Re: ZoneAlarm-type firewall for Linux?

Top Page
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: Jeremy C. Reed
Date:  
To: Main PLUG discussion list
Subject: Re: ZoneAlarm-type firewall for Linux?
> I do know that there's a program out there named "AppArmor" that may
> provide the protection you are looking for. It's designed to interact
> directly with the kernel and allows you to define what processes can do
> what...etc. You can set a default policy to disallow every process from
> network access and then allow only certain processes to access the
> network.


Another program that does that is systrace found on some BSD systems. It
provides "Interactive Policy Generation for System Calls". The systrace
for Linux webpage is at
http://www.citi.umich.edu/u/provos/systrace/linux.html but doesn't seem to
be up-to-date or maintained (on Linux).

An alternative is selinux. I don't know best docs, but here are some
links:

Red Hat Enterprise Linux 4: Red Hat SELinux Guide: 2.9. Policy Macros
http://www.linuxtopia.org/online_books/redhat_selinux_guide/rhlcommon-section-0053.html

Installing SELinux on Fedora / RedHat
http://www.crypt.gen.nz/selinux/install_fedora.html

(selinux might already be integrated/installed on your Linux of choice.)

Also iptables can do filtering by user (UID) or process ID (PID). (See -m
owner extension.)

You can probably find an interactive tools for viewing and managing
iptables connections by UID or process. (Search for ctview as one
example.)

Also look at "Filter based on program" at
http://michael.toren.net/slides/ipqueue/slide017.html. A python interface
and perl module are available for "ipqueue".

Have fun!

Jeremy C. Reed

echo '9,J8HD,fDGG8B@?:536FC5=8@I;C5?@H5B0D@5GBIELD54DL>@8L?:5GDEJ8LDG1' |\
sed ss,s50EBsg | tr 0-M 'p.wBt SgiIlxmLhan:o,erDsduv/cyP'
---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss