[2024-feb-29] Sad news: Eric Layton aka Nocturnal Slacker aka vtel57 passed away on Feb 26th, shortly after hospitalization. He was one of our Wiki's most prominent admins. He will be missed.
Differences
This shows you the differences between two versions of the page.
Next revision | Previous revisionLast revisionBoth sides next revision | ||
howtos:security:tomoy_linux_basics_slackware [2022/05/11 08:13 (UTC)] – created zeebra | howtos:security:tomoy_linux_basics_slackware [2023/12/06 13:05 (UTC)] – [Increasing learning entries] zeebra | ||
---|---|---|---|
Line 6: | Line 6: | ||
There are a few different tools in the Tomoyo family. Mainly Tomoyo 1, Akari and Tomoyo 2. There is also CaitSith, but **this guide is dealing with Tomoyo 2.x**. And at the time of writing Tomoyo 2.6.x for Kernel 5.1 and later. | There are a few different tools in the Tomoyo family. Mainly Tomoyo 1, Akari and Tomoyo 2. There is also CaitSith, but **this guide is dealing with Tomoyo 2.x**. And at the time of writing Tomoyo 2.6.x for Kernel 5.1 and later. | ||
- | Tomoyo Linux is very minimalistic (but complex) and in my view very much in harmony with the Slackware way of doing things. It has very few dependencies and is fairly easy to get started with. The documentation is excellent, and can easily be used to get started with Tomoyo. So, then, why am I even bothering to write this?\\ | + | Tomoyo Linux is very minimalistic (but complex) and in my view very much in harmony with the Slackware way of doing things. It has very few dependencies and is fairly easy to get started with. The documentation is excellent, and can easily be used to get started with Tomoyo. Tomoyo doesn' |
The main reason is to add information specific to Slackware, but also to write down the basics from a user perspective. You can probably just use the main Tomoyo documentation to get started, but there might be a few questions after that and/or Slackware specifics to do. Please DO use the official documentation but feel free to use this in addition. | The main reason is to add information specific to Slackware, but also to write down the basics from a user perspective. You can probably just use the main Tomoyo documentation to get started, but there might be a few questions after that and/or Slackware specifics to do. Please DO use the official documentation but feel free to use this in addition. | ||
Line 14: | Line 14: | ||
https:// | https:// | ||
- | So, what is the purpose of Tomoyo? The purpose is to implement **Mandatory Access Control** (MAC) on your system, which can be used in alot of ways to secure different aspects of the system. It is a fairly simple to implement MAC which can do alot for the security of your system! Among others, the manual specifically mentions SSH and Apache as some examples. If you read those you might start to understand how it can be extremely useful.\\ | + | So, what is the purpose of Tomoyo? The purpose is to implement **Mandatory Access Control** (MAC) on your system, which can be used in alot of ways to secure different aspects of the system. MAC works in such a way that EVERYTHING is FORBIDDEN unless you explicitly permit it (with policy). It is a fairly simple to implement MAC which can do alot for the security of your system! Among others, the manual specifically mentions SSH and Apache as some examples. If you read those you might start to understand how it can be extremely useful. |
For a distro like Slackware, it is fairly easy to implement MAC for the whole boot sequence, which means the system can ONLY do what it is set to allow. That might sound impractical, | For a distro like Slackware, it is fairly easy to implement MAC for the whole boot sequence, which means the system can ONLY do what it is set to allow. That might sound impractical, | ||
Line 162: | Line 162: | ||
< | < | ||
+ | This same step can also be done in the tomoyo-editpolicy tool by pressing " | ||
===== Appendage ===== | ===== Appendage ===== | ||
Line 181: | Line 182: | ||
<!-- Please do not modify anything below, except adding new tags.--> | <!-- Please do not modify anything below, except adding new tags.--> | ||
<!-- You must remove the tag-word " | <!-- You must remove the tag-word " | ||
- | {{tag> | + | {{tag> |