From this page you can download PACUM, a command line tool for
inspection of a Security Enhanced Linux (SELinux for short)
configuration.
SELinux is a security enhancement of the Linux kernel, implemented by
American NSA. It consists of "a strong, flexible mandatory access
control architecture incorporated into the major subsystems of the Linux
kernel. The system provides a mechanism to enforce the separation of
information based on confidentiality and integrity requirements. This
allows threats of tampering and bypassing of application security
mechanisms to be addressed and enables the confinement of damage that
can be caused by malicious or flawed applications".
You can download SELinux and it's documentation from SELinux website.
PACUM is a part of my thesis in Computer Science at the University of
Rome "La Sapienza". It is aimed to show how what I wrote in my
dissertation can be used in practice. It is in its very first
prerelease. Much work has to be done, and just a little of its planned
features are actually implemented.
But you can already catch some useful informations about a given
configuration.
I haven't spent much time in making a nice distribution. There's just a
unique zip file containing all the sources, a little configuration I did
just for correctness proving, and the SELinux original configuration
(build LSM-2.4-selinux-2002082308). The last is a little out of date but
it's enough to have a look at how complicated a SELinux configuration is.
I plan to work on the tool, on its distribution and on this web page
very soon. For now, enjoy it, as it is :P
For those really interested (how many are you?) below you can download
my dissertation in pdf format. Beware, it's written in Italian. Maybe,
one day, if I get millionaire and I have a lot of spare time, I
will translate it into English :P
