システムを解析および保護するためのセキュリティモジュール TOMOYO Linux は Linux 向けの強制アクセス制御( MAC )の実装で、システムのセキュリティを高める用途は勿論、システムの解析を行う用途でも使えるツールです。このプロジェクトは2003年3月に始まり、2012年3月までは株式会社NTTデータがスポンサーとなって開発されました。
TOMOYO Linux はシステムの振る舞いに注目します。プロセスは何かの目的を達成するために生成されます。 TOMOYO Linux は(出入国審査官のように)それぞれのプロセスに対して目的を達成するのに必要な振る舞いや資源について報告させることができます。また、保護モードを有効にすることにより、(運用監視人のように)システム管理者により承認された振る舞いと資源へのアクセスのみを許可することもできます。
Version 1.0.2 2006/02/14 Procedure review.
savepolicy:
Support saving "system policy" and "exception policy"
in addition to "domain policy".
The following programs were added.
editpolicy:
"syspol.exe" "poled.exe" "poled_old.exe" were integrated
and renamed to "editpolicy".
This program can edit "system policy", "exception policy"
and "domain policy".
Command key assignments were changed.
checkpolicy:
A policy validator taken from "poled_old.exe".
This program was designed for detecting and fixing errors
in "domain policy".
loadpolicy:
A policy reloader.
This program was designed for loading policy from the disk
after clearing current policy in the kernel.
sortpolicy:
A "domain policy" sorter.
This program was designed to compress access logs
generated by "ccs-auditd".
You can use normal "sort" command for sorting
"system policy" and "exception policy".
make_exception.sh:
A script to create "exception policy".
The following programs were renamed.
"remount.exe" was renamed to "remount_root_fs".
"makesyaoranconf.exe" was renamed to "makesyaoranconf".
The following programs were removed.
"poled.exe" "poled_old.exe" "syspol.exe"
"obsolete_chksymlink" "obsolete_chroot_su"
"obsolete_lsdir" "obsolete_makelink" "obsolete_movlog"
"bindtest" "logtest" "pathnametest" "rofstest"
"linuxrc_old"
The following programs for testing TOMOYO Linux's kernel were added.
They are in the kernel_test directory.
"sakura_bind_test" "sakura_capability_test"
"sakura_filesystem_test" "sakura_trace_test"
"tomoyo_capability_test" "tomoyo_file_test" "tomoyo_info_test"
"tomoyo_name_test" "tomoyo_port_test" "tomoyo_signal_test"
TOMOYO
Fork