[Security_sig] Reply about draft Army guide
andy at murren.org
Tue Feb 15 09:15:48 PST 2005
Thank you everyone for the feedback on the document I posted last
week. Several people had questions about the document and why
somethings were in there. Here are some more information.
1. There is a list of approved tools and applications. I decided to
stick to the approved tools and not document tools and
applications that are better. The approved tools must be
documented, but would it be worth the effort to document better
tools? Any suggestions would be appreciated.
2. There are several ways to implement MAC. At the time I started
this document SELinux was not allowed. Other tools to implement
MAC include grsecurity (http://www.grsecurity.net/) which is
available from the grsecurity site and is one of the Gentoo
Hardened projects. (We may want to review this as an alternative
to SELinux). I cannot state one way or another what the Army is
doing about MAC for Linux systems or its position on SELinux.
3. Corrections to the text are welcome. I posted the document so
people other than myself could review it and make comments. I
have gotten a few comments off list and appreciate that people
have taken the time to look at it and comment. I will be making
changes as time permits and will repost next month.
On a personal note my wife (also in the National Guard) is being
mobilized for 1-2 years next week. That leaves me with the kids and
cuts into my time that I can dedicate. Since I am not employer
sponsored, I am not able to use work time and must work at night.
Again thank you for reviewing the document and the comments I have
andy (at) murren (dot) org
More information about the security_sig