grsecurity forums


https://forums.grsecurity.net./

Runlevel for RBAC system start

https://forums.grsecurity.net./viewtopic.php?f=3&t=4044

Page 1 of 1

Runlevel for RBAC system start

PostPosted: Mon Sep 08, 2014 6:30 pm
by Red
Hello,

in which runlevel should one place the script that enables the RBAC system on Gentoo, with maximum security in mind? And, should it run before or after the other scripts in that runlevel? I'd be grateful if you can give an explanation as well, to understand the reason behind it.

Re: Runlevel for RBAC system start

PostPosted: Mon Sep 08, 2014 6:54 pm
by spender
If you start it too early, you end up requiring policy for many more privileged accesses than are needed by various services at runtime. I instead recommend making sure the system is fully firewalled off until RBAC has started. You should also ensure that cron/atd and the like start after RBAC has started.

-Brad
All times are UTC - 5 hours [ DST ]
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/