Few ACL's for debian...

Submit your RBAC policies or suggest policy improvements

Few ACL's for debian...

Postby cmouse » Thu Sep 18, 2003 8:16 am

These are not for RBAC.

ntpd and ntpdate:

/usr/sbin/ntpdate o {
/usr/share/zoneinfo/Europe/Helsinki r
/lib rx
/lib/ld-2.3.2.so x
/etc r
/dev/log rw
/usr/sbin/ntpdate x
/ h
-CAP_ALL
+CAP_SYS_NICE
+CAP_SYS_TIME

connect {
195.10.132.65:123 dgram udp
194.100.0.11:123 dgram udp
198.123.30.132:123 dgram udp
127.0.0.1:53 dgram udp
}

bind {
0.0.0.0:0 dgram ip
}

}

/usr/sbin/ntpd o {
/ h
/var/log/ntpstats/peerstats w
/var/log/ntpstats/loopstats w
/var/log/ntpstats
/var/log/ntpd a
/var/log
/var/lib/ntp/ntp.drift r
/usr/share/zoneinfo/Europe/Helsinki r
/tmp rw
/lib rx
/etc r
/dev/null rw
/dev/log rw
/usr/sbin/ntpd x

-CAP_ALL
+CAP_NET_BIND_SERVICE
+CAP_IPC_LOCK
+CAP_SYS_TIME

connect {
194.100.0.11:123 dgram udp
198.123.30.132:123 dgram udp
195.10.132.65:123 dgram udp
198.123.30.132:2000 dgram udp
127.0.0.1:1030 dgram udp
127.0.0.1:123 dgram udp
127.0.0.1:53 dgram udp
195.10.132.65:2000 dgram udp
194.100.0.11:2000 dgram udp
}

bind {
192.168.3.1:123 dgram udp
62.237.194.77:123 dgram udp
127.0.0.1:123 dgram udp
0.0.0.0:123 dgram udp
0.0.0.0:0 dgram ip
}

}

Made with ACL learning (and then cleaned up)
cmouse
 
Posts: 98
Joined: Tue Dec 17, 2002 10:58 am

Return to RBAC policy development

cron