[Security_sig] Reply about draft Army guide

Andy Murren andy at murren.org
Tue Feb 15 09:15:48 PST 2005


Thank you everyone for the feedback on the document I posted last
week.  Several people had questions about the document and why
somethings were in there.  Here are some more information.

1.  There is a list of approved tools and applications.  I decided to
    stick to the approved tools and not document tools and
    applications that are better.  The approved tools must be
    documented, but would it be worth the effort to document better
    tools?  Any suggestions would be appreciated.

2.  There are several ways to implement MAC.  At the time I started
    this document SELinux was not allowed.  Other tools to implement
    MAC include grsecurity (http://www.grsecurity.net/) which is
    available from the grsecurity site and is one of the Gentoo
    Hardened projects.  (We may want to review this as an alternative
    to SELinux).  I cannot state one way or another what the Army is
    doing about MAC for Linux systems or its position on SELinux.

3.  Corrections to the text are welcome.  I posted the document so
    people other than myself could review it and make comments.  I
    have gotten a few comments off list and appreciate that people
    have taken the time to look at it and comment.  I will be making
    changes as time permits and will repost next month.  

On a personal note my wife (also in the National Guard) is being
mobilized for 1-2 years next week.  That leaves me with the kids and
cuts into my time that I can dedicate.  Since I am not employer
sponsored, I am not able to use work time and must work at night.

Again thank you for reviewing the document and the comments I have


Andy Murren
andy (at) murren (dot) org

More information about the security_sig mailing list