[zorp-hu] filltable web pages and snapshot released

Magosányi Árpád zorp-hu@lists.balabit.hu
10 Dec 2003 03:52:27 +0100


[a magyar szöveg lejjebb]

You can find the filltable pages at

There is a security target (work in progress) and a daily
snapshot released right now.

The filltable utility is a python script to allow relatively untrusted
(junior) GNU/Linux system adinistrators (for example system adinistrator
of a chrooted sandbox) to modify specific parts of the linux netfilter
configuration. The senior system administrator can designate specific
packet classes (based on source/destination addresses, ports, etc) to be
managed by the junior system administrator. These packet filter classes
are directed to one or more netfilter chains. The junior system
administrator can describe the configuration in a text file, which makes
the input of the filltable utility. After that the senior system
administrator can run the filltable utility on these files, thus
modifying the configuration. The filltable script is strict on the
syntax of its configuration script, thus makes compromising the
execution domain of itself impossible.

The filltable script is a Trusted Procedure in the sense of the
Clark-Wilson access control modell.


A filltable honlapjának helye:

Van Biztonsági Rendszerterv (készülőben) és napi snapshot.

Nincs kedvem lefordítani a bevezetőjét.

GNU GPL: csak tiszta forrásból