CerbNG 1.0-RC1 FreeBSD 4.x-hez

FreeBSD

Pawel Jakub Dawidek bejelentése szerint elérhető már a CerbNG névre hallgató project, amely nem más mint a FreeBSD kernelhez készült biztonsági modul. A CerbNG segítségével a rendszeradminisztrátor egy finomhangoló eszközhöz jut, mellyel irányítani tudja az alkalmazások/processzek környezetének beállításait (pl. a privilégiumokkal rendelkező démonok, setuid programok, stb.). A CerbNG egyelőre csak a 4.x FreeBSD kernelekhez érhető el, de lassan elkészül az 5.x-hez is.

  • segítségével írányíthatóak a rendszerhívások
  • megváltoztathatóak a rendszerhívások argumentumai és a visszatérési értékei
  • módosíthatóak a processzek tulajdonságai és azok környezete
  • módosíthatóak a sysctl-ek a processzek futási idejében
  • precíz és konfigurálható logolási lehetőség
  • stb.

    Bővebb infó Pawel levelében:Date: Fri, 21 Mar 2003 01:58:38 +0100

    From: Pawel Jakub Dawidek

    To: freebsd-security@freebsd.org

    Cc: freebsd-hackers@freebsd.org, cerber-list@lists.sourceforge.net

    Subject: CerbNG 1.0-RC1 is now avaliable.

    Good news everyone. After six months of hard work, many hundreds CVS commits and lots of lost nights we would like to proudly announce, that the CerbNG project released first generally available version (1.0-RC1) of it's kernel security module.

    It is hard to write some terse words of encouragement for using/testing a program which we have worked on for so long. Nevertheless, we will try to do it in this message.

    CerbNG is a kernel module for FreeBSD version 4.x (5.x version soon to come). Our main purpose is providing the administrator with tools for enforcing fine grained control for critical system applications/processes/environments, i.e.

    privileged daemons (not only those running with uid 0), and setuid programs. But it is just a small part of CerbNG functionality.

    Lead principles in CerbNG development are transparency and flexibility. Sysadmins often do not have time and resources to patch all buggy applications, even for security related vulnerabilities.

    For defining the system protecting rules, we use a flexible language vaguely similar to C. Some basic CerbNG capabilities are:

    - detailed control and validation of selected system calls and

    their arguments

    - ability of changing syscall arguments and returned values

    - possibility of modifying process properties and environment

    - modifying sysctls during process runtime depending on process behavior and context

    - precise and configurable logging

    - intuitive, flexible and powerful rule description language

    Tarball for Version 1.0-RC1 contains some example policy files described below:

    openssh.cb - Controls sshd(8) (if sshd is running when

    the policy is being loaded, it has to be restarted). The policy degrades sshd privileges after it's been started to uid

    and gid for user/group sshd. CerbNG elevates sshd rights for performing privileged operations only.

    passwd.cb - Controls passwd(1). Similarly to openssh.cb,

    privileges of the passwd process are changed to those of user running this program. Privileges are degraded regardless of the setuid bit on /usr/bin/passwd.

    ping.cb, su.cb - Similar privilege degradation examples.

    noexec-by-group.cb - Noexec for all users but root and members of exec group. Additionally environment

    variables with names beginning with LD_ are checked.

    degrade-unknown-sugids.cb - All setuid/setgid files, which are not controlled by Cerb are denied elevated privileges and run with credentials of user performing the execve(2) syscall.

    restricted-debug.cb - Using ptrace(2) and ktrace(2) syscalls will be limited to root user and members of 'debug'

    group.

    restricted-link.cb - Non-root users will be denied the right to

    create hard links to other users' files.

    log-exec.cb - All execve(2) calls performed by

    non-privileged users will be logged.

    We encourage all interested members of FreeBSD community to testing, sharing ideas/comments and last but not least - reporting bugs. We hope, that CerbNG becomes another useful tool for improving security of servers running FreeB=

    SD.

    CerbNG CVS repository and latest tarballs are available at:

    http://sourceforge.net/projects/cerber/

    For detailed installation instructions see INSTALL file, or HOWTO.html at:

    http://cerber.sourceforge.net/docs/HOWTO.html

    Project HomePage:

    http://cerber.sourceforge.net/

    We invite all interested users and would-be users to subscription of our mailing lists. To subscribe those lists, visit:

    http://lists.sourceforge.net/mailma...nfo/cerber-list

    http://lists.sourceforge.net/mailma.../cerber-commits

    CerbNG authors are:

    Pawel Jakub Dawidek

    Cerb project initiator, head programmer, kernel part

    developer, polish documentation author.

    Slawek Zak

    Designer of CerbNG configuration language syntax and

    compiler structure, author of userland policy compiler,

    documentation translator.

    PS. We are also preparing a technical document for BSDCon 2003.

    --=20

    Pawel Jakub Dawidek

    UNIX Systems Administrator

    http://garage.freebsd.pl

    Am I Evil? Yes, I Am.

    --/8Xxy37xq6kDVsli

    Content-Type: application/pgp-signature

    Content-Disposition: inline

    -----BEGIN PGP SIGNATURE-----

    Version: GnuPG v1.0.7 (FreeBSD)

    iQCVAwUBPnpjvj/PhmMH/Mf1AQFm1wP/US9IrHODuZaa5Y0F+IU40N9UazkqgdE/

    QqIxX4ww8SR9X0X3BcQvqkT1uqvtU18NhD1nhAJ8vTVZ7y6c1y

    81AaJsrnVsM1Jd

    AjE0XzFb7E8+DCVdKf+RR7Q9faTkAYpKy0YUfuX0TacqEY+fN9

    4IikUG1MSa2gs4

    SJaTsFyDlhY=

    =tScJ

    -----END PGP SIGNATURE-----

    --/8Xxy37xq6kDVsli--