tomoyo linux introduction
TRANSCRIPT
![Page 2: Tomoyo linux introduction](https://reader035.vdocuments.us/reader035/viewer/2022062513/55512173b4c905b1138b53a6/html5/thumbnails/2.jpg)
TOMOYO Linux as a
“Linux system analyze tool”
Part 1
![Page 3: Tomoyo linux introduction](https://reader035.vdocuments.us/reader035/viewer/2022062513/55512173b4c905b1138b53a6/html5/thumbnails/3.jpg)
TOMOYO Linux is an extension of Linux kernel
(it’s not a Linux distribution)
TOMOYO Linux add a “process tracing capability” to your Linux environment “process tracing capability”
What is TOMOYO Linux?
![Page 4: Tomoyo linux introduction](https://reader035.vdocuments.us/reader035/viewer/2022062513/55512173b4c905b1138b53a6/html5/thumbnails/4.jpg)
It is a capability to store “how a process has
been created” For instance, if you logged in via ssh and get a
/bin/bash session, that bash session is stored as follows: “<kernel> /sbin/init /bin/sh /etc/rc.d/rc
/etc/rc.d/init.d/sshd /usr/sbin/sshd /usr/sbin/sshd /bin/bash”
What is “process tracing capability”?
![Page 5: Tomoyo linux introduction](https://reader035.vdocuments.us/reader035/viewer/2022062513/55512173b4c905b1138b53a6/html5/thumbnails/5.jpg)
If you logged in through a console
“<kernel> /sbin/init /bin/sh /sbin/mingetty /bin/login /bin/bash”
“<kernel>” is just a symbol to indicated the starting point, and each program names just follow with space as a separator
![Page 6: Tomoyo linux introduction](https://reader035.vdocuments.us/reader035/viewer/2022062513/55512173b4c905b1138b53a6/html5/thumbnails/6.jpg)
If TOMOYO Linux is enabled
“process invocation history” information is automatically stored
you can see how each process has been created You can browse the entire process invocation
history by using a TOMOYO Linux policy editor (it’s CUI)
So what?
![Page 7: Tomoyo linux introduction](https://reader035.vdocuments.us/reader035/viewer/2022062513/55512173b4c905b1138b53a6/html5/thumbnails/7.jpg)
Fedora 13
![Page 8: Tomoyo linux introduction](https://reader035.vdocuments.us/reader035/viewer/2022062513/55512173b4c905b1138b53a6/html5/thumbnails/8.jpg)
Fedora 13 (firefox)
![Page 9: Tomoyo linux introduction](https://reader035.vdocuments.us/reader035/viewer/2022062513/55512173b4c905b1138b53a6/html5/thumbnails/9.jpg)
Log in as a root execute “ccs-editpolicy” Total numbers of different “process invocation
history” patterns is displayed like “601 domains”
Use cursor key to go up/down
How to use the TOMOYO Linuxpolicy editor
![Page 10: Tomoyo linux introduction](https://reader035.vdocuments.us/reader035/viewer/2022062513/55512173b4c905b1138b53a6/html5/thumbnails/10.jpg)
TOMOYO Linux monitors actions caused for
each “process invocation history” pattern To see them, simply select the line and hit
enter key
![Page 11: Tomoyo linux introduction](https://reader035.vdocuments.us/reader035/viewer/2022062513/55512173b4c905b1138b53a6/html5/thumbnails/11.jpg)
Fedora 13 (firefox)
![Page 12: Tomoyo linux introduction](https://reader035.vdocuments.us/reader035/viewer/2022062513/55512173b4c905b1138b53a6/html5/thumbnails/12.jpg)
You need to install TOMOYO Linux kernel and
TOMOYO Linux tools We are maintaining TOMOYO Linux kernel and
tools repositories for users’ convenience
Kernel patches and tools source code are available, too
Project homepage has everything you need http://tomoyo.sourceforge.jp/
How to use TOMOYO Linux
![Page 13: Tomoyo linux introduction](https://reader035.vdocuments.us/reader035/viewer/2022062513/55512173b4c905b1138b53a6/html5/thumbnails/13.jpg)
TOMOYO Linux as a
“security tool”
Part 2
![Page 15: Tomoyo linux introduction](https://reader035.vdocuments.us/reader035/viewer/2022062513/55512173b4c905b1138b53a6/html5/thumbnails/15.jpg)
Q and A