[Novalug] Controlling unauthorized application usage in Linux
David A. Cafaro
dac at cafaro.net
Fri Mar 28 12:01:28 EDT 2008
Though I prefer the SELinux approach which others have mentioned,
there is all AppArmour:
http://en.opensuse.org/AppArmor
Cheers,
David
On Mar 28, 2008, at 12:45 AM, Ben Creitz wrote:
> I am in the midst of writing a paper for school about the unauthorized
> use of enterprise resources. One part of it examines the controls
> that MS Windows provides (mostly via local/group policy) to limit or
> allow certain applications from running, and the various ways that
> users can easily bypass these controls. So far most of the techniques
> involve understand how Windows is identifying a prohibited app, and
> altering or moving the app until it is no longer identifiable as
> prohibited. For example, a Windows group policy might include a rule
> to deny an application by its hash+file size, and the user can modify
> the apps hash by opening the executable in a hex editor and changing
> one character in an area that will not affect the program's operation.
> Windows might identify a prohibited app by the registry keys it
> writes, and the user may modify the application such that it doesn't
> use the registry, a la "portable apps"
> (http://portableapps.com/development). You get the idea...
>
> My question is: are there any mechanisms for Linux (OSS or non-) that
> attempt the same types of things that Windows "Software Restriction"
> (http://technet.microsoft.com/en-us/library/bb457006.aspx) offers?
>
> Ben
> _______________________________________________
> Novalug mailing list
> Novalug at calypso.tux.org
> http://calypso.tux.org/cgi-bin/mailman/listinfo/novalug
David A. Cafaro <dac at cafaro.net>
Cafaro's Ramblings: www.cafaro.net
More information about the Novalug
mailing list