> I do know that there's a program out there named "AppArmor" that may
> provide the protection you are looking for. It's designed to interact
> directly with the kernel and allows you to define what processes can do
> what...etc. You can set a default policy to disallow every process from
> network access and then allow only certain processes to access the
> network.
Another program that does that is systrace found on some BSD systems. It
provides "Interactive Policy Generation for System Calls". The systrace
for Linux webpage is at
http://www.citi.umich.edu/u/provos/systrace/linux.html but doesn't seem to
be up-to-date or maintained (on Linux).
An alternative is selinux. I don't know best docs, but here are some
links:
Red Hat Enterprise Linux 4: Red Hat SELinux Guide: 2.9. Policy Macros
http://www.linuxtopia.org/online_books/redhat_selinux_guide/rhlcommon-section-0053.html
Installing SELinux on Fedora / RedHat
http://www.crypt.gen.nz/selinux/install_fedora.html
(selinux might already be integrated/installed on your Linux of choice.)
Also iptables can do filtering by user (UID) or process ID (PID). (See -m
owner extension.)
You can probably find an interactive tools for viewing and managing
iptables connections by UID or process. (Search for ctview as one
example.)
Also look at "Filter based on program" at
http://michael.toren.net/slides/ipqueue/slide017.html. A python interface
and perl module are available for "ipqueue".
Have fun!
Jeremy C. Reed
echo '9,J8HD,fDGG8B@?:536FC5=8@I;C5?@H5B0D@5GBIELD54DL>@8L?:5GDEJ8LDG1' |\
sed ss,s50EBsg | tr 0-M 'p.wBt SgiIlxmLhan:o,erDsduv/cyP'
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
(text/plain)