[refpolicy] request for comments: policy for nufw and nuauth
p.chifflier at inl.fr
Mon Oct 20 11:23:58 CDT 2008
I have tried to write policy modules for 2 applications I'm maintaining
(and contributing): nufw and nuauth.
Since this is my first policies, it would be great to have some feedback
on the contents. I would like to propose these modules for integration
in the standard policy, if possible.
If you don't know nufw or nuauth, a few words of description:
- nufw use the NFQUEUE target of iptables (and so, a nfnetlink socket)
to receive packets in userspace. It will send the packets using a TLS
connection to nuauth, the user authenticating daemon, wait for a
decision, and apply it.
This is the simplest of the 2 daemons.
- nuauth is the authentication daemon. It has several roles:
- wait for connections from nufw daemons, receive packets, apply ACL
(see later), and return verdict
- wait for connections from nutcpc (clients), validate login/pass
using PAM, and communicate with them
- check ACL in a plain text file, or a LDAP server
- log messages to syslog, MySQL, or PostgreSQL (depending on the
loaded modules, and the configuration).
- nuauth and the clients use SASL for authentication, and TLS for all
The policy module for nuauth is not complete, I'm still working on it.
Any help/comment would be appreciated !
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 1914 bytes
Desc: not available
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20081020/b76fa12e/attachment.gtar
More information about the refpolicy