[security] ANNOUNCE: Medusa DS9 security system
Milan WWW Pikula
www na banan.napri.sk
Úterý Únor 15 17:38:49 CET 2000
Greetings,
I'd like to announce the release of stable version of the security
system Medusa DS9. It's purpose is to increase the security of OS Linux.
Medusa it one of projects of the Slovak Linux user group (SkLUG).
It can be downloaded at
http://medusa.fornax.sk/
Medusa consists of two major parts - linux kernel changes and the user-space
daemon. Kernel changes do the monitoring of syscalls, filesystem actions,
processes and they implement the communication protocol. Security daemon
communicates with the kernel using character device to send and receive
"packets". Daemon contains the whole logic and implements the concrete
security policy. That means, that medusa can (as opposite to another
approaches) implement any model of data protection - it depends only on
configuration file, which is in fact an program in the internal programming
language, somewhat similiar to C.
At the logical level there are these changes:
* separation of processes, files and IPC to the independent groups
(virtual subsystems)
* ability to detect, disable or modify any system call from any process
* ability to detect, ... selected "process actions" like sending signals,
exec, ...
* ability to detect, redirect, ... selected file actions, such as access
to the file and so
* ability to enforce process to execute an arbitrary code. This feature
is usefull to enforce logging drom that process and so.
I'd like to answer some of frequently asked questions here:
Q what relation is between medusa and capabilities?
A medusa SUPPORTS linux capabilities and can test, set or change them.
Q how remarkable is the slowdown of this communication between the kernel
and user-space daemon in the real usage?
A actually it's insensible. medusa was designed with the question of speed
in mind, so all informations are stored in kernel. you can specify exactly
what actions do you need to be watched. on the real servers with about 50
shell-account users, where we test medusa, is traffic about 11 packets
per second or less.
the fact that the daemon is in userspace, gives it the comfort in
deciding about security reasons and it increases the portability of
the whole system. (bsd?:)
Q where it works?
A linux 2.2.13, 2.2.14, intel. SMP is not fully tested, but it's reported
to work. we are working on alpha port and other platforms will follow.
Q where can I find more information?
A at http://medusa.fornax.sk/ and in ``doc'' subdirectory in the source
package.
Kind regards,
Medusa development team
Marek Zelem
Martin Ockajak
Milan Pikula
--
Milan Pikula, WWW. Finger me for Geek Code.
http://fornax.elf.stuba.sk/~www, www na fornax.elf.stuba.sk
.. dajte mi pevnu linku a pohnem zemegulou ..
Další informace o konferenci Linux