Medusa DS9 is used to increase Linux's security. It consists of two major parts, Linux kernel changes and the user-space daemon. Kernel changes do the monitoring of syscalls, filesystem actions, and processes, and they implement the communication protocol. The security daemon communicates with the kernel using the character device to send and receive packets. It contains the whole logic and implements the concrete security policy. That means that Medusa can implement any model of data protection; it depends only on configuration file, which is in fact a program in the internal programming language, somewhat similiar to C.
|Tags||Security Operating System Kernels Linux|
|Operating Systems||POSIX Linux|
Release Notes: This release contains a patch for the 2.4.18 kernel, has modified support for Linux capabilities to make them actually work, fixes the filesystem code to correctly walk through mountpoints, disallows sending SIGSTOP and SIGTSTP to constable, and contains few other minor fixes, cleanups, and improvements.
Release Notes: This release is a preparation for the next generation of the authorisation server. It includes changes in the FORK event, new START event, improved startup behaviour by setting defaults to all processes, changes required to implement RBAC, and a bunch of bugfixes. Kernel patches have been upgraded to 2.2.20 and 2.4.14 kernels.
Release Notes: A hardlink bug on 2.4 kernels has been fixed.
Release Notes: Several bugs found in the alpha release were fixed. This version contains Constable and the VS monitor (kernel patch) for Linux 2.2.19 and 2.4.7.
Release Notes: Improved code that handles privilege elevation during execve(), addition of several missing permission checks to System V IPC code, some bugfixes in VFS code, and 2.4.x kernel support (alpha).