[2024-feb-29] Sad news: Eric Layton aka Nocturnal Slacker aka vtel57 passed away on Feb 26th, shortly after hospitalization. He was one of our Wiki's most prominent admins. He will be missed.

Welcome to the Slackware Documentation Project

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
howtos:security:tomoy_linux_basics_slackware [2023/12/06 12:42 (UTC)] – [Introduction] zeebrahowtos:security:tomoy_linux_basics_slackware [2023/12/17 10:31 (UTC)] (current) – updated links to reflect move to sourceforge.net zeebra
Line 6: Line 6:
 There are a few different tools in the Tomoyo family. Mainly Tomoyo 1, Akari and Tomoyo 2. There is also CaitSith, but **this guide is dealing with Tomoyo 2.x**. And at the time of writing Tomoyo 2.6.x for Kernel 5.1 and later.  There are a few different tools in the Tomoyo family. Mainly Tomoyo 1, Akari and Tomoyo 2. There is also CaitSith, but **this guide is dealing with Tomoyo 2.x**. And at the time of writing Tomoyo 2.6.x for Kernel 5.1 and later. 
  
-Tomoyo Linux is very minimalistic (but complex) and in my view very much in harmony with the Slackware way of doing things. It has very few dependencies and is fairly easy to get started with. The documentation is excellent, and can easily be used to get started with Tomoyo. So, then, why am I even bothering to write this?\\+Tomoyo Linux is very minimalistic (but complex) and in my view very much in harmony with the Slackware way of doing things. It has very few dependencies and is fairly easy to get started with. The documentation is excellent, and can easily be used to get started with Tomoyo. Tomoyo doesn't use anything Python or things like that (like SELinux), it uses command line tools and an ncurses interface (optional). So, then, why am I even bothering to write this?\\
 The main reason is to add information specific to Slackware, but also to write down the basics from a user perspective. You can probably just use the main Tomoyo documentation to get started, but there might be a few questions after that and/or Slackware specifics to do. Please DO use the official documentation but feel free to use this in addition. The main reason is to add information specific to Slackware, but also to write down the basics from a user perspective. You can probably just use the main Tomoyo documentation to get started, but there might be a few questions after that and/or Slackware specifics to do. Please DO use the official documentation but feel free to use this in addition.
  
 Index of the manual:\\ Index of the manual:\\
-https://tomoyo.osdn.jp/2.6/index.html.en \\+https://tomoyo.sourceforge.net/2.6/index.html.en \\
 Section about "installing" Tomoyo: (which is basically what this guide covers)\\ Section about "installing" Tomoyo: (which is basically what this guide covers)\\
-https://tomoyo.osdn.jp/2.6/chapter-3.html.en+https://tomoyo.sourceforge.net/2.6/chapter-3.html.en
  
-So, what is the purpose of Tomoyo? The purpose is to implement **Mandatory Access Control** (MAC) on your system, which can be used in alot of ways to secure different aspects of the system. MAC works in such a way that EVERYTHING is FORBIDDEN unless you explicitly permit it (with policy). It is a fairly simple to implement MAC which can do alot for the security of your system! Among others, the manual specifically mentions SSH and Apache as some examples. If you read those you might start to understand how it can be extremely useful. (ssh example) https://tomoyo.osdn.jp/2.6/chapter-12.html.en\\+So, what is the purpose of Tomoyo? The purpose is to implement **Mandatory Access Control** (MAC) on your system, which can be used in alot of ways to secure different aspects of the system. MAC works in such a way that EVERYTHING is FORBIDDEN unless you explicitly permit it (with policy). It is a fairly simple to implement MAC which can do alot for the security of your system! Among others, the manual specifically mentions SSH and Apache as some examples. If you read those you might start to understand how it can be extremely useful. (ssh example) https://tomoyo.sourceforge.net/2.6/chapter-12.html.en \\
 For a distro like Slackware, it is fairly easy to implement MAC for the whole boot sequence, which means the system can ONLY do what it is set to allow. That might sound impractical, and it is, and it might sound scary as well, but it is not, because **the default mode of Tomoyo is to do nothing**. Only if you enforce policies will it block everything else than what you allow, and as mentioned, making a MAC policy for booting Slackware is fairly simple, because the boot process is fairly simple. Creating a MAC policy for a regular user system is quite a big task, but Tomoyo comes with a "learning mode" which writes policies, but do not enforce them, so it is a managable task overall. For a distro like Slackware, it is fairly easy to implement MAC for the whole boot sequence, which means the system can ONLY do what it is set to allow. That might sound impractical, and it is, and it might sound scary as well, but it is not, because **the default mode of Tomoyo is to do nothing**. Only if you enforce policies will it block everything else than what you allow, and as mentioned, making a MAC policy for booting Slackware is fairly simple, because the boot process is fairly simple. Creating a MAC policy for a regular user system is quite a big task, but Tomoyo comes with a "learning mode" which writes policies, but do not enforce them, so it is a managable task overall.
  
