote: > 3. I need to enable IMA in kernel 2.6.32-generic-ccs as part of my work. You want to use TOMOYO 1.8 + IMA on Ubuntu 10.04, right? > 4. Hence I need the entire Tomoyo kernel source to ensure that both IMA and ? Tomoyo in http://tomoyo.sourceforge.jp/cgi-bin/lxr/source/?v=linux-2.6.32.52-ccs-1.8.3 > can be compiled into one single kernel. You can use a build script available at http://sourceforge.jp/projects/tomoyo/svn/view/trunk/1.8.x/ccs-patch/specs/build-ubuntu_10.04.sh?root=tomoyo&view=co&revision=5711&content-type=text%2Fplain . You will get 2.6.32-generic-ccs kernel deb packages by running this script on a 2.6.32-generic kernel on Ubuntu 10.04. In order to enable IMA, be sure to insert ? sed -i -e 's/# CONFIG_IMA is not set/CONFIG_IMA=y/' -- debian.master/config/config.common.ubuntu between ? # Start compilation. and ? debian/rules binary-headers || die "Failed to build kernel package." of this script. IMA is already enabled (i.e. built with CONFIG_IMA=y) if you can use RHEL6/Fedora14 and later instead of Ubuntu 10.04. ------------------------------ _______________________________________________ tomoyo-users-en mailing list tomoy****@lists***** http://lists.sourceforge.jp/mailman/listinfo/tomoyo-users-en End of tomoyo-users-en Digest, Vol 42, Issue 2 ********************************************** -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.sourceforge.jp/mailman/archives/tomoyo-users-en/attachments/20120105/26c9cd19/attachment.html ------------------------------ _______________________________________________ tomoyo-users-en mailing list tomoy****@lists***** http://lists.sourceforge.jp/mailman/listinfo/tomoyo-users-en End of tomoyo-users-en Digest, Vol 42, Issue 3 ********************************************** -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://lists.osdn.me/mailman/archives/tomoyo-users-en/attachments/20120126/df005d73/attachment.html>
TOMOYO
Fork