I've just released LOMAC v1.0 - an LKM for Linux 2.2 kernels that
implements a form of Low Water-Mark Mandatory Access Control (MAC) to
protect the integrity of processes and data from viruses, Trojan
horses, malicious remote users, and compromised root daemons. LOMAC
is designed for simplicity and compatibility with existing software.
It implements kernel-space MAC at the system-call interface without
modifying any kernel sources.
Although it lacks some of the advanced MAC features found in more
complex and powerful schemes, LOMAC provides a simple and useful form
of MAC integrity protection that requires no kernel patches, no
modifications to existing applications, no modifications to existing
configuration files, and no site-specific policy configuration. A
good number of features and fixes remain to be implemented. However,
LOMAC is presently functional enough to thwart script kiddies, and is
sufficiently stable for everyday use. (I'm using it now.)
Further information can be found via LOMAC's Freshmeat page, at
http://freshmeat.net/projects/lomac
- Tim Fraser, NAI Labs
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/