Monitoring and prevention of MBR activity.
Robb III, George B.
forgeman at gmail.com
Tue Sep 6 15:52:52 UTC 2011
Hi All-
Wonderful information and good thread. Thanks!
We have a piece of vendor code that is replicating several fiber attached
LUNs. We believe there is a software has a mis-configuration causing
/dev/sda vs /dev/sdaa (one of the many LUNS) to have its MBR zeroed.
SELinux seems like an appropriate tool to at least monitor access if not
allow full blocking.
Write protection is not an option as its a PERC controller and /dev/sda is
the boot mirror (unless there are known alternatives)?
Thanks again all,
George
On Tue, Sep 6, 2011 at 10:06 AM, Mr Dash Four
<mr.dash.four at googlemail.com>wrote:
>
> > Now if you have a app/admin user process that needs to have full
> > access to the system but want to make sure he does not modify the MBR
> > you will have a difficult time writing policy for this.
> >
> Not to mention that there are some tools - parted being one - which need
> access (rw) to that sector of the hdd, regardless of who runs these tools.
>
> --
> selinux mailing list
> selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/selinux/attachments/20110906/f1c5b61c/attachment.html
More information about the selinux
mailing list