Obtain familiarity with FreeBSDs security features.
Lab Component
Read and understand Ch 15, 16, 17 of the FreeBSD
documentation, this deals with MAC level policies and Security
event auditing.
Log into the machine as root. Create a new user account
<some name> with default user privileges. This user should
now appear in /usr/home/<some name>.
List the UID and GID of this account.
In the /usr/home directory create a directory <anybody>,
i.e. /usr/home/anybody. Set the default permissions on this
directory as 777. This will make the directory wide open for
anyone to access. You might want to put a small file in this
directory so you have something to access.
Log into the <some name>
account, and verify that anybody
is accessible and wide open.
Create policies, which will restrict access to anybody
by any user other then root.
Log into <some name> and attempt to
access anybody.
Extend the policies so any user in the same group as
anybody will not be able to use www services (tcp port 80),
effectively locking down the web browser.
Verify that this is the case by logging into <some name>.
Enable auditing, to show the security failures of the above 2
scenarios.
Print a sample of the security logs.
Reward Requirements
Provide proof of each of the tasks listed above, those in RED
describe the tasks which need to be exemplified.
Provide Listings of the MAC policies which were created.
If you were to write an email to a friend describing how to do
the above, what would you write for instructions? Add an
explanation so you can educate him/her.