[2024-feb-29] Sad news: Eric Layton aka Nocturnal Slacker aka vtel57 passed away on Feb 26th, shortly after hospitalization. He was one of our Wiki's most prominent admins. He will be missed.
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
howtos:security:tomoy_linux_basics_slackware [2023/12/06 12:43 (UTC)] – [Sources] zeebra | howtos:security:tomoy_linux_basics_slackware [2023/12/17 10:31 (UTC)] (current) – updated links to reflect move to sourceforge.net zeebra | ||
---|---|---|---|
Line 6: | Line 6: | ||
There are a few different tools in the Tomoyo family. Mainly Tomoyo 1, Akari and Tomoyo 2. There is also CaitSith, but **this guide is dealing with Tomoyo 2.x**. And at the time of writing Tomoyo 2.6.x for Kernel 5.1 and later. | There are a few different tools in the Tomoyo family. Mainly Tomoyo 1, Akari and Tomoyo 2. There is also CaitSith, but **this guide is dealing with Tomoyo 2.x**. And at the time of writing Tomoyo 2.6.x for Kernel 5.1 and later. | ||
- | Tomoyo Linux is very minimalistic (but complex) and in my view very much in harmony with the Slackware way of doing things. It has very few dependencies and is fairly easy to get started with. The documentation is excellent, and can easily be used to get started with Tomoyo. So, then, why am I even bothering to write this?\\ | + | Tomoyo Linux is very minimalistic (but complex) and in my view very much in harmony with the Slackware way of doing things. It has very few dependencies and is fairly easy to get started with. The documentation is excellent, and can easily be used to get started with Tomoyo. Tomoyo doesn' |
The main reason is to add information specific to Slackware, but also to write down the basics from a user perspective. You can probably just use the main Tomoyo documentation to get started, but there might be a few questions after that and/or Slackware specifics to do. Please DO use the official documentation but feel free to use this in addition. | The main reason is to add information specific to Slackware, but also to write down the basics from a user perspective. You can probably just use the main Tomoyo documentation to get started, but there might be a few questions after that and/or Slackware specifics to do. Please DO use the official documentation but feel free to use this in addition. | ||
Index of the manual:\\ | Index of the manual:\\ | ||
- | https:// | + | https:// |
Section about " | Section about " | ||
- | https:// | + | https:// |
- | So, what is the purpose of Tomoyo? The purpose is to implement **Mandatory Access Control** (MAC) on your system, which can be used in alot of ways to secure different aspects of the system. MAC works in such a way that EVERYTHING is FORBIDDEN unless you explicitly permit it (with policy). It is a fairly simple to implement MAC which can do alot for the security of your system! Among others, the manual specifically mentions SSH and Apache as some examples. If you read those you might start to understand how it can be extremely useful. (ssh example) https:// | + | So, what is the purpose of Tomoyo? The purpose is to implement **Mandatory Access Control** (MAC) on your system, which can be used in alot of ways to secure different aspects of the system. MAC works in such a way that EVERYTHING is FORBIDDEN unless you explicitly permit it (with policy). It is a fairly simple to implement MAC which can do alot for the security of your system! Among others, the manual specifically mentions SSH and Apache as some examples. If you read those you might start to understand how it can be extremely useful. (ssh example) https:// |
For a distro like Slackware, it is fairly easy to implement MAC for the whole boot sequence, which means the system can ONLY do what it is set to allow. That might sound impractical, | For a distro like Slackware, it is fairly easy to implement MAC for the whole boot sequence, which means the system can ONLY do what it is set to allow. That might sound impractical, | ||
Line 51: | Line 51: | ||
Once a Tomoyo Kernel is active you need to install the Tomoyo-tools. Download the tomoyo-tools from:\\ | Once a Tomoyo Kernel is active you need to install the Tomoyo-tools. Download the tomoyo-tools from:\\ | ||
- | https://osdn.net/projects/tomoyo/releases/p9818 | + | https://sourceforge.net/p/tomoyo/svn/HEAD/ |
+ | 2.6.1 | ||
Move the download to /usr/src/ or some other directory, then: | Move the download to /usr/src/ or some other directory, then: | ||
Line 162: | Line 163: | ||
< | < | ||
+ | This same step can also be done in the tomoyo-editpolicy tool by pressing " | ||
===== Appendage ===== | ===== Appendage ===== | ||
Line 167: | Line 169: | ||
**But do read the manual.** This here is just additional info to what is in the manual, and only covers how to install Tomoyo and get it up and running. The manual is easy to read and covers alot of information about how to use Tomoyo, necessary information to be able to use it, and in a very short and precise form: | **But do read the manual.** This here is just additional info to what is in the manual, and only covers how to install Tomoyo and get it up and running. The manual is easy to read and covers alot of information about how to use Tomoyo, necessary information to be able to use it, and in a very short and precise form: | ||
- | https:// | + | https:// |
So, please don't rely on only THIS guide. It is not enough and the manual is much better. \\ | So, please don't rely on only THIS guide. It is not enough and the manual is much better. \\ | ||
Line 174: | Line 176: | ||
====== Sources ====== | ====== Sources ====== | ||
<!-- If you are copying information from another source, then specify that source --> | <!-- If you are copying information from another source, then specify that source --> | ||
- | * Original source: [[https:// | + | * Original source: [[https:// |
<!-- Authors are allowed to give credit to themselves! --> | <!-- Authors are allowed to give credit to themselves! --> | ||
* Originally written by [[wiki: | * Originally written by [[wiki: |