[Openstack-security] Processes accessing Configuration files

Adam Young ayoung at redhat.com
Tue Nov 19 01:47:40 UTC 2013 

On 11/18/2013 08:33 PM, Bryan D. Payne wrote:
> Sure, I was just suggesting that those selinux policies could be a 
> useful source of information about the expected behavior of the 
> various services.
>
> -bryan
>
>
> On Mon, Nov 18, 2013 at 5:29 PM, Adam Young <ayoung at redhat.com 
> <mailto:ayoung at redhat.com>> wrote:
>
>     On 11/18/2013 08:18 PM, Bryan D. Payne wrote:
>>     I'd suggest checking the selinux policies for openstack in RedHat
>>     and/or Fedora.
>>     -bryan
>
>     Probably, for completeness, should mention that the Debian default
>     is AppArmour, not SELinux.  THe major difference between them is
>     that AppAroun is path based, where as SELinux is Inode based.
>

And I should learn to type:

AppArmor:

https://wiki.ubuntu.com/AppArmor

>
>
>
>
>>
>>
>>     On Mon, Nov 18, 2013 at 5:15 PM, Kausum Kumar
>>     <Kausum_Kumar at symantec.com <mailto:Kausum_Kumar at symantec.com>> wrote:
>>
>>         Hi All,
>>
>>         I am trying to map what configuration and input files are
>>         been accessed by what processes and how. I am looking from a
>>         security perspective, as to what process/application/user can
>>         access for read and/or write certain files.
>>
>>         Is there such a mapping available somewhere beside the
>>         obvious process access configurations?
>>
>>         Thanks,
>>
>>         Kausum
>>
>>
>>         _______________________________________________
>>         Openstack-security mailing list
>>         Openstack-security at lists.openstack.org
>>         <mailto:Openstack-security at lists.openstack.org>
>>         http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security
>>
>>
>>
>>
>>     _______________________________________________
>>     Openstack-security mailing list
>>     Openstack-security at lists.openstack.org  <mailto:Openstack-security at lists.openstack.org>
>>     http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security
>
>
>     _______________________________________________
>     Openstack-security mailing list
>     Openstack-security at lists.openstack.org
>     <mailto:Openstack-security at lists.openstack.org>
>     http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-security/attachments/20131118/3eab6e19/attachment.html>

More information about the Openstack-security mailing list