tomoyo linux introduction
TRANSCRIPT
TOMOYO Linux as a
“Linux system analyze tool”
Part 1
TOMOYO Linux is an extension of Linux kernel
(it’s not a Linux distribution)
TOMOYO Linux add a “process tracing capability” to your Linux environment “process tracing capability”
What is TOMOYO Linux?
It is a capability to store “how a process has
been created” For instance, if you logged in via ssh and get a
/bin/bash session, that bash session is stored as follows: “<kernel> /sbin/init /bin/sh /etc/rc.d/rc
/etc/rc.d/init.d/sshd /usr/sbin/sshd /usr/sbin/sshd /bin/bash”
What is “process tracing capability”?
If you logged in through a console
“<kernel> /sbin/init /bin/sh /sbin/mingetty /bin/login /bin/bash”
“<kernel>” is just a symbol to indicated the starting point, and each program names just follow with space as a separator
If TOMOYO Linux is enabled
“process invocation history” information is automatically stored
you can see how each process has been created You can browse the entire process invocation
history by using a TOMOYO Linux policy editor (it’s CUI)
So what?
Fedora 13
Fedora 13 (firefox)
Log in as a root execute “ccs-editpolicy” Total numbers of different “process invocation
history” patterns is displayed like “601 domains”
Use cursor key to go up/down
How to use the TOMOYO Linuxpolicy editor
TOMOYO Linux monitors actions caused for
each “process invocation history” pattern To see them, simply select the line and hit
enter key
Fedora 13 (firefox)
You need to install TOMOYO Linux kernel and
TOMOYO Linux tools We are maintaining TOMOYO Linux kernel and
tools repositories for users’ convenience
Kernel patches and tools source code are available, too
Project homepage has everything you need http://tomoyo.sourceforge.jp/
How to use TOMOYO Linux
TOMOYO Linux as a
“security tool”
Part 2
Demo movie
Q and A