Date: Fri, 21 Mar 2003 01:58:38 +0100 From: Pawel Jakub Dawidek <nick@garage.freebsd.pl> To: freebsd-security@freebsd.org Cc: freebsd-hackers@freebsd.org, cerber-list@lists.sourceforge.net Subject: CerbNG 1.0-RC1 is now avaliable. Message-ID: <20030321005838.GA567@garage.freebsd.pl>
next in thread | raw e-mail | index | archive | help
--/8Xxy37xq6kDVsli
Content-Type: text/plain; charset=iso-8859-2
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Good news everyone. After six months of hard work, many hundreds CVS commits
and lots of lost nights we would like to proudly announce, that the CerbNG
project released first generally available version (1.0-RC1) of it's kernel
security module.
It is hard to write some terse words of encouragement for using/testing
a program which we have worked on for so long. Nevertheless, we will try to
do it in this message.
CerbNG is a kernel module for FreeBSD version 4.x (5.x version soon to come=
).
Our main purpose is providing the administrator with tools for enforcing fi=
ne
grained control for critical system applications/processes/environments, i.=
e.
privileged daemons (not only those running with uid 0), and setuid programs.
But it is just a small part of CerbNG functionality.
Lead principles in CerbNG development are transparency and flexibility.
Sysadmins often do not have time and resources to patch all buggy applicati=
ons,
even for security related vulnerabilities.
For defining the system protecting rules, we use a flexible language vaguely
similar to C. Some basic CerbNG capabilities are:
- detailed control and validation of selected system calls and
their arguments
- ability of changing syscall arguments and returned values
- possibility of modifying process properties and environment
- modifying sysctls during process runtime depending on process
behavior and context
- precise and configurable logging
- intuitive, flexible and powerful rule description language
Tarball for Version 1.0-RC1 contains some example policy files
described below:
openssh.cb - Controls sshd(8) (if sshd is running when
the policy is being loaded, it has to be
restarted). The policy degrades sshd
privileges after it's been started to uid
and gid for user/group sshd. CerbNG elevates
sshd rights for performing privileged
operations only.
passwd.cb - Controls passwd(1). Similarly to openssh.cb,
privileges of the passwd process are changed
to those of user running this program.
Privileges are degraded regardless of the
setuid bit on /usr/bin/passwd.
ping.cb, su.cb - Similar privilege degradation examples.
noexec-by-group.cb - Noexec for all users but root and members of
exec group. Additionally environment
variables with names beginning with LD_ are
checked.
degrade-unknown-sugids.cb - All setuid/setgid files, which are not
controlled by Cerb are denied elevated
privileges and run with credentials of
user performing the execve(2) syscall.
restricted-debug.cb - Using ptrace(2) and ktrace(2) syscalls will
be limited to root user and members of 'debug'
group.
restricted-link.cb - Non-root users will be denied the right to
create hard links to other users' files.
log-exec.cb - All execve(2) calls performed by
non-privileged users will be logged.
We encourage all interested members of FreeBSD community to testing, sharing
ideas/comments and last but not least - reporting bugs. We hope, that CerbNG
becomes another useful tool for improving security of servers running FreeB=
SD.
CerbNG CVS repository and latest tarballs are available at:
http://sourceforge.net/projects/cerber/
For detailed installation instructions see INSTALL file, or HOWTO.html at:
http://cerber.sourceforge.net/docs/HOWTO.html
Project HomePage:
http://cerber.sourceforge.net/
We invite all interested users and would-be users to subscription of
our mailing lists. To subscribe those lists, visit:
http://lists.sourceforge.net/mailman/listinfo/cerber-list
http://lists.sourceforge.net/mailman/listinfo/cerber-commits
CerbNG authors are:
Pawel Jakub Dawidek <nick@garage.freebsd.pl>
Cerb project initiator, head programmer, kernel part
developer, polish documentation author.
Slawek Zak <zaks@era.pl>
Designer of CerbNG configuration language syntax and
compiler structure, author of userland policy compiler,
documentation translator.
PS. We are also preparing a technical document for BSDCon 2003.
--=20
Pawel Jakub Dawidek
UNIX Systems Administrator
http://garage.freebsd.pl
Am I Evil? Yes, I Am.
--/8Xxy37xq6kDVsli
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (FreeBSD)
iQCVAwUBPnpjvj/PhmMH/Mf1AQFm1wP/US9IrHODuZaa5Y0F+IU40N9UazkqgdE/
QqIxX4ww8SR9X0X3BcQvqkT1uqvtU18NhD1nhAJ8vTVZ7y6c1y81AaJsrnVsM1Jd
AjE0XzFb7E8+DCVdKf+RR7Q9faTkAYpKy0YUfuX0TacqEY+fN94IikUG1MSa2gs4
SJaTsFyDlhY=
=tScJ
-----END PGP SIGNATURE-----
--/8Xxy37xq6kDVsli--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030321005838.GA567>