Just got an interesting project...
George Toft
george at georgetoft.com
Thu Oct 5 08:01:10 MST 2006
Requirements:
1. Deleted files (say, qmail messages after pickup) are shredded upon
deletion. Immediately upon delete. Since an application is performing
the delete, I must assume "rm" is not being issued, so I can't
substitute "shred" in its place.
2. Files owned by vpopmail:vchkpw can only be read by said user:group -
this includes root. We need to lock root (and every other user) out of
the messages.
3. Encrypted file system to defend against physical theft.
#3 is easy.
#2 sounds like a job for SELinux. Alternatives are welcome :)
What about #1? Any ideas?
--
George Toft, CISSP, MSIS
623-203-1760
"That which does not kill us makes us stronger."
More information about the PLUG-discuss
mailing list