SELinux MLS
Robert Gabriel
ephemeric at gmail.com
Thu Jul 4 08:35:55 UTC 2013
On 4 July 2013 07:47, Douglas Brown <d46.brown at student.qut.edu.au> wrote:
>
> The only use case I can think of to justify the vast additional complexity
> of MLS is when you need to confine access to resources based on a very
> specific organisational information flow policy. The MLS policy isn't
> necessarily more 'secure' than MCS, it's just enforces a different
> information flow policy (domain separation rather than Bell-LaPadula).
>
> If you'd like to harden the machine and restrict access to splunk
> resources, I would:
>
> - Write policy for Splunk then remove all unconfined domains (see
> section in: http://danwalsh.livejournal.com/42394.html)
> - Run splunk in its own category
> - Change default user/login clearances as appropriate to restrict
> access to splunk
> - Depending on whether or not your network is labelled or not you
> might consider using SECMARK or netlabel to restrict network access to
> splunk
>
> Hypothetically, you could run multiple instances of splunk in different
> categories on the same machine for each index if required.
>
Thank you, this is great advice, appreciate it.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/selinux/attachments/20130704/1ac6b1ac/attachment.html>
More information about the selinux
mailing list