MAC Policies

Similar to SELinux, FreeBSD's Mandatory Access Control (MAC) framework provides a set of security policies. mac(4) describes the available policies; many of these, such as Biba and Lomac, are complex and require advanced knowledge to successfully implement. However, some policies are easy to implement and can increase the security of a system.

One such policy is mac_seeotheruids(4). On a default UNIX system, any user can see all running processes with ps -a or see who is logged into a system and which command he or she is currently executing with w. After implementing this policy, regular users will only be able to see their own processes and logins; however, the superuser will still be able to see all processes and logins.

The FreeBSD Handbook contains more information regarding MAC at http://www .freebsd.org/doc/en_US.ISO8859-1/books/handbook/mac.html.

Was this article helpful?

0 0
The Ultimate Computer Repair Guide

The Ultimate Computer Repair Guide

Read how to maintain and repair any desktop and laptop computer. This Ebook has articles with photos and videos that show detailed step by step pc repair and maintenance procedures. There are many links to online videos that explain how you can build, maintain, speed up, clean, and repair your computer yourself. Put the money that you were going to pay the PC Tech in your own pocket.

Get My Free Ebook


Post a comment