Line 51: Line 51:
  
 Once a Tomoyo Kernel is active you need to install the Tomoyo-tools. Download the tomoyo-tools from:\\ Once a Tomoyo Kernel is active you need to install the Tomoyo-tools. Download the tomoyo-tools from:\\
-https://osdn.net/projects/tomoyo/releases/p9818+https://sourceforge.net/p/tomoyo/svn/HEAD/tree/tags/tomoyo-tools/ 
 +2.6.1
  
 Move the download to /usr/src/ or some other directory, then: Move the download to /usr/src/ or some other directory, then:
Line 162: Line 163:
 <code>tomoyo-loadpolicy -p < /etc/tomoyo/profile.conf</code> <code>tomoyo-loadpolicy -p < /etc/tomoyo/profile.conf</code>
  
 +This same step can also be done in the tomoyo-editpolicy tool by pressing "W" to get to the options menu, and then pressing "P" for profile. Here you can edit a line by pressing "S" and verify with "enter" key. All these options can be further looked into in the ncurses interface by using the "?" key.
 ===== Appendage ===== ===== Appendage =====
  
Line 167: Line 169:
  
 **But do read the manual.** This here is just additional info to what is in the manual, and only covers how to install Tomoyo and get it up and running. The manual is easy to read and covers alot of information about how to use Tomoyo, necessary information to be able to use it, and in a very short and precise form: **But do read the manual.** This here is just additional info to what is in the manual, and only covers how to install Tomoyo and get it up and running. The manual is easy to read and covers alot of information about how to use Tomoyo, necessary information to be able to use it, and in a very short and precise form:
-https://tomoyo.osdn.jp/2.6/index.html.en+https://tomoyo.sourceforge.net/2.6/index.html.en
  
 So, please don't rely on only THIS guide. It is not enough and the manual is much better. \\ So, please don't rely on only THIS guide. It is not enough and the manual is much better. \\
Line 174: Line 176:
 ====== Sources ====== ====== Sources ======
 <!-- If you are copying information from another source, then specify that source --> <!-- If you are copying information from another source, then specify that source -->
-* Original source: [[https://tomoyo.osdn.jp/documentation.html.en]]\\+* Original source: [[https://tomoyo.sourceforge.net/documentation.html.en]]\\
 <!-- Authors are allowed to give credit to themselves! --> <!-- Authors are allowed to give credit to themselves! -->
  * Originally written by [[wiki:user:zeebra | zeebra]]  * Originally written by [[wiki:user:zeebra | zeebra]]
Line 181: Line 183:
 <!-- Please do not modify anything below, except adding new tags.--> <!-- Please do not modify anything below, except adding new tags.-->
 <!-- You must remove the tag-word "template" below before saving your new page --> <!-- You must remove the tag-word "template" below before saving your new page -->
-{{tag>howtossecurityLSMMACTomoyo}}+{{tag>howtos security LSM MAC Tomoyo author_zeebra}}

Trace: faq upgrade

howtos:security:tomoy_linux_basics_slackware ()