ACL for snort?

Submit your RBAC policies or suggest policy improvements

Postby spender » Tue Dec 03, 2002 2:46 pm

The documentation for the ACL system would probably clear up a lot of your questions. You have to realize that under the ACL system, (when properly configured), root means nothing. So let's say someone got root on your system. Would you want them to be able to remove packages on your system with apt? No. So if you want to update packages on the system, you have to authorize yourself to the ACL system (we take several precautions so that this admin mode can't be compromised, short of choosing a horrible password), and do it from within there.

-Brad
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm

Postby dystopia » Mon Dec 09, 2002 5:46 pm

Ok thanks for your answers. I'm gonna read the docs again since i still have a few questions about 'the root means nothing'.
dystopia
 
Posts: 14
Joined: Sun Jun 30, 2002 5:05 pm

Previous

Return to RBAC policy development