Linux's Security Capabilities
6.3 subterfugue
Subterfuge can limit acess of processes and their chidren.
http://www.subterfugue.org/
by Mike Coleman
<mkc@subterfugue.org>
is downloadable at:
http://sourceforge.net/project/?group_id=1951
Linux kernel includes subterfuge support since 2.3.99-pre1
Subterfuge makes it possible to:
restrict disk access by specifying:
forbidden directories
read-only directories
read and write access directories
extend arguments to complete filenames and apply regular expressions (regexp).
log the number of system calls and signals.
forbid or limit access to the network.
forbid the closing of standard input / output / error.
forbid the sending of signals to "foreign" processes.
trace system calls (with the possibility of chosing the system calls).
restrict positionning of acces rights (forbid SUID, write for all, ...).
Linux's Security Capabilities
® ©
Hervé Schauer Consultants
2000 - 4 bis, rue de la gare - 92300 Levallois-Perret
Phone : +33 141 409 700 - Fax : +33 141 409 709 - Email : <secretariat@hsc.fr>
Linux's Security Capabilities
Linux's Security Capabilities
Linux's Security Capabilities
® © Hervé Schauer Consultants 2000 -
4 bis, rue de la gare -
92300 Levallois-Perret