Submit your RBAC policies or suggest policy improvements

Moderators: spender, PaX Team


Postby Raf256 » Tue Oct 04, 2005 7:31 am

Im new to grsecurity,

I want apache2 to only
- access (rX, not write, not delete) /var/www /srv/a /srv/b
- rwx /var/log (d is not needed, delete is done via logrotate right?)
- what eles apache2 needs?
- apache2 will run only PHP, will not execute CGI scripts - what can I add?
- php uses mysql, postgresql

what EXACLY and WHERE should I add, how to test do it work, what are some tips&tricks in case of trouble?
Posts: 72
Joined: Mon Sep 19, 2005 8:38 pm
Location: Europe

Postby bartosz » Tue Oct 04, 2005 1:14 pm

I am also new to grsec but I think you shuold start gradm in lerning mode then adjust ACL to your needs.
Posts: 11
Joined: Mon Sep 26, 2005 2:03 pm

Return to RBAC policy development