From: Milan WWW Pikula [www@BANAN.NAPRI.SK] Sent: Tuesday, February 15, 2000 11:39 AM To: BUGTRAQ@SECURITYFOCUS.COM Subject: ANNOUNCE: Medusa DS9 security system Greetings, I'd like to announce the release of stable version of the security system Medusa DS9. It's purpose is to increase the security of OS Linux. Medusa it one of projects of the Slovak Linux user group (SkLUG). It can be downloaded at http://medusa.fornax.sk/ Medusa consists of two major parts - linux kernel changes and the user-space daemon. Kernel changes do the monitoring of syscalls, filesystem actions, processes and they implement the communication protocol. Security daemon communicates with the kernel using character device to send and receive "packets". Daemon contains the whole logic and implements the concrete security policy. That means, that medusa can (as opposite to another approaches) implement any model of data protection - it depends only on configuration file, which is in fact an program in the internal programming language, somewhat similiar to C. At the logical level there are these changes: * separation of processes, files and IPC to the independent groups (virtual subsystems) * ability to detect, disable or modify any system call from any process * ability to detect, ... selected "process actions" like sending signals, exec, ... * ability to detect, redirect, ... selected file actions, such as access to the file and so * ability to enforce process to execute an arbitrary code. This feature is usefull to enforce logging drom that process and so. I'd like to answer some of frequently asked questions here: Q what relation is between medusa and capabilities? A medusa SUPPORTS linux capabilities and can test, set or change them. Q how remarkable is the slowdown of this communication between the kernel and user-space daemon in the real usage? A actually it's insensible. medusa was designed with the question of speed in mind, so all informations are stored in kernel. you can specify exactly what actions do you need to be watched. on the real servers with about 50 shell-account users, where we test medusa, is traffic about 11 packets per second or less. the fact that the daemon is in userspace, gives it the comfort in deciding about security reasons and it increases the portability of the whole system. (bsd?:) Q where it works? A linux 2.2.13, 2.2.14, intel. SMP is not fully tested, but it's reported to work. we are working on alpha port and other platforms will follow. Q where can I find more information? A at http://medusa.fornax.sk/ and in ``doc'' subdirectory in the source package. Kind regards, Medusa development team Marek Zelem Martin Ockajak Milan Pikula -- Milan Pikula, WWW. Finger me for Geek Code. http://fornax.elf.stuba.sk/~www, www@fornax.elf.stuba.sk .. dajte mi pevnu linku a pohnem zemegulou ..